ansible-roles/openvpn/tasks/openvpn.yml

---
- name: Install the OpenVPN main packages
  apt: pkg={{ item }} state={{ openvpn_pkg_state }} update_cache=yes
  with_items: '{{ openvpn_pkgs }}'
  tags: openvpn

- name: Install the OpenVPN radius auth plugin package
  apt: pkg={{ item }} state={{ openvpn_pkg_state }}
  with_items: '{{ openvpn_radius_pkg }}'
  when: openvpn_radius_auth
  tags: openvpn

- name: Install the OpenVPN ldap auth plugin package
  apt: pkg={{ item }} state={{ openvpn_pkg_state }}
  with_items: '{{ openvpn_ldap_pkg }}'
  when: openvpn_ldap_auth
  tags: openvpn

- name: Install the OpenVPN PAM auth plugin
  shell: cp /usr/lib/openvpn/openvpn-plugin-auth-pam.so {{ openvpn_conf_dir }}/openvpn-plugin-auth-pam.so
  args:
    creates: '{{ openvpn_conf_dir }}/openvpn-plugin-auth-pam.so'
  when: openvpn_username_pam_auth
  tags: openvpn

- name: Remove the OpenVPN PSM auth plugin
  file: dest={{ openvpn_conf_dir }}/openvpn-plugin-auth-pam.so state=absent
  when: not openvpn_username_pam_auth
  tags: openvpn

- name: Create the ipp and status subdirs
  file: dest={{ openvpn_conf_dir }}/{{ item }} state=directory
  with_items:
    - ipp
    - status
  tags: openvpn

- name: Install the main OpenVPN configuration file
  template: src=openvpn.conf.j2 dest={{ openvpn_conf_dir }}/{{ openvpn_conf_name }} owner=root group=root mode=0444
  notify: Reload OpenVPN
  tags: openvpn

- name: Create the dh file
  shell: openssl dhparam -out {{ openvpn_conf_dir }}/dh2048.pem 2048 ; chmod 444 {{ openvpn_conf_dir }}/dh2048.pem
  args:
    creates: '{{ openvpn_conf_dir }}/dh2048.pem'
  tags: openvpn
  
- name: Create the ta key
  shell: cd {{ openvpn_conf_dir }} ; openvpn --genkey --secret ta.key ; chmod 400 {{ openvpn_conf_dir }}/ta.key
  args:
    creates: '{{ openvpn_conf_dir }}/ta.key'
  tags: openvpn

- name: Ensure that the OpenVPN service is enabled and running
  service: name=openvpn state=started enabled=yes
  when: openvpn_enabled
  tags: openvpn

- name: Ensure that the OpenVPN service is stopped and disabled
  service: name=openvpn state=stopped enabled=no
  when: not openvpn_enabled
  tags: openvpn

- name: Enable kernel forwarding
  sysctl: name={{ item }} value=1 reload=yes state=present
  with_items:
    - net.ipv4.ip_forward
#    - net.ipv6.conf.all.forwarding
  when: openvpn_enable_system_forward
  tags: openvpn

- name: Disable kernel forwarding
  sysctl: name={{ item }} value=0 reload=yes state=present
  with_items:
    - net.ipv4.ip_forward
#    - net.ipv6.conf.all.forwarding
  when: not openvpn_enable_system_forward
  tags: openvpn
library/roles/openvpn: Installs and configure a openvpn service. 2016-06-11 16:57:29 +02:00			`---`
			`- name: Install the OpenVPN main packages`
			`apt: pkg={{ item }} state={{ openvpn_pkg_state }} update_cache=yes`
			`with_items: '{{ openvpn_pkgs }}'`
			`tags: openvpn`

			`- name: Install the OpenVPN radius auth plugin package`
			`apt: pkg={{ item }} state={{ openvpn_pkg_state }}`
			`with_items: '{{ openvpn_radius_pkg }}'`
			`when: openvpn_radius_auth`
			`tags: openvpn`

			`- name: Install the OpenVPN ldap auth plugin package`
			`apt: pkg={{ item }} state={{ openvpn_pkg_state }}`
			`with_items: '{{ openvpn_ldap_pkg }}'`
			`when: openvpn_ldap_auth`
			`tags: openvpn`

			`- name: Install the OpenVPN PAM auth plugin`
			`shell: cp /usr/lib/openvpn/openvpn-plugin-auth-pam.so {{ openvpn_conf_dir }}/openvpn-plugin-auth-pam.so`
			`args:`
			`creates: '{{ openvpn_conf_dir }}/openvpn-plugin-auth-pam.so'`
			`when: openvpn_username_pam_auth`
			`tags: openvpn`

			`- name: Remove the OpenVPN PSM auth plugin`
			`file: dest={{ openvpn_conf_dir }}/openvpn-plugin-auth-pam.so state=absent`
			`when: not openvpn_username_pam_auth`
			`tags: openvpn`

			`- name: Create the ipp and status subdirs`
			`file: dest={{ openvpn_conf_dir }}/{{ item }} state=directory`
			`with_items:`
			`- ipp`
			`- status`
			`tags: openvpn`

			`- name: Install the main OpenVPN configuration file`
			`template: src=openvpn.conf.j2 dest={{ openvpn_conf_dir }}/{{ openvpn_conf_name }} owner=root group=root mode=0444`
			`notify: Reload OpenVPN`
			`tags: openvpn`

			`- name: Create the dh file`
			`shell: openssl dhparam -out {{ openvpn_conf_dir }}/dh2048.pem 2048 ; chmod 444 {{ openvpn_conf_dir }}/dh2048.pem`
			`args:`
			`creates: '{{ openvpn_conf_dir }}/dh2048.pem'`
			`tags: openvpn`

			`- name: Create the ta key`
			`shell: cd {{ openvpn_conf_dir }} ; openvpn --genkey --secret ta.key ; chmod 400 {{ openvpn_conf_dir }}/ta.key`
			`args:`
			`creates: '{{ openvpn_conf_dir }}/ta.key'`
			`tags: openvpn`

			`- name: Ensure that the OpenVPN service is enabled and running`
			`service: name=openvpn state=started enabled=yes`
			`when: openvpn_enabled`
			`tags: openvpn`

			`- name: Ensure that the OpenVPN service is stopped and disabled`
			`service: name=openvpn state=stopped enabled=no`
			`when: not openvpn_enabled`
			`tags: openvpn`

			`- name: Enable kernel forwarding`
			`sysctl: name={{ item }} value=1 reload=yes state=present`
			`with_items:`
			`- net.ipv4.ip_forward`
			`# - net.ipv6.conf.all.forwarding`
			`when: openvpn_enable_system_forward`
			`tags: openvpn`

			`- name: Disable kernel forwarding`
			`sysctl: name={{ item }} value=0 reload=yes state=present`
			`with_items:`
			`- net.ipv4.ip_forward`
			`# - net.ipv6.conf.all.forwarding`
			`when: not openvpn_enable_system_forward`
			`tags: openvpn`