/[pdpsoft]/trunk/aarc.master-portal/ansible/roles/basic/tasks/hostcreds.yml
ViewVC logotype

Diff of /trunk/aarc.master-portal/ansible/roles/basic/tasks/hostcreds.yml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 3116 by tamasb, Tue Apr 5 13:30:10 2016 UTC revision 3117 by tamasb, Fri Sep 30 13:24:58 2016 UTC
# Line 1  Line 1 
1  ---  ---
2    
3    # INSTALLING HOST CERTIFICATES
4    
5  # Chown only later, at this stage we don't have a myproxy user  # Chown only later, at this stage we don't have a myproxy user
6  - name: copy hostcert  - name: copy hostcert
7    copy:    copy:
8      src: "{{ inventory_hostname }}.crt"      src: "{{ inventory_hostname }}.crt"
9      dest: /etc/grid-security/hostcert.pem      dest: /etc/grid-security/hostcert.pem
 #    owner: myproxy  
 #    group: myproxy  
10      mode: 0644      mode: 0644
11    
12  # Chown only later, at this stage we don't have a myproxy user  # Chown only later, at this stage we don't have a myproxy user
# Line 14  Line 14 
14    copy:    copy:
15      src: "{{ inventory_hostname }}.key"      src: "{{ inventory_hostname }}.key"
16      dest: /etc/grid-security/hostkey.pem      dest: /etc/grid-security/hostkey.pem
 #    owner: myproxy  
 #    group: myproxy  
17      mode: 0400      mode: 0400
18    
19    # INSTALLING TRUST ANCHOR OF HOST CERTIFICATE FROM RPM
20    
21    # install trust root from an rpm package
22    - name: deploy trust anchor for host credential (from rpm)
23      yum:
24        name: "{{ hostcred_trust_anchor_package }}"
25        state: present
26      when: hostcred_trust_anchor_package is defined
27    
28    # INSTALLING TRUST ANCHOR OF HOST CERTIFICATE FROM FILE
29    
30    # install trust root from PEM file
31    - name: deploy trust anchor for host credential (from PEM)
32      copy:
33        src: "{{ hostcred_trust_anchor_pem }}"
34        dest: "/etc/grid-security/certificates/{{ hostcred_trust_anchor_pem }}"
35        owner: root
36        group: root
37        mode: 0644
38      when: hostcred_trust_anchor_pem is defined
39    
40    # get subject hash of CA
41    - name: getting subject hash of trust anchor
42      shell: "openssl x509 -in /etc/grid-security/certificates/{{ hostcred_trust_anchor_pem }} -noout -subject_hash | tr -d '\n'"
43      register: subject_hash
44      when: hostcred_trust_anchor_pem is defined
45    
46    # get subject hash old of CA
47    - name: getting subject hash old of trust anchor
48      shell: "openssl x509 -in /etc/grid-security/certificates/{{ hostcred_trust_anchor_pem }} -noout -subject_hash_old | tr -d '\n'"
49      register: subject_hash_old
50      when: hostcred_trust_anchor_pem is defined
51    
52    # make a link with the subject hash
53    - name: create subject hash symlink
54      file:
55        src: "{{ hostcred_trust_anchor_pem }}"
56        dest: "/etc/grid-security/certificates/{{ subject_hash.stdout }}.0"
57        state: link
58      when: hostcred_trust_anchor_pem is defined
59    
60    # make a link with the subject hash old
61    - name: create subject hash old symlink
62      file:
63        src: "{{ hostcred_trust_anchor_pem }}"
64        dest: "/etc/grid-security/certificates/{{ subject_hash_old.stdout }}.0"
65        state: link
66      when: hostcred_trust_anchor_pem is defined
67    
68    # install signing policy belonging to trust root
69    - name: deploy signing policy belonging to trust root
70      copy:
71        src: "{{ hostcred_trust_anchor_signing_policy }}"
72        dest: "/etc/grid-security/certificates/{{ hostcred_trust_anchor_signing_policy }}"
73        owner: root
74        group: root
75        mode: 0644
76      when: hostcred_trust_anchor_signing_policy is defined
77    
78    # make a link with the subject hash to signing policy
79    - name: create subject hash symlink to signing policy
80      file:
81        src: "{{ hostcred_trust_anchor_signing_policy }}"
82        dest: "/etc/grid-security/certificates/{{ subject_hash.stdout }}.signing_policy"
83        state: link
84      when: hostcred_trust_anchor_signing_policy is defined
85    
86    # make a link with the subject hash old to signing policy
87    - name: create subject hash old symlink to signing policy
88      file:
89        src: "{{ hostcred_trust_anchor_signing_policy }}"
90        dest: "/etc/grid-security/certificates/{{ subject_hash_old.stdout }}.signing_policy"
91        state: link
92      when: hostcred_trust_anchor_signing_policy is defined
93    

Legend:
Removed from v.3116  
changed lines
  Added in v.3117

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28