add condition
This commit is contained in:
ludal
parent
b61f628b12
commit
a0cd4f5ff3
@ -12,6 +12,7 @@
|
|||||||
- openssl
|
- openssl
|
||||||
- easy-rsa
|
- easy-rsa
|
||||||
state: present
|
state: present
|
||||||
|
register: is_installed
|
||||||
tags: ['openvpn', 'openvpn_install']
|
tags: ['openvpn', 'openvpn_install']
|
||||||
|
|
||||||
- name: 'openvpn | create directories'
|
- name: 'openvpn | create directories'
|
||||||
@ -19,6 +20,7 @@
|
|||||||
path: /etc/openvpn/{{ ansible_hostname }}/keys
|
path: /etc/openvpn/{{ ansible_hostname }}/keys
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
|
when: is_installed
|
||||||
tags: ['openvpn', 'openvpn_install']
|
tags: ['openvpn', 'openvpn_install']
|
||||||
|
|
||||||
- name: 'openvpn | copy easy-rsa'
|
- name: 'openvpn | copy easy-rsa'
|
||||||
@ -27,6 +29,7 @@
|
|||||||
dest: /etc/openvpn/{{ ansible_hostname }}
|
dest: /etc/openvpn/{{ ansible_hostname }}
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
when: is_installed
|
||||||
tags: ['openvpn', 'openvpn_install']
|
tags: ['openvpn', 'openvpn_install']
|
||||||
|
|
||||||
- name: 'openvpn | chmod +x easyrsa'
|
- name: 'openvpn | chmod +x easyrsa'
|
||||||
@ -35,5 +38,5 @@
|
|||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
when: is_installed
|
||||||
tags: ['openvpn', 'openvpn_install']
|
tags: ['openvpn', 'openvpn_install']
|
||||||
|
|
||||||
|
|||||||
@ -3,18 +3,21 @@
|
|||||||
template:
|
template:
|
||||||
src: "../data/openvpn/vars.j2"
|
src: "../data/openvpn/vars.j2"
|
||||||
dest: "/etc/openvpn/{{ ansible_hostname }}/easy-rsa/vars"
|
dest: "/etc/openvpn/{{ ansible_hostname }}/easy-rsa/vars"
|
||||||
|
when: is_installed
|
||||||
tags: ['openvpn', 'openvpn_server']
|
tags: ['openvpn', 'openvpn_server']
|
||||||
|
|
||||||
- name: 'openvpn | cleanup everything'
|
- name: 'openvpn | cleanup everything'
|
||||||
command: "./easyrsa init-pki"
|
command: "./easyrsa init-pki"
|
||||||
args:
|
args:
|
||||||
chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
|
chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
|
||||||
|
when: is_installed
|
||||||
tags: ['openvpn', 'openvpn_server']
|
tags: ['openvpn', 'openvpn_server']
|
||||||
|
|
||||||
- name: 'openvpn | create random file'
|
- name: 'openvpn | create random file'
|
||||||
command: "dd if=/dev/urandom of=pki/.rnd bs=256 count=1"
|
command: "dd if=/dev/urandom of=pki/.rnd bs=256 count=1"
|
||||||
args:
|
args:
|
||||||
chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
|
chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
|
||||||
|
when: is_installed
|
||||||
tags: ['openvpn', 'openvpn_server']
|
tags: ['openvpn', 'openvpn_server']
|
||||||
|
|
||||||
- name: 'openvpn | generate certificates'
|
- name: 'openvpn | generate certificates'
|
||||||
@ -27,6 +30,7 @@
|
|||||||
- ./easyrsa build-ca nopass
|
- ./easyrsa build-ca nopass
|
||||||
- ./easyrsa gen-dh
|
- ./easyrsa gen-dh
|
||||||
- ./easyrsa build-server-full {{ ansible_hostname }} nopass
|
- ./easyrsa build-server-full {{ ansible_hostname }} nopass
|
||||||
|
when: is_installed
|
||||||
tags: ['openvpn', 'openvpn_server']
|
tags: ['openvpn', 'openvpn_server']
|
||||||
|
|
||||||
- name: 'openvpn | copy certificates'
|
- name: 'openvpn | copy certificates'
|
||||||
@ -39,10 +43,12 @@
|
|||||||
- /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/private/{{ ansible_hostname }}.key
|
- /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/private/{{ ansible_hostname }}.key
|
||||||
- /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/issued/{{ ansible_hostname }}.crt
|
- /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/issued/{{ ansible_hostname }}.crt
|
||||||
- /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/ca.crt
|
- /etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/ca.crt
|
||||||
|
when: is_installed
|
||||||
tags: ['openvpn', 'openvpn_server']
|
tags: ['openvpn', 'openvpn_server']
|
||||||
|
|
||||||
- name: 'openvpn | generate ta.key'
|
- name: 'openvpn | generate ta.key'
|
||||||
command: "openvpn --genkey --secret /etc/openvpn/{{ ansible_hostname }}/keys/ta.key"
|
command: "openvpn --genkey --secret /etc/openvpn/{{ ansible_hostname }}/keys/ta.key"
|
||||||
|
when: is_installed
|
||||||
tags: ['openvpn', 'openvpn_server']
|
tags: ['openvpn', 'openvpn_server']
|
||||||
|
|
||||||
- name: 'openvpn | chmod ta.key'
|
- name: 'openvpn | chmod ta.key'
|
||||||
@ -51,19 +57,22 @@
|
|||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
when: is_installed
|
||||||
tags: ['openvpn', 'openvpn_server']
|
tags: ['openvpn', 'openvpn_server']
|
||||||
|
|
||||||
- name: 'openvpn | configure ifconfig-pool-persist'
|
- name: 'openvpn | configure ifconfig-pool-persist'
|
||||||
template:
|
template:
|
||||||
src: "../data/openvpn/ipp.txt.j2"
|
src: "../data/openvpn/ipp.txt.j2"
|
||||||
dest: "/etc/openvpn/{{ ansible_hostname }}/ipp.txt"
|
dest: "/etc/openvpn/{{ ansible_hostname }}/ipp.txt"
|
||||||
when: openvpn_client is defined
|
when:
|
||||||
|
- is_installed
|
||||||
|
- openvpn_client is defined
|
||||||
tags: ['openvpn', 'openvpn_server']
|
tags: ['openvpn', 'openvpn_server']
|
||||||
|
|
||||||
- name: 'openvpn | copy server configuration'
|
- name: 'openvpn | copy server configuration'
|
||||||
template:
|
template:
|
||||||
src: "../data/openvpn/server.conf.j2"
|
src: "../data/openvpn/server.conf.j2"
|
||||||
dest: "/etc/openvpn/{{ ansible_hostname }}.conf"
|
dest: "/etc/openvpn/{{ ansible_hostname }}.conf"
|
||||||
|
when: is_installed
|
||||||
tags: ['openvpn', 'openvpn_server']
|
tags: ['openvpn', 'openvpn_server']
|
||||||
notify: openvpn-restart
|
notify: openvpn-restart
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user