Minor improvements

defaults/main.yml

@@ -69,3 +69,5 @@ openvpn_simple_auth_password: ""
 
 # Whether to embed CA, cert, and key info inside client OVPN config file.
 openvpn_unified_client_profiles: no
+openvpn_endpoints: []
+openvpn_download_dir: "creds/"

handlers/main.yml

@@ -9,3 +9,10 @@
   with_items: "{{openvpn_clients_changed.results}}"
   args:
     chdir: "{{ openvpn_keydir }}"
+
+- name: openvpn download all keys
+  fetch:
+    src: "/etc/openvpn/keys.tar.gz"
+    dest: "{{ openvpn_download_dir }}/keys.tar.gz"
+    flat: yes
+    validate_checksum: yes

tasks/client_conf.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Generate Clients configurations for each user per endpoint
+  template: src=client.conf.j2 dest="{{openvpn_keydir}}/{{user}}.{{item}}.ovpn"
+  with_items: "{{ openvpn_endpoints }}"
+  notify: openvpn pack clients
+  register: openvpn_clients_changed
+

tasks/configure.yml

@@ -57,11 +57,10 @@
   stat: path={{openvpn_keydir}}/crl.pem
   register: crl_pem_file
 
-- name: Generate Clients configurations
-  template: src=client.conf.j2 dest={{openvpn_keydir}}/{{item}}.ovpn
+- include_tasks: client_conf.yml
   with_items: "{{ openvpn_clients }}"
-  notify: openvpn pack clients
-  register: openvpn_clients_changed
+  loop_control:
+    loop_var: user
 
 - name: Setup PAM
   template: src=openvpn.pam.j2 dest=/etc/pam.d/openvpn
@@ -92,3 +91,10 @@
 
 - name: Set ip forwarding in the sysctl file and reload if necessary
   sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes state=present reload=yes
+
+- name: openvpn keydir packing
+  archive:
+    path: "{{ openvpn_keydir }}"
+    dest: /etc/openvpn/keys.tar.gz
+    format: gz
+  notify: [openvpn download all keys]