- cert != ''
- key != ''
- ta_secret != ''
-
+ - dhparam != ''
tags: ['check_vars']
- assert:
group: openvpn
mode: "0755"
-- name: generate dh parameters
- command: /usr/bin/openssl dhparam -out /etc/openvpn/keys/dh.pem 4096
- args:
- creates: /etc/openvpn/keys/dh.pem
-
- name: install keys
with_items:
+ - file: dh.pem
+ content: "{{ dhparam }}"
+ mode: "0444"
- file: ca.{{ ca_name|lower }}.crt
content: "{{ ca_cert }}"
mode: "0400"