From 44b47fd6e17f8de9f0038d94eb9f6e198c003fab Mon Sep 17 00:00:00 2001 From: B Stack Date: Thu, 6 Oct 2016 10:54:16 -0400 Subject: Fixed a few things, added ldap_certs stub --- company/ldap_certs-files/CA1-CA1.crt | 24 +++++++++++ company/ldap_certs-files/CA2-SubCA.crt | 29 ++++++++++++++ company/ldap_certs-files/certs-example-2016.pem | 53 +++++++++++++++++++++++++ roles/ldap_certs/hosts | 1 + roles/ldap_certs/main.yml | 6 +++ roles/ldap_certs/tasks/main.yml | 16 ++++++++ roles/ldap_certs/vars/FreeBSD.yml | 3 ++ roles/ldap_certs/vars/Ubuntu.yml | 3 ++ roles/ldap_certs/vars/default.yml | 3 ++ roles/ssh/hosts | 1 + roles/ssh/tasks/main.yml | 2 +- roles/sudo/tasks/2 | 25 ------------ test.yml | 12 +++--- 13 files changed, 146 insertions(+), 32 deletions(-) create mode 100755 company/ldap_certs-files/CA1-CA1.crt create mode 100755 company/ldap_certs-files/CA2-SubCA.crt create mode 100644 company/ldap_certs-files/certs-example-2016.pem create mode 120000 roles/ldap_certs/hosts create mode 100644 roles/ldap_certs/main.yml create mode 100644 roles/ldap_certs/tasks/main.yml create mode 100644 roles/ldap_certs/vars/FreeBSD.yml create mode 100644 roles/ldap_certs/vars/Ubuntu.yml create mode 100644 roles/ldap_certs/vars/default.yml create mode 120000 roles/ssh/hosts delete mode 100644 roles/sudo/tasks/2 diff --git a/company/ldap_certs-files/CA1-CA1.crt b/company/ldap_certs-files/CA1-CA1.crt new file mode 100755 index 0000000..c9abe5b --- /dev/null +++ b/company/ldap_certs-files/CA1-CA1.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID7jCCAqKgAwIBAgIQamF5qu+8BKtMKSrmeqPiWTBBBgkqhkiG9w0BAQowNKAP +MA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMC +ASAwETEPMA0GA1UEAxMGQ0ExLUNBMB4XDTE2MDkxMjEzNTI0NVoXDTQ2MDkxMjE0 +MDI0NVowETEPMA0GA1UEAxMGQ0ExLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAzHa/kF7pjXITLihVJqabLAFaPJSME13uXwR9gHIWJxUYwBavJnbz +CRIM6pAx8SI67AtVtTTIJwrEWjR4g7CPQn1Ly7Bzc5VS7EDappikhlnCv2ur35pI +RLdplnUR4C/rXMpxGzaDHMyKC4Ap0uvWZt64Qj6RTmuLf5Oe/viu8aPCZzZo55m5 +Km8hSR2CY6RdGzUIaP3rsemNLlWpXgNuiVDC72G7uC4Rvkx5lRb7YEsA1WyQ/imJ +JTIG6iVsSaw1xU48iAjwt2NenOSFNsW8LL3koEcUQBZVK9hIBrk3CaGPDmALGOAi +iOMPAMBnPGxlZ3M0LHJjC4GLakKpCfVNUQIDAQABo4HZMIHWMAsGA1UdDwQEAwIB +hjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSex+VpQzDzyHdUgSYqIQzZSKZj +wzAQBgkrBgEEAYI3FQEEAwIBADCBhAYDVR0gBH0wezB5BggqAwSLL0NZBTBtMDoG +CCsGAQUFBwICMC4eLABMAGUAZwBhAGwAIABQAG8AbABpAGMAeQAgAFMAdABhAHQA +ZQBtAGUAbgB0MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNvbnRvc28uY29tL3Br +aS9jcHMudHh0ADBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJ +KoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAK7FgxxlnW95ArzHUtFl +Ypi/b/JpwOSsuiaSR3ryPj29R0vStKGBLCCvs2LS86Lz7ZMI7dgo+R8Hz23q8Uro +7z5GaVQNR0a544R60NuBfix/f8vZSOrazcOodNX+5YXAZ3AiszXPjPyyi0EZJbLu +psg6IoxXx0Zppq+Su++gCo8HzjPMRGT3JaYglxBhgDaRm91Qh/OhWAkrMekDZA/N +8cbvoFnTtjc7H5GkpY8W+vVG05BBgtNqcb1BNFjj1m85hNcaa87Pu9n/EoEXAU19 +l4jv9raBZLQ4UzO3Dq31eaEeLYq/Dz7Y4+8QDcG5BxDHmPgqeNmhfJDxWfNVMg/L +2DQ= +-----END CERTIFICATE----- diff --git a/company/ldap_certs-files/CA2-SubCA.crt b/company/ldap_certs-files/CA2-SubCA.crt new file mode 100755 index 0000000..2e0bd20 --- /dev/null +++ b/company/ldap_certs-files/CA2-SubCA.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBjCCA7qgAwIBAgITKQAAAAN1zbmzojurhgAAAAAAAzBBBgkqhkiG9w0BAQow +NKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUA +ogMCASAwETEPMA0GA1UEAxMGQ0ExLUNBMB4XDTE2MDkxMjE0NDA1MFoXDTM2MDkx +MjE0NTA1MFowPjETMBEGCgmSJomT8ixkARkWA2VkdTETMBEGCgmSJomT8ixkARkW +A2JqdTESMBAGA1UEAxMJQ0EyLVN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAym7sDRON5YUcylYSxWF4COZ2x01dfO5k76g+dIrBiU6HaC6rwGLk +xwezr3FofDGznWYYG9bNPO6RgZvJn6aUaJ4CkuooRF8jqGV8+4UtcQhIGXJkHTJV +pwSBZ6y/yUn7vyzA6hSiSisWunGXnGyvRUTCMZfee2KYz5TfySZA5mVHpU1YkfnS +wwhdF+jeRee2Nj+rTbKAAvlrIQUoAHUKY/4glCfjd/UyLXNRQoMuChZSMtuDrm5f +u19ufGr5ci8nHmnGbfk/AVz1pTZaqgb+HwV6eaJAsJumGcixV99K6Qk/fDyv7FcG +gtzMLxUJx3rL2jvFwbffF7VHPzoB9ZZAZwIDAQABo4IBwDCCAbwwEAYJKwYBBAGC +NxUBBAMCAQEwIwYJKwYBBAGCNxUCBBYEFOM2Y45C4GwBG3yXxhak0nnYgTYOMB0G +A1UdDgQWBBQ8sH/O+n+p5l9TDSdbc1ERE4LvrTCBhAYDVR0gBH0wezB5BggqAwSL +L0NZBTBtMDoGCCsGAQUFBwICMC4eLABMAGUAZwBhAGwAIABQAG8AbABpAGMAeQAg +AFMAdABhAHQAZQBtAGUAbgB0MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNvbnRv +c28uY29tL3BraS9jcHMudHh0ADAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL +BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSex+VpQzDz +yHdUgSYqIQzZSKZjwzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY2EyLmJqdS5l +ZHUvQ2VydEVucm9sbC9DQTEtQ0EuY3JsMEgGCCsGAQUFBwEBBDwwOjA4BggrBgEF +BQcwAoYsaHR0cDovL2NhMi5ianUuZWR1L0NlcnRFbnJvbGwvY2ExX0NBMS1DQS5j +cnQwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEB +CDANBglghkgBZQMEAgEFAKIDAgEgA4IBAQCy1eCb00rDG2k8AstNaNLmRUiCwhOE +y9GBGrbwl8La8C5a2wzEGpBpjeL25/p9TEqvdHFDCZ/HTAclXJQgTEMWckpIWTZg +1kTnM3Obbb1pe1pmjH9w9q5syh2ANPScF7hWpMGS04c7CzeabAvZJ8ol99PzrfzY +p1ad0RbbnPi2OzJh7lEWLYibDJ93XZfFiJaeK7inRDKMeEg8NXpn57+mD06Dm/EW +RJtpi4RjYVpPe67XkWirzp4q0Tmp3y3Tgl8ukmZw88p4QF0ZPbcOYnpWt4LWKZBc +xosypTgT2xpUzv8IC9ehMRczHMdH9AgJdhwUD2n5La/hgYY6H+KP/b7X +-----END CERTIFICATE----- diff --git a/company/ldap_certs-files/certs-example-2016.pem b/company/ldap_certs-files/certs-example-2016.pem new file mode 100644 index 0000000..1360e0c --- /dev/null +++ b/company/ldap_certs-files/certs-example-2016.pem @@ -0,0 +1,53 @@ +-----BEGIN CERTIFICATE----- +MIID7jCCAqKgAwIBAgIQamF5qu+8BKtMKSrmeqPiWTBBBgkqhkiG9w0BAQowNKAP +MA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMC +ASAwETEPMA0GA1UEAxMGQ0ExLUNBMB4XDTE2MDkxMjEzNTI0NVoXDTQ2MDkxMjE0 +MDI0NVowETEPMA0GA1UEAxMGQ0ExLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAzHa/kF7pjXITLihVJqabLAFaPJSME13uXwR9gHIWJxUYwBavJnbz +CRIM6pAx8SI67AtVtTTIJwrEWjR4g7CPQn1Ly7Bzc5VS7EDappikhlnCv2ur35pI +RLdplnUR4C/rXMpxGzaDHMyKC4Ap0uvWZt64Qj6RTmuLf5Oe/viu8aPCZzZo55m5 +Km8hSR2CY6RdGzUIaP3rsemNLlWpXgNuiVDC72G7uC4Rvkx5lRb7YEsA1WyQ/imJ +JTIG6iVsSaw1xU48iAjwt2NenOSFNsW8LL3koEcUQBZVK9hIBrk3CaGPDmALGOAi +iOMPAMBnPGxlZ3M0LHJjC4GLakKpCfVNUQIDAQABo4HZMIHWMAsGA1UdDwQEAwIB +hjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSex+VpQzDzyHdUgSYqIQzZSKZj +wzAQBgkrBgEEAYI3FQEEAwIBADCBhAYDVR0gBH0wezB5BggqAwSLL0NZBTBtMDoG +CCsGAQUFBwICMC4eLABMAGUAZwBhAGwAIABQAG8AbABpAGMAeQAgAFMAdABhAHQA +ZQBtAGUAbgB0MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNvbnRvc28uY29tL3Br +aS9jcHMudHh0ADBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJ +KoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggEBAK7FgxxlnW95ArzHUtFl +Ypi/b/JpwOSsuiaSR3ryPj29R0vStKGBLCCvs2LS86Lz7ZMI7dgo+R8Hz23q8Uro +7z5GaVQNR0a544R60NuBfix/f8vZSOrazcOodNX+5YXAZ3AiszXPjPyyi0EZJbLu +psg6IoxXx0Zppq+Su++gCo8HzjPMRGT3JaYglxBhgDaRm91Qh/OhWAkrMekDZA/N +8cbvoFnTtjc7H5GkpY8W+vVG05BBgtNqcb1BNFjj1m85hNcaa87Pu9n/EoEXAU19 +l4jv9raBZLQ4UzO3Dq31eaEeLYq/Dz7Y4+8QDcG5BxDHmPgqeNmhfJDxWfNVMg/L +2DQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFBjCCA7qgAwIBAgITKQAAAAN1zbmzojurhgAAAAAAAzBBBgkqhkiG9w0BAQow +NKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUA +ogMCASAwETEPMA0GA1UEAxMGQ0ExLUNBMB4XDTE2MDkxMjE0NDA1MFoXDTM2MDkx +MjE0NTA1MFowPjETMBEGCgmSJomT8ixkARkWA2VkdTETMBEGCgmSJomT8ixkARkW +A2JqdTESMBAGA1UEAxMJQ0EyLVN1YkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAym7sDRON5YUcylYSxWF4COZ2x01dfO5k76g+dIrBiU6HaC6rwGLk +xwezr3FofDGznWYYG9bNPO6RgZvJn6aUaJ4CkuooRF8jqGV8+4UtcQhIGXJkHTJV +pwSBZ6y/yUn7vyzA6hSiSisWunGXnGyvRUTCMZfee2KYz5TfySZA5mVHpU1YkfnS +wwhdF+jeRee2Nj+rTbKAAvlrIQUoAHUKY/4glCfjd/UyLXNRQoMuChZSMtuDrm5f +u19ufGr5ci8nHmnGbfk/AVz1pTZaqgb+HwV6eaJAsJumGcixV99K6Qk/fDyv7FcG +gtzMLxUJx3rL2jvFwbffF7VHPzoB9ZZAZwIDAQABo4IBwDCCAbwwEAYJKwYBBAGC +NxUBBAMCAQEwIwYJKwYBBAGCNxUCBBYEFOM2Y45C4GwBG3yXxhak0nnYgTYOMB0G +A1UdDgQWBBQ8sH/O+n+p5l9TDSdbc1ERE4LvrTCBhAYDVR0gBH0wezB5BggqAwSL +L0NZBTBtMDoGCCsGAQUFBwICMC4eLABMAGUAZwBhAGwAIABQAG8AbABpAGMAeQAg +AFMAdABhAHQAZQBtAGUAbgB0MC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNvbnRv +c28uY29tL3BraS9jcHMudHh0ADAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL +BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSex+VpQzDz +yHdUgSYqIQzZSKZjwzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY2EyLmJqdS5l +ZHUvQ2VydEVucm9sbC9DQTEtQ0EuY3JsMEgGCCsGAQUFBwEBBDwwOjA4BggrBgEF +BQcwAoYsaHR0cDovL2NhMi5ianUuZWR1L0NlcnRFbnJvbGwvY2ExX0NBMS1DQS5j +cnQwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEB +CDANBglghkgBZQMEAgEFAKIDAgEgA4IBAQCy1eCb00rDG2k8AstNaNLmRUiCwhOE +y9GBGrbwl8La8C5a2wzEGpBpjeL25/p9TEqvdHFDCZ/HTAclXJQgTEMWckpIWTZg +1kTnM3Obbb1pe1pmjH9w9q5syh2ANPScF7hWpMGS04c7CzeabAvZJ8ol99PzrfzY +p1ad0RbbnPi2OzJh7lEWLYibDJ93XZfFiJaeK7inRDKMeEg8NXpn57+mD06Dm/EW +RJtpi4RjYVpPe67XkWirzp4q0Tmp3y3Tgl8ukmZw88p4QF0ZPbcOYnpWt4LWKZBc +xosypTgT2xpUzv8IC9ehMRczHMdH9AgJdhwUD2n5La/hgYY6H+KP/b7X +-----END CERTIFICATE----- diff --git a/roles/ldap_certs/hosts b/roles/ldap_certs/hosts new file mode 120000 index 0000000..26f055a --- /dev/null +++ b/roles/ldap_certs/hosts @@ -0,0 +1 @@ +../../company/ldap_certs-hosts/ \ No newline at end of file diff --git a/roles/ldap_certs/main.yml b/roles/ldap_certs/main.yml new file mode 100644 index 0000000..430c387 --- /dev/null +++ b/roles/ldap_certs/main.yml @@ -0,0 +1,6 @@ +--- +- hosts: all + vars_files: + - vars/default.yml + tasks: + - include: tasks/main.yml diff --git a/roles/ldap_certs/tasks/main.yml b/roles/ldap_certs/tasks/main.yml new file mode 100644 index 0000000..685cd79 --- /dev/null +++ b/roles/ldap_certs/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- name: ldap_certs get vars + include_vars: default.yml + +- name: ldap_certs get OS vars + include_vars: '{{ item }}' + with_first_found: + - '{{ ansible_distribution }}.yml' + - default.yml + +- name: ldap_certs get host-specific vars + include_vars: '{{ item }}' + with_first_found: + - files: + - 'roles/ldap_certs/hosts/{{ ansible_fqdn }}.yml' + skip: true diff --git a/roles/ldap_certs/vars/FreeBSD.yml b/roles/ldap_certs/vars/FreeBSD.yml new file mode 100644 index 0000000..e55cdee --- /dev/null +++ b/roles/ldap_certs/vars/FreeBSD.yml @@ -0,0 +1,3 @@ +--- +ldap_certs_cert_dir: /usr/local/etc/openldap +ldap_certs_hashlink_dir: /usr/local/etc/openldap diff --git a/roles/ldap_certs/vars/Ubuntu.yml b/roles/ldap_certs/vars/Ubuntu.yml new file mode 100644 index 0000000..0d35cc7 --- /dev/null +++ b/roles/ldap_certs/vars/Ubuntu.yml @@ -0,0 +1,3 @@ +--- +ldap_certs_cert_dir: /etc/ldap/certs +ldap_certs_hashlink_dir: /etc/ldap/cacerts diff --git a/roles/ldap_certs/vars/default.yml b/roles/ldap_certs/vars/default.yml new file mode 100644 index 0000000..10dd8eb --- /dev/null +++ b/roles/ldap_certs/vars/default.yml @@ -0,0 +1,3 @@ +--- +ldap_certs_cert_dir: /etc/openldap/certs +ldap_certs_hashlink_dir: /etc/openldap/cacerts diff --git a/roles/ssh/hosts b/roles/ssh/hosts new file mode 120000 index 0000000..44453e3 --- /dev/null +++ b/roles/ssh/hosts @@ -0,0 +1 @@ +../../company/ssh-hosts/ \ No newline at end of file diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml index a526b4e..8bc88cd 100644 --- a/roles/ssh/tasks/main.yml +++ b/roles/ssh/tasks/main.yml @@ -12,7 +12,7 @@ include_vars: '{{ item }}' with_first_found: - files: - - '../hosts/{{ ansible_fqdn }}.yml' + - 'roles/ssh/hosts/{{ ansible_fqdn }}.yml' skip: true - name: ssh_config conf diff --git a/roles/sudo/tasks/2 b/roles/sudo/tasks/2 deleted file mode 100644 index 5dd7b7f..0000000 --- a/roles/sudo/tasks/2 +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: sudo get vars - include_vars: default.yml - -- name: sudo get OS vars - include_vars: '{{ item }}' - with_first_found: - - '{{ ansible_distribution }}.yml' - - default.yml - -- debug: msg="{{ item | regex_replace('^.*\/','') }}" - with_items: - - '{{ sudo_files }}' - -- name: sudo deploy rules from files - template: - src: "roles/sudo/files/{{ item.file }}" - dest: "{{ sudo_rules_dir }}/{{ item.file | regex_replace('^.*\/','a') }}" - mode: 0440 - owner: '{{ sudo_root_user }}' - group: '{{ sudo_root_group }}' - with_items: - - '{{ sudo_files }}' - when: - - sudo_files is defined diff --git a/test.yml b/test.yml index f170ffd..c72e519 100644 --- a/test.yml +++ b/test.yml @@ -1,12 +1,12 @@ --- -- name: Test playbook for sudo +- name: Test playbook for ldap_certs hosts: test remote_user: root roles: - sudo + - ldap_certs vars: - sudo_strings: - - { priority: 42, exists: 'false', name: 'admins-do-all', content: 'User_Alias ADMINS = Bgstack15, bgstack15, user16, User16' } - - { priority: 43, exists: false, name: 'a', content: "ADMINS ALL=(ALL) ALL" } - sudo_files: - - { exists: 'false', file: '../../../company/sudo-files/40_BGSTACK15' } + ldap_certs: + - { exists: 'true', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA1-CA1.crt' } + - { exists: 'true', gets_hashlink: 'false', file: '../../../company/ldap_certs-files/CA2-SubCA.crt' } + - { exists: 'true', gets_hashlink: 'true', file: '../../../company/ldap_certs-files/certs-example-2016.pem' } -- cgit