Skip to content
Snippets Groups Projects
Commit be41a2a3 authored by Jupiter Hu's avatar Jupiter Hu
Browse files

Merge pull request #11 from CVL-GitHub/master 

Add more checks for copying client certificate
parents 030e3df4 80fa794f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/OpenVPN-Client/tasks/copyCerts.yml
+ 4
5
View file @ be41a2a3
...@@ -2,15 +2,15 @@ ...@@ -2,15 +2,15 @@
- -
copy: "src=/tmp/{{ inventory_hostname }}/ca.crt dest=/etc/openvpn/ca.crt mode=644 owner=root group=root" copy: "src=/tmp/{{ inventory_hostname }}/ca.crt dest=/etc/openvpn/ca.crt mode=644 owner=root group=root"
name: "Copying CA certificate" name: "Copying CA certificate"
when: "client_rsa.stat.exists == false" when: "client_ca_cert.stat.exists == false"
- -
copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.crt dest=/etc/openvpn/{{ inventory_hostname }}.crt mode=644 owner=root group=root" copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.crt dest=/etc/openvpn/{{ inventory_hostname }}.crt mode=644 owner=root group=root"
name: "Copying Client certificate" name: "Copying Client certificate"
when: "client_rsa.stat.exists == false" when: "client_sign_cert.stat.exists == false"
- -
copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.key dest=/etc/openvpn/{{ inventory_hostname }}.key mode=600 owner=root group=root" copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.key dest=/etc/openvpn/{{ inventory_hostname }}.key mode=600 owner=root group=root"
name: "Copying Client key" name: "Copying Client key"
when: "client_rsa.stat.exists == false" when: "client_key.stat.exists == false"
- name: "Copying client.conf to the OpenVPN client" - name: "Copying client.conf to the OpenVPN client"
template: src={{ item }} dest=/etc/openvpn/client.conf template: src={{ item }} dest=/etc/openvpn/client.conf
...@@ -23,9 +23,8 @@ ...@@ -23,9 +23,8 @@
- ../templates/ - ../templates/
- ../files/ - ../files/
notify: restart openvpn notify: restart openvpn
when: "client_rsa.stat.exists == false"
- name: "Removing Cert Directory" - name: "Removing Cert Directory"
local_action: "command rm -rf /tmp/{{ inventory_hostname }}" local_action: "command rm -rf /tmp/{{ inventory_hostname }}"
when: "client_rsa.stat.exists == false" when: "client_ca_cert.stat.exists == false or client_key.stat.exists == false or client_sign_cert.stat.exists == false"
roles/easy-rsa-CA-client/tasks/buildClientCert.yml
+ 17
10
View file @ be41a2a3
--- ---
- name: "Check if the easy-rsa is installed" - name: "Check client ca certificate"
register: client_rsa register: client_ca_cert
stat: "path=/etc/openvpn/ca.crt" stat: "path=/etc/openvpn/ca.crt"
- name: "Check client signed key certificate"
register: client_sign_cert
stat: "path=/etc/openvpn/{{ inventory_hostname }}.crt"
- name: "Check client key"
register: client_key
stat: "path=/etc/openvpn/{{ inventory_hostname }}.key"
- name: "Creating Client certificate" - name: "Creating Client certificate"
delegate_to: "{{ server }}" delegate_to: "{{ server }}"
shell: " cd /etc/easy-rsa/2.0; source ./vars; export EASY_RSA=\"${EASY_RSA:-.}\"; \"$EASY_RSA\"/pkitool --csr {{ inventory_hostname }} ;\"$EASY_RSA\"/pkitool --sign {{ inventory_hostname }}" shell: " cd /etc/easy-rsa/2.0; source ./vars; export EASY_RSA=\"${EASY_RSA:-.}\"; \"$EASY_RSA\"/pkitool --csr {{ inventory_hostname }} ;\"$EASY_RSA\"/pkitool --sign {{ inventory_hostname }} creates=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.crt"
when: "client_rsa.stat.exists == false"
- name: "Copy the Client Certificate to the master node" - name: "Copy the Client signed certificate to the master node"
delegate_to: "{{ server }}" delegate_to: "{{ server }}"
fetch: "src=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.crt dest=/tmp/{{ inventory_hostname }}/ fail_on_missing=yes validate_md5=yes flat=yes" fetch: "src=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.crt dest=/tmp/{{ inventory_hostname }}/ fail_on_missing=yes validate_md5=yes flat=yes"
when: "client_rsa.stat.exists == false" when: "client_sign_cert.stat.exists == false"
- name: "Copy the Client Certificate to the master node" - name: "Copy the Client Key to the master node"
delegate_to: "{{ server }}" delegate_to: "{{ server }}"
fetch: "src=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.key dest=/tmp/{{ inventory_hostname }}/ fail_on_missing=yes validate_md5=yes flat=yes" fetch: "src=/etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.key dest=/tmp/{{ inventory_hostname }}/ fail_on_missing=yes validate_md5=yes flat=yes"
when: "client_rsa.stat.exists == false" when: "client_key.stat.exists == false"
- name: "Copy the Client Certificate to the master node" - name: "Copy the CA Certificate to the master node"
delegate_to: "{{ server }}" delegate_to: "{{ server }}"
fetch: "src=/etc/easy-rsa/2.0/keys/ca.crt dest=/tmp/{{ inventory_hostname }}/ fail_on_missing=yes validate_md5=yes flat=yes" fetch: "src=/etc/easy-rsa/2.0/keys/ca.crt dest=/tmp/{{ inventory_hostname }}/ fail_on_missing=yes validate_md5=yes flat=yes"
when: "client_rsa.stat.exists == false" when: "client_ca_cert.stat.exists == false"
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment