- hosts: eenfachdj remote_user: localadm become: yes tasks: # items2dict(key='mount', value='device') - name: "getting rootfs device" shell: "/usr/sbin/zfs list -H -o name | egrep \"ROOT$\"" register: rootfs_device - debug: msg: "the root-device is: {{rootfs_device.stdout}}" - name: "create /opt/ds dataset" zfs: name: "{{ rootfs_device.stdout }}/opt/ds" state: present extra_zfs_properties: mountpoint: /opt/ds - name: "install gnu-tar" pkg5: name: pkg:/archiver/gnu-tar state: present - name: "create dsadm group" group: name: dsadm gid: 1636 state: present - name: "create dsadm user" user: name: dsadm uid: 1636 group: 1636 comment: "Directory Server Admin" home: /opt/ds shell: /bin/ksh state: present - file: dest: /opt/ds/.ssh state: directory owner: dsadm group: dsadm mode: 700 - file: dest: "{{ item }}" state: directory owner: dsadm group: dsadm mode: 755 loop: - /opt/ds - /opt/ds/install - /opt/ds/etc - /opt/ds/etc/ssl - /opt/ds/jks - /opt/ds/jdk - /opt/ds/monitoring - /opt/ds/bin - name: "copy ssh key to dsadm" copy: src: /export/home/olbohlen/.ssh/id_rsa.pub dest: /opt/ds/.ssh/authorized_keys mode: 644 owner: dsadm group: dsadm - name: "copy .profile" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/dot_profile dest: /opt/ds/.profile mode: 644 owner: dsadm group: dsadm - name: "copy JDK8..." copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/install/jdk-8u191-solaris-sparcv9.tar.gz dest: /opt/ds/install/jdk-8u191-solaris-sparcv9.tar.gz mode: 644 owner: dsadm group: dsadm - name: "copy OpenDJ" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/install/opendj-4.2.5.zip dest: /opt/ds/install/opendj-4.2.5.zip mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config dest: /opt/ds/config/config mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/00_myskel.ldif" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/00_myskel.ldif dest: /opt/ds/config/00_myskel.ldif mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/02_enable-replication.ksh" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/02_enable-replication.ksh dest: /opt/ds/config/02_enable-replication.ksh mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/03_init-replication.ksh" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/03_init-replication.ksh dest: /opt/ds/config/03_init-replication.ksh mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/04_enable_pre-enc_passwords.sh" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/04_enable_pre-enc_passwords.sh dest: /opt/ds/config/04_enable_pre-enc_passwords.sh mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/05_mygroups.ldif" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/05_mygroups.ldif dest: /opt/ds/config/05_mygroups.ldif mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/06_mypeople.ldif" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/06_mypeople.ldif dest: /opt/ds/config/06_mypeople.ldif mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/07_hosts.ldif" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/07_hosts.ldif dest: /opt/ds/config/07_hosts.ldif mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/08_myproxy.ldif" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/08_myproxy.ldif dest: /opt/ds/config/08_myproxy.ldif mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/09_netgroup.ldif" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/09_netgroup.ldif dest: /opt/ds/config/09_netgroup.ldif mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/10_addaci.ksh" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/10_addaci.ksh dest: /opt/ds/config/10_addaci.ksh mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/12_automount.ldif" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/12_automount.ldif dest: /opt/ds/config/12_automount.ldif mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/13_authattr.ldif" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/13_authattr.ldif dest: /opt/ds/config/13_authattr.ldif mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/14_profattr.ldif" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/14_profattr.ldif dest: /opt/ds/config/14_profattr.ldif mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/15_user_attr.ldif" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/15_user_attr.ldif dest: /opt/ds/config/15_user_attr.ldif mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/16_primadmin_prof.ldif" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/16_primadmin_prof.ldif dest: /opt/ds/config/16_primadmin_prof.ldif mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/ds-man.pass" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/ds-man.pass dest: /opt/ds/config/ds-man.pass mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/eenfach.de-dump3.ldif" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/config/eenfach.de-dump3.ldif dest: /opt/ds/config/eenfach.de-dump3.ldif mode: 644 owner: dsadm group: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/jks/keystore.jks" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/jks/keystore.jks dest: /opt/ds/jks/keystore.jks mode: 644 owner: dsadm group: dsadm - name: "copy /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/jks/keystore.pin" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/jks/keystore.pin dest: /opt/ds/jks/keystore.pin mode: 644 owner: dsadm group: dsadm - name: "copy service manifest" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/opendj.xml dest: /opt/ds/opendj.xml mode: 644 owner: dsadm group: dsadm - name: "copy service method" copy: src: /export/home/olbohlen/git/ansible-playbooks/toy/files/ds/opends/svc-opendj dest: /lib/svc/method/svc-opendj mode: 555 owner: root group: bin - name: "extract JDK8..." unarchive: src: /opt/ds/install/jdk-8u191-solaris-sparcv9.tar.gz dest: /opt/ds/jdk remote_src: yes owner: dsadm group: dsadm - name: "creating jdk/latest symlink..." file: src: /opt/ds/jdk/jdk1.8.0_191 dest: /opt/ds/jdk/latest owner: dsadm group: dsadm state: link - name: "unzip OpenDJ install archive" unarchive: src: /opt/ds/install/opendj-4.2.5.zip dest: /opt/ds remote_src: yes owner: dsadm group: dsadm # - name: Generate a Self Signed OpenSSL certificate # openssl_certificate: # path: /opt/ds/etc/ssl/dj-eenfach.crt # privatekey_path: /opt/ds/etc/ssl/dj-eenfach.key # csr_path: /opt/ds/etc/ssl/dj-eenfach.csr # provider: selfsigned # valid_in: 31536000 # subject_alt_name: # - opendj.eenfach.de # - "{{ inventory_hostname_short }}.eenfach.de" # - name: "import cert and key into keystore..." # java_keystore: # name: eenfachdj # certificate: "{{lookup('file', '/opt/ds/etc/ssl/dj-eenfach.crt') }}" # private_key: "{{lookup('file', '/opt/ds/etc/ssl/dj-eenfach.key') }}" # password: '2)Pxqd*V>V/=' # dest: /opt/ds/jks/keystore.jks - name: "copy keystore..." copy: src: "files/ds/opends/etc/certs/keystore-{{ inventory_hostname_short }}.eenfach.de.jks" dest: /opt/ds/jks/keystore.jks mode: 600 owner: dsadm group: dsadm - name: "creating pinfile..." copy: content: '123456' dest: /opt/ds/jks/keystore.pin mode: 600 owner: dsadm group: dsadm - name: "installing OpenDJ..." shell: "./setup -n -i --acceptLicense --baseDN dc=eenfach,dc=de --useJavaKeystore /opt/ds/jks/keystore.jks --keyStorePasswordFile /opt/ds/jks/keystore.pin --cli -j /opt/ds/config/ds-man.pass -q" register: rootfs_device remote_user: dsadm become: no args: creates: /opt/ds/opendj/config chdir: /opt/ds/opendj