diff --git a/README.md b/README.md
index d5738a8fe0d01cff8d191d950eb71e0e673f09d2..df8c0a84b279f979830ad1230ffff2060cd239a6 100644
--- a/README.md
+++ b/README.md
@@ -25,4 +25,5 @@ Here is an example task (taken from setting up karaage):
We aim to make these roles run on all common linux platforms (both RedHat and Debian derived) but at the very least they should work on a CentOS 6 install.
-Inventory is not included.
+Yaml syntax can be checked at http://www.yamllint.com/
+
diff --git a/roles/easy-rsa-CA/templates/vars.j2 b/roles/easy-rsa-CA-client/files/defaultConfig
similarity index 89%
rename from roles/easy-rsa-CA/templates/vars.j2
rename to roles/easy-rsa-CA-client/files/defaultConfig
index 52d7a3e5008aceda213cedc17b413bfd955ba444..af221dfed32653da382c10dc08b52999a9cd245e 100644
--- a/roles/easy-rsa-CA/templates/vars.j2
+++ b/roles/easy-rsa-CA-client/files/defaultConfig
@@ -61,12 +61,12 @@ export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
-export KEY_COUNTRY={{ countryName }}
-export KEY_PROVINCE={{ reginalName }}
-export KEY_CITY={{ cityName }}
-export KEY_ORG={{ organizationName }}
-export KEY_EMAIL={{ emailAddress }}
-export KEY_OU={{ organizationUnit }}
+export KEY_COUNTRY="AU"
+export KEY_PROVINCE="Victoria"
+export KEY_CITY="Melbourne"
+export KEY_ORG="Monash University"
+export KEY_EMAIL="shahaan.ayyub@monash.edu"
+export KEY_OU="MCC-R@CMON"
# X509 Subject Field
export KEY_NAME="EasyRSA"
diff --git a/roles/easy-rsa-CA-client/tasks/copyConfigurationFile.yml b/roles/easy-rsa-CA-client/tasks/copyConfigurationFile.yml
index 0143e885ccc9cb828f41ab0ef98cb98567a5cdff..0bd44099d8380443f30698d35f164c5dcf5b85f1 100644
--- a/roles/easy-rsa-CA-client/tasks/copyConfigurationFile.yml
+++ b/roles/easy-rsa-CA-client/tasks/copyConfigurationFile.yml
@@ -7,6 +7,6 @@
- userConfig
- defaultConfig
paths:
- - ../../easy-rsa-CA/templates/
- - /mnt/nectar-nfs/root/ansible-config-root/ansible_cluster_in_a_box/roles/easy-rsa-CA/files/
+ - ../../../templates/easy-rsa/
+ - ../files/
diff --git a/roles/easy-rsa-CA-server/files/defaultConfig b/roles/easy-rsa-CA-server/files/defaultConfig
new file mode 100644
index 0000000000000000000000000000000000000000..af221dfed32653da382c10dc08b52999a9cd245e
--- /dev/null
+++ b/roles/easy-rsa-CA-server/files/defaultConfig
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="/etc/easy-rsa/2.0"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid. This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=512
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="AU"
+export KEY_PROVINCE="Victoria"
+export KEY_CITY="Melbourne"
+export KEY_ORG="Monash University"
+export KEY_EMAIL="shahaan.ayyub@monash.edu"
+export KEY_OU="MCC-R@CMON"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/roles/easy-rsa-CA-server/tasks/copyConfigurationFile.yml b/roles/easy-rsa-CA-server/tasks/copyConfigurationFile.yml
index 816542146485e6877280a772a0b9fd98143e50cf..0bd44099d8380443f30698d35f164c5dcf5b85f1 100644
--- a/roles/easy-rsa-CA-server/tasks/copyConfigurationFile.yml
+++ b/roles/easy-rsa-CA-server/tasks/copyConfigurationFile.yml
@@ -7,6 +7,6 @@
- userConfig
- defaultConfig
paths:
- - ../../easy-rsa-CA/templates
- - /mnt/nectar-nfs/root/ansible-config-root/ansible_cluster_in_a_box/roles/easy-rsa-CA/files
+ - ../../../templates/easy-rsa/
+ - ../files/
diff --git a/roles/easy-rsa-CA/files/defaultConfig b/roles/easy-rsa-CA/files/defaultConfig
new file mode 100644
index 0000000000000000000000000000000000000000..af221dfed32653da382c10dc08b52999a9cd245e
--- /dev/null
+++ b/roles/easy-rsa-CA/files/defaultConfig
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="/etc/easy-rsa/2.0"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid. This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=512
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="AU"
+export KEY_PROVINCE="Victoria"
+export KEY_CITY="Melbourne"
+export KEY_ORG="Monash University"
+export KEY_EMAIL="shahaan.ayyub@monash.edu"
+export KEY_OU="MCC-R@CMON"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/roles/easy-rsa-CA/tasks/copyConfigurationFile.yml b/roles/easy-rsa-CA/tasks/copyConfigurationFile.yml
index 18c256037958345c6200efa6ea9ff17917efc8f4..0bd44099d8380443f30698d35f164c5dcf5b85f1 100644
--- a/roles/easy-rsa-CA/tasks/copyConfigurationFile.yml
+++ b/roles/easy-rsa-CA/tasks/copyConfigurationFile.yml
@@ -7,6 +7,6 @@
- userConfig
- defaultConfig
paths:
- - ../templates
- - /mnt/nectar-nfs/root/ansible-config-root/ansible_cluster_in_a_box/roles/easy-rsa-CA/files
+ - ../../../templates/easy-rsa/
+ - ../files/