2 - name: Check {{ user_name }} cert existence in CA
4 path: "{{ nordix_ca_easyrsa_path }}/pki/issued//{{ user_name }}.crt"
7 - name: Revoke {{ user_name }} cert in CA
8 command: ./easyrsa --batch revoke {{ user_name }}
10 chdir: "{{ nordix_ca_easyrsa_path }}"
11 when: client_cert.stat.exists == true
12 register: revoke_result
14 - name: Run gen-crl in CA
15 command: ./easyrsa gen-crl
17 chdir: "{{ nordix_ca_easyrsa_path }}"
18 when: revoke_result.rc == 0
20 - name: Check updated crl file existence in CA
22 path: "{{ nordix_ca_easyrsa_path }}/pki/crl.pem"
23 register: crl_existence
25 - name: Fetch updated crl from CA to Openvpn /tmp dir
27 src: "{{ nordix_ca_easyrsa_path }}/pki/crl.pem"
30 when: crl_existence.stat.exists == true
33 - name: Move updated crl to /etc/openvpn/ dir
42 - name: Restart Openvpn Service
51 - name: Remove {{ user_name }} files from OpenVPN server
56 - "{{ nordix_openvpn_easyrsa_path }}/pki/private/{{ user_name }}.key"
57 - "{{ nordix_openvpn_easyrsa_path }}/pki/reqs/{{ user_name }}.req"
58 - "{{ nordix_openvpn_clientconfig }}/keys/{{ user_name }}.crt"
59 - "{{ nordix_openvpn_clientconfig }}/keys/{{ user_name }}.key"
60 - "{{ nordix_openvpn_clientconfig }}/files/{{ user_name }}.ovpn"
62 register: user_files_removal
64 - name: Log user specific ovpn files location on the console
67 - ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
68 - "The OpenVPN access has been revoked for the user {{ user_name }}"
69 - ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
71 when: '"All items completed" in user_files_removal.msg'
72 delegate_to: localhost