diff --git a/README.md b/README.md index fc5d3b8..e2620dd 100644 --- a/README.md +++ b/README.md @@ -21,15 +21,6 @@ That must differ from host to host. The first one must be set to *True* on one h Dependencies ------------ -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: username.rolename, x: 42 } - License ------- diff --git a/meta/main.yml b/meta/main.yml index 5cc055c..03b83d1 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,61 +1,24 @@ galaxy_info: - author: your name - description: your description + author: Andrea Dell'Amico + description: Systems Architect company: ISTI-CNR - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning - # Some suggested licenses: - # - BSD (default) - # - MIT - # - GPLv2 - # - GPLv3 - # - Apache - # - CC-BY license: EUPL 1.2+ min_ansible_version: 2.8 - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # Optionally specify the branch Galaxy will use when accessing the GitHub - # repo for this role. During role install, if no tags are available, - # Galaxy will use this branch. During import Galaxy will access files on - # this branch. If Travis integration is configured, only notifications for this - # branch will be accepted. Otherwise, in all cases, the repo's default branch - # (usually master) will be used. - #github_branch: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. # To view available platforms and versions (or releases), visit: # https://galaxy.ansible.com/api/v1/platforms/ # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 + platforms: + - name: Ubuntu + versions: + - bionic - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. + galaxy_tags: + - openvpn + - vpn dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. - diff --git a/tasks/letsencrypt-openvpn.yml b/tasks/letsencrypt-openvpn.yml index fd6ddc1..42c8803 100644 --- a/tasks/letsencrypt-openvpn.yml +++ b/tasks/letsencrypt-openvpn.yml @@ -2,13 +2,13 @@ - name: Create the acme hooks directory if it does not yet exist file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root when: - - openvpn_letsencrypt_managed - - letsencrypt_acme_install + - openvpn_letsencrypt_managed | bool + - letsencrypt_acme_install | bool tags: [ 'openvpn', 'letsencrypt' ] - name: Install a script that fix the letsencrypt certificate for openvpn and then reload the service copy: src=openvpn-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/openvpn owner=root group=root mode=4555 when: - - openvpn_letsencrypt_managed - - letsencrypt_acme_install + - openvpn_letsencrypt_managed | bool + - letsencrypt_acme_install | bool tags: [ 'openvpn', 'letsencrypt' ] diff --git a/tasks/openvpn.yml b/tasks/openvpn.yml index 0f17e55..9b81760 100644 --- a/tasks/openvpn.yml +++ b/tasks/openvpn.yml @@ -22,7 +22,7 @@ tags: [ 'openvpn', 'openvpn_radius' ] - block: - - name: Install the OpenVPN radius auth plugin package + - name: Install the OpenVPN management key file template: src=management.txt.j2 dest={{ openvpn_management_file }} owner=root group=root mode=0400 when: openvpn_management_enabled | bool @@ -36,7 +36,7 @@ template: src=auth-ldap.conf.j2 dest={{ openvpn_conf_dir }}/auth/auth-ldap.conf owner=root group={{ openvpn_unprivileged_group }} mode=0440 notify: Reload OpenVPN - when: openvpn_ldap_auth + when: openvpn_ldap_auth | bool tags: [ 'openvpn', 'openvpn_ldap', 'openvpn_basic_conf' ] - block: @@ -44,19 +44,9 @@ file: dest={{ openvpn_conf_dir }}/auth/auth-ldap.conf state=absent notify: Reload OpenVPN - when: not openvpn_ldap_auth + when: not openvpn_ldap_auth | bool tags: [ 'openvpn', 'openvpn_ldap', 'openvpn_basic_conf' ] -- block: - - name: Install the perl libraries needed by the LDAP client authentication script - apt: pkg={{ openvpn_perl_pkg }} state={{ openvpn_pkg_state }} update_cache=yes cache_valid_time=1800 - - - name: Install the perl LDAP auth script - template: src=auth-ldap.pl.j2 dest={{ openvpn_conf_dir }}/auth/auth-ldap owner=root group={{ openvpn_unprivileged_group }} mode=0550 - - when: openvpn_ldap_perl_auth - tags: [ 'openvpn', 'openvpn_ldap' ] - - block: - name: Install the main OpenVPN configuration file on the servers template: src=server.conf.j2 dest={{ openvpn_conf_dir }}/{{ openvpn_conf_name }} owner=root group={{ openvpn_unprivileged_group }} mode=0440