aboutsummaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/ldap_certs/tasks/main.yml38
-rw-r--r--roles/ldap_certs/tests/test.yml11
-rw-r--r--roles/ldap_certs/vars/FreeBSD.yml6
-rw-r--r--roles/ldap_certs/vars/default.yml2
-rw-r--r--roles/sudo/tasks/main.yml8
5 files changed, 61 insertions, 4 deletions
diff --git a/roles/ldap_certs/tasks/main.yml b/roles/ldap_certs/tasks/main.yml
index 685cd79..a088b38 100644
--- a/roles/ldap_certs/tasks/main.yml
+++ b/roles/ldap_certs/tasks/main.yml
@@ -14,3 +14,41 @@
- files:
- 'roles/ldap_certs/hosts/{{ ansible_fqdn }}.yml'
skip: true
+
+- name: ldap_certs deploy files that exist
+ template: src='{{ item.file }}' dest='{{ ldap_certs_cert_dir }}/{{ item.file | regex_replace('.*/','') }}' owner='{{ ldap_certs_owner }}' group='{{ ldap_certs_group }}' mode=0644 #'
+ with_items:
+ - '{{ ldap_certs }}'
+ when:
+ - ( not '{{ item.exists | lower }}' == 'false' )
+ - ldap_certs is defined
+
+- name: ldap_certs remove files that should not exist
+ file: path='{{ ldap_certs_cert_dir }}/{{ item.file | regex_replace('.*/','') }}' state='absent'
+ with_items:
+ - '{{ ldap_certs }}'
+ when:
+ - ( not '{{ item.exists }}' ) or ( '{{ item.exists | lower }}' == 'false' )
+ - ldap_certs is defined
+
+- name: ldap_certs get hash values
+ command: openssl x509 -in "{{ ldap_certs_cert_dir }}/{{ item.file | regex_replace('.*/','') }}" -hash -noout
+ register: hashes
+ with_items:
+ - '{{ ldap_certs }}'
+ when:
+ - '{{ item.exists }}'
+ - ( not '{{ item.gets_hashlink | lower }}' == 'false' )
+ - ldap_certs is defined
+
+- name: ldap_certs deploy hashlink files
+ file:
+ path: "{{ ldap_certs_hashlink_dir }}/{{ item.stdout | quote }}.0"
+ src: "{{ ldap_certs_cert_dir}}/{{ item.item.file | regex_replace('.*/','') }}"
+ state: 'link'
+ with_items:
+ - '{{ hashes.results }}'
+ when:
+ - hashes is defined
+ - item.stdout is defined
+ - ldap_certs is defined
diff --git a/roles/ldap_certs/tests/test.yml b/roles/ldap_certs/tests/test.yml
new file mode 100644
index 0000000..9ef1e9c
--- /dev/null
+++ b/roles/ldap_certs/tests/test.yml
@@ -0,0 +1,11 @@
+---
+- name: Test playbook for ldap_certs
+ hosts: test
+ remote_user: root
+ roles:
+ - ldap_certs
+ vars:
+ ldap_certs:
+ - { exists: 'false', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA1-CA1.crt' }
+ - { exists: 'false', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA2-SubCA.crt' }
+ - { exists: 'true', gets_hashlink: 'true', file: '../../../company/ldap_certs-files/certs-example-2016.pem' }
diff --git a/roles/ldap_certs/vars/FreeBSD.yml b/roles/ldap_certs/vars/FreeBSD.yml
index e55cdee..de25638 100644
--- a/roles/ldap_certs/vars/FreeBSD.yml
+++ b/roles/ldap_certs/vars/FreeBSD.yml
@@ -1,3 +1,5 @@
---
-ldap_certs_cert_dir: /usr/local/etc/openldap
-ldap_certs_hashlink_dir: /usr/local/etc/openldap
+ldap_certs_cert_dir: /usr/local/etc/openldap/certs
+ldap_certs_hashlink_dir: /usr/local/etc/openldap/cacerts
+ldap_certs_owner: root
+ldap_certs_group: wheel
diff --git a/roles/ldap_certs/vars/default.yml b/roles/ldap_certs/vars/default.yml
index 10dd8eb..5188d42 100644
--- a/roles/ldap_certs/vars/default.yml
+++ b/roles/ldap_certs/vars/default.yml
@@ -1,3 +1,5 @@
---
ldap_certs_cert_dir: /etc/openldap/certs
ldap_certs_hashlink_dir: /etc/openldap/cacerts
+ldap_certs_owner: root
+ldap_certs_group: root
diff --git a/roles/sudo/tasks/main.yml b/roles/sudo/tasks/main.yml
index 07fda25..0b712f5 100644
--- a/roles/sudo/tasks/main.yml
+++ b/roles/sudo/tasks/main.yml
@@ -8,11 +8,14 @@
- '{{ ansible_distribution }}.yml'
- default.yml
-- stat: path='{{ sudo_rules_dir }}/{{ item.priority }}_{{ item.name }}' #'
+- name: sudo stat files described by strings
+ stat: path='{{ sudo_rules_dir }}/{{ item.priority }}_{{ item.name }}' #'
with_items:
- '{{ sudo_strings }}'
register: "s"
- when: sudo_strings is defined
+ when:
+ - sudo_strings is defined
+ - item.priority is defined
- name: sudo deploy rules from files
template:
@@ -60,4 +63,5 @@
- '{{ s.results }}'
when:
- s is defined
+ - sudo_strings is defined
- ( not item.item.exists ) or ( '{{ item.item.exists | lower }}' == 'false' )
bgstack15