--- - assert: that: - vpn_mode|default() in ('user-server', 'vpc-server', 'vpc-client') - vpn_subnet != '' - ca_name != '' tags: ['check_vars'] - assert: that: - vpn_server_ip|default() != '' when: vpn_mode|default() == 'vpc-client' tags: ['check_vars'] - name: Install packages with_items: - openssl - openvpn yum: name: "{{ item }}" state: latest - name: Install pip things with_items: - passlib pip: name: "{{ item }}" state: present - name: openvpn config directories with_items: - conf - scripts file: state: directory path: /etc/openvpn/{{ item }} owner: openvpn group: openvpn mode: "0755" - name: openvpn cert directory file: state: directory path: /etc/openvpn/keys owner: openvpn group: openvpn mode: "0700" - name: openvpn log directory file: state: directory path: /var/log/openvpn owner: openvpn group: openvpn mode: "0755" - name: openvpn log files with_items: - status.log - openvpn.log - connect.log - disconnect.log file: state: touch path: /var/log/openvpn/{{ item }} owner: openvpn group: openvpn mode: "0644" - name: install scripts when: vpn_mode == 'user-server' with_items: - auth.py - event-log.sh copy: src: "{{ item }}" dest: /etc/openvpn/scripts/{{ item }} owner: openvpn group: openvpn mode: "0755" - name: generate dh parameters command: /usr/bin/openssl dhparam -out /etc/openvpn/keys/dh.pem 4096 args: creates: /etc/openvpn/keys/dh.pem - name: configure openvpn template: src: "{{ vpn_mode }}.conf.j2" dest: /etc/openvpn/{{ vpc_region }}-{{ vpn_mode }}.conf owner: openvpn group: openvpn mode: "0644" notify: - restart openvpn - name: enable openvpn service: name: openvpn enabled: yes notify: - restart openvpn - name: configure log shipping copy: src: awslogs.openvpn.conf dest: /etc/awslogs/config/openvpn.conf owner: root group: root mode: "0644" notify: - restart awslogs