aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xcompany/ldap_certs-files/CA1-CA1.crt24
-rwxr-xr-xcompany/ldap_certs-files/CA2-SubCA.crt29
-rw-r--r--company/ldap_certs-files/certs-example-2016.pem53
l---------roles/ldap_certs/hosts1
-rw-r--r--roles/ldap_certs/main.yml6
-rw-r--r--roles/ldap_certs/tasks/main.yml16
-rw-r--r--roles/ldap_certs/vars/FreeBSD.yml3
-rw-r--r--roles/ldap_certs/vars/Ubuntu.yml3
-rw-r--r--roles/ldap_certs/vars/default.yml3
l---------roles/ssh/hosts1
-rw-r--r--roles/ssh/tasks/main.yml2
-rw-r--r--roles/sudo/tasks/225
-rw-r--r--test.yml12
13 files changed, 146 insertions, 32 deletions
diff --git a/company/ldap_certs-files/CA1-CA1.crt b/company/ldap_certs-files/CA1-CA1.crt
new file mode 100755
index 0000000..c9abe5b
--- /dev/null
+++ b/company/ldap_certs-files/CA1-CA1.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID7jCCAqKgAwIBAgIQamF5qu+8BKtMKSrmeqPiWTBBBgkqhkiG9w0BAQowNKAP
+MA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMC
+ASAwETEPMA0GA1UEAxMGQ0ExLUNBMB4XDTE2MDkxMjEzNTI0NVoXDTQ2MDkxMjE0
+MDI0NVowETEPMA0GA1UEAxMGQ0ExLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAzHa/kF7pjXITLihVJqabLAFaPJSME13uXwR9gHIWJxUYwBavJnbz
+CRIM6pAx8SI67AtVtTTIJwrEWjR4g7CPQn1Ly7Bzc5VS7EDappikhlnCv2ur35pI
+RLdplnUR4C/rXMpxGzaDHMyKC4Ap0uvWZt64Qj6RTmuLf5Oe/viu8aPCZzZo55m5
+Km8hSR2CY6RdGzUIaP3rsemNLlWpXgNuiVDC72G7uC4Rvkx5lRb7YEsA1WyQ/imJ
+JTIG6iVsSaw1xU48iAjwt2NenOSFNsW8LL3koEcUQBZVK9hIBrk3CaGPDmALGOAi
+iOMPAMBnPGxlZ3M0LHJjC4GLakKpCfVNUQIDAQABo4HZMIHWMAsGA1UdDwQEAwIB
+hjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSex+VpQzDzyHdUgSYqIQzZSKZj
+wzAQBgkrBgEEAYI3FQEEAwIBADCBhAYDVR0gBH0wezB5BggqAwSLL0NZBTBtMDoG
+CCsGAQUFBwICMC4eLABMAGUAZwBhAGwAIABQAG8AbABpAGMAeQAgAFMAdABhAHQA
+ZQBtAGUAbgB0MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNvbnRvc28uY29tL3Br
+aS9jcHMudHh0ADBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJ
+KoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAK7FgxxlnW95ArzHUtFl
+Ypi/b/JpwOSsuiaSR3ryPj29R0vStKGBLCCvs2LS86Lz7ZMI7dgo+R8Hz23q8Uro
+7z5GaVQNR0a544R60NuBfix/f8vZSOrazcOodNX+5YXAZ3AiszXPjPyyi0EZJbLu
+psg6IoxXx0Zppq+Su++gCo8HzjPMRGT3JaYglxBhgDaRm91Qh/OhWAkrMekDZA/N
+8cbvoFnTtjc7H5GkpY8W+vVG05BBgtNqcb1BNFjj1m85hNcaa87Pu9n/EoEXAU19
+l4jv9raBZLQ4UzO3Dq31eaEeLYq/Dz7Y4+8QDcG5BxDHmPgqeNmhfJDxWfNVMg/L
+2DQ=
+-----END CERTIFICATE-----
diff --git a/company/ldap_certs-files/CA2-SubCA.crt b/company/ldap_certs-files/CA2-SubCA.crt
new file mode 100755
index 0000000..2e0bd20
--- /dev/null
+++ b/company/ldap_certs-files/CA2-SubCA.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFBjCCA7qgAwIBAgITKQAAAAN1zbmzojurhgAAAAAAAzBBBgkqhkiG9w0BAQow
+NKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUA
+ogMCASAwETEPMA0GA1UEAxMGQ0ExLUNBMB4XDTE2MDkxMjE0NDA1MFoXDTM2MDkx
+MjE0NTA1MFowPjETMBEGCgmSJomT8ixkARkWA2VkdTETMBEGCgmSJomT8ixkARkW
+A2JqdTESMBAGA1UEAxMJQ0EyLVN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAym7sDRON5YUcylYSxWF4COZ2x01dfO5k76g+dIrBiU6HaC6rwGLk
+xwezr3FofDGznWYYG9bNPO6RgZvJn6aUaJ4CkuooRF8jqGV8+4UtcQhIGXJkHTJV
+pwSBZ6y/yUn7vyzA6hSiSisWunGXnGyvRUTCMZfee2KYz5TfySZA5mVHpU1YkfnS
+wwhdF+jeRee2Nj+rTbKAAvlrIQUoAHUKY/4glCfjd/UyLXNRQoMuChZSMtuDrm5f
+u19ufGr5ci8nHmnGbfk/AVz1pTZaqgb+HwV6eaJAsJumGcixV99K6Qk/fDyv7FcG
+gtzMLxUJx3rL2jvFwbffF7VHPzoB9ZZAZwIDAQABo4IBwDCCAbwwEAYJKwYBBAGC
+NxUBBAMCAQEwIwYJKwYBBAGCNxUCBBYEFOM2Y45C4GwBG3yXxhak0nnYgTYOMB0G
+A1UdDgQWBBQ8sH/O+n+p5l9TDSdbc1ERE4LvrTCBhAYDVR0gBH0wezB5BggqAwSL
+L0NZBTBtMDoGCCsGAQUFBwICMC4eLABMAGUAZwBhAGwAIABQAG8AbABpAGMAeQAg
+AFMAdABhAHQAZQBtAGUAbgB0MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNvbnRv
+c28uY29tL3BraS9jcHMudHh0ADAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL
+BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSex+VpQzDz
+yHdUgSYqIQzZSKZjwzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY2EyLmJqdS5l
+ZHUvQ2VydEVucm9sbC9DQTEtQ0EuY3JsMEgGCCsGAQUFBwEBBDwwOjA4BggrBgEF
+BQcwAoYsaHR0cDovL2NhMi5ianUuZWR1L0NlcnRFbnJvbGwvY2ExX0NBMS1DQS5j
+cnQwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEB
+CDANBglghkgBZQMEAgEFAKIDAgEgA4IBAQCy1eCb00rDG2k8AstNaNLmRUiCwhOE
+y9GBGrbwl8La8C5a2wzEGpBpjeL25/p9TEqvdHFDCZ/HTAclXJQgTEMWckpIWTZg
+1kTnM3Obbb1pe1pmjH9w9q5syh2ANPScF7hWpMGS04c7CzeabAvZJ8ol99PzrfzY
+p1ad0RbbnPi2OzJh7lEWLYibDJ93XZfFiJaeK7inRDKMeEg8NXpn57+mD06Dm/EW
+RJtpi4RjYVpPe67XkWirzp4q0Tmp3y3Tgl8ukmZw88p4QF0ZPbcOYnpWt4LWKZBc
+xosypTgT2xpUzv8IC9ehMRczHMdH9AgJdhwUD2n5La/hgYY6H+KP/b7X
+-----END CERTIFICATE-----
diff --git a/company/ldap_certs-files/certs-example-2016.pem b/company/ldap_certs-files/certs-example-2016.pem
new file mode 100644
index 0000000..1360e0c
--- /dev/null
+++ b/company/ldap_certs-files/certs-example-2016.pem
@@ -0,0 +1,53 @@
+-----BEGIN CERTIFICATE-----
+MIID7jCCAqKgAwIBAgIQamF5qu+8BKtMKSrmeqPiWTBBBgkqhkiG9w0BAQowNKAP
+MA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMC
+ASAwETEPMA0GA1UEAxMGQ0ExLUNBMB4XDTE2MDkxMjEzNTI0NVoXDTQ2MDkxMjE0
+MDI0NVowETEPMA0GA1UEAxMGQ0ExLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAzHa/kF7pjXITLihVJqabLAFaPJSME13uXwR9gHIWJxUYwBavJnbz
+CRIM6pAx8SI67AtVtTTIJwrEWjR4g7CPQn1Ly7Bzc5VS7EDappikhlnCv2ur35pI
+RLdplnUR4C/rXMpxGzaDHMyKC4Ap0uvWZt64Qj6RTmuLf5Oe/viu8aPCZzZo55m5
+Km8hSR2CY6RdGzUIaP3rsemNLlWpXgNuiVDC72G7uC4Rvkx5lRb7YEsA1WyQ/imJ
+JTIG6iVsSaw1xU48iAjwt2NenOSFNsW8LL3koEcUQBZVK9hIBrk3CaGPDmALGOAi
+iOMPAMBnPGxlZ3M0LHJjC4GLakKpCfVNUQIDAQABo4HZMIHWMAsGA1UdDwQEAwIB
+hjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSex+VpQzDzyHdUgSYqIQzZSKZj
+wzAQBgkrBgEEAYI3FQEEAwIBADCBhAYDVR0gBH0wezB5BggqAwSLL0NZBTBtMDoG
+CCsGAQUFBwICMC4eLABMAGUAZwBhAGwAIABQAG8AbABpAGMAeQAgAFMAdABhAHQA
+ZQBtAGUAbgB0MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNvbnRvc28uY29tL3Br
+aS9jcHMudHh0ADBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJ
+KoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAK7FgxxlnW95ArzHUtFl
+Ypi/b/JpwOSsuiaSR3ryPj29R0vStKGBLCCvs2LS86Lz7ZMI7dgo+R8Hz23q8Uro
+7z5GaVQNR0a544R60NuBfix/f8vZSOrazcOodNX+5YXAZ3AiszXPjPyyi0EZJbLu
+psg6IoxXx0Zppq+Su++gCo8HzjPMRGT3JaYglxBhgDaRm91Qh/OhWAkrMekDZA/N
+8cbvoFnTtjc7H5GkpY8W+vVG05BBgtNqcb1BNFjj1m85hNcaa87Pu9n/EoEXAU19
+l4jv9raBZLQ4UzO3Dq31eaEeLYq/Dz7Y4+8QDcG5BxDHmPgqeNmhfJDxWfNVMg/L
+2DQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFBjCCA7qgAwIBAgITKQAAAAN1zbmzojurhgAAAAAAAzBBBgkqhkiG9w0BAQow
+NKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUA
+ogMCASAwETEPMA0GA1UEAxMGQ0ExLUNBMB4XDTE2MDkxMjE0NDA1MFoXDTM2MDkx
+MjE0NTA1MFowPjETMBEGCgmSJomT8ixkARkWA2VkdTETMBEGCgmSJomT8ixkARkW
+A2JqdTESMBAGA1UEAxMJQ0EyLVN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAym7sDRON5YUcylYSxWF4COZ2x01dfO5k76g+dIrBiU6HaC6rwGLk
+xwezr3FofDGznWYYG9bNPO6RgZvJn6aUaJ4CkuooRF8jqGV8+4UtcQhIGXJkHTJV
+pwSBZ6y/yUn7vyzA6hSiSisWunGXnGyvRUTCMZfee2KYz5TfySZA5mVHpU1YkfnS
+wwhdF+jeRee2Nj+rTbKAAvlrIQUoAHUKY/4glCfjd/UyLXNRQoMuChZSMtuDrm5f
+u19ufGr5ci8nHmnGbfk/AVz1pTZaqgb+HwV6eaJAsJumGcixV99K6Qk/fDyv7FcG
+gtzMLxUJx3rL2jvFwbffF7VHPzoB9ZZAZwIDAQABo4IBwDCCAbwwEAYJKwYBBAGC
+NxUBBAMCAQEwIwYJKwYBBAGCNxUCBBYEFOM2Y45C4GwBG3yXxhak0nnYgTYOMB0G
+A1UdDgQWBBQ8sH/O+n+p5l9TDSdbc1ERE4LvrTCBhAYDVR0gBH0wezB5BggqAwSL
+L0NZBTBtMDoGCCsGAQUFBwICMC4eLABMAGUAZwBhAGwAIABQAG8AbABpAGMAeQAg
+AFMAdABhAHQAZQBtAGUAbgB0MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNvbnRv
+c28uY29tL3BraS9jcHMudHh0ADAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL
+BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSex+VpQzDz
+yHdUgSYqIQzZSKZjwzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY2EyLmJqdS5l
+ZHUvQ2VydEVucm9sbC9DQTEtQ0EuY3JsMEgGCCsGAQUFBwEBBDwwOjA4BggrBgEF
+BQcwAoYsaHR0cDovL2NhMi5ianUuZWR1L0NlcnRFbnJvbGwvY2ExX0NBMS1DQS5j
+cnQwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEB
+CDANBglghkgBZQMEAgEFAKIDAgEgA4IBAQCy1eCb00rDG2k8AstNaNLmRUiCwhOE
+y9GBGrbwl8La8C5a2wzEGpBpjeL25/p9TEqvdHFDCZ/HTAclXJQgTEMWckpIWTZg
+1kTnM3Obbb1pe1pmjH9w9q5syh2ANPScF7hWpMGS04c7CzeabAvZJ8ol99PzrfzY
+p1ad0RbbnPi2OzJh7lEWLYibDJ93XZfFiJaeK7inRDKMeEg8NXpn57+mD06Dm/EW
+RJtpi4RjYVpPe67XkWirzp4q0Tmp3y3Tgl8ukmZw88p4QF0ZPbcOYnpWt4LWKZBc
+xosypTgT2xpUzv8IC9ehMRczHMdH9AgJdhwUD2n5La/hgYY6H+KP/b7X
+-----END CERTIFICATE-----
diff --git a/roles/ldap_certs/hosts b/roles/ldap_certs/hosts
new file mode 120000
index 0000000..26f055a
--- /dev/null
+++ b/roles/ldap_certs/hosts
@@ -0,0 +1 @@
+../../company/ldap_certs-hosts/ \ No newline at end of file
diff --git a/roles/ldap_certs/main.yml b/roles/ldap_certs/main.yml
new file mode 100644
index 0000000..430c387
--- /dev/null
+++ b/roles/ldap_certs/main.yml
@@ -0,0 +1,6 @@
+---
+- hosts: all
+ vars_files:
+ - vars/default.yml
+ tasks:
+ - include: tasks/main.yml
diff --git a/roles/ldap_certs/tasks/main.yml b/roles/ldap_certs/tasks/main.yml
new file mode 100644
index 0000000..685cd79
--- /dev/null
+++ b/roles/ldap_certs/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: ldap_certs get vars
+ include_vars: default.yml
+
+- name: ldap_certs get OS vars
+ include_vars: '{{ item }}'
+ with_first_found:
+ - '{{ ansible_distribution }}.yml'
+ - default.yml
+
+- name: ldap_certs get host-specific vars
+ include_vars: '{{ item }}'
+ with_first_found:
+ - files:
+ - 'roles/ldap_certs/hosts/{{ ansible_fqdn }}.yml'
+ skip: true
diff --git a/roles/ldap_certs/vars/FreeBSD.yml b/roles/ldap_certs/vars/FreeBSD.yml
new file mode 100644
index 0000000..e55cdee
--- /dev/null
+++ b/roles/ldap_certs/vars/FreeBSD.yml
@@ -0,0 +1,3 @@
+---
+ldap_certs_cert_dir: /usr/local/etc/openldap
+ldap_certs_hashlink_dir: /usr/local/etc/openldap
diff --git a/roles/ldap_certs/vars/Ubuntu.yml b/roles/ldap_certs/vars/Ubuntu.yml
new file mode 100644
index 0000000..0d35cc7
--- /dev/null
+++ b/roles/ldap_certs/vars/Ubuntu.yml
@@ -0,0 +1,3 @@
+---
+ldap_certs_cert_dir: /etc/ldap/certs
+ldap_certs_hashlink_dir: /etc/ldap/cacerts
diff --git a/roles/ldap_certs/vars/default.yml b/roles/ldap_certs/vars/default.yml
new file mode 100644
index 0000000..10dd8eb
--- /dev/null
+++ b/roles/ldap_certs/vars/default.yml
@@ -0,0 +1,3 @@
+---
+ldap_certs_cert_dir: /etc/openldap/certs
+ldap_certs_hashlink_dir: /etc/openldap/cacerts
diff --git a/roles/ssh/hosts b/roles/ssh/hosts
new file mode 120000
index 0000000..44453e3
--- /dev/null
+++ b/roles/ssh/hosts
@@ -0,0 +1 @@
+../../company/ssh-hosts/ \ No newline at end of file
diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml
index a526b4e..8bc88cd 100644
--- a/roles/ssh/tasks/main.yml
+++ b/roles/ssh/tasks/main.yml
@@ -12,7 +12,7 @@
include_vars: '{{ item }}'
with_first_found:
- files:
- - '../hosts/{{ ansible_fqdn }}.yml'
+ - 'roles/ssh/hosts/{{ ansible_fqdn }}.yml'
skip: true
- name: ssh_config conf
diff --git a/roles/sudo/tasks/2 b/roles/sudo/tasks/2
deleted file mode 100644
index 5dd7b7f..0000000
--- a/roles/sudo/tasks/2
+++ /dev/null
@@ -1,25 +0,0 @@
----
-- name: sudo get vars
- include_vars: default.yml
-
-- name: sudo get OS vars
- include_vars: '{{ item }}'
- with_first_found:
- - '{{ ansible_distribution }}.yml'
- - default.yml
-
-- debug: msg="{{ item | regex_replace('^.*\/','') }}"
- with_items:
- - '{{ sudo_files }}'
-
-- name: sudo deploy rules from files
- template:
- src: "roles/sudo/files/{{ item.file }}"
- dest: "{{ sudo_rules_dir }}/{{ item.file | regex_replace('^.*\/','a') }}"
- mode: 0440
- owner: '{{ sudo_root_user }}'
- group: '{{ sudo_root_group }}'
- with_items:
- - '{{ sudo_files }}'
- when:
- - sudo_files is defined
diff --git a/test.yml b/test.yml
index f170ffd..c72e519 100644
--- a/test.yml
+++ b/test.yml
@@ -1,12 +1,12 @@
---
-- name: Test playbook for sudo
+- name: Test playbook for ldap_certs
hosts: test
remote_user: root
roles:
- sudo
+ - ldap_certs
vars:
- sudo_strings:
- - { priority: 42, exists: 'false', name: 'admins-do-all', content: 'User_Alias ADMINS = Bgstack15, bgstack15, user16, User16' }
- - { priority: 43, exists: false, name: 'a', content: "ADMINS ALL=(ALL) ALL" }
- sudo_files:
- - { exists: 'false', file: '../../../company/sudo-files/40_BGSTACK15' }
+ ldap_certs:
+ - { exists: 'true', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA1-CA1.crt' }
+ - { exists: 'true', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA2-SubCA.crt' }
+ - { exists: 'true', gets_hashlink: 'true', file: '../../../company/ldap_certs-files/certs-example-2016.pem' }
bgstack15