94 lines
3.0 KiB
YAML
94 lines
3.0 KiB
YAML
---
|
|
- name: Create working directory
|
|
file:
|
|
path: "{{ lunasa_client_working_dir }}"
|
|
state: directory
|
|
mode: 0755
|
|
|
|
- name: Download Lunasa client tarball
|
|
get_url:
|
|
url: "{{ lunasa_client_tarball_location }}"
|
|
dest: "{{ lunasa_client_working_dir }}/{{ lunasa_client_tarball_name }}"
|
|
force: no
|
|
|
|
- name: Unpack tarball to working directory
|
|
unarchive:
|
|
src: "{{ lunasa_client_working_dir }}/{{ lunasa_client_tarball_name }}"
|
|
dest: "{{ lunasa_client_working_dir }}"
|
|
creates: "{{ lunasa_client_working_dir }}/{{ lunasa_client_installer_path }}"
|
|
remote_src: yes
|
|
|
|
- name: Run the install.sh script
|
|
shell: |
|
|
set -o pipefail && echo y | {{ lunasa_client_working_dir }}/{{ lunasa_client_installer_path }} \
|
|
-p sa -c sdk
|
|
args:
|
|
creates: /usr/lib/libCryptoki2_64.so
|
|
become: true
|
|
|
|
- name: register the client to the HSMs
|
|
include_tasks: register_hsm.yaml
|
|
loop: "{{ lunasa_hsms }}"
|
|
vars:
|
|
hsm_name: "{{ item.name }}"
|
|
hsm_hostname: "{{ item.hostname }}"
|
|
hsm_admin_password: "{{ item.admin_password }}"
|
|
client_ip: "{{ item.client_ip }}"
|
|
hsm_partition: "{{ item.partition }}"
|
|
|
|
- name: verify the NTL connection
|
|
command: /usr/safenet/lunaclient/bin/vtl verify
|
|
become: true
|
|
|
|
- name: create hsm ha partition
|
|
when: lunasa_ha_label is defined
|
|
become: true
|
|
block:
|
|
- name: create ha partition
|
|
shell: |
|
|
echo 'copy' | /usr/safenet/lunaclient/bin/lunacm -c hagroup createGroup \
|
|
-label {{ lunasa_ha_label }} \
|
|
-serialNumber {{ lunasa_hsms[0].partition_serial }} \
|
|
-password {{ lunasa_partition_password }}
|
|
register: result
|
|
failed_when:
|
|
- "'Command Result : No Error' not in result.stdout"
|
|
- "'for the new group has already been used' not in result.stdout"
|
|
|
|
- name: add other hsms to the ha group
|
|
shell: |
|
|
echo 'copy' | /usr/safenet/lunaclient/bin/lunacm -c hagroup addMember \
|
|
-group {{ lunasa_ha_label }} \
|
|
-serialNumber {{ item.partition_serial }} \
|
|
-password {{ lunasa_partition_password }}
|
|
loop: "{{ lunasa_hsms }}"
|
|
loop_control:
|
|
extended: yes
|
|
when: ansible_loop.first != True
|
|
register: result
|
|
failed_when:
|
|
- "'Command Result : No Error' not in result.stdout"
|
|
- "'The member you specified is already part of an' not in result.stdout"
|
|
|
|
- name: Copy expect script to check HA status
|
|
copy:
|
|
src: list-ha-groups.j2
|
|
dest: /usr/safenet/lunaclient/bin/list-ha-groups
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
|
|
- name: Check the HA group
|
|
shell: |
|
|
/usr/safenet/lunaclient/bin/list-ha-groups
|
|
register: result
|
|
failed_when: "'Command Result : No Error' not in result.stdout"
|
|
|
|
- name: Register the HA Slot ID
|
|
shell: |
|
|
set -o pipefail && /usr/safenet/lunaclient/bin/list-ha-groups | grep 'HA Group Slot ID' | awk '{ print $NF }'
|
|
register: ha_slot
|
|
|
|
- debug:
|
|
msg: "HA Slot ID: {{ ha_slot.stdout }}"
|