add first cut openvpn_client tasklist

files/openvpn/client.conf

@@ -0,0 +1,25 @@
+client
+
+dev tun
+
+proto udp
+
+# Specify multiple vpn servers here
+remote gateway
+remote bastion02
+
+resolv-retry infinite
+
+nobind
+
+persist-key
+persist-tun
+
+ca ca.crt
+cert client.crt
+key client.key
+
+comp-lzo
+
+#route 10.5.126.0 255.255.255.0
+keepalive 10 60

tasks/openvpn_client.yml

@@ -0,0 +1,48 @@
+---
+# openvpn - ftw - or something
+- name: install openvpn
+  yum: name=openvpn state=installed
+  tags:
+  - packages
+
+- name: /etc/openvpn/ca.crt from  vpn/openvpn/keys/ca.crt
+  copy: src=$puppet_private/vpn/openvpn/keys/ca.crt dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+- name: /etc/openvpn/crl.pem g/secure/vpn/openvpn/keys/crl.pem
+  copy: src=$puppet_private/vpn/openvpn/keys/crl.pem dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+- name: /etc/openvpn/openvpn.conf
+  copy: src=$files/openvpn/client.conf dest=/etc/openvpn/openvpn.conf
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+- name: /etc/openvpn/client.crt
+  copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.crt dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+- name: /etc/openvpn/client.key
+  copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.key dest=/etc/openvpn/client.key mode=0600 owner=root group=root
+  tags:
+  - config
+  notify:
+  - restart openvpn
+
+
+- name: enable openvpn service
+  service: name=openvpn state=running enabled=true
+  tags:
+  - service
+