Add ansible role to configure openvpn

[infra/tools.git] / infra / configure_openvpn_client / playbooks / roles / vpn-client-certs / tasks / main.yml

---
- name: Generate random password for User
  set_fact:
    random_password: "{{ lookup('password', '/dev/null chars=ascii_lowercase,ascii_uppercase,digits length=12')  }}"

- name: Generate User Private Key
  openssl_privatekey:
    path: "/root/CA/private/{{ user_name }}.key"
    passphrase: "{{ random_password }}"
    cipher: aes256
    type: RSA
    size: 4096
    force: true

- name: Generate CSR for user {{ user_name }}
  openssl_csr:
    path: "/root/CA/requests/{{ user_name }}.csr"
    privatekey_path: "/root/CA/private/{{ user_name }}.key"
    privatekey_passphrase: "{{ random_password }}"
    digest: sha256
    country_name: "{{ country }}"
    state_or_province_name: "{{ province }}"
    organization_name: "{{ org }}"
    organizational_unit_name: "{{ orgunit }}"
    common_name: "{{ email }}"
    force: true

- name: Sign the CSR request for user {{ user_name }}
  openssl_certificate:
    path: "/root/CA/newcerts/{{ user_name }}.crt"
    csr_path: "/root/CA/requests/{{ user_name }}.csr"
    ownca_path: /root/CA/certs/ca.crt
    ownca_privatekey_path: /root/CA/private/ca.key
    provider: ownca
    force: true

- name: Fetch the CA, user {{ user_name }} cert and key
  fetch:
    src: "{{ item }}"
    dest: "{{ hostvars['localhost']['vpn_user_files_location'] }}/"
    flat: true
    remote_src: true
    force: true
  with_items:
    - "/root/CA/newcerts/{{ user_name }}.crt"
    - "/root/CA/private/{{ user_name }}.key"

- name: Keep User random password for temporary use
  copy:
    content: "{{ random_password }}"
    dest: "{{ hostvars['localhost']['vpn_user_files_location'] }}/{{ user_name }}.pwd"
    force: true
  delegate_to: localhost