---
-- name: Check {{ client_name }} key existence
- stat:
- path: "{{ nordix_openvpn_easyrsa_path }}/pki/private/{{ client_name }}.key"
- register: client_privatekey
- delegate_to: localhost
-
-- name: Create client cert and csr
- command: ./easyrsa --batch --req-cn={{ client_name }} gen-req {{ client_name }} nopass
- args:
- chdir: "{{ nordix_openvpn_easyrsa_path }}"
- when: client_privatekey.stat.exists == false
- delegate_to: localhost
-
-- name: Copy client key to client_config directory
- copy:
- src: "{{ nordix_openvpn_easyrsa_path }}/pki/private/{{ client_name }}.key"
- dest: "{{ nordix_openvpn_clientconfig }}/keys/"
- changed_when: true
- delegate_to: localhost
-
- name: Copy client csr to nordix CA
copy:
- src: "{{ nordix_openvpn_easyrsa_path }}/pki/reqs/{{ client_name }}.req"
+ src: "{{ hostvars['localhost']['vpn_user_files_location'] }}/{{ user_name }}.req"
dest: /tmp
+ owner: "infra"
+ group: "infra"
changed_when: true
+ become: true
-- name: Check {{ client_name }} csr existence in CA
+- name: Check {{ user_name }} csr existence in CA
stat:
- path: "{{ nordix_ca_easyrsa_path }}/pki/reqs/{{ client_name }}.req"
+ path: "{{ nordix_ca_easyrsa_path }}/pki/reqs/{{ user_name }}.req"
register: client_csr
- name: Import client csr
- command: ./easyrsa --batch import-req /tmp/{{ client_name }}.req {{ client_name }}
+ command: ./easyrsa --batch import-req /tmp/{{ user_name }}.req {{ user_name }}
args:
chdir: "{{ nordix_ca_easyrsa_path }}"
when: client_csr.stat.exists == false
changed_when: true
-- name: Check {{ client_name }} crt existence in CA
+- name: Check {{ user_name }} crt existence in CA
stat:
- path: "{{ nordix_ca_easyrsa_path }}/pki/issued/{{ client_name }}.crt"
+ path: "{{ nordix_ca_easyrsa_path }}/pki/issued/{{ user_name }}.crt"
register: client_crt
- name: Sign client csr
- command: ./easyrsa --batch sign-req client {{ client_name }}
+ command: ./easyrsa --batch sign-req client {{ user_name }}
args:
chdir: "{{ nordix_ca_easyrsa_path }}"
when: client_crt.stat.exists == false
- name: Fetch client cert to client-configs/keys/ dir
fetch:
- src: "{{ nordix_ca_easyrsa_path }}/pki/issued/{{ client_name }}.crt"
- dest: "{{ nordix_openvpn_clientconfig }}/keys/"
+ src: "{{ nordix_ca_easyrsa_path }}/pki/issued/{{ user_name }}.crt"
+ dest: "{{ hostvars['localhost']['vpn_user_files_location'] }}/"
flat: true
changed_when: true
+- name: Copy client cert file to OpenVPN server
+ copy:
+ src: "{{ hostvars['localhost']['vpn_user_files_location'] }}/{{ user_name }}.crt"
+ dest: "{{ nordix_openvpn_clientconfig }}/keys/"
+ changed_when: true
+ delegate_to: jumphost
+
- name: Generate Client .ovpn file
- script: make_config.sh "{{ client_name }}"
+ script: make_config.sh "{{ user_name }}"
args:
chdir: "{{ nordix_openvpn_clientconfig }}/"
executable: /bin/bash
- delegate_to: localhost
+ delegate_to: jumphost
+ become: false
+
+- name: Fetch Client .ovpn file
+ fetch:
+ src: "{{ nordix_openvpn_clientconfig }}/files/{{ item|basename }}"
+ dest: "{{ hostvars['localhost']['vpn_user_files_location'] }}/"
+ flat: true
+ with_items:
+ - "{{ user_name }}.ovpn"
+ delegate_to: jumphost
+ become: false
- name: Log user specific ovpn files location on the console
debug:
msg:
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- - "The ovpn file {{ client_name }}.ovpn is located in {{ nordix_openvpn_clientconfig }}/files/{{ client_name }}.ovpn"
- - "Please share the newly generated {{ client_name }}.ovpn file with user over email with below instructions,"
+ - "The ovpn file {{ user_name }}.ovpn is located in {{ nordix_openvpn_clientconfig }}/files/{{ user_name }}.ovpn"
+ - "Please share the newly generated {{ user_name }}.ovpn file with user over email with below instructions,"
- "1. Please install the openvpn on your laptop. Assuming you using Ubuntu:"
- "#sudo apt install openvpn"
- "2. Then you need to open the VPN connection using the .ovpn file which contain all the required certificates:"
- - "#sudo openvpn --config {{ client_name }}.ovpn &"
+ - "#sudo openvpn --config {{ user_name }}.ovpn &"
- "3. Now, user should have access to all the VMs directly from your laptop"
- "4. In case you use Windows 10 OS, please use the community version of OpenVPN client:"
- "https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.8-I602-Win10.exe"