kyl191
commented
3 years ago Decent cleanup of the cert sync & revocation tasks.
Ran fine on a new centos 8 VM.
...
TASK [kyl191.openvpn : [cert sync] Create temporary file for existing certs] ***********************************************
changed: [129.146.168.176]
TASK [kyl191.openvpn : [cert sync] Create temporary file for expected certs] ***********************************************
changed: [129.146.168.176]
TASK [kyl191.openvpn : [cert sync] Write expected client list to temp file for comparison with existing certs] *************
changed: [129.146.168.176]
TASK [kyl191.openvpn : [cert sync] Get existing certs] *********************************************************************
changed: [129.146.168.176]
TASK [kyl191.openvpn : [cert sync] Find certs that exist but aren't supposed to (on disk, but not in client list)] *********
changed: [129.146.168.176]
TASK [kyl191.openvpn : [cert sync] Debug: Certs to revoke (skipped if none)] ***********************************************
ok: [129.146.168.176] => {
"changed": false,
"msg": "Will revoke additional certs: x230"
}
TASK [kyl191.openvpn : [cert sync] Cleanup temp files] *********************************************************************
changed: [129.146.168.176] => (item=/tmp/ansible.wtdse9j2temp)
changed: [129.146.168.176] => (item=/tmp/ansible.nvvhot9dtemp)
...
PLAY RECAP *****************************************************************************************************************
129.146.168.176 : ok=65 changed=15 unreachable=0 failed=0 skipped=53 rescued=0 ignored=0
Rewrite the cert sync detection:
Changes:
common.ymlto more specificcert_sync_detection.yml