Fix certificate file name
This patch fixes the file name used for the certificate generated for each client. Change-Id: I92390347656e223bcfe270397d33da45fb2566da
This commit is contained in:
parent
b4eaaeb9cc
commit
99dc088753
|
@ -15,6 +15,7 @@
|
||||||
unarchive:
|
unarchive:
|
||||||
src: "{{ lunasa_client_working_dir }}/{{ lunasa_client_tarball_name }}"
|
src: "{{ lunasa_client_working_dir }}/{{ lunasa_client_tarball_name }}"
|
||||||
dest: "{{ lunasa_client_working_dir }}"
|
dest: "{{ lunasa_client_working_dir }}"
|
||||||
|
mode: preserve
|
||||||
creates: "{{ lunasa_client_working_dir }}/{{ lunasa_client_installer_path }}"
|
creates: "{{ lunasa_client_working_dir }}/{{ lunasa_client_installer_path }}"
|
||||||
remote_src: yes
|
remote_src: yes
|
||||||
|
|
||||||
|
@ -44,7 +45,7 @@
|
||||||
|
|
||||||
- name: Check for existing client cert
|
- name: Check for existing client cert
|
||||||
stat:
|
stat:
|
||||||
path: "/usr/safenet/lunaclient/cert/client/{{ client_host }}.pem"
|
path: "/usr/safenet/lunaclient/cert/client/{{ client_cert_cn }}.pem"
|
||||||
register: client_cert
|
register: client_cert
|
||||||
|
|
||||||
- name: Generate a new client cert for NTL
|
- name: Generate a new client cert for NTL
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: Log when client is being registered to HSM
|
- name: Log when client is being registered to HSM
|
||||||
debug:
|
debug:
|
||||||
msg: "Registering client: {{ client_name }} [{{ client_host }}] with HSM: {{ hsm_hostname }}"
|
msg: "Registering client: {{ client_name }} [host: {{ client_host }}, CN: {{ client_cert_cn }}] with HSM: {{ hsm_hostname }}"
|
||||||
|
|
||||||
- name: Get the hsm server cert from the hsm_server
|
- name: Get the hsm server cert from the hsm_server
|
||||||
shell: >
|
shell: >
|
||||||
|
@ -51,7 +51,7 @@
|
||||||
- name: Copy the NTL client cert to the HSM
|
- name: Copy the NTL client cert to the HSM
|
||||||
shell: >
|
shell: >
|
||||||
sshpass -p '{{ hsm_admin_password }}' scp -c aes256-cbc
|
sshpass -p '{{ hsm_admin_password }}' scp -c aes256-cbc
|
||||||
/usr/safenet/lunaclient/cert/client/{{ client_host }}.pem
|
/usr/safenet/lunaclient/cert/client/{{ client_cert_cn }}.pem
|
||||||
admin@{{ hsm_hostname }}:{{ client_host }}.pem
|
admin@{{ hsm_hostname }}:{{ client_host }}.pem
|
||||||
|
|
||||||
- name: Register the client
|
- name: Register the client
|
||||||
|
|
6
tox.ini
6
tox.ini
|
@ -8,5 +8,9 @@ basepython = python3
|
||||||
deps = -r{toxinidir}/test-requirements.txt
|
deps = -r{toxinidir}/test-requirements.txt
|
||||||
|
|
||||||
[testenv:linters]
|
[testenv:linters]
|
||||||
|
# We ignore 106 because the role name is inferred from the directory name as
|
||||||
|
# "lunasa-hsm", but the role is actually installed as "lunasa_hsm"
|
||||||
|
# (see setup.cfg). We would need to rename the repository to fix this without
|
||||||
|
# ignoring it.
|
||||||
# TODO(redrobot): Don't ignore 301
|
# TODO(redrobot): Don't ignore 301
|
||||||
commands = ansible-lint -x 301 {toxinidir}
|
commands = ansible-lint -x 106,301 {toxinidir}
|
||||||
|
|
Loading…
Reference in New Issue