From 2b467bc5724702ff57088b021bf5d781b75675e9 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 30 Jun 2014 21:32:34 +0000 Subject: [PATCH] ok, try this to handle the openvpn differences --- playbooks/groups/unbound.yml | 3 +++ tasks/openvpn_client.yml | 15 ++++-------- tasks/openvpn_client_7.yml | 46 ++++++++++++++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 11 deletions(-) create mode 100644 tasks/openvpn_client_7.yml diff --git a/playbooks/groups/unbound.yml b/playbooks/groups/unbound.yml index 0bd43d4c18..635af15de0 100644 --- a/playbooks/groups/unbound.yml +++ b/playbooks/groups/unbound.yml @@ -42,6 +42,9 @@ - include: "{{ tasks }}/2fa_client.yml" - include: "{{ tasks }}/motd.yml" - include: "{{ tasks }}/openvpn_client.yml" + when: ansible_distribution_major_version != '7' + - include: "{{ tasks }}/openvpn_client_7.yml" + when: ansible_distribution_major_version == '7' handlers: - include: "{{ handlers }}/restart_services.yml" diff --git a/tasks/openvpn_client.yml b/tasks/openvpn_client.yml index 536f220d28..4f96c70732 100644 --- a/tasks/openvpn_client.yml +++ b/tasks/openvpn_client.yml @@ -10,7 +10,7 @@ tags: - config notify: - - restart openvpn {{ ansible_distribution_major_version }} + - restart openvpn #- name: /etc/openvpn/crl.pem from vpn/openvpn/keys/crl.pem # copy: src="{{ puppet_private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root @@ -24,30 +24,23 @@ tags: - config notify: - - restart openvpn {{ ansible_distribution_major_version }} + - restart openvpn - name: /etc/openvpn/client.crt copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root tags: - config notify: - - restart openvpn {{ ansible_distribution_major_version }} + - restart openvpn - name: /etc/openvpn/client.key copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root tags: - config notify: - - restart openvpn {{ ansible_distribution_major_version }} + - restart openvpn - name: enable openvpn service for rhel 6 service: name=openvpn state=running enabled=true tags: - service - when: is_rhel is defined and ansible_distribution_major_version != '7' - -- name: enable openvpn service for rhel 7 or fedora - service: name=openvpn@openvpn state=running enabled=true - tags: - - service - when: ansible_distribution_major_version != '6' diff --git a/tasks/openvpn_client_7.yml b/tasks/openvpn_client_7.yml new file mode 100644 index 0000000000..c08fd817d9 --- /dev/null +++ b/tasks/openvpn_client_7.yml @@ -0,0 +1,46 @@ +--- +# openvpn - ftw - or something +- name: install openvpn + yum: name=openvpn state=installed + tags: + - packages + +- name: /etc/openvpn/ca.crt from vpn/openvpn/keys/ca.crt + copy: src="{{ puppet_private }}/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root + tags: + - config + notify: + - restart openvpn 7 + +#- name: /etc/openvpn/crl.pem from vpn/openvpn/keys/crl.pem +# copy: src="{{ puppet_private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root +# tags: +# - config +# notify: +# - restart openvpn + +- name: /etc/openvpn/openvpn.conf + copy: src="{{ files }}/openvpn/client.conf" dest=/etc/openvpn/openvpn.conf + tags: + - config + notify: + - restart openvpn 7 + +- name: /etc/openvpn/client.crt + copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root + tags: + - config + notify: + - restart openvpn 7 + +- name: /etc/openvpn/client.key + copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root + tags: + - config + notify: + - restart openvpn 7 + +- name: enable openvpn service for rhel 7 or fedora + service: name=openvpn@openvpn state=running enabled=true + tags: + - service