2 - name: Check {{ client_name }} cert existence in CA
4 path: "{{ nordix_ca_easyrsa_path }}/pki/issued//{{ client_name }}.crt"
7 - name: Revoke {{ client_name }} cert in CA
8 command: ./easyrsa --batch revoke {{ client_name }}
10 chdir: "{{ nordix_ca_easyrsa_path }}"
11 when: client_cert.stat.exists == true
12 register: revoke_result
14 - name: Run gen-crl in CA
15 command: ./easyrsa gen-crl
17 chdir: "{{ nordix_ca_easyrsa_path }}"
18 when: revoke_result.rc == 0
20 - name: Check updated crl file existence in CA
22 path: "{{ nordix_ca_easyrsa_path }}/pki/crl.pem"
23 register: crl_existence
25 - name: Fetch updated crl from CA to Openvpn /tmp dir
27 src: "{{ nordix_ca_easyrsa_path }}/pki/crl.pem"
30 when: crl_existence.stat.exists == true
33 - name: Move updated crl to /etc/openvpn/ dir
34 command: mv /tmp/crl.pem /etc/openvpn/
35 delegate_to: localhost
40 - name: Restart Openvpn Service
46 delegate_to: localhost
47 when: updated_crl.rc == 0
50 - name: Remove {{ client_name }} files from OpenVPN server
55 - "{{ nordix_openvpn_easyrsa_path }}/pki/private/{{ client_name }}.key"
56 - "{{ nordix_openvpn_easyrsa_path }}/pki/reqs/{{ client_name }}.req"
57 - "{{ nordix_openvpn_clientconfig }}/keys/{{ client_name }}.crt"
58 - "{{ nordix_openvpn_clientconfig }}/keys/{{ client_name }}.key"
59 - "{{ nordix_openvpn_clientconfig }}/files/{{ client_name }}.ovpn"
60 delegate_to: localhost
61 register: user_files_removal
63 - name: Log user specific ovpn files location on the console
66 - ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
67 - "The OpenVPN access has been revoked for the user {{ client_name }}"
68 - ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
70 when: '"All items completed" in user_files_removal.msg'
71 delegate_to: localhost