parent: f7f08119 | patch | commit | ignore whitespace
joelbirchler
2020-03-04 6933d76abcd28037a6d86e537d26ec74be3e4332 
Merge branch 'shared-idm-fixes' of github.com:RedHatTraining/agnosticd into test
4 files modified
36 ■■■■ changed files
ansible/roles/ocp4-workload-idm/files/deploy_certs.sh 4 ●●● patch | view | raw | blame | history
ansible/roles/ocp4-workload-idm/files/deploy_certs.yml 2 ●●● patch | view | raw | blame | history
ansible/roles/ocp4-workload-idm/tasks/workload.yml 21 ●●●● patch | view | raw | blame | history
ansible/roles/ocp4-workload-mysql/tasks/workload.yml 9 ●●●●● patch | view | raw | blame | history 
 ansible/roles/ocp4-workload-idm/files/deploy_certs.sh


@@ -1,4 +1,6 @@


#!/bin/bash


pushd ~/idm/certbot/config/renewal-hooks/deploy


ansible-playbook ./deploy_certs.yml \


  -e "_certbot_domain={{ idm_dns_name }}" \


  -e "idm_dm_password={{ idm_dm_password }}"


  -e 'idm_dm_password={{ idm_dm_password }}'


popd




 ansible/roles/ocp4-workload-idm/files/deploy_certs.yml


@@ -25,6 +25,6 @@




  - name: Install IPA Certificate


    shell: |


      ipa-server-certinstall -w -d /home/{{ ansible_user }}/idm/certificates/privkey.pem /home/{{ ansible_user }}/idm/certificates/fullchain.pem -p {{ idm_dm_password }} --pin=''


      ipa-server-certinstall -w -d /home/{{ ansible_user }}/idm/certificates/privkey.pem /home/{{ ansible_user }}/idm/certificates/fullchain.pem -p '{{ idm_dm_password }}' --pin=''


      ipactl restart


    become: True




 ansible/roles/ocp4-workload-idm/tasks/workload.yml


@@ -41,33 +41,42 @@




- name: Install CAs


  shell: |


    echo {{ idm_admin_password }} | kinit admin


    ipa-cacert-manage -p {{ idm_dm_password }} install /tmp/DSTRootCAX3.pem -n DSTRootCAX3 -t C,,


    ipa-cacert-manage -p {{ idm_dm_password }} install /tmp/LEAuthX3.pem -n LEAuthX3 -t C,,


    echo '{{ idm_admin_password }}' | kinit admin


    ipa-cacert-manage -p '{{ idm_dm_password }}' install /tmp/DSTRootCAX3.pem -n DSTRootCAX3 -t C,,


    ipa-cacert-manage -p '{{ idm_dm_password }}' install /tmp/LEAuthX3.pem -n LEAuthX3 -t C,,


    ipa-certupdate -v


  become: True




- name: Install IPA Certificate


  shell: |


    ipa-server-certinstall -w -d /home/{{ ansible_user }}/idm/certificates/privkey.pem /home/{{ ansible_user }}/idm/certificates/fullchain.pem -p {{ idm_dm_password }} --pin=''


    ipa-server-certinstall -w -d /home/{{ ansible_user }}/idm/certificates/privkey.pem /home/{{ ansible_user }}/idm/certificates/fullchain.pem -p '{{ idm_dm_password }}' --pin=''


    ipactl restart


  become: True




- name: Install redeploy hook scripts


  template:


    src: ./files/deploy_certs.sh


    dest: "/home/{{ ansible_user }}/idm/certbot/renewal-hooks/deploy/deploy_certs.sh"


    dest: "/home/{{ ansible_user }}/idm/certbot/config/renewal-hooks/deploy/deploy_certs.sh"


    mode: 0775


    owner: "{{ ansible_user }}"


- name: Install redeploy hook ansible components


  copy:


    src: "./files/{{ item }}"


    dest: "/home/{{ ansible_user }}/idm/certbot/renewal-hooks/deploy/{{ item }}"


    dest: "/home/{{ ansible_user }}/idm/certbot/config/renewal-hooks/deploy/{{ item }}"


    mode: 0664


    owner: "{{ ansible_user }}"


  loop:


  - deploy_certs.yml




- name: Install AWS python prerequisites


  become: True


  pip:


    state: present


    name:


    - boto


    - botocore


    - boto3




# Find public IP of bastion


- name: Gather VPC facts


  ec2_vpc_net_facts:




 ansible/roles/ocp4-workload-mysql/tasks/workload.yml


@@ -9,6 +9,15 @@


    name: mysql


  vars:


    become_override: yes


    


- name: Install AWS python prerequisites


  become: True


  pip:


    state: present


    name:


    - boto


    - botocore


    - boto3




# Find public IP of bastion


- name: Gather VPC facts