Fix openvpn certificate zero size

4b077fc7 · Jupiter Hu · f0f205a3 · 4b077fc7 · 4b077fc7 · 4b077fc7
Commit 4b077fc7 authored 10 years ago by Jupiter Hu
--- a/roles/OpenVPN-Client/meta/main.yml
+++ b/roles/OpenVPN-Client/meta/main.yml
 ---
 dependencies:
+#  - { role: easy-rsa-CA }
  - { role: easy-rsa-certificate, x509_csr_args: "" }
--- a/roles/OpenVPN-Client/vars/main.yml
+++ b/roles/OpenVPN-Client/vars/main.yml
--- a/roles/OpenVPN-Server/meta/main.yml
+++ b/roles/OpenVPN-Server/meta/main.yml
 ---
 dependencies:
+  - { role: easy-rsa-CA }
  - { role: easy-rsa-certificate, x509_csr_args: "--server" }
--- a/roles/OpenVPN-Server/vars/main.yml
+++ b/roles/OpenVPN-Server/vars/main.yml
--- a/roles/commonVars/vars/main.yml
+++ b/roles/commonVars/vars/main.yml
--- a/roles/easy-rsa-certificate/tasks/buildCert.yml
+++ b/roles/easy-rsa-certificate/tasks/buildCert.yml
@@ -34,6 +34,7 @@
  delegate_to: "{{ x509_ca_server }}"
  shell: rm -rf /etc/easy-rsa/2.0/keys/{{ x509_common_name }}.*
  when: cert is defined and cert.stat.size == 0
+  sudo: true

 - name: "set needcert if cert doesn't match key"
  set_fact: needcert=True
@@ -46,43 +47,54 @@

 - name: "Creating CSR"
  shell: " cd /etc/easy-rsa/2.0; . ./vars; export EASY_RSA=\"${EASY_RSA:-.}\"; \"$EASY_RSA\"/pkitool --csr {{ x509_csr_args }} {{ x509_common_name }}"
-  args:
-    creates: "/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.key"
+#  args:
+#    creates: "/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.key"
  when: needcert
  sudo: true

 - name: "Copy CSR to ansible host"
-  fetch: "src=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr dest=/tmp/ fail_on_missing=yes validate_md5=yes flat=yes"
+  fetch: "src=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr dest=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.csr fail_on_missing=yes validate_md5=yes flat=yes"
  sudo: true
  when: needcert

+- name: "Create node tmp directory"
+  delegate_to: 127.0.0.1
+  shell: "mkdir -p /tmp/{{ inventory_hostname }} ; chmod 755 /tmp/{{ inventory_hostname }}"
+
 - name: "Copy CSR to CA"
  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
  delegate_to: "{{ x509_ca_server }}"
-  copy: "src=/tmp/{{ x509_common_name }}.csr dest=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr force=yes"
+#  copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.csr dest=/tmp/{{ inventory_hostname }}.csr force=yes"
+  copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.csr dest=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr force=yes"
  when: needcert
  sudo: true

+#- name: "Place CSR to a right place"
+#  local_action: "command cp -f /tmp/{{ inventory_hostname }}.csr /etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr"
+#  when: needcert
+#  sudo: true
+
 - name: "Sign Certificate"
  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
  delegate_to: "{{ x509_ca_server }}"
-  shell:    ". ./vars; export EASY_RSA=\"${EASY_RSA:-.}\" ;\"$EASY_RSA\"/pkitool --sign {{ x509_sign_args }} {{ x509_common_name }}"
-  args:
-    chdir: "/etc/easy-rsa/2.0"
-    creates: "/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.crt"
+  shell:    "cd /etc/easy-rsa/2.0; . ./vars; export EASY_RSA=\"${EASY_RSA:-.}\" ;\"$EASY_RSA\"/pkitool --sign {{ x509_sign_args }} {{ x509_common_name }}"
+#  args:
+#    chdir: "/etc/easy-rsa/2.0"
+#    creates: "/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.crt"
+  when: needcert
  sudo: true

 - name: "Copy the Certificate to ansible host"
  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
  delegate_to: "{{ x509_ca_server }}"
-  fetch: "src=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.crt dest=/tmp/ fail_on_missing=yes validate_md5=yes flat=yes"
+  fetch: "src=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.crt dest=/tmp/{{ inventory_hostname }}/{{ x509_common_name }}.crt fail_on_missing=yes validate_md5=yes flat=yes"
  sudo: true
  when: needcert

 - name: "Copy the CA Certificate to the ansible host"
  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
  delegate_to: "{{ x509_ca_server }}"
-  fetch: "src=/etc/easy-rsa/2.0/keys/ca.crt dest=/tmp/ca.crt fail_on_missing=yes validate_md5=yes flat=yes"
+  fetch: "src=/etc/easy-rsa/2.0/keys/ca.crt dest=/tmp/{{ inventory_hostname }}/ca.crt fail_on_missing=yes validate_md5=yes flat=yes"
  sudo: true
  when: "ca_cert.stat.exists == false"

@@ -91,12 +103,18 @@
  sudo: true

 - name: "Copy the certificate to the node"
-  copy: "src=/tmp/{{ x509_common_name }}.crt dest={{ x509_cert_file }} force=yes"
+#  copy: "src=/tmp/{{ x509_common_name }}.crt dest={{ x509_cert_file }} force=yes"
+  copy: "src=/tmp/{{ inventory_hostname }}/{{ x509_common_name }}.crt dest=/tmp/{{ x509_common_name }}.crt force=yes"
+  sudo: true
+  when: needcert
+
+- name: "Copy the certificate to the right location"
+  shell: "cp -f /tmp/{{ x509_common_name }}.crt {{ x509_cert_file }}"
  sudo: true
  when: needcert

 - name: "Copy the CA certificate to the node"
-  copy: "src=/tmp/ca.crt dest={{ x509_cacert_file }}"
+  copy: "src=/tmp/{{ inventory_hostname }}/ca.crt dest={{ x509_cacert_file }}"
  sudo: true
  when: "ca_cert.stat.exists == false"


--- a/roles/easy-rsa-certificate/vars/main.yml
+++ b/roles/easy-rsa-certificate/vars/main.yml
--- a/roles/easy-rsa-common/defaults/main.yml
+++ b/roles/easy-rsa-common/defaults/main.yml
--- a/roles/etcHosts/defaults/main.yml
+++ b/roles/etcHosts/defaults/main.yml
 ---
-domain: testdomain.dummy.invalid
 get_groups: true
 edit_hosts: true
--- a/roles/etcHosts/tasks/main.yml
+++ b/roles/etcHosts/tasks/main.yml
@@ -20,4 +20,3 @@
  sudo: true
  with_items: hosts_data.stdout_lines
  when: edit_hosts
-
--- a/roles/nfs-client/defaults/main.yml
+++ b/roles/nfs-client/defaults/main.yml
---
-nfsClientSrcDir: '/mnt'
-nfsClientDestDir: '/mnt/test-nfs'
-nfs_server: 'nfsserver.edu' 
-nfs_type: 'nfs'
-nfs_options: 'vers=3,noatime,rsize=16384,wsize=16384,hard,intr,tcp,nolock'
--- a/roles/nfs-client/tasks/mountFileSystem.yml
+++ b/roles/nfs-client/tasks/mountFileSystem.yml
@@ -4,15 +4,7 @@
  register: nfsServer
  run_once: true
  delegate_to: "{{ nfs_server }}"
-  when: nfsServer is defined
-
- name: "Set nfsServer facts when it is not defined"
-  set_fact:
-    - {{ nfsServer }}
-      - ansible_{{ nfsServerInterface }}:
-        - ipv4:
-          - address: {{ nfsServerIpAddress }}
-  when: nfsServer is defined
+  when: nfsServer is not defined

 - name: "Mounting NFS mounts"
  mount: "name={{ item.name }} src={{ nfsServer['ansible_facts']['ansible_'+item.interface]['ipv4']['address'] }}:{{ item.src }} fstype={{ item.fstype }} opts={{ item.opts }} state=mounted"

--- a/roles/nfs-client/vars/main.yml
+++ b/roles/nfs-client/vars/main.yml
--- a/roles/nfs-server/vars/main.yml
+++ b/roles/nfs-server/vars/main.yml
--- a/roles/opensslCA/vars/main.yml
+++ b/roles/opensslCA/vars/main.yml
--- a/roles/opensslServer/vars/main.yml
+++ b/roles/opensslServer/vars/main.yml
--- a/roles/slurm-build/tasks/main.yml
+++ b/roles/slurm-build/tasks/main.yml
@@ -38,8 +38,8 @@
 - name: install munge deps
  shell: rpm -i /root/rpmbuild/RPMS/x86_64/munge-libs-{{ munge_version }}-1.el6.x86_64.rpm /root/rpmbuild/RPMS/x86_64/munge-{{ munge_version }}-1.el6.x86_64.rpm /root/rpmbuild/RPMS/x86_64/munge-devel-{{ munge_version }}-1.el6.x86_64.rpm
  sudo: true
-#  ignore_errors: true
-  when: munge_installed | failed 
+  when: munge_installed.stdout.find("munge") == -1 
+#  when: munge_installed is failed or munge_installed.stdout.find("munge") == -1 

 - name: make slurm rpms
  shell: rpmbuild -ta --clean slurm-{{ slurm_version }}.tar.bz2

--- a/roles/slurm/vars/main.yml
+++ b/roles/slurm/vars/main.yml
--- a/roles/syncExports/vars/main.yml
+++ b/roles/syncExports/vars/main.yml