switch openvpn to use seperate service units and directories for client and server, hopefully in a mostly transparent way that will not cause much outage
This commit is contained in:
Kevin Fenzi
parent
d860015a28
commit
179cc4dd54
2 changed files with 28 additions and 8 deletions
|
|
@ -25,7 +25,7 @@
|
||||||
owner=root group=root mode={{ item.mode }}
|
owner=root group=root mode={{ item.mode }}
|
||||||
with_items:
|
with_items:
|
||||||
- { file: client.conf,
|
- { file: client.conf,
|
||||||
dest: /etc/openvpn/openvpn.conf,
|
dest: /etc/openvpn/client/openvpn.conf,
|
||||||
mode: '0644' }
|
mode: '0644' }
|
||||||
- { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt",
|
- { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt",
|
||||||
dest: "/etc/openvpn/client.crt",
|
dest: "/etc/openvpn/client.crt",
|
||||||
|
|
@ -48,17 +48,30 @@
|
||||||
- service
|
- service
|
||||||
- openvpn
|
- openvpn
|
||||||
|
|
||||||
- name: Make sure openvpn is running in rhel 7.1
|
- name: Make sure old openvpn is not running in rhel 7
|
||||||
service: name=openvpn@openvpn state=started enabled=true
|
service: name=openvpn@openvpn state=stopped enabled=false
|
||||||
when: ansible_distribution_major_version|int == 7
|
when: ansible_distribution_major_version|int == 7
|
||||||
tags:
|
tags:
|
||||||
- service
|
- service
|
||||||
- openvpn
|
- openvpn
|
||||||
|
|
||||||
- name: enable openvpn service for Fedora
|
- name: Make sure openvpn is running in rhel 7
|
||||||
service: name=openvpn@openvpn state=started enabled=true
|
service: name=openvpn-client@openvpn state=started enabled=true
|
||||||
|
when: ansible_distribution_major_version|int == 7
|
||||||
|
tags:
|
||||||
|
- service
|
||||||
|
- openvpn
|
||||||
|
|
||||||
|
- name: disable old openvpn service for Fedora
|
||||||
|
service: name=openvpn@openvpn state=stopped enabled=false
|
||||||
when: is_fedora is defined
|
when: is_fedora is defined
|
||||||
tags:
|
tags:
|
||||||
- service
|
- service
|
||||||
- openvpn
|
- openvpn
|
||||||
|
|
||||||
|
- name: enable openvpn service for Fedora
|
||||||
|
service: name=openvpn-client@openvpn state=started enabled=true
|
||||||
|
when: is_fedora is defined
|
||||||
|
tags:
|
||||||
|
- service
|
||||||
|
- openvpn
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@
|
||||||
owner=root group=root mode={{ item.mode }}
|
owner=root group=root mode={{ item.mode }}
|
||||||
with_items:
|
with_items:
|
||||||
- { file: server.conf,
|
- { file: server.conf,
|
||||||
dest: /etc/openvpn/openvpn.conf,
|
dest: /etc/openvpn/server/openvpn.conf,
|
||||||
mode: '0644' }
|
mode: '0644' }
|
||||||
- { file: "{{ private }}/files/vpn/openvpn/keys/crl.pem",
|
- { file: "{{ private }}/files/vpn/openvpn/keys/crl.pem",
|
||||||
dest: /etc/openvpn/crl.pem,
|
dest: /etc/openvpn/crl.pem,
|
||||||
|
|
@ -48,8 +48,15 @@
|
||||||
tags:
|
tags:
|
||||||
- openvpn
|
- openvpn
|
||||||
|
|
||||||
- name: enable openvpn service for rhel 7 or Fedora
|
- name: disable old openvpn service for rhel 7 or Fedora
|
||||||
service: name=openvpn@openvpn state=started enabled=true
|
service: name=openvpn@openvpn state=stopped enabled=false
|
||||||
|
when: ( ansible_distribution_version[0] == 7 or is_fedora is defined ) and openvpn_master is defined
|
||||||
|
tags:
|
||||||
|
- service
|
||||||
|
- openvpn
|
||||||
|
|
||||||
|
- name: enable openvpn service for rhel 7 or Fedora
|
||||||
|
service: name=openvpn-server@openvpn state=started enabled=true
|
||||||
when: ( ansible_distribution_version[0] == 7 or is_fedora is defined ) and openvpn_master is defined
|
when: ( ansible_distribution_version[0] == 7 or is_fedora is defined ) and openvpn_master is defined
|
||||||
tags:
|
tags:
|
||||||
- service
|
- service
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue