- vpn_mode|default() in ('user-server', 'vpc-server', 'vpc-client')
- vpn_subnet != ''
- ca_name != ''
+ - ca_cert != ''
+ - crl_pem != ''
+ - cert != ''
+ - key != ''
+ - ta_secret != ''
+
tags: ['check_vars']
- assert:
args:
creates: /etc/openvpn/keys/dh.pem
+- name: install keys
+ with_items:
+ - file: ca.{{ ca_name|lower }}.crt
+ content: "{{ ca_cert }}"
+ mode: "0400"
+ - file: crl.{{ ca_name|lower }}.pem
+ content: "{{ crl_pem }}"
+ mode: "0400"
+ - file: "{{ vpc_region }}.{{ ca_name|lower }}.crt"
+ content: "{{ cert }}"
+ mode: "0400"
+ - file: "{{ vpc_region }}.{{ ca_name|lower }}.key"
+ content: "{{ key }}"
+ mode: "0400"
+ copy:
+ dest: /etc/openvpn/keys/{{ item.file }}
+ content: "{{ item.content }}"
+ mode: "{{ item.mode }}"
+ owner: openvpn
+ group: openvpn
+ notify:
+ - restart openvpn
+
- name: configure openvpn
template:
src: "{{ vpn_mode }}.conf.j2"