ansible/roles/openvpn/server/tasks/main.yml

---
# OpenVpn server

- name: Install needed packages
  yum: pkg={{ item }} state=installed
  with_items:
  - openvpn
  tags:
  - packages

- name: Create the /etc/openvpn/ccd/ directory
  file: >
    dest=/etc/openvpn/ccd/
    mode=0755
    owner=root
    group=root
    state=directory

- name: Install configuration files
  file: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode={{ mode }}
  with_items:
  - { file: server.conf,
      dest: /etc/openvpn/openvpn.conf,
      mode: 0644 }
  - { file: "{{ puppet_private }}/vpn/openvpn/keys/server.crt",
      dest: /etc/openvpn/server.crt,
      mode: 0644 }
  - { file: "{{ puppet_private }}/vpn/openvpn/keys/server.key",
      dest: /etc/openvpn/server.key,
      mode: 0600 }
  - { file: "{{ puppet_private }}/vpn/openvpn/keys/dh2048.pem",
      dest: /etc/openvpn/server.key,
      mode: 0644 }
  tags:
  - install
  notify:
  - restart openvpn {{ ansible_distribution_version[0] }}


- name: Install the ccd files
  file: file src={{ files }}/ccd/ dest=/etc/openvpn/ccd/ recurse=true 
  notify:
  - restart openvpn {{ ansible_distribution_version[0] }}


- name: enable openvpn service for rhel 6 or Fedora
  service: name=openvpn state=running enabled=true
  when: ansible_distribution_version[0] == 6 or is_fedora is defined
  tags:
  - service

- name: enable openvpn service for rhel 7
  service: name=openvpn@openvpn state=running enabled=true
  when: ansible_distribution_version[0] == 7
  tags:
  - service
Start the port to ansible of openvpn 2014-07-31 22:37:58 +02:00			`---`
			`# OpenVpn server`

			`- name: Install needed packages`
			`yum: pkg={{ item }} state=installed`
			`with_items:`
			`- openvpn`
			`tags:`
			`- packages`

			`- name: Create the /etc/openvpn/ccd/ directory`
			`file: >`
			`dest=/etc/openvpn/ccd/`
			`mode=0755`
			`owner=root`
			`group=root`
			`state=directory`

			`- name: Install configuration files`
			`file: src={{ item.file }}`
And we put directly the destination, no location set 2014-08-01 16:30:08 +02:00			`dest={{ item.dest }}`
Start the port to ansible of openvpn 2014-07-31 22:37:58 +02:00			`owner=root group=root mode={{ mode }}`
			`with_items:`
			`- { file: server.conf,`
			`dest: /etc/openvpn/openvpn.conf,`
			`mode: 0644 }`
What about quotes 2014-08-01 16:26:15 +02:00			`- { file: "{{ puppet_private }}/vpn/openvpn/keys/server.crt",`
Start the port to ansible of openvpn 2014-07-31 22:37:58 +02:00			`dest: /etc/openvpn/server.crt,`
			`mode: 0644 }`
What about quotes 2014-08-01 16:26:15 +02:00			`- { file: "{{ puppet_private }}/vpn/openvpn/keys/server.key",`
Start the port to ansible of openvpn 2014-07-31 22:37:58 +02:00			`dest: /etc/openvpn/server.key,`
			`mode: 0600 }`
What about quotes 2014-08-01 16:26:15 +02:00			`- { file: "{{ puppet_private }}/vpn/openvpn/keys/dh2048.pem",`
Start the port to ansible of openvpn 2014-07-31 22:37:58 +02:00			`dest: /etc/openvpn/server.key,`
			`mode: 0644 }`
			`tags:`
			`- install`
Adjust the openvpn handler automatically to the distribution used 2014-08-01 12:35:05 +02:00			`notify:`
			`- restart openvpn {{ ansible_distribution_version[0] }}`

Start the port to ansible of openvpn 2014-07-31 22:37:58 +02:00
			`- name: Install the ccd files`
			`file: file src={{ files }}/ccd/ dest=/etc/openvpn/ccd/ recurse=true`
Adjust the openvpn handler automatically to the distribution used 2014-08-01 12:35:05 +02:00			`notify:`
			`- restart openvpn {{ ansible_distribution_version[0] }}`
Start the port to ansible of openvpn 2014-07-31 22:37:58 +02:00
Add the logic to enable the openvpn server on EL6, EL7 and Fedora in the client and the server 2014-08-01 12:39:43 +02:00
			`- name: enable openvpn service for rhel 6 or Fedora`
			`service: name=openvpn state=running enabled=true`
			`when: ansible_distribution_version[0] == 6 or is_fedora is defined`
			`tags:`
			`- service`

			`- name: enable openvpn service for rhel 7`
			`service: name=openvpn@openvpn state=running enabled=true`
			`when: ansible_distribution_version[0] == 7`
			`tags:`
			`- service`