From 0a609dcc0115d508d78611309823966da05d4fbc Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Fri, 15 May 2020 14:57:08 +0200
Subject: [PATCH] add option to set service state

---
 defaults/main.yml                    | 4 +++-
 handlers/main.yml                    | 2 +-
 molecule/centos7/converge.yml        | 1 +
 molecule/default                     | 1 +
 tasks/main.yml                       | 2 +-
 templates/etc/openvpn/client.conf.j2 | 2 +-
 6 files changed, 8 insertions(+), 4 deletions(-)
 create mode 120000 molecule/default

diff --git a/defaults/main.yml b/defaults/main.yml
index c50654a..b513aa1 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,6 +2,8 @@
 openvpn_client_name: client
 openvpn_client_server: vpn.example.com
 
+openvpn_service_state: started
+
 openvpn_client_packages_extra: []
 
 openvpn_client_cipher: AES-256-CBC
@@ -9,7 +11,7 @@ openvpn_client_auth: SHA512
 
 # openvpn_client_x509_name:
 
-openvpn_client_ca_file: "{{ openvpn_client_name }}_ca.crt"
+openvpn_client_ca_file: "/etc/pki/tls/certs/ca-bundle.crt"
 # openvpn_client_ca_source:
 
 openvpn_client_key_file: "{{ openvpn_client_name }}.key"
diff --git a/handlers/main.yml b/handlers/main.yml
index 3609ed1..b35ada4 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -2,7 +2,7 @@
 - name: Restart openvpn client
   service:
     name: "openvpn@{{ openvpn_client_name }}"
-    state: restarted
+    state: "{% 'restarted' if openvpn_service_state == 'started' else 'stopped' %}"
     enabled: yes
   listen: __openvpn_restart
   become: True
diff --git a/molecule/centos7/converge.yml b/molecule/centos7/converge.yml
index 2b444f1..7982b88 100644
--- a/molecule/centos7/converge.yml
+++ b/molecule/centos7/converge.yml
@@ -4,6 +4,7 @@
   vars:
     openvpn_client_packages_extra:
       - epel-release
+    openvpn_service_state: stopped
 
   roles:
     - role: "xoxys.openvpn_client"
diff --git a/molecule/default b/molecule/default
new file mode 120000
index 0000000..2fdf3e8
--- /dev/null
+++ b/molecule/default
@@ -0,0 +1 @@
+centos7
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
index 14768c0..e8387a0 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -39,7 +39,7 @@
     - name: Ensure openvpn service is up and running
       systemd:
         name: "openvpn@{{ openvpn_client_name }}"
-        state: started
+        state: "{{ openvpn_service_state }}"
         enabled: yes
   become: True
   become_user: root
diff --git a/templates/etc/openvpn/client.conf.j2 b/templates/etc/openvpn/client.conf.j2
index ae75ed4..45a1dfc 100644
--- a/templates/etc/openvpn/client.conf.j2
+++ b/templates/etc/openvpn/client.conf.j2
@@ -14,7 +14,7 @@ nobind
 {% if openvpn_client_x509_name is defined %}
 verify-x509-name "{{ openvpn_client_x509_name }}" name
 {% endif %}
-{% if openvpn_client_ca_file is defined and openvpn_client_ca_source is defined %}
+{% if openvpn_client_ca_file is defined %}
 ca /etc/openvpn/certs/{{ openvpn_client_ca_file }}
 {% endif %}
 {% if openvpn_client_cert_file is defined and openvpn_client_cert_source is defined %}