aboutsummaryrefslogtreecommitdiff
path: root/roles/ldap_certs
diff options
context:
space:
mode:
authorB Stack <bgstack15@gmail.com>2016-10-06 15:22:05 -0400
committerB Stack <bgstack15@gmail.com>2016-10-06 15:22:05 -0400
commit2c3fb0d51f0e1044eaca306cc74045b01a202891 (patch)
tree83bb69098cfc5d07d3a5ceb27794f1a2fbaae00b /roles/ldap_certs
parentFixed a few things, added ldap_certs stub (diff)
downloadansible01-2c3fb0d51f0e1044eaca306cc74045b01a202891.tar.gz
ansible01-2c3fb0d51f0e1044eaca306cc74045b01a202891.tar.bz2
ansible01-2c3fb0d51f0e1044eaca306cc74045b01a202891.zip
built ldap_certs, fixed sudo taskHEADmaster
Diffstat (limited to 'roles/ldap_certs')
-rw-r--r--roles/ldap_certs/tasks/main.yml38
-rw-r--r--roles/ldap_certs/tests/test.yml11
-rw-r--r--roles/ldap_certs/vars/FreeBSD.yml6
-rw-r--r--roles/ldap_certs/vars/default.yml2
4 files changed, 55 insertions, 2 deletions
diff --git a/roles/ldap_certs/tasks/main.yml b/roles/ldap_certs/tasks/main.yml
index 685cd79..a088b38 100644
--- a/roles/ldap_certs/tasks/main.yml
+++ b/roles/ldap_certs/tasks/main.yml
@@ -14,3 +14,41 @@
- files:
- 'roles/ldap_certs/hosts/{{ ansible_fqdn }}.yml'
skip: true
+
+- name: ldap_certs deploy files that exist
+ template: src='{{ item.file }}' dest='{{ ldap_certs_cert_dir }}/{{ item.file | regex_replace('.*/','') }}' owner='{{ ldap_certs_owner }}' group='{{ ldap_certs_group }}' mode=0644 #'
+ with_items:
+ - '{{ ldap_certs }}'
+ when:
+ - ( not '{{ item.exists | lower }}' == 'false' )
+ - ldap_certs is defined
+
+- name: ldap_certs remove files that should not exist
+ file: path='{{ ldap_certs_cert_dir }}/{{ item.file | regex_replace('.*/','') }}' state='absent'
+ with_items:
+ - '{{ ldap_certs }}'
+ when:
+ - ( not '{{ item.exists }}' ) or ( '{{ item.exists | lower }}' == 'false' )
+ - ldap_certs is defined
+
+- name: ldap_certs get hash values
+ command: openssl x509 -in "{{ ldap_certs_cert_dir }}/{{ item.file | regex_replace('.*/','') }}" -hash -noout
+ register: hashes
+ with_items:
+ - '{{ ldap_certs }}'
+ when:
+ - '{{ item.exists }}'
+ - ( not '{{ item.gets_hashlink | lower }}' == 'false' )
+ - ldap_certs is defined
+
+- name: ldap_certs deploy hashlink files
+ file:
+ path: "{{ ldap_certs_hashlink_dir }}/{{ item.stdout | quote }}.0"
+ src: "{{ ldap_certs_cert_dir}}/{{ item.item.file | regex_replace('.*/','') }}"
+ state: 'link'
+ with_items:
+ - '{{ hashes.results }}'
+ when:
+ - hashes is defined
+ - item.stdout is defined
+ - ldap_certs is defined
diff --git a/roles/ldap_certs/tests/test.yml b/roles/ldap_certs/tests/test.yml
new file mode 100644
index 0000000..9ef1e9c
--- /dev/null
+++ b/roles/ldap_certs/tests/test.yml
@@ -0,0 +1,11 @@
+---
+- name: Test playbook for ldap_certs
+ hosts: test
+ remote_user: root
+ roles:
+ - ldap_certs
+ vars:
+ ldap_certs:
+ - { exists: 'false', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA1-CA1.crt' }
+ - { exists: 'false', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA2-SubCA.crt' }
+ - { exists: 'true', gets_hashlink: 'true', file: '../../../company/ldap_certs-files/certs-example-2016.pem' }
diff --git a/roles/ldap_certs/vars/FreeBSD.yml b/roles/ldap_certs/vars/FreeBSD.yml
index e55cdee..de25638 100644
--- a/roles/ldap_certs/vars/FreeBSD.yml
+++ b/roles/ldap_certs/vars/FreeBSD.yml
@@ -1,3 +1,5 @@
---
-ldap_certs_cert_dir: /usr/local/etc/openldap
-ldap_certs_hashlink_dir: /usr/local/etc/openldap
+ldap_certs_cert_dir: /usr/local/etc/openldap/certs
+ldap_certs_hashlink_dir: /usr/local/etc/openldap/cacerts
+ldap_certs_owner: root
+ldap_certs_group: wheel
diff --git a/roles/ldap_certs/vars/default.yml b/roles/ldap_certs/vars/default.yml
index 10dd8eb..5188d42 100644
--- a/roles/ldap_certs/vars/default.yml
+++ b/roles/ldap_certs/vars/default.yml
@@ -1,3 +1,5 @@
---
ldap_certs_cert_dir: /etc/openldap/certs
ldap_certs_hashlink_dir: /etc/openldap/cacerts
+ldap_certs_owner: root
+ldap_certs_group: root
bgstack15