Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Move all puppet_private stuff to ansible private so we can stop using puppet private.

Browse source
This commit is contained in:
Kevin Fenzi 2015-09-25 18:16:23 +00:00
parent 81d9781409
commit 2873cdd427
25 changed files with 70 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/anitya/fedmsg/tasks/main.yml
View file

@ -77,7 +77,7 @@
- name: install fedmsg ca.cert
copy: >
src="{{ puppet_private }}/fedmsg-certs/keys/ca.crt"
src="{{ private }}/files/fedmsg-certs/keys/ca.crt"
dest=/etc/pki/fedmsg/ca.crt
owner=root
group=root

2
roles/bodhi/backend/tasks/main.yml
View file

@ -140,7 +140,7 @@
#
- name: copy koji ssl cert for owner sync
copy: src="{{ puppet_private }}/pkgdb_key_and_cert.pem" dest=/etc/pki/pkgdb/pkgdb.pem mode=600
copy: src="{{ private }}/files/pkgdb_key_and_cert.pem" dest=/etc/pki/pkgdb/pkgdb.pem mode=600
tags:
- config

4
roles/bodhi/base/tasks/main.yml
View file

@ -52,7 +52,7 @@
- name: install bodhi.pem file
copy: >
src="{{ puppet_private }}/bodhi_key_and_cert.pem"
src="{{ private }}/files/bodhi_key_and_cert.pem"
dest="/etc/pki/bodhi/bodhi.pem"
owner=bodhi
group=bodhi
@ -64,7 +64,7 @@
- name: install bodhi certificates
copy: >
src="{{ puppet_private }}/fedora-ca.cert"
src="{{ private }}/files/fedora-ca.cert"
dest="/etc/pki/bodhi/{{ item }}"
owner=root
group=root

4
roles/bodhi2/backend/tasks/main.yml
View file

@ -141,13 +141,13 @@
file: path=/etc/pki/pkgdb mode=700 state=directory
- name: copy koji ssl cert for owner sync
copy: src="{{ puppet_private }}/pkgdb_key_and_cert.pem" dest=/etc/pki/pkgdb/pkgdb.pem mode=600
copy: src="{{ private }}/files/pkgdb_key_and_cert.pem" dest=/etc/pki/pkgdb/pkgdb.pem mode=600
tags:
- config
- name: install /etc/pki/fas/fedora-server-ca.cert file
copy: >
src="{{ puppet_private }}/fedora-ca.cert"
src="{{ private }}/files/fedora-ca.cert"
dest="/etc/pki/pkgdb/fedora-server-ca.cert"
mode=0644
tags:

4
roles/bodhi2/base/tasks/main.yml
View file

@ -99,7 +99,7 @@
- name: install bodhi.pem file
copy: >
src="{{ puppet_private }}/bodhi_key_and_cert.pem"
src="{{ private }}/files/bodhi_key_and_cert.pem"
dest="/etc/pki/bodhi/bodhi.pem"
owner=bodhi
group=bodhi
@ -111,7 +111,7 @@
- name: install bodhi certificates
copy: >
src="{{ puppet_private }}/fedora-ca.cert"
src="{{ private }}/files/fedora-ca.cert"
dest="/etc/pki/bodhi/{{ item }}"
owner=root
group=root

2
roles/copr/backend/tasks/install_certs.yml
View file

@ -1,5 +1,5 @@
- name: copy httpd ssl certificates
copy: src="{{ puppet_private }}/httpd/{{ item }}" dest="/etc/lighttpd/{{ item }}" owner=root group=root mode=0600
copy: src="{{ private }}/files/httpd/{{ item }}" dest="/etc/lighttpd/{{ item }}" owner=root group=root mode=0600
with_items:
- copr-be.fedoraproject.org.key
- copr-be.fedoraproject.org.crt

4
roles/copr/frontend/tasks/install_certs.yml
View file

@ -1,10 +1,10 @@
- name: copy httpd ssl certificates (crt)
copy: src="{{ puppet_private }}/httpd/copr-fe.fedoraproject.org.crt" dest="/etc/pki/tls/certs/" owner=root group=root mode=0600
copy: src="{{ private }}/files/httpd/copr-fe.fedoraproject.org.crt" dest="/etc/pki/tls/certs/" owner=root group=root mode=0600
tags:
- config
- name: copy httpd ssl certificates (key)
copy: src="{{ puppet_private }}/httpd/copr-fe.fedoraproject.org.key" dest="/etc/pki/tls/private/" owner=root group=root mode=0600
copy: src="{{ private }}/files/httpd/copr-fe.fedoraproject.org.key" dest="/etc/pki/tls/private/" owner=root group=root mode=0600
tags:
- config

6
roles/download/tasks/main.yml
View file

@ -59,13 +59,13 @@
- selinux
- name: Copy wildcard cert from puppet private
copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0644
copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0644
- name: Copy wildcard key from puppet private
copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600
copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600
- name: Copy intermediate wildcard cert from puppet private
copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0644
copy: src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0644
- name: Configure httpd dl main conf
copy: src=httpd/dl.fedoraproject.org.conf dest=/etc/httpd/conf.d/dl.fedoraproject.org.conf

14
roles/fas_server/tasks/main.yml
View file

@ -71,7 +71,7 @@
- name: install /etc/fas-gpg/pubring.gpg file
copy: >
src="{{ puppet_private }}/fas-gpg/pubring.gpg"
src="{{ private }}/files/fas-gpg/pubring.gpg"
dest="/etc/fas-gpg/pubring.gpg"
owner=fas
group=fas
@ -82,7 +82,7 @@
- name: install /etc/pki/fas/fedora-server-ca.cert file
copy: >
src="{{ puppet_private }}/fedora-ca.cert"
src="{{ private }}/files/fedora-ca.cert"
dest="/etc/pki/fas/fedora-server-ca.cert"
owner=fas
group=fas
@ -93,7 +93,7 @@
- name: install /etc/pki/fas/fedora-upload-ca.cert file
copy: >
src="{{ puppet_private }}/fedora-ca.cert"
src="{{ private }}/files/fedora-ca.cert"
dest="/etc/pki/fas/fedora-upload-ca.cert"
owner=fas
group=fas
@ -104,7 +104,7 @@
- name: install /usr/share/fas/static/fedora-server-ca.cert file
copy: >
src="{{ puppet_private }}/fedora-ca.cert"
src="{{ private }}/files/fedora-ca.cert"
dest="/usr/share/fas/static/fedora-server-ca.cert"
owner=root
group=root
@ -115,7 +115,7 @@
- name: install /usr/share/fas/static/fedora-upload-ca.cert file
copy: >
src="{{ puppet_private }}/fedora-ca.cert"
src="{{ private }}/files/fedora-ca.cert"
dest="/usr/share/fas/static/fedora-upload-ca.cert"
owner=root
group=root
@ -201,7 +201,7 @@
- name: install /var/lib/fedora-ca/private/cakey.pem file
copy: >
src="{{ puppet_private }}/cakey.pem"
src="{{ private }}/files/cakey.pem"
dest="/var/lib/fedora-ca/private/cakey.pem"
owner=fas
group=fas
@ -249,7 +249,7 @@
- name: install /var/lib/fedora-ca/cacert.pem file
copy: >
src="{{ puppet_private }}/fedora-ca.cert"
src="{{ private }}/files/fedora-ca.cert"
dest="/var/lib/fedora-ca/cacert.pem"
owner=root
group=root

4
roles/fedmsg/crl/tasks/main.yml
View file

@ -12,7 +12,7 @@
- name: Copy over our crl from the private repo
copy: >
src={{puppet_private}}/fedmsg-certs/keys/crl.pem dest=/srv/web/fedmsg/crl.pem
src={{private}}/files/fedmsg-certs/keys/crl.pem dest=/srv/web/fedmsg/crl.pem
owner=root group=root mode=0644
tags:
- fedmsg
@ -24,7 +24,7 @@
# messages.
- name: Copy over our CA cert from the private repo
copy: >
src={{puppet_private}}/fedmsg-certs/keys/ca.crt dest=/srv/web/fedmsg/ca.crt
src={{private}}/files/fedmsg-certs/keys/ca.crt dest=/srv/web/fedmsg/ca.crt
owner=root group=root mode=0644
tags:
- fedmsg

4
roles/hotness/tasks/main.yml
View file

@ -35,7 +35,7 @@
- name: install hotness.pem koji key and cert
copy: >
src="{{ puppet_private }}/hotness_key_and_cert.pem"
src="{{ private }}/files/hotness_key_and_cert.pem"
dest="/etc/pki/fedmsg/hotness.pem"
owner=fedmsg
group=fedmsg
@ -46,7 +46,7 @@
- name: install koji ca cert
copy: >
src="{{ puppet_private }}/fedora-ca.cert"
src="{{ private }}/files/fedora-ca.cert"
dest="/etc/pki/fedmsg/{{ item }}"
owner=root
group=root

10
roles/keyserver/tasks/main.yml
View file

@ -52,27 +52,27 @@
- config
- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.cert
copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0600
copy: src="{{ private }}/files/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0600
tags:
- config
- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.key
copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600
copy: src="{{ private }}/files/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600
tags:
- config
- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert
copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
copy: src="{{ private }}/files/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
tags:
- config
- name: /etc/pki/tls/keys_fedoraproject_org.crt.pem
copy: src="{{ puppet_private }}/httpd/keys_fedoraproject_org-2014.crt.pem" dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600
copy: src="{{ private }}/files/httpd/keys_fedoraproject_org-2014.crt.pem" dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600
tags:
- config
- name: /etc/pki/tls/keys_fedoraproject_org.key
copy: src="{{ puppet_private }}/httpd/keys_fedoraproject_org-2014.key" dest=/etc/pki/tls/keys_fedoraproject_org.key owner=root group=root mode=0600
copy: src="{{ private }}/files/httpd/keys_fedoraproject_org-2014.key" dest=/etc/pki/tls/keys_fedoraproject_org.key owner=root group=root mode=0600
tags:
- config

20
roles/koji_hub/tasks/main.yml
View file

@ -80,7 +80,7 @@
# install production certs and keys
#
- name: install kojiweb_cert_key.pem
copy: src={{ puppet_private }}/koji/kojiweb_cert_key.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600
copy: src={{ private }}/files/koji/kojiweb_cert_key.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600
notify:
- restart httpd
tags:
@ -89,7 +89,7 @@
when: env != 'staging' and ansible_hostname.startswith('koji')
- name: install production koji_cert.pem
copy: src={{ puppet_private }}/koji/koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600
copy: src={{ private }}/files/koji/koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600
notify:
- restart httpd
tags:
@ -98,7 +98,7 @@
when: env != 'staging' and ansible_hostname.startswith('koji')
- name: install production koji_key.pem
copy: src={{ puppet_private }}/koji/koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600
copy: src={{ private }}/files/koji/koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600
notify:
- restart httpd
tags:
@ -140,7 +140,7 @@
# install staging certs and keys
#
- name: Install staging koji ssl cert
copy: src={{ puppet_private }}/koji/koji.stg_cert.pem dest=/etc/pki/tls/certs/koji.stg_cert.pem
copy: src={{ private }}/files/koji/koji.stg_cert.pem dest=/etc/pki/tls/certs/koji.stg_cert.pem
notify:
- restart httpd
tags:
@ -149,7 +149,7 @@
when: env == 'staging'
- name: install staging koji ssl key
copy: src={{ puppet_private }}/koji/koji.stg_key.pem dest=/etc/pki/tls/private/koji.stg_key.pem
copy: src={{ proivate }}/files/koji/koji.stg_key.pem dest=/etc/pki/tls/private/koji.stg_key.pem
notify:
- restart httpd
tags:
@ -158,7 +158,7 @@
when: env == 'staging'
- name: instaall fedora-ca.cert in various places
copy: src={{ puppet_private }}/fedora-ca.cert dest={{ item }} owner=apache
copy: src={{ private }}/files/fedora-ca.cert dest={{ item }} owner=apache
with_items:
- /etc/kojira/extras_cacert.pem
- /etc/pki/tls/certs/extras_cacert.pem
@ -169,7 +169,7 @@
- koji_hub
- name: install kojira_cert_key
copy: src={{ puppet_private }}/koji/kojira_cert_key.pem dest=/etc/kojira/kojira_cert_key.pem owner=apache mode=600
copy: src={{ private }}/files/koji/kojira_cert_key.pem dest=/etc/kojira/kojira_cert_key.pem owner=apache mode=600
tags:
- config
- koji_hub
@ -313,19 +313,19 @@
when: env != 'staging' and ansible_hostname.startswith('koji')
- name: install cert for oscar (garbage collector) user
copy: src={{ puppet_private }}/koji/gc/oscar_key_and_cert.pem dest=/etc/koji-gc/client.crt
copy: src={{ private }}/files/koji/gc/oscar_key_and_cert.pem dest=/etc/koji-gc/client.crt
tags:
- koji_hub
when: env != 'staging' and ansible_hostname.startswith('koji')
- name: install serverca cert for oscar (garbage collector) user
copy: src={{ puppet_private }}/fedora-ca.cert dest=/etc/koji-gc/serverca.crt
copy: src={{ private }}/files/fedora-ca.cert dest=/etc/koji-gc/serverca.crt
tags:
- koji_hub
when: env != 'staging' and ansible_hostname.startswith('koji')
- name: install clientca cert for oscar (garbage collector) user
copy: src={{ puppet_private }}/fedora-ca.cert dest=/etc/koji-gc/clientca.crt
copy: src={{ private }}/files/fedora-ca.cert dest=/etc/koji-gc/clientca.crt
tags:
- koji_hub
when: env != 'staging' and ansible_hostname.startswith('koji')

4
roles/kojipkgs/tasks/main.yml
View file

@ -78,7 +78,7 @@
- name: Copy squid ssl cert from puppet private
copy: >
src="{{puppet_private}}/httpd/wildcard-2014.squid.cert"
src="{{private}}/files/httpd/wildcard-2014.squid.cert"
dest=/etc/pki/tls/certs/wildcard-2014.squid.cert
owner=root group=root mode=0644
tags:
@ -88,7 +88,7 @@
- name: Copy squid ssl key from puppet private
copy: >
src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.key"
src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.key"
dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key
owner=root group=root mode=0600
tags:

2
roles/koschei/tasks/main.yml
View file

@ -55,7 +55,7 @@
- name: install koji ca cert
copy: >
src="{{ puppet_private }}/fedora-ca.cert"
src="{{ private }}/files/fedora-ca.cert"
dest="/etc/koschei/fedora-ca.cert"
owner=root
group=root

2
roles/mirrormanager/backend/tasks/main.yml
View file

@ -53,7 +53,7 @@
- name: setup /var/lib/mirrormanager/.ssh directory
copy: >
src="{{ puppet_private }}/mirrormanager/"
src="{{ private }}/files/mirrormanager/"
dest="/var/lib/mirrormanager/.ssh"
directory_mode=yes
owner=mirrormanager

2
roles/openvpn/base/tasks/main.yml
View file

@ -9,7 +9,7 @@
- packages
- name: Install certificate and key
copy: src={{ puppet_private }}/vpn/openvpn/keys/ca.crt
copy: src={{ private }}/files/vpn/openvpn/keys/ca.crt
dest=/etc/openvpn/ca.crt
owner=root group=root mode=0600
tags:

4
roles/openvpn/client/tasks/main.yml
View file

@ -17,10 +17,10 @@
- { file: client.conf,
dest: /etc/openvpn/openvpn.conf,
mode: '0644' }
- { file: "{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.crt",
- { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt",
dest: "/etc/openvpn/client.crt",
mode: '0600' }
- { file: "{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.key",
- { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.key",
dest: "/etc/openvpn/client.key",
mode: '0600' }
tags:

8
roles/openvpn/server/tasks/main.yml
View file

@ -27,16 +27,16 @@
- { file: server.conf,
dest: /etc/openvpn/openvpn.conf,
mode: '0644' }
- { file: "{{ puppet_private }}/vpn/openvpn/keys/crl.pem",
- { file: "{{ private }}/files/vpn/openvpn/keys/crl.pem",
dest: /etc/openvpn/crl.pem,
mode: '0644' }
- { file: "{{ puppet_private }}/vpn/openvpn/keys/server.crt",
- { file: "{{ private }}/files/vpn/openvpn/keys/server.crt",
dest: /etc/openvpn/server.crt,
mode: '0644' }
- { file: "{{ puppet_private }}/vpn/openvpn/keys/server.key",
- { file: "{{ private }}/files/vpn/openvpn/keys/server.key",
dest: /etc/openvpn/server.key,
mode: '0600' }
- { file: "{{ puppet_private }}/vpn/openvpn/keys/dh2048.pem",
- { file: "{{ private }}/files/vpn/openvpn/keys/dh2048.pem",
dest: /etc/openvpn/dh2048.pem,
mode: '0644' }
tags:

2
roles/pagure/fedmsg/tasks/main.yml
View file

@ -84,7 +84,7 @@
- name: install fedmsg ca.cert
copy: >
src="{{ puppet_private }}/fedmsg-certs/keys/ca.crt"
src="{{ private }}/files/fedmsg-certs/keys/ca.crt"
dest=/etc/pki/fedmsg/ca.crt
owner=root
group=root

14
roles/totpcgi/tasks/main.yml
View file

@ -92,7 +92,7 @@
- name: copy staging server cert file over
copy: >
src={{ puppet_private }}/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.crt
src={{ private }}/files/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.crt
dest=/etc/pki/tls/certs/totpcgi-server.crt
owner=root
group=totpcgi
@ -104,7 +104,7 @@
- name: copy staging server key file over
copy: >
src={{ puppet_private }}/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.key
src={{ private }}/files/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.key
dest=/etc/pki/totpcgi/totpcgi-server.key
owner=root
group=totpcgi
@ -130,7 +130,7 @@
- name: copy server cert file over
copy: >
src={{ puppet_private }}/2fa-certs/keys/fas-all.phx2.fedoraproject.org.crt
src={{ private }}/files/2fa-certs/keys/fas-all.phx2.fedoraproject.org.crt
dest=/etc/pki/totpcgi/totpcgi-server.crt
owner=root
group=totpcgi
@ -144,7 +144,7 @@
- name: copy server cert file over
copy: >
src={{ puppet_private }}/2fa-certs/keys/fas-all.phx2.fedoraproject.org.key
src={{ private }}/files/2fa-certs/keys/fas-all.phx2.fedoraproject.org.key
dest=/etc/pki/totpcgi/totpcgi-server.key
owner=root
group=totpcgi
@ -174,7 +174,7 @@
- name: copy VPN server cert file over
copy: >
src={{ puppet_private }}/2fa-certs/keys/fas-all.vpn.fedoraproject.org.crt
src={{ private }}/files/2fa-certs/keys/fas-all.vpn.fedoraproject.org.crt
dest=/etc/pki/totpcgi/totpcgi-server-vpn.crt
owner=root
group=totpcgi
@ -188,7 +188,7 @@
- name: copy VPN server cert file over
copy: >
src={{ puppet_private }}/2fa-certs/keys/fas-all.vpn.fedoraproject.org.key
src={{ private }}/files/2fa-certs/keys/fas-all.vpn.fedoraproject.org.key
dest=/etc/pki/totpcgi/totpcgi-server-vpn.key
owner=root
group=totpcgi
@ -212,7 +212,7 @@
- name: copy ca cert over
copy: >
src={{ puppet_private }}/2fa-certs/keys/ca.crt
src={{ private }}/files/2fa-certs/keys/ca.crt
dest=/etc/pki/totpcgi/totpcgi-ca.crt
owner=root
group=totpcgi

4
tasks/2fa_client.yml
View file

@ -5,12 +5,12 @@
- packages
- name: /etc/pki/tls/private/totpcgi.pem
copy: src="{{ puppet_private }}/2fa-certs/keys/{{ inventory_hostname }}.pem" dest=/etc/pki/tls/private/totpcgi.pem mode=0400
copy: src="{{ private }}/files/2fa-certs/keys/{{ inventory_hostname }}.pem" dest=/etc/pki/tls/private/totpcgi.pem mode=0400
tags:
- config
- name: /etc/pki/tls/private/totpcgi-ca.cert
copy: src="{{ puppet_private }}/2fa-certs/keys/ca.crt" dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400
copy: src="{{ private }}/files/2fa-certs/keys/ca.crt" dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400
tags:
- config

8
tasks/openvpn_client.yml
View file

@ -6,14 +6,14 @@
- packages
- name: /etc/openvpn/ca.crt from vpn/openvpn/keys/ca.crt
copy: src="{{ puppet_private }}/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
copy: src="{{ private }}/files/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
tags:
- config
notify:
- restart openvpn
#- name: /etc/openvpn/crl.pem from vpn/openvpn/keys/crl.pem
# copy: src="{{ puppet_private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
# copy: src="{{ private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
# tags:
# - config
# notify:
@ -27,14 +27,14 @@
- restart openvpn
- name: /etc/openvpn/client.crt
copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
copy: src="{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
tags:
- config
notify:
- restart openvpn
- name: /etc/openvpn/client.key
copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root
copy: src="{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root
tags:
- config
notify:

10
tasks/openvpn_client_7.yml
View file

@ -6,35 +6,35 @@
- packages
- name: /etc/openvpn/ca.crt from vpn/openvpn/keys/ca.crt
copy: src="{{ puppet_private }}/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
copy: src="{{ private }}/files/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
tags:
- config
notify:
- restart openvpn 7
#- name: /etc/openvpn/crl.pem from vpn/openvpn/keys/crl.pem
# copy: src="{{ puppet_private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
# copy: src="{{ private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
# tags:
# - config
# notify:
# - restart openvpn
- name: /etc/openvpn/openvpn.conf
copy: src="{{ files }}/openvpn/client.conf" dest=/etc/openvpn/openvpn.conf
copy: src="{{ files }}/files/openvpn/client.conf" dest=/etc/openvpn/openvpn.conf
tags:
- config
notify:
- restart openvpn 7
- name: /etc/openvpn/client.crt
copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
copy: src="{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
tags:
- config
notify:
- restart openvpn 7
- name: /etc/openvpn/client.key
copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root
copy: src="{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root
tags:
- config
notify:

1
vars/global.yml
View file

@ -1,7 +1,6 @@
---
basedir: /srv/web/infra/ansible
private: /srv/private/ansible
puppet_private: /var/lib/puppet/git/configs/secure
bigfiles: /srv/web/infra/bigfiles
files: /srv/web/infra/ansible/files
roles: /srv/web/infra/ansible/roles