aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorB Stack <bgstack15@gmail.com>2016-10-06 15:22:05 -0400
committerB Stack <bgstack15@gmail.com>2016-10-06 15:22:05 -0400
commit2c3fb0d51f0e1044eaca306cc74045b01a202891 (patch)
tree83bb69098cfc5d07d3a5ceb27794f1a2fbaae00b
parentFixed a few things, added ldap_certs stub (diff)
downloadansible01-2c3fb0d51f0e1044eaca306cc74045b01a202891.tar.gz
ansible01-2c3fb0d51f0e1044eaca306cc74045b01a202891.tar.bz2
ansible01-2c3fb0d51f0e1044eaca306cc74045b01a202891.zip
built ldap_certs, fixed sudo taskHEADmaster
-rw-r--r--master.yml6
-rw-r--r--roles/ldap_certs/tasks/main.yml38
-rw-r--r--roles/ldap_certs/tests/test.yml11
-rw-r--r--roles/ldap_certs/vars/FreeBSD.yml6
-rw-r--r--roles/ldap_certs/vars/default.yml2
-rw-r--r--roles/sudo/tasks/main.yml8
-rw-r--r--test.yml5
7 files changed, 69 insertions, 7 deletions
diff --git a/master.yml b/master.yml
index 064767e..6aa28ea 100644
--- a/master.yml
+++ b/master.yml
@@ -7,9 +7,15 @@
- resolv_conf
- ssh
- ssh_keys
+ - sudo
+ - ldap_certs
vars:
ssh_key_files:
- { user: 'bgstack15', file: '../../../company/pubkeys/bgstack15.pubkeys' }
+ sudo_files:
+ - { exists: 'false', file: '../../../company/sudo-files/40_BGSTACK15' }
+ ldap_certs:
+ - { exists: 'true', gets_hashlink: 'true', file: '../../../company/ldap_certs-files/certs-example-2016.pem' }
- name: Webservers
hosts: webservers
diff --git a/roles/ldap_certs/tasks/main.yml b/roles/ldap_certs/tasks/main.yml
index 685cd79..a088b38 100644
--- a/roles/ldap_certs/tasks/main.yml
+++ b/roles/ldap_certs/tasks/main.yml
@@ -14,3 +14,41 @@
- files:
- 'roles/ldap_certs/hosts/{{ ansible_fqdn }}.yml'
skip: true
+
+- name: ldap_certs deploy files that exist
+ template: src='{{ item.file }}' dest='{{ ldap_certs_cert_dir }}/{{ item.file | regex_replace('.*/','') }}' owner='{{ ldap_certs_owner }}' group='{{ ldap_certs_group }}' mode=0644 #'
+ with_items:
+ - '{{ ldap_certs }}'
+ when:
+ - ( not '{{ item.exists | lower }}' == 'false' )
+ - ldap_certs is defined
+
+- name: ldap_certs remove files that should not exist
+ file: path='{{ ldap_certs_cert_dir }}/{{ item.file | regex_replace('.*/','') }}' state='absent'
+ with_items:
+ - '{{ ldap_certs }}'
+ when:
+ - ( not '{{ item.exists }}' ) or ( '{{ item.exists | lower }}' == 'false' )
+ - ldap_certs is defined
+
+- name: ldap_certs get hash values
+ command: openssl x509 -in "{{ ldap_certs_cert_dir }}/{{ item.file | regex_replace('.*/','') }}" -hash -noout
+ register: hashes
+ with_items:
+ - '{{ ldap_certs }}'
+ when:
+ - '{{ item.exists }}'
+ - ( not '{{ item.gets_hashlink | lower }}' == 'false' )
+ - ldap_certs is defined
+
+- name: ldap_certs deploy hashlink files
+ file:
+ path: "{{ ldap_certs_hashlink_dir }}/{{ item.stdout | quote }}.0"
+ src: "{{ ldap_certs_cert_dir}}/{{ item.item.file | regex_replace('.*/','') }}"
+ state: 'link'
+ with_items:
+ - '{{ hashes.results }}'
+ when:
+ - hashes is defined
+ - item.stdout is defined
+ - ldap_certs is defined
diff --git a/roles/ldap_certs/tests/test.yml b/roles/ldap_certs/tests/test.yml
new file mode 100644
index 0000000..9ef1e9c
--- /dev/null
+++ b/roles/ldap_certs/tests/test.yml
@@ -0,0 +1,11 @@
+---
+- name: Test playbook for ldap_certs
+ hosts: test
+ remote_user: root
+ roles:
+ - ldap_certs
+ vars:
+ ldap_certs:
+ - { exists: 'false', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA1-CA1.crt' }
+ - { exists: 'false', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA2-SubCA.crt' }
+ - { exists: 'true', gets_hashlink: 'true', file: '../../../company/ldap_certs-files/certs-example-2016.pem' }
diff --git a/roles/ldap_certs/vars/FreeBSD.yml b/roles/ldap_certs/vars/FreeBSD.yml
index e55cdee..de25638 100644
--- a/roles/ldap_certs/vars/FreeBSD.yml
+++ b/roles/ldap_certs/vars/FreeBSD.yml
@@ -1,3 +1,5 @@
---
-ldap_certs_cert_dir: /usr/local/etc/openldap
-ldap_certs_hashlink_dir: /usr/local/etc/openldap
+ldap_certs_cert_dir: /usr/local/etc/openldap/certs
+ldap_certs_hashlink_dir: /usr/local/etc/openldap/cacerts
+ldap_certs_owner: root
+ldap_certs_group: wheel
diff --git a/roles/ldap_certs/vars/default.yml b/roles/ldap_certs/vars/default.yml
index 10dd8eb..5188d42 100644
--- a/roles/ldap_certs/vars/default.yml
+++ b/roles/ldap_certs/vars/default.yml
@@ -1,3 +1,5 @@
---
ldap_certs_cert_dir: /etc/openldap/certs
ldap_certs_hashlink_dir: /etc/openldap/cacerts
+ldap_certs_owner: root
+ldap_certs_group: root
diff --git a/roles/sudo/tasks/main.yml b/roles/sudo/tasks/main.yml
index 07fda25..0b712f5 100644
--- a/roles/sudo/tasks/main.yml
+++ b/roles/sudo/tasks/main.yml
@@ -8,11 +8,14 @@
- '{{ ansible_distribution }}.yml'
- default.yml
-- stat: path='{{ sudo_rules_dir }}/{{ item.priority }}_{{ item.name }}' #'
+- name: sudo stat files described by strings
+ stat: path='{{ sudo_rules_dir }}/{{ item.priority }}_{{ item.name }}' #'
with_items:
- '{{ sudo_strings }}'
register: "s"
- when: sudo_strings is defined
+ when:
+ - sudo_strings is defined
+ - item.priority is defined
- name: sudo deploy rules from files
template:
@@ -60,4 +63,5 @@
- '{{ s.results }}'
when:
- s is defined
+ - sudo_strings is defined
- ( not item.item.exists ) or ( '{{ item.item.exists | lower }}' == 'false' )
diff --git a/test.yml b/test.yml
index c72e519..9ef1e9c 100644
--- a/test.yml
+++ b/test.yml
@@ -3,10 +3,9 @@
hosts: test
remote_user: root
roles:
- - sudo
- ldap_certs
vars:
ldap_certs:
- - { exists: 'true', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA1-CA1.crt' }
- - { exists: 'true', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA2-SubCA.crt' }
+ - { exists: 'false', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA1-CA1.crt' }
+ - { exists: 'false', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA2-SubCA.crt' }
- { exists: 'true', gets_hashlink: 'true', file: '../../../company/ldap_certs-files/certs-example-2016.pem' }
bgstack15