From 8da346c7f902baf53800a4fdc3a1f34e560f41b9 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 1 Mar 2019 13:58:04 +0100 Subject: [PATCH] Better handlers for the openvpn service. Add a init script default. --- openvpn/handlers/main.yml | 7 ++++++ openvpn/tasks/openvpn.yml | 13 ++++++++-- openvpn/templates/openvpn-defaults.j2 | 36 +++++++++++++++++++++++++++ 3 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 openvpn/templates/openvpn-defaults.j2 diff --git a/openvpn/handlers/main.yml b/openvpn/handlers/main.yml index fb4be8af..85f0766f 100644 --- a/openvpn/handlers/main.yml +++ b/openvpn/handlers/main.yml @@ -3,3 +3,10 @@ service: name=openvpn state=reloaded when: openvpn_enabled +- name: Restart OpenVPN + service: name=openvpn state=restarted + when: openvpn_enabled + +- name: Reload systemd + systemd: daemon_reload=yes + when: ansible_service_mgr == 'systemd' \ No newline at end of file diff --git a/openvpn/tasks/openvpn.yml b/openvpn/tasks/openvpn.yml index 4ab5bdbf..55ccb395 100644 --- a/openvpn/tasks/openvpn.yml +++ b/openvpn/tasks/openvpn.yml @@ -61,7 +61,7 @@ - block: - name: Install the main OpenVPN configuration file on the servers template: src=server.conf.j2 dest={{ openvpn_conf_dir }}/{{ openvpn_conf_name }} owner=root group={{ openvpn_unprivileged_group }} mode=0440 - notify: Reload OpenVPN + notify: Restart OpenVPN - name: Install the custom configuration for specific OpenVPN users in the servers template: src=user-ccd.conf.j2 dest={{ openvpn_conf_dir }}/ccd/{{ item.user }} owner=root group={{ openvpn_unprivileged_group }} mode=0440 @@ -80,11 +80,20 @@ - block: - name: Install the main OpenVPN configuration file on the clients template: src=client.conf.j2 dest={{ openvpn_conf_dir }}/{{ openvpn_conf_name }} owner=root group={{ openvpn_unprivileged_group }} mode=0440 - notify: Reload OpenVPN + notify: Restart OpenVPN when: openvpn_mode != 'server' tags: [ 'openvpn', 'openvpn_conf' ] +- block: + - name: Install the OpenVPN init defaults + template: src=openvpn-defaults.j2 dest=/etc/default/openvpn owner=root group=root mode=0444 + notify: + - Restart OpenVPN + - Reload systemd + + tags: [ 'openvpn', 'openvpn_conf' ] + - block: - name: Create the dh file shell: openssl dhparam -out {{ openvpn_conf_dir }}/dh2048.pem 2048 diff --git a/openvpn/templates/openvpn-defaults.j2 b/openvpn/templates/openvpn-defaults.j2 new file mode 100644 index 00000000..cff032db --- /dev/null +++ b/openvpn/templates/openvpn-defaults.j2 @@ -0,0 +1,36 @@ +# This is the configuration file for /etc/init.d/openvpn + +# +# Start only these VPNs automatically via init script. +# Allowed values are "all", "none" or space separated list of +# names of the VPNs. If empty, "all" is assumed. +# The VPN name refers to the VPN configutation file name. +# i.e. "home" would be /etc/openvpn/home.conf +# +# If you're running systemd, changing this variable will +# require running "systemctl daemon-reload" followed by +# a restart of the openvpn service (if you removed entries +# you may have to stop those manually) +# +AUTOSTART="all" +#AUTOSTART="none" +#AUTOSTART="home office" +# +# WARNING: If you're running systemd the rest of the +# options in this file are ignored. +# +# Refresh interval (in seconds) of default status files +# located in /var/run/openvpn.$NAME.status +# Defaults to 10, 0 disables status file generation +# +#STATUSREFRESH=10 +#STATUSREFRESH=0 +# Optional arguments to openvpn's command line +OPTARGS="" +# +# If you need openvpn running after sendsigs, i.e. +# to let umountnfs work over the vpn, set OMIT_SENDSIGS +# to 1 and include umountnfs as Required-Stop: in openvpn's +# init.d script (remember to run insserv after that) +# +OMIT_SENDSIGS=0