Refactor main.yaml to use include_tasks

defaults/main.yaml

@@ -0,0 +1,3 @@
+---
+thales_install_client: false
+thales_configure_rfs: false

tasks/client.yaml

@@ -0,0 +1,102 @@
+---
+- name: Create working directory
+  file:
+      path: "{{thales_client_working_dir}}"
+      state: directory
+      mode: 0755
+
+- name: create thales group
+  group:
+      name: nfast
+      gid: "{{thales_client_gid}}"
+
+- name: create thales user
+  user:
+      name: nfast
+      uid: "{{thales_client_uid}}"
+      group: "{{thales_client_gid}}"
+      create_home: true
+      home: /opt/nfast
+
+- name: Download Thales client tarball
+  get_url:
+      url: "{{thales_client_tarball_location}}"
+      dest: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
+      force: no
+
+- name: Unpack tarball to working directory
+  unarchive:
+      src: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
+      dest: "{{thales_client_working_dir}}"
+      creates: "{{thales_client_working_dir}}/{{thales_client_path}}"
+      remote_src: yes
+
+- name: Unpack tarball to /opt/nfast
+  shell: |
+      for i in `find "{{thales_client_working_dir}}/{{thales_client_path}}" -name *.tar` ; do
+          tar -C / -xvf $i ;
+      done
+  args:
+      creates: /opt/nfast/sbin/install
+
+- name: run installer
+  shell: echo "1" | /opt/nfast/sbin/install
+  args:
+      creates: /opt/nfast/kmdata
+
+- name: Get the security world data
+  get_url:
+      url: "{{thales_km_data_location}}"
+      dest: "/root/{{thales_km_data_tarball_name}}"
+      force: no
+
+- name: remove the old km_data
+  file:
+      path: /opt/nfast/kmdata
+      state: absent
+
+- name: replace kmdata
+  unarchive:
+      src: "/root/{{thales_km_data_tarball_name}}"
+      dest: /opt/nfast
+      remote_src: yes
+
+- name: run anonkneti to get hash
+  command: /opt/nfast/bin/anonkneti "{{thales_hsm_ip_address}}"
+  register: anonkneti
+
+- name: output of anonkneti
+  debug: var=anonkneti.stdout_lines
+
+- name: create cknfastrc
+  copy:
+      dest: /opt/nfast/cknfastrc
+      content: |
+          CKNFAST_OVERRIDE_SECURITY_ASSURANCES=explicitness
+      force: no
+
+- name: create snmp.conf
+  copy:
+      dest: /opt/nfast/etc/snmp/snmp.conf
+      content: |
+          defaultPort 21161
+      force: yes
+
+- name: enroll client to HSM
+  command: /opt/nfast/bin/nethsmenroll --force {{thales_hsm_ip_address}} {{anonkneti.stdout_lines[0]}}
+
+- name:  set selinux contexts for /opt/nfast
+  command: restorecon -R /opt/nfast
+
+- name: restart hardserver
+  command: /opt/nfast/sbin/init.d-ncipher restart
+
+- name: do an enquiry to confirm connection
+  command: /opt/nfast/bin/enquiry
+  register: enquiry
+
+- name: enquiry result
+  debug: var=enquiry
+
+- name: set up rfs_sync
+  command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{thales_rfs_server_ip_address}}

tasks/main.yaml

@@ -1,102 +1,8 @@
 ---
-- name: Create working directory
-  file:
-      path: "{{thales_client_working_dir}}"
-      state: directory
-      mode: 0755
+- name: Include client installation tasks
+  include_tasks: client.yaml
+  when: thales_install_client
 
-- name: create thales group
-  group:
-      name: nfast
-      gid: "{{thales_client_gid}}"
-
-- name: create thales user
-  user:
-      name: nfast
-      uid: "{{thales_client_uid}}"
-      group: "{{thales_client_gid}}"
-      create_home: true
-      home: /opt/nfast
-
-- name: Download Thales client tarball
-  get_url:
-      url: "{{thales_client_tarball_location}}"
-      dest: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
-      force: no
-
-- name: Unpack tarball to working directory
-  unarchive:
-      src: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
-      dest: "{{thales_client_working_dir}}"
-      creates: "{{thales_client_working_dir}}/{{thales_client_path}}"
-      remote_src: yes
-
-- name: Unpack tarball to /opt/nfast
-  shell: |
-      for i in `find "{{thales_client_working_dir}}/{{thales_client_path}}" -name *.tar` ; do
-          tar -C / -xvf $i ;
-      done
-  args:
-      creates: /opt/nfast/sbin/install
-
-- name: run installer
-  shell: echo "1" | /opt/nfast/sbin/install
-  args:
-      creates: /opt/nfast/kmdata
-
-- name: Get the security world data
-  get_url:
-      url: "{{thales_km_data_location}}"
-      dest: "/root/{{thales_km_data_tarball_name}}"
-      force: no
-
-- name: remove the old km_data
-  file:
-      path: /opt/nfast/kmdata
-      state: absent
-
-- name: replace kmdata
-  unarchive:
-      src: "/root/{{thales_km_data_tarball_name}}"
-      dest: /opt/nfast
-      remote_src: yes
-
-- name: run anonkneti to get hash
-  command: /opt/nfast/bin/anonkneti "{{thales_hsm_ip_address}}"
-  register: anonkneti
-
-- name: output of anonkneti
-  debug: var=anonkneti.stdout_lines
-
-- name: create cknfastrc
-  copy:
-      dest: /opt/nfast/cknfastrc
-      content: |
-          CKNFAST_OVERRIDE_SECURITY_ASSURANCES=explicitness
-      force: no
-
-- name: create snmp.conf
-  copy:
-      dest: /opt/nfast/etc/snmp/snmp.conf
-      content: |
-          defaultPort 21161
-      force: yes
-
-- name: enroll client to HSM
-  command: /opt/nfast/bin/nethsmenroll --force {{thales_hsm_ip_address}} {{anonkneti.stdout_lines[0]}}
-
-- name:  set selinux contexts for /opt/nfast
-  command: restorecon -R /opt/nfast
-
-- name: restart hardserver
-  command: /opt/nfast/sbin/init.d-ncipher restart
-
-- name: do an enquiry to confirm connection
-  command: /opt/nfast/bin/enquiry
-  register: enquiry
-
-- name: enquiry result
-  debug: var=enquiry
-
-- name: set up rfs_sync
-  command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{thales_rfs_server_ip_address}}
+- name: Include RFS tasks
+  include_tasks: rfs.yaml
+  when: thales_configure_rfs