X-Git-Url: http://git.squeep.com/?p=awsible;a=blobdiff_plain;f=roles%2Fmsca-openvpn%2Ftasks%2Fmain.yml;h=92dec57df48d9dd6a9bdb258d0272636f90fce49;hp=e0420fd4892c3b791415dd7bb5336a8b8d92490e;hb=588872ef49cb75a5ffa775e738ae3c61f9d7bad0;hpb=2b14f2bf46bb3b58bf1c101d1eed8256fb9a4d37

diff --git a/roles/msca-openvpn/tasks/main.yml b/roles/msca-openvpn/tasks/main.yml
index e0420fd..92dec57 100644
--- a/roles/msca-openvpn/tasks/main.yml
+++ b/roles/msca-openvpn/tasks/main.yml
@@ -4,6 +4,12 @@
     - vpn_mode|default() in ('user-server', 'vpc-server', 'vpc-client')
     - vpn_subnet != ''
     - ca_name != ''
+    - ca_cert != ''
+    - crl_pem != ''
+    - cert != ''
+    - key != ''
+    - ta_secret != ''
+
   tags: ['check_vars']
 
 - assert:
@@ -84,6 +90,29 @@
   args:
     creates: /etc/openvpn/keys/dh.pem
 
+- name: install keys
+  with_items:
+  - file: ca.{{ ca_name|lower }}.crt
+    content: "{{ ca_cert }}"
+    mode: "0400"
+  - file: crl.{{ ca_name|lower }}.pem
+    content: "{{ crl_pem }}"
+    mode: "0400"
+  - file: "{{ vpc_region }}.{{ ca_name|lower }}.crt"
+    content: "{{ cert }}"
+    mode: "0400"
+  - file: "{{ vpc_region }}.{{ ca_name|lower }}.key"
+    content: "{{ key }}"
+    mode: "0400"
+  copy:
+    dest: /etc/openvpn/keys/{{ item.file }}
+    content: "{{ item.content }}"
+    mode: "{{ item.mode }}"
+    owner: openvpn
+    group: openvpn
+  notify:
+  - restart openvpn
+
 - name: configure openvpn
   template:
     src: "{{ vpn_mode }}.conf.j2"