additional course material RH294
view | history | commit | commitdiff
Olaf Bohlen
2020-02-19 08669995dd66a7051d2fc222fec02a0bc71c1dff
commit | author | age
97d9af 1 - hosts: eenfachdj
SU 2   remote_user: localadm
3   become: yes
4   tasks:
5     # items2dict(key='mount', value='device')
6     - name: "getting rootfs device"
7       shell: "/usr/sbin/zfs list -H -o name | egrep \"ROOT$\""
8       register: rootfs_device
9     - debug:
10         msg: "the root-device is: {{rootfs_device.stdout}}"
11     - name: "create /opt/ds dataset"
12       zfs:
13         name: "{{ rootfs_device.stdout }}/opt/ds"
14         state: present
15         extra_zfs_properties:
16           mountpoint: /opt/ds
17     - name: "install gnu-tar"
18       pkg5:
19         name: pkg:/archiver/gnu-tar
20         state: present
21     - name: "create dsadm group"
22       group:
23         name: dsadm
24         gid: 1636
25         state: present
26     - name: "create dsadm user"
27       user:
28         name: dsadm
29         uid: 1636
30         group: 1636
31         comment: "Directory Server Admin"
32         home: /opt/ds
33         shell: /bin/ksh
34         state: present
35     - file:
36         dest: /opt/ds/.ssh
37         state: directory
38         owner: dsadm
39         group: dsadm
40         mode: 700
41     - file:
42         dest: "{{ item }}"
43         state: directory
44         owner: dsadm
45         group: dsadm
46         mode: 755
47       loop:
48         - /opt/ds
49         - /opt/ds/install
50         - /opt/ds/etc
51         - /opt/ds/etc/ssl
52         - /opt/ds/jks
53         - /opt/ds/jdk
54         - /opt/ds/monitoring
55         - /opt/ds/bin
56     - name: "copy ssh key to dsadm"
57       copy:
58         src: /export/home/olbohlen/.ssh/id_rsa.pub
59         dest: /opt/ds/.ssh/authorized_keys
60         mode: 644
61         owner: dsadm
62         group: dsadm
63     - name: "copy .profile"
64       copy:
65         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/dot_profile
66         dest: /opt/ds/.profile
67         mode: 644
68         owner: dsadm
69         group: dsadm
70     - name: "copy JDK8..."
71       copy:
72         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/install/jdk-8u191-solaris-sparcv9.tar.gz
73         dest: /opt/ds/install/jdk-8u191-solaris-sparcv9.tar.gz
74         mode: 644
75         owner: dsadm
76         group: dsadm
77     - name: "copy OpenDJ"
78       copy:
79         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/install/opendj-4.2.5.zip
80         dest: /opt/ds/install/opendj-4.2.5.zip
81         mode: 644
82         owner: dsadm
83         group: dsadm
84     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config"
85       copy:
86         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config
87         dest: /opt/ds/config/config
88         mode: 644
89         owner: dsadm
90         group: dsadm
91     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/00_myskel.ldif"
92       copy:
93         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/00_myskel.ldif
94         dest: /opt/ds/config/00_myskel.ldif
95         mode: 644
96         owner: dsadm
97         group: dsadm
98     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/02_enable-replication.ksh"
99       copy:
100         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/02_enable-replication.ksh
101         dest: /opt/ds/config/02_enable-replication.ksh
102         mode: 644
103         owner: dsadm
104         group: dsadm
105     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/03_init-replication.ksh"
106       copy:
107         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/03_init-replication.ksh
108         dest: /opt/ds/config/03_init-replication.ksh
109         mode: 644
110         owner: dsadm
111         group: dsadm
112     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/04_enable_pre-enc_passwords.sh"
113       copy:
114         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/04_enable_pre-enc_passwords.sh
115         dest: /opt/ds/config/04_enable_pre-enc_passwords.sh
116         mode: 644
117         owner: dsadm
118         group: dsadm
119     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/05_mygroups.ldif"
120       copy:
121         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/05_mygroups.ldif
122         dest: /opt/ds/config/05_mygroups.ldif
123         mode: 644
124         owner: dsadm
125         group: dsadm
126     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/06_mypeople.ldif"
127       copy:
128         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/06_mypeople.ldif
129         dest: /opt/ds/config/06_mypeople.ldif
130         mode: 644
131         owner: dsadm
132         group: dsadm
133     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/07_hosts.ldif"
134       copy:
135         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/07_hosts.ldif
136         dest: /opt/ds/config/07_hosts.ldif
137         mode: 644
138         owner: dsadm
139         group: dsadm
140     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/08_myproxy.ldif"
141       copy:
142         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/08_myproxy.ldif
143         dest: /opt/ds/config/08_myproxy.ldif
144         mode: 644
145         owner: dsadm
146         group: dsadm
147     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/09_netgroup.ldif"
148       copy:
149         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/09_netgroup.ldif
150         dest: /opt/ds/config/09_netgroup.ldif
151         mode: 644
152         owner: dsadm
153         group: dsadm
154     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/10_addaci.ksh"
155       copy:
156         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/10_addaci.ksh
157         dest: /opt/ds/config/10_addaci.ksh
158         mode: 644
159         owner: dsadm
160         group: dsadm
161     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/12_automount.ldif"
162       copy:
163         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/12_automount.ldif
164         dest: /opt/ds/config/12_automount.ldif
165         mode: 644
166         owner: dsadm
167         group: dsadm
168     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/13_authattr.ldif"
169       copy:
170         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/13_authattr.ldif
171         dest: /opt/ds/config/13_authattr.ldif
172         mode: 644
173         owner: dsadm
174         group: dsadm
175     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/14_profattr.ldif"
176       copy:
177         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/14_profattr.ldif
178         dest: /opt/ds/config/14_profattr.ldif
179         mode: 644
180         owner: dsadm
181         group: dsadm
182     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/15_user_attr.ldif"
183       copy:
184         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/15_user_attr.ldif
185         dest: /opt/ds/config/15_user_attr.ldif
186         mode: 644
187         owner: dsadm
188         group: dsadm
189     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/16_primadmin_prof.ldif"
190       copy:
191         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/16_primadmin_prof.ldif
192         dest: /opt/ds/config/16_primadmin_prof.ldif
193         mode: 644
194         owner: dsadm
195         group: dsadm
196     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/ds-man.pass"
197       copy:
198         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/ds-man.pass
199         dest: /opt/ds/config/ds-man.pass
200         mode: 644
201         owner: dsadm
202         group: dsadm
203     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/eenfach.de-dump3.ldif"
204       copy:
205         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/eenfach.de-dump3.ldif
206         dest: /opt/ds/config/eenfach.de-dump3.ldif
207         mode: 644
208         owner: dsadm
209         group: dsadm
210         group: dsadm
211     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/jks/keystore.jks"
212       copy:
213         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/jks/keystore.jks
214         dest: /opt/ds/jks/keystore.jks
215         mode: 644
216         owner: dsadm
217         group: dsadm
218     - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/jks/keystore.pin"
219       copy:
220         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/jks/keystore.pin
221         dest: /opt/ds/jks/keystore.pin
222         mode: 644
223         owner: dsadm
224         group: dsadm
225     - name: "copy service manifest"
226       copy:
227         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/opendj.xml
228         dest: /opt/ds/opendj.xml
229         mode: 644
230         owner: dsadm
231         group: dsadm
232     - name: "copy service method"
233       copy:
234         src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/svc-opendj
235         dest: /lib/svc/method/svc-opendj
236         mode: 555
237         owner: root
238         group: bin 
239     - name: "extract JDK8..."
240       unarchive:
241         src: /opt/ds/install/jdk-8u191-solaris-sparcv9.tar.gz
242         dest: /opt/ds/jdk
243         remote_src: yes
244         owner: dsadm
245         group: dsadm
246     - name: "creating jdk/latest symlink..."
247       file:
248         src: /opt/ds/jdk/jdk1.8.0_191
249         dest: /opt/ds/jdk/latest
250         owner: dsadm
251         group: dsadm
252         state: link
253     - name: "unzip OpenDJ install archive"
254       unarchive:
255         src: /opt/ds/install/opendj-4.2.5.zip
256         dest: /opt/ds
257         remote_src: yes
258         owner: dsadm
259         group: dsadm
260     # - name: Generate a Self Signed OpenSSL certificate
261     #   openssl_certificate:
262     #     path: /opt/ds/etc/ssl/dj-eenfach.crt
263     #     privatekey_path: /opt/ds/etc/ssl/dj-eenfach.key
264     #     csr_path: /opt/ds/etc/ssl/dj-eenfach.csr
265     #     provider: selfsigned
266     #     valid_in: 31536000
267     #     subject_alt_name:
268     #       - opendj.eenfach.de
269     #       - "{{ inventory_hostname_short }}.eenfach.de"
270     # - name: "import cert and key into keystore..."
271     #   java_keystore:
272     #     name: eenfachdj
273     #     certificate: "{{lookup('file', '/opt/ds/etc/ssl/dj-eenfach.crt') }}"
274     #     private_key: "{{lookup('file', '/opt/ds/etc/ssl/dj-eenfach.key') }}"
275     #     password: '2)Pxqd*V>V/='
276     #     dest: /opt/ds/jks/keystore.jks
277     - name: "copy keystore..."
278       copy:
279         src: "files/ds/opends/etc/certs/keystore-{{ inventory_hostname_short }}.eenfach.de.jks"
280         dest: /opt/ds/jks/keystore.jks
281         mode: 600
282         owner: dsadm
283         group: dsadm
284     - name: "creating pinfile..."
285       copy:
286         content: '123456'
287         dest: /opt/ds/jks/keystore.pin
288         mode: 600
289         owner: dsadm
290         group: dsadm
291     - name: "installing OpenDJ..."
292       shell: "./setup -n -i --acceptLicense --baseDN dc=eenfach,dc=de --useJavaKeystore /opt/ds/jks/keystore.jks --keyStorePasswordFile /opt/ds/jks/keystore.pin --cli -j /opt/ds/config/ds-man.pass -q"
293       register: rootfs_device
294       remote_user: dsadm
295       become: no
296       args:
297         creates: /opt/ds/opendj/config
298         chdir: /opt/ds/opendj