- hosts: eenfachdj
|
remote_user: localadm
|
become: yes
|
tasks:
|
# items2dict(key='mount', value='device')
|
- name: "getting rootfs device"
|
shell: "/usr/sbin/zfs list -H -o name | egrep \"ROOT$\""
|
register: rootfs_device
|
- debug:
|
msg: "the root-device is: {{rootfs_device.stdout}}"
|
- name: "create /opt/ds dataset"
|
zfs:
|
name: "{{ rootfs_device.stdout }}/opt/ds"
|
state: present
|
extra_zfs_properties:
|
mountpoint: /opt/ds
|
- name: "install gnu-tar"
|
pkg5:
|
name: pkg:/archiver/gnu-tar
|
state: present
|
- name: "create dsadm group"
|
group:
|
name: dsadm
|
gid: 1636
|
state: present
|
- name: "create dsadm user"
|
user:
|
name: dsadm
|
uid: 1636
|
group: 1636
|
comment: "Directory Server Admin"
|
home: /opt/ds
|
shell: /bin/ksh
|
state: present
|
- file:
|
dest: /opt/ds/.ssh
|
state: directory
|
owner: dsadm
|
group: dsadm
|
mode: 700
|
- file:
|
dest: "{{ item }}"
|
state: directory
|
owner: dsadm
|
group: dsadm
|
mode: 755
|
loop:
|
- /opt/ds
|
- /opt/ds/install
|
- /opt/ds/etc
|
- /opt/ds/etc/ssl
|
- /opt/ds/jks
|
- /opt/ds/jdk
|
- /opt/ds/monitoring
|
- /opt/ds/bin
|
- name: "copy ssh key to dsadm"
|
copy:
|
src: /export/home/olbohlen/.ssh/id_rsa.pub
|
dest: /opt/ds/.ssh/authorized_keys
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy .profile"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/dot_profile
|
dest: /opt/ds/.profile
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy JDK8..."
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/install/jdk-8u191-solaris-sparcv9.tar.gz
|
dest: /opt/ds/install/jdk-8u191-solaris-sparcv9.tar.gz
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy OpenDJ"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/install/opendj-4.2.5.zip
|
dest: /opt/ds/install/opendj-4.2.5.zip
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config
|
dest: /opt/ds/config/config
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/00_myskel.ldif"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/00_myskel.ldif
|
dest: /opt/ds/config/00_myskel.ldif
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/02_enable-replication.ksh"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/02_enable-replication.ksh
|
dest: /opt/ds/config/02_enable-replication.ksh
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/03_init-replication.ksh"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/03_init-replication.ksh
|
dest: /opt/ds/config/03_init-replication.ksh
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/04_enable_pre-enc_passwords.sh"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/04_enable_pre-enc_passwords.sh
|
dest: /opt/ds/config/04_enable_pre-enc_passwords.sh
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/05_mygroups.ldif"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/05_mygroups.ldif
|
dest: /opt/ds/config/05_mygroups.ldif
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/06_mypeople.ldif"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/06_mypeople.ldif
|
dest: /opt/ds/config/06_mypeople.ldif
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/07_hosts.ldif"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/07_hosts.ldif
|
dest: /opt/ds/config/07_hosts.ldif
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/08_myproxy.ldif"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/08_myproxy.ldif
|
dest: /opt/ds/config/08_myproxy.ldif
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/09_netgroup.ldif"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/09_netgroup.ldif
|
dest: /opt/ds/config/09_netgroup.ldif
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/10_addaci.ksh"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/10_addaci.ksh
|
dest: /opt/ds/config/10_addaci.ksh
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/12_automount.ldif"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/12_automount.ldif
|
dest: /opt/ds/config/12_automount.ldif
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/13_authattr.ldif"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/13_authattr.ldif
|
dest: /opt/ds/config/13_authattr.ldif
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/14_profattr.ldif"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/14_profattr.ldif
|
dest: /opt/ds/config/14_profattr.ldif
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/15_user_attr.ldif"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/15_user_attr.ldif
|
dest: /opt/ds/config/15_user_attr.ldif
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/16_primadmin_prof.ldif"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/16_primadmin_prof.ldif
|
dest: /opt/ds/config/16_primadmin_prof.ldif
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/ds-man.pass"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/ds-man.pass
|
dest: /opt/ds/config/ds-man.pass
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/eenfach.de-dump3.ldif"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/eenfach.de-dump3.ldif
|
dest: /opt/ds/config/eenfach.de-dump3.ldif
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/jks/keystore.jks"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/jks/keystore.jks
|
dest: /opt/ds/jks/keystore.jks
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/jks/keystore.pin"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/jks/keystore.pin
|
dest: /opt/ds/jks/keystore.pin
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy service manifest"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/opendj.xml
|
dest: /opt/ds/opendj.xml
|
mode: 644
|
owner: dsadm
|
group: dsadm
|
- name: "copy service method"
|
copy:
|
src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/svc-opendj
|
dest: /lib/svc/method/svc-opendj
|
mode: 555
|
owner: root
|
group: bin
|
- name: "extract JDK8..."
|
unarchive:
|
src: /opt/ds/install/jdk-8u191-solaris-sparcv9.tar.gz
|
dest: /opt/ds/jdk
|
remote_src: yes
|
owner: dsadm
|
group: dsadm
|
- name: "creating jdk/latest symlink..."
|
file:
|
src: /opt/ds/jdk/jdk1.8.0_191
|
dest: /opt/ds/jdk/latest
|
owner: dsadm
|
group: dsadm
|
state: link
|
- name: "unzip OpenDJ install archive"
|
unarchive:
|
src: /opt/ds/install/opendj-4.2.5.zip
|
dest: /opt/ds
|
remote_src: yes
|
owner: dsadm
|
group: dsadm
|
# - name: Generate a Self Signed OpenSSL certificate
|
# openssl_certificate:
|
# path: /opt/ds/etc/ssl/dj-eenfach.crt
|
# privatekey_path: /opt/ds/etc/ssl/dj-eenfach.key
|
# csr_path: /opt/ds/etc/ssl/dj-eenfach.csr
|
# provider: selfsigned
|
# valid_in: 31536000
|
# subject_alt_name:
|
# - opendj.eenfach.de
|
# - "{{ inventory_hostname_short }}.eenfach.de"
|
# - name: "import cert and key into keystore..."
|
# java_keystore:
|
# name: eenfachdj
|
# certificate: "{{lookup('file', '/opt/ds/etc/ssl/dj-eenfach.crt') }}"
|
# private_key: "{{lookup('file', '/opt/ds/etc/ssl/dj-eenfach.key') }}"
|
# password: '2)Pxqd*V>V/='
|
# dest: /opt/ds/jks/keystore.jks
|
- name: "copy keystore..."
|
copy:
|
src: "files/ds/opends/etc/certs/keystore-{{ inventory_hostname_short }}.eenfach.de.jks"
|
dest: /opt/ds/jks/keystore.jks
|
mode: 600
|
owner: dsadm
|
group: dsadm
|
- name: "creating pinfile..."
|
copy:
|
content: '123456'
|
dest: /opt/ds/jks/keystore.pin
|
mode: 600
|
owner: dsadm
|
group: dsadm
|
- name: "installing OpenDJ..."
|
shell: "./setup -n -i --acceptLicense --baseDN dc=eenfach,dc=de --useJavaKeystore /opt/ds/jks/keystore.jks --keyStorePasswordFile /opt/ds/jks/keystore.pin --cli -j /opt/ds/config/ds-man.pass -q"
|
register: rootfs_device
|
remote_user: dsadm
|
become: no
|
args:
|
creates: /opt/ds/opendj/config
|
chdir: /opt/ds/opendj
|