From 858402d8a492637cc2fc8dbb029d1185b468417c Mon Sep 17 00:00:00 2001
From: Edoardo Putti <edoardo.putti@gmail.com>
Date: Tue, 10 Apr 2018 18:37:05 +0200
Subject: [PATCH] update openvpn role, ssh_server role

---
 roles/openvpn/tasks/main.yaml    | 42 ++++++++++++++++++++------------
 roles/ssh_server/tasks/main.yaml |  9 +++----
 2 files changed, 30 insertions(+), 21 deletions(-)

diff --git a/roles/openvpn/tasks/main.yaml b/roles/openvpn/tasks/main.yaml
index 7938216..67e98a7 100644
--- a/roles/openvpn/tasks/main.yaml
+++ b/roles/openvpn/tasks/main.yaml
@@ -44,7 +44,7 @@
           type: 'sign_request'
           request:
             keyType: 'ssl_host'
-            hostName: '{{ inventory_hostname }}'
+            hostName: '{{ inventory_hostname }}.lilik.it'
             keyData: '{{ pub_key.stdout }}'
 
     - debug:
@@ -54,30 +54,42 @@
     - name: start sign request
       include: ca-dialog.yaml
 
-    - debug: var=request_result verbosity=2
+    - debug:
+        var: request_result
+        verbosity: 2
 
     - set_fact:
-          request_output: "{{ request_result.results[0].stdout|string|from_json }}"
-    - debug: var=request_output
+        request_output: "{{ request_result.stdout | string | from_json }}"
+
+    - debug:
+        var: request_output
 
     - name: generate get request
       set_fact:
         ca_request:
           type: 'get_certificate'
           requestID: '{{ request_output.requestID }}'
-    - debug: var=get_request verbosity=2
 
-    - debug: msg="Please manualy confirm sign request with id {{ request_output.requestID }}"
+    - debug:
+        var: get_request
+        verbosity: 2
+
+    - debug:
+        msg: "Please manualy confirm sign request with id {{ request_output.requestID }}"
 
     - name: wait for cert
       include: ca-dialog.yaml
 
-    - debug: var=cert_result verbosity=2
+    - debug:
+        var: request_result
+        verbosity: 2
 
     - set_fact:
-          cert_key: "{{ request_result.results[0].stdout|string|from_json }}"
+          cert_key: "{{ request_result.stdout | string | from_json }}"
 
-    - debug: var=request_output verbosity=2
+    - debug:
+        var: request_result
+        verbosity: 2
 
     - name: set pub key
       shell: "echo '{{ cert_key.result }}' > /etc/openvpn/openvpn.cert"
@@ -91,11 +103,11 @@
 
 - name: write openvpn configuration
   template:
-    dest=/etc/config/openvpn
-    src=openvpn.j2
-    owner=root
-    group=root
-    mode=0400
+    dest: /etc/config/openvpn
+    src: openvpn.j2
+    owner: root
+    group: root
+    mode: 0400
   register: new_vpn_config
   notify: reload openvpn
 
@@ -103,5 +115,3 @@
   shell: 'uci commit openvpn'
   notify: reload openvpn
   when: new_vpn_config.changed
-
-
diff --git a/roles/ssh_server/tasks/main.yaml b/roles/ssh_server/tasks/main.yaml
index b34eab7..99e026d 100644
--- a/roles/ssh_server/tasks/main.yaml
+++ b/roles/ssh_server/tasks/main.yaml
@@ -31,13 +31,12 @@
   #  changed_when: false
   #  failed_when: false
 
-- name: Validate host certificate if any
+- name: Validate SSH host certificate if any
   ssh_cert:
-  register: vm_has_valid_ssh_certificate
-
+  register: ssh_verification
 
 - debug:
-    var: vm_has_valid_ssh_certificate
+    var: ssh_verification
     verbosity: 2
 
 - block:
@@ -110,7 +109,7 @@
         dest: "/etc/ssh/ssh_host_ed25519_key-cert.pub"
       register: set_pub_key
       notify: restart ssh
-  when: "vm_has_valid_ssh_certificate.rc != 0"
+  when: not ssh_verification
 
 - name: add certificate to sshd config
   lineinfile: