From 7a3b62f4021e3630b625ff5ac3a0ee76ed93df2d Mon Sep 17 00:00:00 2001 From: Leonidas Tsampros Date: Sat, 28 Oct 2017 21:00:47 +0100 Subject: [PATCH] Download keydir pack to specified directory and multiple configs --- defaults/main.yml | 2 ++ handlers/main.yml | 7 +++++++ tasks/client_conf.yml | 8 ++++++++ tasks/configure.yml | 14 ++++++++++---- templates/client.conf.j2 | 5 +++-- 5 files changed, 30 insertions(+), 6 deletions(-) create mode 100644 tasks/client_conf.yml diff --git a/defaults/main.yml b/defaults/main.yml index 041520d..1636612 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -69,3 +69,5 @@ openvpn_simple_auth_password: "" # Whether to embed CA, cert, and key info inside client OVPN config file. openvpn_unified_client_profiles: no +openvpn_endpoints: [] +openvpn_download_dir: "creds/" diff --git a/handlers/main.yml b/handlers/main.yml index 2ff173b..9dae8ce 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -9,3 +9,10 @@ with_items: "{{openvpn_clients_changed.results}}" args: chdir: "{{ openvpn_keydir }}" + +- name: openvpn download all keys + fetch: + src: "/etc/openvpn/keys.tar.gz" + dest: "{{ openvpn_download_dir }}/keys.tar.gz" + flat: yes + validate_checksum: yes diff --git a/tasks/client_conf.yml b/tasks/client_conf.yml new file mode 100644 index 0000000..d8b10cb --- /dev/null +++ b/tasks/client_conf.yml @@ -0,0 +1,8 @@ +--- + +- name: Generate Clients configurations for each user per endpoint + template: src=client.conf.j2 dest="{{openvpn_keydir}}/{{user}}.{{item}}.ovpn" + with_items: "{{ openvpn_endpoints }}" + notify: openvpn pack clients + register: openvpn_clients_changed + diff --git a/tasks/configure.yml b/tasks/configure.yml index 4ee8c56..4818197 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -57,11 +57,10 @@ stat: path={{openvpn_keydir}}/crl.pem register: crl_pem_file -- name: Generate Clients configurations - template: src=client.conf.j2 dest={{openvpn_keydir}}/{{item}}.ovpn +- include_tasks: client_conf.yml with_items: "{{ openvpn_clients }}" - notify: openvpn pack clients - register: openvpn_clients_changed + loop_control: + loop_var: user - name: Setup PAM template: src=openvpn.pam.j2 dest=/etc/pam.d/openvpn @@ -92,3 +91,10 @@ - name: Set ip forwarding in the sysctl file and reload if necessary sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes state=present reload=yes + +- name: openvpn keydir packing + archive: + path: "{{ openvpn_keydir }}" + dest: /etc/openvpn/keys.tar.gz + format: gz + notify: [openvpn download all keys] diff --git a/templates/client.conf.j2 b/templates/client.conf.j2 index edbd861..f983f18 100644 --- a/templates/client.conf.j2 +++ b/templates/client.conf.j2 @@ -1,6 +1,7 @@ # {{ ansible_managed }} -{%- set client=item -%} +{%- set client=user -%} +{%- set endpoint=item -%} # Specify that we are a client and that we will be pulling certain config file # directives from the server. @@ -21,7 +22,7 @@ auth {{ openvpn_auth }} # The hostname/IP and port of the server. You can have multiple remote entries # to load balance between the servers. -remote {{openvpn_host}} {{openvpn_port}} +remote {{endpoint}} {{openvpn_port}} # Keep trying indefinitely to resolve the host name of the OpenVPN server. # Very useful on machines which are not permanently connected to the internet