/[pdpsoft]/trunk/aarc.master-portal/ansible/roles/basic/tasks/hostcreds.yml
ViewVC logotype

Contents of /trunk/aarc.master-portal/ansible/roles/basic/tasks/hostcreds.yml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3117 - (show annotations) (download) (as text)
Fri Sep 30 13:24:58 2016 UTC (5 years, 3 months ago) by tamasb
File MIME type: text/x-yaml
File size: 3168 byte(s)
configurable deployment of trust anchor

previously the TERENA trust anchor was installed only (hard coded)
but with this option any trust root can be installed from either an
rpm package or a simple PEM file and signing policy pair.

1 ---
2
3 # INSTALLING HOST CERTIFICATES
4
5 # Chown only later, at this stage we don't have a myproxy user
6 - name: copy hostcert
7 copy:
8 src: "{{ inventory_hostname }}.crt"
9 dest: /etc/grid-security/hostcert.pem
10 mode: 0644
11
12 # Chown only later, at this stage we don't have a myproxy user
13 - name: copy hostkey
14 copy:
15 src: "{{ inventory_hostname }}.key"
16 dest: /etc/grid-security/hostkey.pem
17 mode: 0400
18
19 # INSTALLING TRUST ANCHOR OF HOST CERTIFICATE FROM RPM
20
21 # install trust root from an rpm package
22 - name: deploy trust anchor for host credential (from rpm)
23 yum:
24 name: "{{ hostcred_trust_anchor_package }}"
25 state: present
26 when: hostcred_trust_anchor_package is defined
27
28 # INSTALLING TRUST ANCHOR OF HOST CERTIFICATE FROM FILE
29
30 # install trust root from PEM file
31 - name: deploy trust anchor for host credential (from PEM)
32 copy:
33 src: "{{ hostcred_trust_anchor_pem }}"
34 dest: "/etc/grid-security/certificates/{{ hostcred_trust_anchor_pem }}"
35 owner: root
36 group: root
37 mode: 0644
38 when: hostcred_trust_anchor_pem is defined
39
40 # get subject hash of CA
41 - name: getting subject hash of trust anchor
42 shell: "openssl x509 -in /etc/grid-security/certificates/{{ hostcred_trust_anchor_pem }} -noout -subject_hash | tr -d '\n'"
43 register: subject_hash
44 when: hostcred_trust_anchor_pem is defined
45
46 # get subject hash old of CA
47 - name: getting subject hash old of trust anchor
48 shell: "openssl x509 -in /etc/grid-security/certificates/{{ hostcred_trust_anchor_pem }} -noout -subject_hash_old | tr -d '\n'"
49 register: subject_hash_old
50 when: hostcred_trust_anchor_pem is defined
51
52 # make a link with the subject hash
53 - name: create subject hash symlink
54 file:
55 src: "{{ hostcred_trust_anchor_pem }}"
56 dest: "/etc/grid-security/certificates/{{ subject_hash.stdout }}.0"
57 state: link
58 when: hostcred_trust_anchor_pem is defined
59
60 # make a link with the subject hash old
61 - name: create subject hash old symlink
62 file:
63 src: "{{ hostcred_trust_anchor_pem }}"
64 dest: "/etc/grid-security/certificates/{{ subject_hash_old.stdout }}.0"
65 state: link
66 when: hostcred_trust_anchor_pem is defined
67
68 # install signing policy belonging to trust root
69 - name: deploy signing policy belonging to trust root
70 copy:
71 src: "{{ hostcred_trust_anchor_signing_policy }}"
72 dest: "/etc/grid-security/certificates/{{ hostcred_trust_anchor_signing_policy }}"
73 owner: root
74 group: root
75 mode: 0644
76 when: hostcred_trust_anchor_signing_policy is defined
77
78 # make a link with the subject hash to signing policy
79 - name: create subject hash symlink to signing policy
80 file:
81 src: "{{ hostcred_trust_anchor_signing_policy }}"
82 dest: "/etc/grid-security/certificates/{{ subject_hash.stdout }}.signing_policy"
83 state: link
84 when: hostcred_trust_anchor_signing_policy is defined
85
86 # make a link with the subject hash old to signing policy
87 - name: create subject hash old symlink to signing policy
88 file:
89 src: "{{ hostcred_trust_anchor_signing_policy }}"
90 dest: "/etc/grid-security/certificates/{{ subject_hash_old.stdout }}.signing_policy"
91 state: link
92 when: hostcred_trust_anchor_signing_policy is defined
93

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28