103 lines
2.5 KiB
YAML
103 lines
2.5 KiB
YAML
---
|
|
- name: Create working directory
|
|
file:
|
|
path: "{{thales_client_working_dir}}"
|
|
state: directory
|
|
mode: 0755
|
|
|
|
- name: create thales group
|
|
group:
|
|
name: nfast
|
|
gid: "{{thales_client_gid}}"
|
|
|
|
- name: create thales user
|
|
user:
|
|
name: nfast
|
|
uid: "{{thales_client_uid}}"
|
|
group: "{{thales_client_gid}}"
|
|
create_home: true
|
|
home: /opt/nfast
|
|
|
|
- name: Download Thales client tarball
|
|
get_url:
|
|
url: "{{thales_client_tarball_location}}"
|
|
dest: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
|
|
force: no
|
|
|
|
- name: Unpack tarball to working directory
|
|
unarchive:
|
|
src: "{{thales_client_working_dir}}/{{thales_client_tarball_name}}"
|
|
dest: "{{thales_client_working_dir}}"
|
|
creates: "{{thales_client_working_dir}}/{{thales_client_path}}"
|
|
remote_src: yes
|
|
|
|
- name: Unpack tarball to /opt/nfast
|
|
shell: |
|
|
for i in `find "{{thales_client_working_dir}}/{{thales_client_path}}" -name *.tar` ; do
|
|
tar -C / -xvf $i ;
|
|
done
|
|
args:
|
|
creates: /opt/nfast/sbin/install
|
|
|
|
- name: run installer
|
|
shell: echo "1" | /opt/nfast/sbin/install
|
|
args:
|
|
creates: /opt/nfast/kmdata
|
|
|
|
- name: Get the security world data
|
|
get_url:
|
|
url: "{{thales_km_data_location}}"
|
|
dest: "/root/{{thales_km_data_tarball_name}}"
|
|
force: no
|
|
|
|
- name: remove the old km_data
|
|
file:
|
|
path: /opt/nfast/kmdata
|
|
state: absent
|
|
|
|
- name: replace kmdata
|
|
unarchive:
|
|
src: "/root/{{thales_km_data_tarball_name}}"
|
|
dest: /opt/nfast
|
|
remote_src: yes
|
|
|
|
- name: run anonkneti to get hash
|
|
command: /opt/nfast/bin/anonkneti "{{thales_hsm_ip_address}}"
|
|
register: anonkneti
|
|
|
|
- name: output of anonkneti
|
|
debug: var=anonkneti.stdout_lines
|
|
|
|
- name: create cknfastrc
|
|
copy:
|
|
dest: /opt/nfast/cknfastrc
|
|
content: |
|
|
CKNFAST_OVERRIDE_SECURITY_ASSURANCES=explicitness
|
|
force: no
|
|
|
|
- name: create snmp.conf
|
|
copy:
|
|
dest: /opt/nfast/etc/snmp/snmp.conf
|
|
content: |
|
|
defaultPort 21161
|
|
force: yes
|
|
|
|
- name: enroll client to HSM
|
|
command: /opt/nfast/bin/nethsmenroll --force {{thales_hsm_ip_address}} {{anonkneti.stdout_lines[0]}}
|
|
|
|
- name: set selinux contexts for /opt/nfast
|
|
command: restorecon -R /opt/nfast
|
|
|
|
- name: restart hardserver
|
|
command: /opt/nfast/sbin/init.d-ncipher restart
|
|
|
|
- name: do an enquiry to confirm connection
|
|
command: /opt/nfast/bin/enquiry
|
|
register: enquiry
|
|
|
|
- name: enquiry result
|
|
debug: var=enquiry
|
|
|
|
- name: set up rfs_sync
|
|
command: /opt/nfast/bin/rfs-sync --setup --no-authenticate {{thales_rfs_server_ip_address}}
|