ansible/roles/openvpn/client/tasks/main.yml

---
# OpenVpn server

- name: Install needed packages
  package:
    state: present
    name:
    - openvpn
  tags:
  - packages
  - openvpn
  when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat'

- name: Install needed packages
  package:
    state: present
    name:
    - openvpn
  tags:
  - packages
  - openvpn
  when: ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat' and ansible_cmdline.ostree is not defined

- name: Install needed packages
  package:
    state: present
    name:
    - openvpn
  tags:
  - packages
  - openvpn
  when: ansible_distribution_major_version|int > 29 and ansible_distribution == 'Fedora' and ansible_cmdline.ostree is not defined

- name: Install main config file (rhel7 and fedora)
  template: src=client.conf
            dest=/etc/openvpn/client/openvpn.conf
            owner=root group=root mode=0644
  tags:
  - install
  - openvpn
#  notify:
#  - restart openvpn (Fedora)
#  - restart openvpn (RHEL6+)
  when: (ansible_distribution == 'RedHat' or ansible_distribution == 'Fedora') and ansible_cmdline.ostree is not defined

- name: Install configuration files (rhel7 and fedora)
  copy: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode={{ item.mode }}
  with_items:
  - { file: "{{ private }}/files/vpn/pki/issued/{{ inventory_hostname }}.crt",
      dest: "/etc/openvpn/client/client.crt",
      mode: '0600' }
  - { file: "{{ private }}/files/vpn/pki/private/{{ inventory_hostname }}.key",
      dest: "/etc/openvpn/client/client.key",
      mode: '0600' }
  tags:
  - install
  - openvpn
#  notify:
#  - restart openvpn (Fedora)
#  - restart openvpn (RHEL7)
  when: (ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat') or (ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora') and ansible_cmdline.ostree is not defined

- name: Install configuration files (rhel6)
  copy: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode={{ item.mode }}
  with_items:
  - { file: client.conf,
      dest: /etc/openvpn/openvpn.conf,
      mode: '0644' }
  - { file: "{{ private }}/files/vpn/pki/issued/{{ inventory_hostname }}.crt",
      dest: "/etc/openvpn/client.crt",
      mode: '0600' }
  - { file: "{{ private }}/files/vpn/pki/private/{{ inventory_hostname }}.key",
      dest: "/etc/openvpn/client.key",
      mode: '0600' }
  tags:
  - install
  - openvpn
#  notify:
#  - restart openvpn (RHEL6)
  when: (ansible_distribution_major_version|int == 6 and ansible_distribution == 'RedHat') and ansible_cmdline.ostree is not defined

- name: enable openvpn service for rhel 6
  service: name=openvpn state=started enabled=true
  when: ansible_distribution_major_version|int == 6 and ansible_distribution == 'RedHat'
  tags:
  - service
  - openvpn

- name: Make sure old openvpn is not running in rhel 7
  service: name=openvpn@openvpn state=stopped enabled=false
  when: ansible_distribution_major_version|int == 7 and ansible_distribution == 'RedHat'
  tags:
  - service
  - openvpn

- name: Make sure openvpn is running in rhel 7+
  service: name=openvpn-client@openvpn state=started enabled=true
  when: ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat'
  tags:
  - service
  - openvpn

- name: enable openvpn service for Fedora
  service: name=openvpn-client@openvpn state=started enabled=true
  when: is_fedora is defined
  tags:
  - service
  - openvpn

- name: Create directories for post-vpn service configs
  file: path="/etc/systemd/system/{{item}}.service.d" state=directory
  with_items: "{{postvpnservices}}"
  when: is_fedora is defined or (ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat')
  tags:
  - service
  - openvpn

- name: Deploy postvpn.conf for post-vpn services
  copy: src=postvpn.conf dest="/etc/systemd/system/{{item}}.service.d/postvpn.conf"
  with_items: "{{postvpnservices}}"
  when: is_fedora is defined or (ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat')
  tags:
  - service
  - openvpn