projects
/
awsible
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
generate dhparam locally rather than on vpn server
[awsible]
/
roles
/
msca-openvpn
/
tasks
/
main.yml
diff --git
a/roles/msca-openvpn/tasks/main.yml
b/roles/msca-openvpn/tasks/main.yml
index 13ae87af6393b2520d83db212ef5ad3d0ec8a068..d58cb3b3cd5d2f49987078eb1b884c06d5547301 100644
(file)
--- a/
roles/msca-openvpn/tasks/main.yml
+++ b/
roles/msca-openvpn/tasks/main.yml
@@
-9,7
+9,7
@@
- cert != ''
- key != ''
- ta_secret != ''
- cert != ''
- key != ''
- ta_secret != ''
-
+ - dhparam != ''
tags: ['check_vars']
- assert:
tags: ['check_vars']
- assert:
@@
-104,13
+104,11
@@
group: openvpn
mode: "0755"
group: openvpn
mode: "0755"
-- name: generate dh parameters
- command: /usr/bin/openssl dhparam -out /etc/openvpn/keys/dh.pem 4096
- args:
- creates: /etc/openvpn/keys/dh.pem
-
- name: install keys
with_items:
- name: install keys
with_items:
+ - file: dh.pem
+ content: "{{ dhparam }}"
+ mode: "0444"
- file: ca.{{ ca_name|lower }}.crt
content: "{{ ca_cert }}"
mode: "0400"
- file: ca.{{ ca_name|lower }}.crt
content: "{{ ca_cert }}"
mode: "0400"