From 9403ed23092a3639b876712f45626022a6cd9ed9 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 16 Apr 2021 14:09:33 -0700 Subject: [PATCH] openvpn / client: drop tons of old cruft for el6 and old openvpn We had a bunch of old el6 conditionals in here, and we have 0 el6 machines. We also now have some CentOS instances, so we shouldn't check for RedHat or Fedora anymore. Also, everything is using the newer openvpn now so no need to make sure the old one is stopped. This should not affect the vast majority of hosts, but it should allow the el7/el8-test instances vpns to actually work. Signed-off-by: Kevin Fenzi --- roles/openvpn/client/tasks/main.yml | 59 +---------------------------- 1 file changed, 1 insertion(+), 58 deletions(-) diff --git a/roles/openvpn/client/tasks/main.yml b/roles/openvpn/client/tasks/main.yml index d382c50a86..a3ca8a8da7 100644 --- a/roles/openvpn/client/tasks/main.yml +++ b/roles/openvpn/client/tasks/main.yml @@ -9,29 +9,8 @@ tags: - packages - openvpn - when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' -- name: Install needed packages - package: - state: present - name: - - openvpn - tags: - - packages - - openvpn - when: ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat' and ansible_cmdline.ostree is not defined - -- name: Install needed packages - package: - state: present - name: - - openvpn - tags: - - packages - - openvpn - when: ansible_distribution_major_version|int > 29 and ansible_distribution == 'Fedora' and ansible_cmdline.ostree is not defined - -- name: Install main config file (rhel7 and fedora) +- name: Install main config file template: src=client.conf dest=/etc/openvpn/client/openvpn.conf owner=root group=root mode=0644 @@ -41,7 +20,6 @@ # notify: # - restart openvpn (Fedora) # - restart openvpn (RHEL6+) - when: (ansible_distribution == 'RedHat' or ansible_distribution == 'Fedora') and ansible_cmdline.ostree is not defined - name: Install configuration files (rhel7 and fedora) copy: src={{ item.file }} @@ -62,41 +40,6 @@ # - restart openvpn (RHEL7) when: (ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat') or (ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora') and ansible_cmdline.ostree is not defined -- name: Install configuration files (rhel6) - copy: src={{ item.file }} - dest={{ item.dest }} - owner=root group=root mode={{ item.mode }} - with_items: - - { file: client.conf, - dest: /etc/openvpn/openvpn.conf, - mode: '0644' } - - { file: "{{ private }}/files/vpn/pki/issued/{{ inventory_hostname }}.crt", - dest: "/etc/openvpn/client.crt", - mode: '0600' } - - { file: "{{ private }}/files/vpn/pki/private/{{ inventory_hostname }}.key", - dest: "/etc/openvpn/client.key", - mode: '0600' } - tags: - - install - - openvpn -# notify: -# - restart openvpn (RHEL6) - when: (ansible_distribution_major_version|int == 6 and ansible_distribution == 'RedHat') and ansible_cmdline.ostree is not defined - -- name: enable openvpn service for rhel 6 - service: name=openvpn state=started enabled=true - when: ansible_distribution_major_version|int == 6 and ansible_distribution == 'RedHat' - tags: - - service - - openvpn - -- name: Make sure old openvpn is not running in rhel 7 - service: name=openvpn@openvpn state=stopped enabled=false - when: ansible_distribution_major_version|int == 7 and ansible_distribution == 'RedHat' - tags: - - service - - openvpn - - name: Make sure openvpn is running in rhel 7+ service: name=openvpn-client@openvpn state=started enabled=true when: ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat'