Initial openvpn role commit
Change-Id: I091e7b198d852d5857f7b606cce2469c2f8ba9a7
diff --git a/tasks/Debian.yml b/tasks/Debian.yml
new file mode 100644
index 0000000..6be3389
--- /dev/null
+++ b/tasks/Debian.yml
@@ -0,0 +1,13 @@
+---
+# openvpn tasks/Debian.yml
+#
+# SPDX-FileCopyrightText: 2022 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+- name: Install openvpn apt packages
+ apt:
+ name:
+ - openvpn
+ install_recommends: false # don't install easy-rsa
+ update_cache: true
+ cache_valid_time: 3600
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..29a3477
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,43 @@
+---
+# openvpn tasks/main.yml
+#
+# SPDX-FileCopyrightText: 2022 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+- name: include OS-specific vars
+ include_vars: "{{ ansible_os_family }}.yml"
+
+- name: include OS-specific tasks
+ include_tasks: "{{ ansible_os_family }}.yml"
+
+- name: Copy certificate
+ copy:
+ src: "{{ item }}"
+ dest: "{{ openvpn_conf_dir }}/server/{{ item }}"
+ owner: root
+ group: root
+ mode: 0640
+ loop:
+ - chain.pem
+ - ca.crl
+ - openvpn_server.pem
+ - openvpn_server.key
+ - ta.key
+ - dh.pem
+
+- name: Create openvpn server config file
+ template:
+ src: server.conf.j2
+ dest: "{{ openvpn_conf_dir }}/server.conf"
+ backup: true
+ owner: root
+ group: "{{ openvpn_groupname }}"
+ mode: 0755
+ notify:
+ - restart-openvpn
+
+- name: start and enable openvpn
+ service:
+ name: "{{ openvpn_service }}"
+ state: started
+ enabled: true