openvpn/tasks/client.yml
2020-08-17 11:48:37 +02:00

57 lines
2.0 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
- name: 'openvpn | create client directory'
file:
path: /etc/openvpn/client/{{ item.name }}/
state: directory
mode: '0755'
loop: "{{ openvpn_client }}"
tags: ['openvpn', 'openvpn_client']
- name: 'openvpn | create client request'
command: ./easyrsa --batch --req-cn={{ item.name }} gen-req {{ item.name }} nopass
args:
chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
environment:
EASYRSA_BATCH: 1
loop: "{{ openvpn_client }}"
tags: ['openvpn', 'openvpn_client']
- name: 'openvpn | create client certificates'
command: ./easyrsa sign-req client {{ item.name }}
args:
chdir: /etc/openvpn/{{ ansible_hostname }}/easy-rsa
environment:
EASYRSA_BATCH: 1
loop: "{{ openvpn_client }}"
tags: ['openvpn', 'openvpn_client']
- name: 'openvpn | copy client certificate'
copy:
src: "/etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/issued/{{ item.name }}.crt"
dest: "/etc/openvpn/client/{{ item.name }}/{{ item.name }}.crt"
remote_src: yes
loop: "{{ openvpn_client }}"
tags: ['openvpn', 'openvpn_client']
- name: 'openvpn | copy client private key'
copy:
src: "/etc/openvpn/{{ ansible_hostname }}/easy-rsa/pki/private/{{ item.name }}.key"
dest: "/etc/openvpn//client/{{ item.name }}/{{ item.name }}.key"
remote_src: yes
loop: "{{ openvpn_client }}"
tags: ['openvpn', 'openvpn_client']
- name: 'openvpn | create client configuration file'
template:
src: "../data/openvpn/client.ovpn.j2"
dest: "/etc/openvpn/client/{{ item.name }}/{{ item.name }}.ovpn"
when: openvpn_client is defined
loop: "{{ openvpn_client }}"
vars:
loop_cert: "{{ lookup('file', '/etc/openvpn/client/' + item.name + '/' + item.name + '.crt') }}"
loop_key : "{{ lookup('file', '/etc/openvpn/client/' + item.name + '/' + item.name + '.key') }}"
loop_ca : "{{ lookup('file', '/etc/openvpn/' + ansible_hostname + '/keys/ca.crt') }}"
loop_ta : "{{ lookup('file', '/etc/openvpn/' + ansible_hostname + '/keys/ta.key') }}"
tags: ['openvpn', 'openvpn_client']