add first cut openvpn_client tasklist

2013-05-21 22:18:01 +00:00 · 2013-05-21 22:18:01 +00:00 · 67729ebdc9
commit 67729ebdc9
parent 5f24945124
2 changed files with 73 additions and 0 deletions
--- a/files/openvpn/client.conf
+++ b/files/openvpn/client.conf
@ -0,0 +1,25 @@
+client
+
+dev tun
+
+proto udp
+
+# Specify multiple vpn servers here
+remote gateway
+remote bastion02
+
+resolv-retry infinite
+
+nobind
+
+persist-key
+persist-tun
+
+ca ca.crt
+cert client.crt
+key client.key
+
+comp-lzo
+
+#route 10.5.126.0 255.255.255.0
+keepalive 10 60
--- a/tasks/openvpn_client.yml
+++ b/tasks/openvpn_client.yml
@ -0,0 +1,48 @@
+---
+# openvpn - ftw - or something
+- name: install openvpn
+  yum: name=openvpn state=installed
+  tags:
+  - packages
+
+- name: /etc/openvpn/ca.crt from  vpn/openvpn/keys/ca.crt
+  copy: src=$puppet_private/vpn/openvpn/keys/ca.crt dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+- name: /etc/openvpn/crl.pem g/secure/vpn/openvpn/keys/crl.pem
+  copy: src=$puppet_private/vpn/openvpn/keys/crl.pem dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+- name: /etc/openvpn/openvpn.conf
+  copy: src=$files/openvpn/client.conf dest=/etc/openvpn/openvpn.conf
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+- name: /etc/openvpn/client.crt
+  copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.crt dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+- name: /etc/openvpn/client.key
+  copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.key dest=/etc/openvpn/client.key mode=0600 owner=root group=root
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+
+- name: enable openvpn service
+  service: name=openvpn state=running enabled=true
+  tags:
+  - service
+