Download keydir pack to specified directory and multiple configs

Stouts · Oct 31, 2017 · 7a3b62f · 7a3b62f
1 parent 9ccd996
commit 7a3b62f
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 6 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -69,3 +69,5 @@ openvpn_simple_auth_password: ""
 
 # Whether to embed CA, cert, and key info inside client OVPN config file.
 openvpn_unified_client_profiles: no
+openvpn_endpoints: []
+openvpn_download_dir: "creds/"
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -9,3 +9,10 @@
   with_items: "{{openvpn_clients_changed.results}}"
   args:
     chdir: "{{ openvpn_keydir }}"
+
+- name: openvpn download all keys
+  fetch:
+    src: "/etc/openvpn/keys.tar.gz"
+    dest: "{{ openvpn_download_dir }}/keys.tar.gz"
+    flat: yes
+    validate_checksum: yes
diff --git a/tasks/client_conf.yml b/tasks/client_conf.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Generate Clients configurations for each user per endpoint
+  template: src=client.conf.j2 dest="{{openvpn_keydir}}/{{user}}.{{item}}.ovpn"
+  with_items: "{{ openvpn_endpoints }}"
+  notify: openvpn pack clients
+  register: openvpn_clients_changed
+
diff --git a/tasks/configure.yml b/tasks/configure.yml
@@ -57,11 +57,10 @@
   stat: path={{openvpn_keydir}}/crl.pem
   register: crl_pem_file
 
-- name: Generate Clients configurations
-  template: src=client.conf.j2 dest={{openvpn_keydir}}/{{item}}.ovpn
+- include_tasks: client_conf.yml
   with_items: "{{ openvpn_clients }}"
-  notify: openvpn pack clients
-  register: openvpn_clients_changed
+  loop_control:
+    loop_var: user
 
 - name: Setup PAM
   template: src=openvpn.pam.j2 dest=/etc/pam.d/openvpn
@@ -92,3 +91,10 @@
 
 - name: Set ip forwarding in the sysctl file and reload if necessary
   sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes state=present reload=yes
+
+- name: openvpn keydir packing
+  archive:
+    path: "{{ openvpn_keydir }}"
+    dest: /etc/openvpn/keys.tar.gz
+    format: gz
+  notify: [openvpn download all keys]
diff --git a/templates/client.conf.j2 b/templates/client.conf.j2
@@ -1,6 +1,7 @@
 # {{ ansible_managed }}
 
-{%- set client=item -%}
+{%- set client=user -%}
+{%- set endpoint=item -%}
 
 # Specify that we are a client and that we will be pulling certain config file
 # directives from the server.
@@ -21,7 +22,7 @@ auth {{ openvpn_auth }}
 
 # The hostname/IP and port of the server. You can have multiple remote entries
 # to load balance between the servers.
-remote {{openvpn_host}} {{openvpn_port}}
+remote {{endpoint}} {{openvpn_port}}
 
 # Keep trying indefinitely to resolve the host name of the OpenVPN server.
 # Very useful on machines which are not permanently connected to the internet