X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=roles%2Fmsca-openvpn%2Ftasks%2Fmain.yml;h=d58cb3b3cd5d2f49987078eb1b884c06d5547301;hb=d10a4b69962d07e31bd2be65dc044c0268ec28a6;hp=92dec57df48d9dd6a9bdb258d0272636f90fce49;hpb=588872ef49cb75a5ffa775e738ae3c61f9d7bad0;p=awsible

diff --git a/roles/msca-openvpn/tasks/main.yml b/roles/msca-openvpn/tasks/main.yml
index 92dec57..d58cb3b 100644
--- a/roles/msca-openvpn/tasks/main.yml
+++ b/roles/msca-openvpn/tasks/main.yml
@@ -9,7 +9,7 @@
     - cert != ''
     - key != ''
     - ta_secret != ''
-
+    - dhparam != ''
   tags: ['check_vars']
 
 - assert:
@@ -66,13 +66,32 @@
   - openvpn.log
   - connect.log
   - disconnect.log
-  file:
-    state: touch
-    path: /var/log/openvpn/{{ item }}
+  copy:
+    content: ""
+    force: no
+    dest: /var/log/openvpn/{{ item }}
     owner: openvpn
     group: openvpn
     mode: "0644"
 
+- name: rotate user logs
+  when: vpn_mode == 'user-server'
+  copy:
+    src: openvpn-user.logrotate
+    dest: /etc/logrotate.d/openvpn-user
+    owner: root
+    group: root
+    mode: "0644"
+
+- name: rotate vpc logs
+  when: vpn_mode == 'vpc-server'
+  copy:
+    src: openvpn-vpc.logrotate
+    dest: /etc/logrotate.d/openvpn-vpc
+    owner: root
+    group: root
+    mode: "0644"
+
 - name: install scripts
   when: vpn_mode == 'user-server'
   with_items:
@@ -85,13 +104,11 @@
     group: openvpn
     mode: "0755"
 
-- name: generate dh parameters
-  command: /usr/bin/openssl dhparam -out /etc/openvpn/keys/dh.pem 4096
-  args:
-    creates: /etc/openvpn/keys/dh.pem
-
 - name: install keys
   with_items:
+  - file: dh.pem
+    content: "{{ dhparam }}"
+    mode: "0444"
   - file: ca.{{ ca_name|lower }}.crt
     content: "{{ ca_cert }}"
     mode: "0400"