From b40f1031cffe38ff0fc3b3fff57e7abde81ad709 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Wed, 6 May 2020 18:12:44 +0200
Subject: [PATCH] Another attempt to fix the ta/dh files management.

---
 tasks/openvpn.yml | 38 +++-----------------------------------
 1 file changed, 3 insertions(+), 35 deletions(-)

diff --git a/tasks/openvpn.yml b/tasks/openvpn.yml
index eda7aa9..df32c5a 100644
--- a/tasks/openvpn.yml
+++ b/tasks/openvpn.yml
@@ -104,57 +104,25 @@
     - name: Fetch both the ta and the dh files from the master node
       fetch:
         src: "{{ item }}"
-        dest: .tmp/openvpn_secrets
+        dest: /tmp/openvpn_secrets
       with_items:
         - '{{ openvpn_conf_dir }}/ta.key'
         - '{{ openvpn_conf_dir }}/dh2048.pem'
 
-  when: openvpn_is_master_host | bool or not openvpn_ha | bool
+  when: openvpn_is_master_host
   tags: [ 'openvpn', 'openvpn_conf' ]
 
 - block:
     - name: Install the dh and ta.key files
-      copy: src=.tmp/openvpn_secrets/{{ openvpn_conf_dir }}/{{ item }} dest={{ openvpn_conf_dir }}/{{ item }} owner=root group=root mode=0400 force=yes
+      copy: src=/tmp/openvpn_secrets/{{ openvpn_conf_dir }}/{{ item }} dest={{ openvpn_conf_dir }}/{{ item }} owner=root group=root mode=0400 force=yes
       with_items:
         - 'ta.key'
         - 'dh2048.pem'
 
   when:
-    - openvpn_ha | bool
     - not openvpn_is_master_host | bool
   tags: [ 'openvpn', 'openvpn_conf', 'openvpn_shared_secrets' ]
 
-- block:
-    - name: Get the dh file from the master host
-      synchronize:
-        src: '{{ openvpn_conf_dir }}/dh2048.pem'
-        #dest: 'rsync://root@{{ ansible_fqdn }}/{{ openvpn_conf_dir }}/dh2048.pem'
-        dest: '/{{ openvpn_conf_dir }}/dh2048.pem'
-      delegate_to: '{{ openvpn_master_host }}'
-
-    - name: Relax the ta.key file permissions so that it can be copied around
-      file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0444
-      delegate_to: '{{ openvpn_master_host }}'
-
-    - name: Get the ta key from the master host
-      synchronize:
-        src: '{{ openvpn_conf_dir }}/ta.key'
-        #dest: 'rsync://root@{{ ansible_fqdn }}/{{ openvpn_conf_dir }}/ta.key'
-        dest: '/{{ openvpn_conf_dir }}/ta.key'
-      delegate_to: '{{ openvpn_master_host }}'
-      ignore_errors: True
-
-    - name: Fix the ta.key file permissions
-      file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0400 
-
-    - name: Fix the ta.key file permissions on the master host
-      file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0400 
-      delegate_to: '{{ openvpn_master_host }}'
-
-  when: openvpn_mode != 'server'
-  tags: [ 'openvpn', 'openvpn_conf', 'openvpn_shared_secrets' ]
-
-
 - block:
     - name: Enable kernel forwarding
       sysctl: name={{ item }} value=1 reload=yes state=present