Refactor main.yaml to use include_tasks
This commit is contained in:
parent
1a575a1ebc
commit
1332204a81
3
defaults/main.yaml
Normal file
3
defaults/main.yaml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
thales_install_client: false
|
||||||
|
thales_configure_rfs: false
|
102
tasks/client.yaml
Normal file
102
tasks/client.yaml
Normal file
@ -0,0 +1,102 @@
|
|||||||
|
---
|
||||||
|
- name: Create working directory
|
||||||
|
file:
|
||||||
|
path: "{{thales_client_working_dir}}"
|
||||||
|
state: directory
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: create thales group
|
||||||
|
group:
|
||||||
|
name: nfast
|
||||||
|
gid: "{{thales_client_gid}}"
|
||||||
|
|
||||||
|
- name: create thales user
|
||||||
|
user:
|
||||||
|
name: nfast
|
||||||
|
uid: "{{thales_client_uid}}"
|
||||||
|
group: "{{thales_client_gid}}"
|
||||||
|
create_home: true
|
||||||
|
home: /opt/nfast
|
||||||
|
|
||||||
|
- name: Download Thales client tarball
|
||||||
|
get_url:
|
||||||
|
url: "{{thales_client_tarball_location}}"
|
||||||
|
dest: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
|
||||||
|
force: no
|
||||||
|
|
||||||
|
- name: Unpack tarball to working directory
|
||||||
|
unarchive:
|
||||||
|
src: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
|
||||||
|
dest: "{{thales_client_working_dir}}"
|
||||||
|
creates: "{{thales_client_working_dir}}/{{thales_client_path}}"
|
||||||
|
remote_src: yes
|
||||||
|
|
||||||
|
- name: Unpack tarball to /opt/nfast
|
||||||
|
shell: |
|
||||||
|
for i in `find "{{thales_client_working_dir}}/{{thales_client_path}}" -name *.tar` ; do
|
||||||
|
tar -C / -xvf $i ;
|
||||||
|
done
|
||||||
|
args:
|
||||||
|
creates: /opt/nfast/sbin/install
|
||||||
|
|
||||||
|
- name: run installer
|
||||||
|
shell: echo "1" | /opt/nfast/sbin/install
|
||||||
|
args:
|
||||||
|
creates: /opt/nfast/kmdata
|
||||||
|
|
||||||
|
- name: Get the security world data
|
||||||
|
get_url:
|
||||||
|
url: "{{thales_km_data_location}}"
|
||||||
|
dest: "/root/{{thales_km_data_tarball_name}}"
|
||||||
|
force: no
|
||||||
|
|
||||||
|
- name: remove the old km_data
|
||||||
|
file:
|
||||||
|
path: /opt/nfast/kmdata
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: replace kmdata
|
||||||
|
unarchive:
|
||||||
|
src: "/root/{{thales_km_data_tarball_name}}"
|
||||||
|
dest: /opt/nfast
|
||||||
|
remote_src: yes
|
||||||
|
|
||||||
|
- name: run anonkneti to get hash
|
||||||
|
command: /opt/nfast/bin/anonkneti "{{thales_hsm_ip_address}}"
|
||||||
|
register: anonkneti
|
||||||
|
|
||||||
|
- name: output of anonkneti
|
||||||
|
debug: var=anonkneti.stdout_lines
|
||||||
|
|
||||||
|
- name: create cknfastrc
|
||||||
|
copy:
|
||||||
|
dest: /opt/nfast/cknfastrc
|
||||||
|
content: |
|
||||||
|
CKNFAST_OVERRIDE_SECURITY_ASSURANCES=explicitness
|
||||||
|
force: no
|
||||||
|
|
||||||
|
- name: create snmp.conf
|
||||||
|
copy:
|
||||||
|
dest: /opt/nfast/etc/snmp/snmp.conf
|
||||||
|
content: |
|
||||||
|
defaultPort 21161
|
||||||
|
force: yes
|
||||||
|
|
||||||
|
- name: enroll client to HSM
|
||||||
|
command: /opt/nfast/bin/nethsmenroll --force {{thales_hsm_ip_address}} {{anonkneti.stdout_lines[0]}}
|
||||||
|
|
||||||
|
- name: set selinux contexts for /opt/nfast
|
||||||
|
command: restorecon -R /opt/nfast
|
||||||
|
|
||||||
|
- name: restart hardserver
|
||||||
|
command: /opt/nfast/sbin/init.d-ncipher restart
|
||||||
|
|
||||||
|
- name: do an enquiry to confirm connection
|
||||||
|
command: /opt/nfast/bin/enquiry
|
||||||
|
register: enquiry
|
||||||
|
|
||||||
|
- name: enquiry result
|
||||||
|
debug: var=enquiry
|
||||||
|
|
||||||
|
- name: set up rfs_sync
|
||||||
|
command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{thales_rfs_server_ip_address}}
|
106
tasks/main.yaml
106
tasks/main.yaml
@ -1,102 +1,8 @@
|
|||||||
---
|
---
|
||||||
- name: Create working directory
|
- name: Include client installation tasks
|
||||||
file:
|
include_tasks: client.yaml
|
||||||
path: "{{thales_client_working_dir}}"
|
when: thales_install_client
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: create thales group
|
- name: Include RFS tasks
|
||||||
group:
|
include_tasks: rfs.yaml
|
||||||
name: nfast
|
when: thales_configure_rfs
|
||||||
gid: "{{thales_client_gid}}"
|
|
||||||
|
|
||||||
- name: create thales user
|
|
||||||
user:
|
|
||||||
name: nfast
|
|
||||||
uid: "{{thales_client_uid}}"
|
|
||||||
group: "{{thales_client_gid}}"
|
|
||||||
create_home: true
|
|
||||||
home: /opt/nfast
|
|
||||||
|
|
||||||
- name: Download Thales client tarball
|
|
||||||
get_url:
|
|
||||||
url: "{{thales_client_tarball_location}}"
|
|
||||||
dest: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
|
|
||||||
force: no
|
|
||||||
|
|
||||||
- name: Unpack tarball to working directory
|
|
||||||
unarchive:
|
|
||||||
src: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
|
|
||||||
dest: "{{thales_client_working_dir}}"
|
|
||||||
creates: "{{thales_client_working_dir}}/{{thales_client_path}}"
|
|
||||||
remote_src: yes
|
|
||||||
|
|
||||||
- name: Unpack tarball to /opt/nfast
|
|
||||||
shell: |
|
|
||||||
for i in `find "{{thales_client_working_dir}}/{{thales_client_path}}" -name *.tar` ; do
|
|
||||||
tar -C / -xvf $i ;
|
|
||||||
done
|
|
||||||
args:
|
|
||||||
creates: /opt/nfast/sbin/install
|
|
||||||
|
|
||||||
- name: run installer
|
|
||||||
shell: echo "1" | /opt/nfast/sbin/install
|
|
||||||
args:
|
|
||||||
creates: /opt/nfast/kmdata
|
|
||||||
|
|
||||||
- name: Get the security world data
|
|
||||||
get_url:
|
|
||||||
url: "{{thales_km_data_location}}"
|
|
||||||
dest: "/root/{{thales_km_data_tarball_name}}"
|
|
||||||
force: no
|
|
||||||
|
|
||||||
- name: remove the old km_data
|
|
||||||
file:
|
|
||||||
path: /opt/nfast/kmdata
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: replace kmdata
|
|
||||||
unarchive:
|
|
||||||
src: "/root/{{thales_km_data_tarball_name}}"
|
|
||||||
dest: /opt/nfast
|
|
||||||
remote_src: yes
|
|
||||||
|
|
||||||
- name: run anonkneti to get hash
|
|
||||||
command: /opt/nfast/bin/anonkneti "{{thales_hsm_ip_address}}"
|
|
||||||
register: anonkneti
|
|
||||||
|
|
||||||
- name: output of anonkneti
|
|
||||||
debug: var=anonkneti.stdout_lines
|
|
||||||
|
|
||||||
- name: create cknfastrc
|
|
||||||
copy:
|
|
||||||
dest: /opt/nfast/cknfastrc
|
|
||||||
content: |
|
|
||||||
CKNFAST_OVERRIDE_SECURITY_ASSURANCES=explicitness
|
|
||||||
force: no
|
|
||||||
|
|
||||||
- name: create snmp.conf
|
|
||||||
copy:
|
|
||||||
dest: /opt/nfast/etc/snmp/snmp.conf
|
|
||||||
content: |
|
|
||||||
defaultPort 21161
|
|
||||||
force: yes
|
|
||||||
|
|
||||||
- name: enroll client to HSM
|
|
||||||
command: /opt/nfast/bin/nethsmenroll --force {{thales_hsm_ip_address}} {{anonkneti.stdout_lines[0]}}
|
|
||||||
|
|
||||||
- name: set selinux contexts for /opt/nfast
|
|
||||||
command: restorecon -R /opt/nfast
|
|
||||||
|
|
||||||
- name: restart hardserver
|
|
||||||
command: /opt/nfast/sbin/init.d-ncipher restart
|
|
||||||
|
|
||||||
- name: do an enquiry to confirm connection
|
|
||||||
command: /opt/nfast/bin/enquiry
|
|
||||||
register: enquiry
|
|
||||||
|
|
||||||
- name: enquiry result
|
|
||||||
debug: var=enquiry
|
|
||||||
|
|
||||||
- name: set up rfs_sync
|
|
||||||
command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{thales_rfs_server_ip_address}}
|
|
||||||
|
Loading…
Reference in New Issue
Block a user