cert="${1}_ca/pki/issued/${2}.${1}.crt"
key="${1}_ca/pki/private/${2}.${1}.key"
ta_secret="${1}_ca/pki/ta.key"
+dhparam="${1}_ca/pki/dh.pem"
# reuse any extant quagga password
for v in "${1}"/group_vars/*vpcaccess*
echo "found multiple potential quagga passwords; the chosen one may not be correct" 1>&2
fi
quagga_password=$(awk '/QUAGGA_PASSWORD:/{print $2}' "${v}")
+
+ if [ -n "${quagga_key}" ]
+ then
+ echo "found multiple potential quagga keys; the chosen one may not be correct" 1>&2
+ fi
done
if [ -z "${quagga_password}" ]
then
quagga_password=$(pwgen -y 16)
fi
+if [ -z "${quagga_key}" ]
+then
+ quagga_key=$(pwgen -y 16)
+fi
function onlycert(){
sed -n '/-----BEGIN /,/-----END /p' "$@"
cat<<EOF
---
-QUAGGA_PASSWORD: "${quagga_password}"
+QUAGGA_PASSWORD: ${quagga_password}
+QUAGGA_KEY: ${quagga_key}
ca_name: $1
ca_cert: |
$(indent "${ca_cert}")
$(indent "${key}")
ta_secret: |
$(indent "${ta_secret}")
+dhparam: |
+$(onlycert "${dhparam}" | indent)
EOF
- cert != ''
- key != ''
- ta_secret != ''
-
+ - dhparam != ''
tags: ['check_vars']
- assert:
group: openvpn
mode: "0755"
-- name: generate dh parameters
- command: /usr/bin/openssl dhparam -out /etc/openvpn/keys/dh.pem 4096
- args:
- creates: /etc/openvpn/keys/dh.pem
-
- name: install keys
with_items:
+ - file: dh.pem
+ content: "{{ dhparam }}"
+ mode: "0444"
- file: ca.{{ ca_name|lower }}.crt
content: "{{ ca_cert }}"
mode: "0400"
projects / awsible / commitdiff