ISTI-ansible-roles
/
ansible-role-openvpn
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Try and fix the handling of the dh and ta.key files.

This commit is contained in:
Andrea Dell'Amico 2020-05-06 17:43:48 +02:00
parent 8bb81aec2f
commit 2a96f1c0e7
1 changed files with 13 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
tasks/openvpn.yml
View File

@ -101,38 +101,23 @@
- name: Fix the ta.key file permissions - name: Fix the ta.key file permissions
file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0400 file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0400
- name: Fetch both the ta and the dh files from the master node
fetch:
src: "{{ item }}"
dest: .tmp/openvpn_secrets
with_items:
- '{{ openvpn_conf_dir }}/ta.key'
- '{{ openvpn_conf_dir }}/dh2048.pem'
when: openvpn_is_master_host | bool or not openvpn_ha | bool when: openvpn_is_master_host | bool or not openvpn_ha | bool
tags: [ 'openvpn', 'openvpn_conf' ] tags: [ 'openvpn', 'openvpn_conf' ]
- block: - block:
- name: Get the dh file from the master host - name: Install the dh and ta.key files
synchronize: copy: src=.tmp/openvpn_secrets/{{ openvpn_conf_dir }}/{{ item }} dest={{ openvpn_conf_dir }}/{{ item }} owner=root group=root mode=0400 force=yes
src: '{{ openvpn_conf_dir }}/dh2048.pem' with_items:
#dest: 'rsync://root@{{ ansible_fqdn }}/{{ openvpn_conf_dir }}/dh2048.pem' - 'ta.key'
dest: '/{{ openvpn_conf_dir }}/dh2048.pem' - 'dh2048.pem'
delegate_to: '{{ openvpn_master_host }}'
ignore_errors: True
- name: Relax the ta.key file permissions so that it can be copied around
file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0444
delegate_to: '{{ openvpn_master_host }}'
ignore_errors: True
- name: Get the ta key from the master host
synchronize:
src: '{{ openvpn_conf_dir }}/ta.key'
#dest: 'rsync://root@{{ ansible_fqdn }}/{{ openvpn_conf_dir }}/ta.key'
dest: '/{{ openvpn_conf_dir }}/ta.key'
delegate_to: '{{ openvpn_master_host }}'
ignore_errors: True
- name: Fix the ta.key file permissions
file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0400
- name: Fix the ta.key file permissions on the master host
file: dest={{ openvpn_conf_dir }}/ta.key owner=root group=root mode=0400
delegate_to: '{{ openvpn_master_host }}'
ignore_errors: True
when: when:
- openvpn_ha | bool - openvpn_ha | bool