Better handlers for the openvpn service. Add a init script default.

2019-03-01 13:58:04 +01:00 · 2019-03-01 13:58:04 +01:00 · 8da346c7f9
parent 81f451d96e
commit 8da346c7f9
3 changed files with 54 additions and 2 deletions
--- a/openvpn/handlers/main.yml
+++ b/openvpn/handlers/main.yml
@ -3,3 +3,10 @@
  service: name=openvpn state=reloaded
  when: openvpn_enabled

+- name: Restart OpenVPN
+  service: name=openvpn state=restarted
+  when: openvpn_enabled
+
+- name: Reload systemd
+  systemd: daemon_reload=yes
+  when: ansible_service_mgr == 'systemd'
--- a/openvpn/tasks/openvpn.yml
+++ b/openvpn/tasks/openvpn.yml
@ -61,7 +61,7 @@
 - block:
    - name: Install the main OpenVPN configuration file on the servers
      template: src=server.conf.j2 dest={{ openvpn_conf_dir }}/{{ openvpn_conf_name }} owner=root group={{ openvpn_unprivileged_group }} mode=0440
-      notify: Reload OpenVPN
+      notify: Restart OpenVPN

    - name: Install the custom configuration for specific OpenVPN users in the servers
      template: src=user-ccd.conf.j2 dest={{ openvpn_conf_dir }}/ccd/{{ item.user }} owner=root group={{ openvpn_unprivileged_group }} mode=0440
@ -80,11 +80,20 @@
 - block:
    - name: Install the main OpenVPN configuration file on the clients
      template: src=client.conf.j2 dest={{ openvpn_conf_dir }}/{{ openvpn_conf_name }} owner=root group={{ openvpn_unprivileged_group }} mode=0440
-      notify: Reload OpenVPN
+      notify: Restart OpenVPN

  when: openvpn_mode != 'server'
  tags: [ 'openvpn', 'openvpn_conf' ]

+- block:
+    - name: Install the OpenVPN init defaults
+      template: src=openvpn-defaults.j2 dest=/etc/default/openvpn owner=root group=root mode=0444
+      notify:
+        - Restart OpenVPN
+        - Reload systemd
+
+  tags: [ 'openvpn', 'openvpn_conf' ]
+
 - block:
    - name: Create the dh file
      shell: openssl dhparam -out {{ openvpn_conf_dir }}/dh2048.pem 2048
--- a/openvpn/templates/openvpn-defaults.j2
+++ b/openvpn/templates/openvpn-defaults.j2
@ -0,0 +1,36 @@
+# This is the configuration file for /etc/init.d/openvpn
+
+#
+# Start only these VPNs automatically via init script.
+# Allowed values are "all", "none" or space separated list of
+# names of the VPNs. If empty, "all" is assumed.
+# The VPN name refers to the VPN configutation file name.
+# i.e. "home" would be /etc/openvpn/home.conf
+#
+# If you're running systemd, changing this variable will
+# require running "systemctl daemon-reload" followed by
+# a restart of the openvpn service (if you removed entries
+# you may have to stop those manually)
+#
+AUTOSTART="all"
+#AUTOSTART="none"
+#AUTOSTART="home office"
+#
+# WARNING: If you're running systemd the rest of the
+# options in this file are ignored.
+#
+# Refresh interval (in seconds) of default status files
+# located in /var/run/openvpn.$NAME.status
+# Defaults to 10, 0 disables status file generation
+#
+#STATUSREFRESH=10
+#STATUSREFRESH=0
+# Optional arguments to openvpn's command line
+OPTARGS=""
+#
+# If you need openvpn running after sendsigs, i.e.
+# to let umountnfs work over the vpn, set OMIT_SENDSIGS
+# to 1 and include umountnfs as Required-Stop: in openvpn's
+# init.d script (remember to run insserv after that)
+#
+OMIT_SENDSIGS=0