Refactor main.yaml to use include_tasks
This commit is contained in:
parent
1a575a1ebc
commit
1332204a81
3
defaults/main.yaml
Normal file
3
defaults/main.yaml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
thales_install_client: false
|
||||
thales_configure_rfs: false
|
102
tasks/client.yaml
Normal file
102
tasks/client.yaml
Normal file
@ -0,0 +1,102 @@
|
||||
---
|
||||
- name: Create working directory
|
||||
file:
|
||||
path: "{{thales_client_working_dir}}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: create thales group
|
||||
group:
|
||||
name: nfast
|
||||
gid: "{{thales_client_gid}}"
|
||||
|
||||
- name: create thales user
|
||||
user:
|
||||
name: nfast
|
||||
uid: "{{thales_client_uid}}"
|
||||
group: "{{thales_client_gid}}"
|
||||
create_home: true
|
||||
home: /opt/nfast
|
||||
|
||||
- name: Download Thales client tarball
|
||||
get_url:
|
||||
url: "{{thales_client_tarball_location}}"
|
||||
dest: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
|
||||
force: no
|
||||
|
||||
- name: Unpack tarball to working directory
|
||||
unarchive:
|
||||
src: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
|
||||
dest: "{{thales_client_working_dir}}"
|
||||
creates: "{{thales_client_working_dir}}/{{thales_client_path}}"
|
||||
remote_src: yes
|
||||
|
||||
- name: Unpack tarball to /opt/nfast
|
||||
shell: |
|
||||
for i in `find "{{thales_client_working_dir}}/{{thales_client_path}}" -name *.tar` ; do
|
||||
tar -C / -xvf $i ;
|
||||
done
|
||||
args:
|
||||
creates: /opt/nfast/sbin/install
|
||||
|
||||
- name: run installer
|
||||
shell: echo "1" | /opt/nfast/sbin/install
|
||||
args:
|
||||
creates: /opt/nfast/kmdata
|
||||
|
||||
- name: Get the security world data
|
||||
get_url:
|
||||
url: "{{thales_km_data_location}}"
|
||||
dest: "/root/{{thales_km_data_tarball_name}}"
|
||||
force: no
|
||||
|
||||
- name: remove the old km_data
|
||||
file:
|
||||
path: /opt/nfast/kmdata
|
||||
state: absent
|
||||
|
||||
- name: replace kmdata
|
||||
unarchive:
|
||||
src: "/root/{{thales_km_data_tarball_name}}"
|
||||
dest: /opt/nfast
|
||||
remote_src: yes
|
||||
|
||||
- name: run anonkneti to get hash
|
||||
command: /opt/nfast/bin/anonkneti "{{thales_hsm_ip_address}}"
|
||||
register: anonkneti
|
||||
|
||||
- name: output of anonkneti
|
||||
debug: var=anonkneti.stdout_lines
|
||||
|
||||
- name: create cknfastrc
|
||||
copy:
|
||||
dest: /opt/nfast/cknfastrc
|
||||
content: |
|
||||
CKNFAST_OVERRIDE_SECURITY_ASSURANCES=explicitness
|
||||
force: no
|
||||
|
||||
- name: create snmp.conf
|
||||
copy:
|
||||
dest: /opt/nfast/etc/snmp/snmp.conf
|
||||
content: |
|
||||
defaultPort 21161
|
||||
force: yes
|
||||
|
||||
- name: enroll client to HSM
|
||||
command: /opt/nfast/bin/nethsmenroll --force {{thales_hsm_ip_address}} {{anonkneti.stdout_lines[0]}}
|
||||
|
||||
- name: set selinux contexts for /opt/nfast
|
||||
command: restorecon -R /opt/nfast
|
||||
|
||||
- name: restart hardserver
|
||||
command: /opt/nfast/sbin/init.d-ncipher restart
|
||||
|
||||
- name: do an enquiry to confirm connection
|
||||
command: /opt/nfast/bin/enquiry
|
||||
register: enquiry
|
||||
|
||||
- name: enquiry result
|
||||
debug: var=enquiry
|
||||
|
||||
- name: set up rfs_sync
|
||||
command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{thales_rfs_server_ip_address}}
|
106
tasks/main.yaml
106
tasks/main.yaml
@ -1,102 +1,8 @@
|
||||
---
|
||||
- name: Create working directory
|
||||
file:
|
||||
path: "{{thales_client_working_dir}}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
- name: Include client installation tasks
|
||||
include_tasks: client.yaml
|
||||
when: thales_install_client
|
||||
|
||||
- name: create thales group
|
||||
group:
|
||||
name: nfast
|
||||
gid: "{{thales_client_gid}}"
|
||||
|
||||
- name: create thales user
|
||||
user:
|
||||
name: nfast
|
||||
uid: "{{thales_client_uid}}"
|
||||
group: "{{thales_client_gid}}"
|
||||
create_home: true
|
||||
home: /opt/nfast
|
||||
|
||||
- name: Download Thales client tarball
|
||||
get_url:
|
||||
url: "{{thales_client_tarball_location}}"
|
||||
dest: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
|
||||
force: no
|
||||
|
||||
- name: Unpack tarball to working directory
|
||||
unarchive:
|
||||
src: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
|
||||
dest: "{{thales_client_working_dir}}"
|
||||
creates: "{{thales_client_working_dir}}/{{thales_client_path}}"
|
||||
remote_src: yes
|
||||
|
||||
- name: Unpack tarball to /opt/nfast
|
||||
shell: |
|
||||
for i in `find "{{thales_client_working_dir}}/{{thales_client_path}}" -name *.tar` ; do
|
||||
tar -C / -xvf $i ;
|
||||
done
|
||||
args:
|
||||
creates: /opt/nfast/sbin/install
|
||||
|
||||
- name: run installer
|
||||
shell: echo "1" | /opt/nfast/sbin/install
|
||||
args:
|
||||
creates: /opt/nfast/kmdata
|
||||
|
||||
- name: Get the security world data
|
||||
get_url:
|
||||
url: "{{thales_km_data_location}}"
|
||||
dest: "/root/{{thales_km_data_tarball_name}}"
|
||||
force: no
|
||||
|
||||
- name: remove the old km_data
|
||||
file:
|
||||
path: /opt/nfast/kmdata
|
||||
state: absent
|
||||
|
||||
- name: replace kmdata
|
||||
unarchive:
|
||||
src: "/root/{{thales_km_data_tarball_name}}"
|
||||
dest: /opt/nfast
|
||||
remote_src: yes
|
||||
|
||||
- name: run anonkneti to get hash
|
||||
command: /opt/nfast/bin/anonkneti "{{thales_hsm_ip_address}}"
|
||||
register: anonkneti
|
||||
|
||||
- name: output of anonkneti
|
||||
debug: var=anonkneti.stdout_lines
|
||||
|
||||
- name: create cknfastrc
|
||||
copy:
|
||||
dest: /opt/nfast/cknfastrc
|
||||
content: |
|
||||
CKNFAST_OVERRIDE_SECURITY_ASSURANCES=explicitness
|
||||
force: no
|
||||
|
||||
- name: create snmp.conf
|
||||
copy:
|
||||
dest: /opt/nfast/etc/snmp/snmp.conf
|
||||
content: |
|
||||
defaultPort 21161
|
||||
force: yes
|
||||
|
||||
- name: enroll client to HSM
|
||||
command: /opt/nfast/bin/nethsmenroll --force {{thales_hsm_ip_address}} {{anonkneti.stdout_lines[0]}}
|
||||
|
||||
- name: set selinux contexts for /opt/nfast
|
||||
command: restorecon -R /opt/nfast
|
||||
|
||||
- name: restart hardserver
|
||||
command: /opt/nfast/sbin/init.d-ncipher restart
|
||||
|
||||
- name: do an enquiry to confirm connection
|
||||
command: /opt/nfast/bin/enquiry
|
||||
register: enquiry
|
||||
|
||||
- name: enquiry result
|
||||
debug: var=enquiry
|
||||
|
||||
- name: set up rfs_sync
|
||||
command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{thales_rfs_server_ip_address}}
|
||||
- name: Include RFS tasks
|
||||
include_tasks: rfs.yaml
|
||||
when: thales_configure_rfs
|
||||
|
Loading…
Reference in New Issue
Block a user