diff options
author | B Stack <bgstack15@gmail.com> | 2016-10-06 15:22:05 -0400 |
---|---|---|
committer | B Stack <bgstack15@gmail.com> | 2016-10-06 15:22:05 -0400 |
commit | 2c3fb0d51f0e1044eaca306cc74045b01a202891 (patch) | |
tree | 83bb69098cfc5d07d3a5ceb27794f1a2fbaae00b /roles/ldap_certs | |
parent | Fixed a few things, added ldap_certs stub (diff) | |
download | ansible01-2c3fb0d51f0e1044eaca306cc74045b01a202891.tar.gz ansible01-2c3fb0d51f0e1044eaca306cc74045b01a202891.tar.bz2 ansible01-2c3fb0d51f0e1044eaca306cc74045b01a202891.zip |
Diffstat (limited to 'roles/ldap_certs')
-rw-r--r-- | roles/ldap_certs/tasks/main.yml | 38 | ||||
-rw-r--r-- | roles/ldap_certs/tests/test.yml | 11 | ||||
-rw-r--r-- | roles/ldap_certs/vars/FreeBSD.yml | 6 | ||||
-rw-r--r-- | roles/ldap_certs/vars/default.yml | 2 |
4 files changed, 55 insertions, 2 deletions
diff --git a/roles/ldap_certs/tasks/main.yml b/roles/ldap_certs/tasks/main.yml index 685cd79..a088b38 100644 --- a/roles/ldap_certs/tasks/main.yml +++ b/roles/ldap_certs/tasks/main.yml @@ -14,3 +14,41 @@ - files: - 'roles/ldap_certs/hosts/{{ ansible_fqdn }}.yml' skip: true + +- name: ldap_certs deploy files that exist + template: src='{{ item.file }}' dest='{{ ldap_certs_cert_dir }}/{{ item.file | regex_replace('.*/','') }}' owner='{{ ldap_certs_owner }}' group='{{ ldap_certs_group }}' mode=0644 #' + with_items: + - '{{ ldap_certs }}' + when: + - ( not '{{ item.exists | lower }}' == 'false' ) + - ldap_certs is defined + +- name: ldap_certs remove files that should not exist + file: path='{{ ldap_certs_cert_dir }}/{{ item.file | regex_replace('.*/','') }}' state='absent' + with_items: + - '{{ ldap_certs }}' + when: + - ( not '{{ item.exists }}' ) or ( '{{ item.exists | lower }}' == 'false' ) + - ldap_certs is defined + +- name: ldap_certs get hash values + command: openssl x509 -in "{{ ldap_certs_cert_dir }}/{{ item.file | regex_replace('.*/','') }}" -hash -noout + register: hashes + with_items: + - '{{ ldap_certs }}' + when: + - '{{ item.exists }}' + - ( not '{{ item.gets_hashlink | lower }}' == 'false' ) + - ldap_certs is defined + +- name: ldap_certs deploy hashlink files + file: + path: "{{ ldap_certs_hashlink_dir }}/{{ item.stdout | quote }}.0" + src: "{{ ldap_certs_cert_dir}}/{{ item.item.file | regex_replace('.*/','') }}" + state: 'link' + with_items: + - '{{ hashes.results }}' + when: + - hashes is defined + - item.stdout is defined + - ldap_certs is defined diff --git a/roles/ldap_certs/tests/test.yml b/roles/ldap_certs/tests/test.yml new file mode 100644 index 0000000..9ef1e9c --- /dev/null +++ b/roles/ldap_certs/tests/test.yml @@ -0,0 +1,11 @@ +--- +- name: Test playbook for ldap_certs + hosts: test + remote_user: root + roles: + - ldap_certs + vars: + ldap_certs: + - { exists: 'false', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA1-CA1.crt' } + - { exists: 'false', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA2-SubCA.crt' } + - { exists: 'true', gets_hashlink: 'true', file: '../../../company/ldap_certs-files/certs-example-2016.pem' } diff --git a/roles/ldap_certs/vars/FreeBSD.yml b/roles/ldap_certs/vars/FreeBSD.yml index e55cdee..de25638 100644 --- a/roles/ldap_certs/vars/FreeBSD.yml +++ b/roles/ldap_certs/vars/FreeBSD.yml @@ -1,3 +1,5 @@ --- -ldap_certs_cert_dir: /usr/local/etc/openldap -ldap_certs_hashlink_dir: /usr/local/etc/openldap +ldap_certs_cert_dir: /usr/local/etc/openldap/certs +ldap_certs_hashlink_dir: /usr/local/etc/openldap/cacerts +ldap_certs_owner: root +ldap_certs_group: wheel diff --git a/roles/ldap_certs/vars/default.yml b/roles/ldap_certs/vars/default.yml index 10dd8eb..5188d42 100644 --- a/roles/ldap_certs/vars/default.yml +++ b/roles/ldap_certs/vars/default.yml @@ -1,3 +1,5 @@ --- ldap_certs_cert_dir: /etc/openldap/certs ldap_certs_hashlink_dir: /etc/openldap/cacerts +ldap_certs_owner: root +ldap_certs_group: root |