Merge pull request #9 from CVL-GitHub/master

Chris merging from Jupiters computer after a reabase onto monash-merc/master

Merge pull request #9 from CVL-GitHub/master
8d71afb2 · Jupiter Hu · cbd03d18 · 0f872fa0 · 8d71afb2 · 8d71afb2
Commit 8d71afb2 authored 10 years ago by Jupiter Hu
--- a/roles/OpenVPN-Client/tasks/copyCerts.yml
+++ b/roles/OpenVPN-Client/tasks/copyCerts.yml
@@ -2,12 +2,15 @@
 - 
  copy: "src=/tmp/{{ inventory_hostname }}/ca.crt dest=/etc/openvpn/ca.crt  mode=644 owner=root group=root"
  name: "Copying CA certificate"
+  when: "client_rsa.stat.exists == false"
 - 
  copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.crt dest=/etc/openvpn/{{ inventory_hostname }}.crt mode=644 owner=root group=root"
  name: "Copying Client certificate"
+  when: "client_rsa.stat.exists == false"
 - 
  copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.key dest=/etc/openvpn/{{ inventory_hostname }}.key  mode=600 owner=root group=root"
  name: "Copying Client key"
+  when: "client_rsa.stat.exists == false"

 - name: "Copying client.conf to the OpenVPN client"
  template: src={{ item }} dest=/etc/openvpn/client.conf
@@ -20,7 +23,9 @@
        - ../templates/
        - ../files/
  notify: restart openvpn
+  when: "client_rsa.stat.exists == false"

 - name: "Removing Cert Directory"
  local_action: "command rm -rf /tmp/{{ inventory_hostname }}"
+  when: "client_rsa.stat.exists == false"

--- a/roles/OpenVPN-Server/tasks/copyCerts.yml
+++ b/roles/OpenVPN-Server/tasks/copyCerts.yml
 --- 
- 
-  failed_when: "CAcert.stat.exists  == false"
-  name: "Checking if CA certificate exist"
-  register: CAcert
-  stat: path="/etc/easy-rsa/2.0/keys/ca.crt"
- 
-  name: "Copying CA certificate"
-  shell: "cp -rpvf /etc/easy-rsa/2.0/keys/ca.crt /etc/openvpn/"
-  when: "CAcert.stat.exists  == true"
- 
-  failed_when: "ServerCert.stat.exists  == false"
-  name: "Check if Server certificate exist"
-  register: ServerCert
-  stat: "path=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.crt"
- 
-  name: "Copying Server certificate"
-  shell: "cp -rpvf /etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.crt /etc/openvpn/"
-  when: "ServerCert.stat.exists  == true"
- 
-  failed_when: "ServerKey.stat.exists  == false"
-  name: "Check if Server key exist"
-  register: ServerKey
-  stat: "path=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.key"
- 
-  name: "Copying Server key"
-  shell: "cp -rpvf /etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.key /etc/openvpn/"
-  when: "ServerKey.stat.exists  == true"
- 
+- name: "Copying CA and server certificate"
+  shell: "cp -pvf /etc/easy-rsa/2.0/keys/ca.crt /etc/openvpn/; cp -pvf /etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.crt /etc/openvpn/; cp -pvf /etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.key /etc/openvpn/"
+  args:
+    creates: /etc/openvpn/ca.crt
+- name: "Create symlink for Diffie Hellman"
  file: "src=/etc/easy-rsa/2.0/keys/dh512.pem dest=/etc/openvpn/dh512.pem state=link"
-  name: "Create symlink for Diffie Hellman"
 - name: "Copying server.conf to the OpenVPN server"
  template: src={{ item }} dest=/etc/openvpn/server.conf
  with_first_found:

--- a/roles/easy-rsa-CA-client/tasks/buildClientCert.yml
+++ b/roles/easy-rsa-CA-client/tasks/buildClientCert.yml
 --- 
- 
-  delegate_to: "{{ server }}"
-  name: "Check if certificate exist"
-  register: cert
-  stat: "path=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.crt"
- 
+- name: "Check if the easy-rsa is installed"
+  register: client_rsa
+  stat: "path=/etc/openvpn/ca.crt"
+
+- name: "Creating Client certificate"
  delegate_to: "{{ server }}"
-  name: "Creating Client certificate"
  shell: " cd /etc/easy-rsa/2.0; source ./vars; export EASY_RSA=\"${EASY_RSA:-.}\"; \"$EASY_RSA\"/pkitool --csr {{ inventory_hostname }} ;\"$EASY_RSA\"/pkitool --sign {{ inventory_hostname }}"
-  when: "cert.stat.exists  == false"
- 
+  when: "client_rsa.stat.exists == false"
+
+- name: "Copy the Client Certificate to the master node"
  delegate_to: "{{ server }}"
  fetch: "src=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.crt dest=/tmp/{{ inventory_hostname }}/ fail_on_missing=yes validate_md5=yes flat=yes"
-  name: "Copy the Client Certificate to the master node"
- 
+  when: "client_rsa.stat.exists == false"
+
+- name: "Copy the Client Certificate to the master node"
  delegate_to: "{{ server }}"
  fetch: "src=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.key dest=/tmp/{{ inventory_hostname }}/ fail_on_missing=yes validate_md5=yes flat=yes"
-  name: "Copy the Client Certificate to the master node"
- 
+  when: "client_rsa.stat.exists == false"
+
+- name: "Copy the Client Certificate to the master node"
  delegate_to: "{{ server }}"
  fetch: "src=/etc/easy-rsa/2.0/keys/ca.crt dest=/tmp/{{ inventory_hostname }}/ fail_on_missing=yes validate_md5=yes flat=yes"
-  name: "Copy the Client Certificate to the master node"
-
+  when: "client_rsa.stat.exists == false"
--- a/roles/easy-rsa-CA-client/tasks/installEasyRsa.yml
+++ b/roles/easy-rsa-CA-client/tasks/installEasyRsa.yml
@@ -5,3 +5,6 @@
 - 
  name: "Moving easy-rsa to /etc"
  shell: "cp -rf /usr/share/easy-rsa /etc/"
+  args:
+    creates: /etc/easy-rsa/2.0
+
--- a/roles/easy-rsa-CA-server/tasks/buildServerCert.yml
+++ b/roles/easy-rsa-CA-server/tasks/buildServerCert.yml
 --- 
- 
-  name: "Check if certificate exist"
-  register: cert
-  stat: "path=/etc/easy-rsa/2.0/keys/{{ ansible_fqdn }}.crt"
- 
-  name: "Creating Server certificate"
-  shell: " cd /etc/easy-rsa/2.0; source ./vars; export EASY_RSA=\"${EASY_RSA:-.}\"; \"$EASY_RSA/pkitool\"  --server {{ ansible_fqdn }}"
-  when: "cert.stat.exists == false"
- 
-  name: "Check if Diffie Hellman parameters file exist"
-  register: dh
-  stat: path=/etc/easy-rsa/2.0/keys/dh512.pem
- 
-  name: "Generating Diffie-Hellman Parameters"
+- name: "Creating Server certificate"
+  shell: "cd /etc/easy-rsa/2.0; source ./vars; export EASY_RSA=\"${EASY_RSA:-.}\"; \"$EASY_RSA/pkitool\" --server {{ server }} creates=/etc/easy-rsa/2.0/keys/{{ server }}.crt"
+
+- name: "Generating Diffie-Hellman Parameters"
  shell: "cd /etc/easy-rsa/2.0; source ./vars; ./build-dh"
-  when: "dh.stat.exists == false"
+  args:
+    chdir: /etc/easy-rsa/2.0/keys/
+    creates: dh512.pem
--- a/roles/easy-rsa-CA-server/tasks/installEasyRsa.yml
+++ b/roles/easy-rsa-CA-server/tasks/installEasyRsa.yml
@@ -5,3 +5,6 @@
 - 
  name: "Moving easy-rsa to /etc"
  shell: "cp -rf /usr/share/easy-rsa /etc/"
+  args:
+    chdir: /etc/easy-rsa/2.0/
+    creates: build-ca
--- a/roles/easy-rsa-CA/tasks/buildCA.yml
+++ b/roles/easy-rsa-CA/tasks/buildCA.yml
@@ -2,3 +2,5 @@
 - 
  name: "Building the CA Certificate"
  shell: ' cd /etc/easy-rsa/2.0; source ./vars; ./clean-all;  export EASY_RSA="${EASY_RSA:-.}"; "$EASY_RSA/pkitool" --initca $*'
+  args:
+    creates: /etc/easy-rsa/2.0/keys
--- a/roles/easy-rsa-CA/tasks/buildClientCert.yml
+++ b/roles/easy-rsa-CA/tasks/buildClientCert.yml
 --- 
- 
+- name: "Creating Client certificate"
  delegate_to: "127.0.0.1"
-  name: "Check if certificate exist"
-  register: cert
-  stat: "path=/etc/easy-rsa/2.0/keys/{{ client }}.crt"
- 
-  delegate_to: "127.0.0.1"
-  name: "Creating Client certificate"
  shell: " cd /etc/easy-rsa/2.0; source ./vars; export EASY_RSA=\\\"${EASY_RSA:-.}\\\"; \"$EASY_RSA/pkitool\" --csr {{ client }} ;\"$E ASY_RSA/pkitool\" --sign {{ client }}"
+  args:
+    chdir: /etc/easy-rsa/2.0/keys/
+    creates: client.crt

--- a/roles/easy-rsa-CA/tasks/buildServerCert.yml
+++ b/roles/easy-rsa-CA/tasks/buildServerCert.yml
 --- 
- 
-  name: "Check if certificate exist"
-  register: cert
-  stat: "path=/etc/easy-rsa/2.0/keys/{{ server }}.crt"
- 
-  name: "Creating Server certificate"
+- name: "Creating Server certificate"
  shell: " cd /etc/easy-rsa/2.0; source ./vars; export EASY_RSA=\"${EASY_RSA:-.}\"; \"$EASY_RSA/pkitool\"  --server {{ server }}"
-  when: "cert.stat.exists == false"
- 
-  name: "Check if Diffie Hellman parameters file exist"
-  register: dh
-  stat: path=/etc/easy-rsa/2.0/keys/dh512.pem
- 
-  name: "Generating Diffie-Hellman Parameters"
+  args:
+    chdir: /etc/easy-rsa/2.0/keys/
+    creates: server.crt
+
+- name: "Generating Diffie-Hellman Parameters"
  shell: "cd /etc/easy-rsa/2.0; source ./vars; ./build-dh"
-  when: "dh.stat.exists == false"
+  args:
+    chdir: /etc/easy-rsa/2.0/keys/
+    creates: dh512.pem
--- a/roles/easy-rsa-CA/tasks/installEasyRsa.yml
+++ b/roles/easy-rsa-CA/tasks/installEasyRsa.yml
@@ -5,3 +5,5 @@
 - 
  name: "Moving easy-rsa to /etc"
  shell: "cp -rf /usr/share/easy-rsa /etc/"
+  args:
+    creates: /etc/easy-rsa