From 1332204a81298f2980be41934a4c763e692b1a8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Douglas=20Mendiz=C3=A1bal?= Date: Wed, 9 Jan 2019 14:53:22 -0600 Subject: [PATCH] Refactor main.yaml to use include_tasks --- defaults/main.yaml | 3 ++ tasks/client.yaml | 102 +++++++++++++++++++++++++++++++++++++++++++ tasks/main.yaml | 106 +++------------------------------------------ 3 files changed, 111 insertions(+), 100 deletions(-) create mode 100644 defaults/main.yaml create mode 100644 tasks/client.yaml diff --git a/defaults/main.yaml b/defaults/main.yaml new file mode 100644 index 0000000..46640fc --- /dev/null +++ b/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +thales_install_client: false +thales_configure_rfs: false diff --git a/tasks/client.yaml b/tasks/client.yaml new file mode 100644 index 0000000..5ea6c0d --- /dev/null +++ b/tasks/client.yaml @@ -0,0 +1,102 @@ +--- +- name: Create working directory + file: + path: "{{thales_client_working_dir}}" + state: directory + mode: 0755 + +- name: create thales group + group: + name: nfast + gid: "{{thales_client_gid}}" + +- name: create thales user + user: + name: nfast + uid: "{{thales_client_uid}}" + group: "{{thales_client_gid}}" + create_home: true + home: /opt/nfast + +- name: Download Thales client tarball + get_url: + url: "{{thales_client_tarball_location}}" + dest: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}" + force: no + +- name: Unpack tarball to working directory + unarchive: + src: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}" + dest: "{{thales_client_working_dir}}" + creates: "{{thales_client_working_dir}}/{{thales_client_path}}" + remote_src: yes + +- name: Unpack tarball to /opt/nfast + shell: | + for i in `find "{{thales_client_working_dir}}/{{thales_client_path}}" -name *.tar` ; do + tar -C / -xvf $i ; + done + args: + creates: /opt/nfast/sbin/install + +- name: run installer + shell: echo "1" | /opt/nfast/sbin/install + args: + creates: /opt/nfast/kmdata + +- name: Get the security world data + get_url: + url: "{{thales_km_data_location}}" + dest: "/root/{{thales_km_data_tarball_name}}" + force: no + +- name: remove the old km_data + file: + path: /opt/nfast/kmdata + state: absent + +- name: replace kmdata + unarchive: + src: "/root/{{thales_km_data_tarball_name}}" + dest: /opt/nfast + remote_src: yes + +- name: run anonkneti to get hash + command: /opt/nfast/bin/anonkneti "{{thales_hsm_ip_address}}" + register: anonkneti + +- name: output of anonkneti + debug: var=anonkneti.stdout_lines + +- name: create cknfastrc + copy: + dest: /opt/nfast/cknfastrc + content: | + CKNFAST_OVERRIDE_SECURITY_ASSURANCES=explicitness + force: no + +- name: create snmp.conf + copy: + dest: /opt/nfast/etc/snmp/snmp.conf + content: | + defaultPort 21161 + force: yes + +- name: enroll client to HSM + command: /opt/nfast/bin/nethsmenroll --force {{thales_hsm_ip_address}} {{anonkneti.stdout_lines[0]}} + +- name: set selinux contexts for /opt/nfast + command: restorecon -R /opt/nfast + +- name: restart hardserver + command: /opt/nfast/sbin/init.d-ncipher restart + +- name: do an enquiry to confirm connection + command: /opt/nfast/bin/enquiry + register: enquiry + +- name: enquiry result + debug: var=enquiry + +- name: set up rfs_sync + command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{thales_rfs_server_ip_address}} diff --git a/tasks/main.yaml b/tasks/main.yaml index 5ea6c0d..ea8e574 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -1,102 +1,8 @@ --- -- name: Create working directory - file: - path: "{{thales_client_working_dir}}" - state: directory - mode: 0755 +- name: Include client installation tasks + include_tasks: client.yaml + when: thales_install_client -- name: create thales group - group: - name: nfast - gid: "{{thales_client_gid}}" - -- name: create thales user - user: - name: nfast - uid: "{{thales_client_uid}}" - group: "{{thales_client_gid}}" - create_home: true - home: /opt/nfast - -- name: Download Thales client tarball - get_url: - url: "{{thales_client_tarball_location}}" - dest: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}" - force: no - -- name: Unpack tarball to working directory - unarchive: - src: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}" - dest: "{{thales_client_working_dir}}" - creates: "{{thales_client_working_dir}}/{{thales_client_path}}" - remote_src: yes - -- name: Unpack tarball to /opt/nfast - shell: | - for i in `find "{{thales_client_working_dir}}/{{thales_client_path}}" -name *.tar` ; do - tar -C / -xvf $i ; - done - args: - creates: /opt/nfast/sbin/install - -- name: run installer - shell: echo "1" | /opt/nfast/sbin/install - args: - creates: /opt/nfast/kmdata - -- name: Get the security world data - get_url: - url: "{{thales_km_data_location}}" - dest: "/root/{{thales_km_data_tarball_name}}" - force: no - -- name: remove the old km_data - file: - path: /opt/nfast/kmdata - state: absent - -- name: replace kmdata - unarchive: - src: "/root/{{thales_km_data_tarball_name}}" - dest: /opt/nfast - remote_src: yes - -- name: run anonkneti to get hash - command: /opt/nfast/bin/anonkneti "{{thales_hsm_ip_address}}" - register: anonkneti - -- name: output of anonkneti - debug: var=anonkneti.stdout_lines - -- name: create cknfastrc - copy: - dest: /opt/nfast/cknfastrc - content: | - CKNFAST_OVERRIDE_SECURITY_ASSURANCES=explicitness - force: no - -- name: create snmp.conf - copy: - dest: /opt/nfast/etc/snmp/snmp.conf - content: | - defaultPort 21161 - force: yes - -- name: enroll client to HSM - command: /opt/nfast/bin/nethsmenroll --force {{thales_hsm_ip_address}} {{anonkneti.stdout_lines[0]}} - -- name: set selinux contexts for /opt/nfast - command: restorecon -R /opt/nfast - -- name: restart hardserver - command: /opt/nfast/sbin/init.d-ncipher restart - -- name: do an enquiry to confirm connection - command: /opt/nfast/bin/enquiry - register: enquiry - -- name: enquiry result - debug: var=enquiry - -- name: set up rfs_sync - command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{thales_rfs_server_ip_address}} +- name: Include RFS tasks + include_tasks: rfs.yaml + when: thales_configure_rfs