From c26fbd96fbd003159b5d08a91eac11f4436e5e5d Mon Sep 17 00:00:00 2001 From: Andrea Cimbalo Date: Fri, 19 Aug 2016 20:16:51 +0200 Subject: [PATCH] remove ca-manager dependencies --- roles/dovecot/tasks/main.yaml | 40 +++++++++++++------------ roles/lxc_guest/tasks/main.yaml | 52 +++++++++++++++++++++------------ 2 files changed, 55 insertions(+), 37 deletions(-) diff --git a/roles/dovecot/tasks/main.yaml b/roles/dovecot/tasks/main.yaml index 9711ce3..85687c1 100644 --- a/roles/dovecot/tasks/main.yaml +++ b/roles/dovecot/tasks/main.yaml @@ -75,13 +75,6 @@ ssl_cert = /etc/dovecot/dovecot.cert" diff --git a/roles/lxc_guest/tasks/main.yaml b/roles/lxc_guest/tasks/main.yaml index 6c21d98..7d35dd8 100644 --- a/roles/lxc_guest/tasks/main.yaml +++ b/roles/lxc_guest/tasks/main.yaml @@ -1,8 +1,8 @@ - name: check for lxc container existance - shell: "[ -d /var/lib/lxc/{{ vm_name }} ] && echo true || echo false" + stat: + path: '/var/lib/lxc/{{ vm_name }}' register: lxc_existance - ignore_errors: true - changed_when: false + - block: - name: create the lxc container lxc_container: @@ -26,7 +26,7 @@ name: "{{ vm_name }}" state: started when: auto_start|bool - when: "lxc_existance.stdout == 'false'" + when: not (lxc_existance.stat.exists and lxc_existance.stat.isdir) - name: update container config template: src=config.j2 dest="/var/lib/lxc/{{ vm_name }}/config" @@ -52,43 +52,59 @@ - name: get pub key shell: lxc-attach -n {{ vm_name }} --clear-env -e -- bash -c "cat /etc/ssh/ssh_host_ed25519_key.pub" register: pub_key -# - debug: var=pub_key + + - debug: var=pub_key verbosity=2 + - name: generate host request - local_action: command ../ca_manager/make_ssh_host_request.py {{ pub_key.stdout|quote }} {{ vm_name|quote }} - register: cert_request -# - debug: var=cert_request + set_fact: + cert_request: + type: 'sign_request' + request: + keyType: 'ssh_host' + hostName: '{{ vm_name }}' + keyData: '{{ pub_key.stdout }}' + + - debug: var=cert_request verbosity=2 + - name: start sign request - raw: "{{ cert_request.stdout|string }}" + raw: "{{ cert_request|to_json }}" delegate_to: "{{item}}" delegate_facts: True with_items: "{{groups['cas']}}" register: request_result -# - debug: var=request_result + + - debug: var=request_result verbosity=2 - set_fact: request_output: "{{ request_result.results[0].stdout|string|from_json }}" - - debug: var=request_output + + - debug: var=request_output verbosity=2 - name: generate get request - local_action: command ../ca_manager/make_get_request.py {{ request_output.requestID }} - register: get_request -# - debug: var=get_request + set_fact: + get_request: + type: 'get_certificate' + requestID: '{{ request_output.requestID }}' + + - debug: var=get_request verbosity=2 - debug: msg="Please manualy confirm sign request with id {{ request_output.requestID }}" - name: wait for cert - raw: "{{ get_request.stdout|string }}" + raw: "{{ get_request|to_json }}" delegate_to: "{{item}}" delegate_facts: True with_items: "{{groups['cas']}}" register: cert_result -# - debug: var=cert_result + + - debug: var=cert_result verbosity=2 - set_fact: cert_key: "{{ cert_result.results[0].stdout|string|from_json }}" -# - debug: var=request_output - - name: set pub key + - debug: var=request_output verbosity=2 + + - name: set cert key shell: lxc-attach -n {{ vm_name }} --clear-env -e -- bash -c "echo '{{ cert_key.result }}' > /etc/ssh/ssh_host_ed25519_key-cert.pub" register: set_pub_key when: "cert_key_existance.rc != 0"