ISTI-ansible-roles
/
ansible-role-openvpn
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Another attempt to fix the ta/dh files management.

This commit is contained in:
Andrea Dell'Amico 2020-05-06 18:12:44 +02:00
parent 2a96f1c0e7
commit b40f1031cf
1 changed files with 3 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
tasks/openvpn.yml
View File

@ -104,57 +104,25 @@
- name: Fetch both the ta and the dh files from the master node - name: Fetch both the ta and the dh files from the master node
fetch: fetch:
src: "{{ item }}" src: "{{ item }}"
dest: .tmp/openvpn_secrets dest: /tmp/openvpn_secrets
with_items: with_items:
- '{{ openvpn_conf_dir }}/ta.key' - '{{ openvpn_conf_dir }}/ta.key'
- '{{ openvpn_conf_dir }}/dh2048.pem' - '{{ openvpn_conf_dir }}/dh2048.pem'
when: openvpn_is_master_host | bool or not openvpn_ha | bool when: openvpn_is_master_host
tags: [ 'openvpn', 'openvpn_conf' ] tags: [ 'openvpn', 'openvpn_conf' ]
- block: - block:
- name: Install the dh and ta.key files - name: Install the dh and ta.key files
copy: src=.tmp/openvpn_secrets/{{ openvpn_conf_dir }}/{{ item }} dest={{ openvpn_conf_dir }}/{{ item }} owner=root group=root mode=0400 force=yes copy: src=/tmp/openvpn_secrets/{{ openvpn_conf_dir }}/{{ item }} dest={{ openvpn_conf_dir }}/{{ item }} owner=root group=root mode=0400 force=yes
with_items: with_items:
- 'ta.key' - 'ta.key'
- 'dh2048.pem' - 'dh2048.pem'
when: when:
- openvpn_ha | bool
- not openvpn_is_master_host | bool - not openvpn_is_master_host | bool
tags: [ 'openvpn', 'openvpn_conf', 'openvpn_shared_secrets' ] tags: [ 'openvpn', 'openvpn_conf', 'openvpn_shared_secrets' ]
- block:
- name: Get the dh file from the master host
synchronize:
src: '{{ openvpn_conf_dir }}/dh2048.pem'
#dest: 'rsync://root@{{ ansible_fqdn }}/{{ openvpn_conf_dir }}/dh2048.pem'
dest: '/{{ openvpn_conf_dir }}/dh2048.pem'
delegate_to: '{{ openvpn_master_host }}'
- name: Relax the ta.key file permissions so that it can be copied around
file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0444
delegate_to: '{{ openvpn_master_host }}'
- name: Get the ta key from the master host
synchronize:
src: '{{ openvpn_conf_dir }}/ta.key'
#dest: 'rsync://root@{{ ansible_fqdn }}/{{ openvpn_conf_dir }}/ta.key'
dest: '/{{ openvpn_conf_dir }}/ta.key'
delegate_to: '{{ openvpn_master_host }}'
ignore_errors: True
- name: Fix the ta.key file permissions
file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0400
- name: Fix the ta.key file permissions on the master host
file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0400
delegate_to: '{{ openvpn_master_host }}'
when: openvpn_mode != 'server'
tags: [ 'openvpn', 'openvpn_conf', 'openvpn_shared_secrets' ]
- block: - block:
- name: Enable kernel forwarding - name: Enable kernel forwarding
sysctl: name={{ item }} value=1 reload=yes state=present sysctl: name={{ item }} value=1 reload=yes state=present