add option to set service state

defaults/main.yml

@@ -2,6 +2,8 @@
 openvpn_client_name: client
 openvpn_client_server: vpn.example.com
 
+openvpn_service_state: started
+
 openvpn_client_packages_extra: []
 
 openvpn_client_cipher: AES-256-CBC
@@ -9,7 +11,7 @@ openvpn_client_auth: SHA512
 
 # openvpn_client_x509_name:
 
-openvpn_client_ca_file: "{{ openvpn_client_name }}_ca.crt"
+openvpn_client_ca_file: "/etc/pki/tls/certs/ca-bundle.crt"
 # openvpn_client_ca_source:
 
 openvpn_client_key_file: "{{ openvpn_client_name }}.key"

handlers/main.yml

@@ -2,7 +2,7 @@
 - name: Restart openvpn client
   service:
     name: "openvpn@{{ openvpn_client_name }}"
-    state: restarted
+    state: "{% 'restarted' if openvpn_service_state == 'started' else 'stopped' %}"
     enabled: yes
   listen: __openvpn_restart
   become: True

molecule/centos7/converge.yml

@@ -4,6 +4,7 @@
   vars:
     openvpn_client_packages_extra:
       - epel-release
+    openvpn_service_state: stopped
 
   roles:
     - role: "xoxys.openvpn_client"

molecule/default

@@ -0,0 +1 @@
+centos7

tasks/main.yml

@@ -39,7 +39,7 @@
     - name: Ensure openvpn service is up and running
       systemd:
         name: "openvpn@{{ openvpn_client_name }}"
-        state: started
+        state: "{{ openvpn_service_state }}"
         enabled: yes
   become: True
   become_user: root

templates/etc/openvpn/client.conf.j2

@@ -14,7 +14,7 @@ nobind
 {% if openvpn_client_x509_name is defined %}
 verify-x509-name "{{ openvpn_client_x509_name }}" name
 {% endif %}
-{% if openvpn_client_ca_file is defined and openvpn_client_ca_source is defined %}
+{% if openvpn_client_ca_file is defined %}
 ca /etc/openvpn/certs/{{ openvpn_client_ca_file }}
 {% endif %}
 {% if openvpn_client_cert_file is defined and openvpn_client_cert_source is defined %}