From a2993a613d655fb58bcc55eccba40bf1ca8c721d Mon Sep 17 00:00:00 2001
From: Chris Hines <chris.hines@monash.edu>
Date: Tue, 4 Nov 2014 04:30:19 +0000
Subject: [PATCH] more tidy up, making an easy-rsa-common role

---
 roles/easy-rsa-CA-client/defaults/main.yml.v1 |  3 -
 roles/easy-rsa-CA-client/meta/main.yml        |  4 +
 .../tasks/installEasyRsa.yml                  | 10 ---
 roles/easy-rsa-CA-client/tasks/main.yml       |  4 -
 roles/easy-rsa-CA-server/defaults/main.yml    |  8 --
 roles/easy-rsa-CA-server/defaults/main.yml.v1 |  3 -
 roles/easy-rsa-CA-server/files/defaultConfig  | 80 -------------------
 roles/easy-rsa-CA-server/meta/main.yml        |  4 +
 .../tasks/copyConfigurationFile.yml           | 12 ---
 .../tasks/installEasyRsa.yml                  | 10 ---
 roles/easy-rsa-CA-server/tasks/main.yml       |  4 -
 roles/easy-rsa-CA/defaults/main.yml           |  8 --
 roles/easy-rsa-CA/defaults/main.yml.v1        |  3 -
 roles/easy-rsa-CA/files/defaultConfig         | 80 -------------------
 roles/easy-rsa-CA/meta/main.yml               |  4 +
 roles/easy-rsa-CA/tasks/buildServerCert.yml   | 12 ---
 .../tasks/copyConfigurationFile.yml           | 12 ---
 roles/easy-rsa-CA/tasks/main.yml              |  4 -
 .../defaults/main.yml                         |  0
 .../files/defaultConfig                       |  0
 .../tasks/copyConfigurationFile.yml           |  0
 .../tasks/installEasyRsa.yml                  |  0
 roles/easy-rsa-common/tasks/main.yml          |  6 ++
 23 files changed, 18 insertions(+), 253 deletions(-)
 delete mode 100644 roles/easy-rsa-CA-client/defaults/main.yml.v1
 create mode 100644 roles/easy-rsa-CA-client/meta/main.yml
 delete mode 100644 roles/easy-rsa-CA-client/tasks/installEasyRsa.yml
 delete mode 100644 roles/easy-rsa-CA-server/defaults/main.yml
 delete mode 100644 roles/easy-rsa-CA-server/defaults/main.yml.v1
 delete mode 100644 roles/easy-rsa-CA-server/files/defaultConfig
 create mode 100644 roles/easy-rsa-CA-server/meta/main.yml
 delete mode 100644 roles/easy-rsa-CA-server/tasks/copyConfigurationFile.yml
 delete mode 100644 roles/easy-rsa-CA-server/tasks/installEasyRsa.yml
 delete mode 100644 roles/easy-rsa-CA/defaults/main.yml
 delete mode 100644 roles/easy-rsa-CA/defaults/main.yml.v1
 delete mode 100644 roles/easy-rsa-CA/files/defaultConfig
 create mode 100644 roles/easy-rsa-CA/meta/main.yml
 delete mode 100644 roles/easy-rsa-CA/tasks/buildServerCert.yml
 delete mode 100644 roles/easy-rsa-CA/tasks/copyConfigurationFile.yml
 rename roles/{easy-rsa-CA-client => easy-rsa-common}/defaults/main.yml (100%)
 rename roles/{easy-rsa-CA-client => easy-rsa-common}/files/defaultConfig (100%)
 rename roles/{easy-rsa-CA-client => easy-rsa-common}/tasks/copyConfigurationFile.yml (100%)
 rename roles/{easy-rsa-CA => easy-rsa-common}/tasks/installEasyRsa.yml (100%)
 create mode 100644 roles/easy-rsa-common/tasks/main.yml

diff --git a/roles/easy-rsa-CA-client/defaults/main.yml.v1 b/roles/easy-rsa-CA-client/defaults/main.yml.v1
deleted file mode 100644
index 3e0df58..0000000
--- a/roles/easy-rsa-CA-client/defaults/main.yml.v1
+++ /dev/null
@@ -1,3 +0,0 @@
----
-key_email: shahaan.ayyub@monash.edu 
-key_ou: MCC-R@CMON
diff --git a/roles/easy-rsa-CA-client/meta/main.yml b/roles/easy-rsa-CA-client/meta/main.yml
new file mode 100644
index 0000000..47d8292
--- /dev/null
+++ b/roles/easy-rsa-CA-client/meta/main.yml
@@ -0,0 +1,4 @@
+---
+depdenencies:
+  - {role: easy-rsa-common }
+
diff --git a/roles/easy-rsa-CA-client/tasks/installEasyRsa.yml b/roles/easy-rsa-CA-client/tasks/installEasyRsa.yml
deleted file mode 100644
index f479b15..0000000
--- a/roles/easy-rsa-CA-client/tasks/installEasyRsa.yml
+++ /dev/null
@@ -1,10 +0,0 @@
---- 
-- 
-  name: "Installing easy-rsa"
-  yum: "name=easy-rsa state=latest"
-- 
-  name: "Moving easy-rsa to /etc"
-  shell: "cp -rf /usr/share/easy-rsa /etc/"
-  args:
-    creates: /etc/easy-rsa/2.0
-
diff --git a/roles/easy-rsa-CA-client/tasks/main.yml b/roles/easy-rsa-CA-client/tasks/main.yml
index 9f6d314..73fc5d8 100644
--- a/roles/easy-rsa-CA-client/tasks/main.yml
+++ b/roles/easy-rsa-CA-client/tasks/main.yml
@@ -1,7 +1,3 @@
 --- 
--
-  include: installEasyRsa.yml
--
-  include: copyConfigurationFile.yml 
 - 
   include: buildClientCert.yml
diff --git a/roles/easy-rsa-CA-server/defaults/main.yml b/roles/easy-rsa-CA-server/defaults/main.yml
deleted file mode 100644
index 6d22a91..0000000
--- a/roles/easy-rsa-CA-server/defaults/main.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-countryName: "AU" 
-reginalName: "Victoria" 
-cityName: "Melbourne"
-organizationName: "Monash University"
-emailAddress: "default@default.org"
-organizationUnit: "defaultUnit"
-
diff --git a/roles/easy-rsa-CA-server/defaults/main.yml.v1 b/roles/easy-rsa-CA-server/defaults/main.yml.v1
deleted file mode 100644
index 3e0df58..0000000
--- a/roles/easy-rsa-CA-server/defaults/main.yml.v1
+++ /dev/null
@@ -1,3 +0,0 @@
----
-key_email: shahaan.ayyub@monash.edu 
-key_ou: MCC-R@CMON
diff --git a/roles/easy-rsa-CA-server/files/defaultConfig b/roles/easy-rsa-CA-server/files/defaultConfig
deleted file mode 100644
index af221df..0000000
--- a/roles/easy-rsa-CA-server/files/defaultConfig
+++ /dev/null
@@ -1,80 +0,0 @@
-# easy-rsa parameter settings
-
-# NOTE: If you installed from an RPM,
-# don't edit this file in place in
-# /usr/share/openvpn/easy-rsa --
-# instead, you should copy the whole
-# easy-rsa directory to another location
-# (such as /etc/openvpn) so that your
-# edits will not be wiped out by a future
-# OpenVPN package upgrade.
-
-# This variable should point to
-# the top level of the easy-rsa
-# tree.
-export EASY_RSA="/etc/easy-rsa/2.0"
-
-#
-# This variable should point to
-# the requested executables
-#
-export OPENSSL="openssl"
-export PKCS11TOOL="pkcs11-tool"
-export GREP="grep"
-
-
-# This variable should point to
-# the openssl.cnf file included
-# with easy-rsa.
-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
-
-# Edit this variable to point to
-# your soon-to-be-created key
-# directory.
-#
-# WARNING: clean-all will do
-# a rm -rf on this directory
-# so make sure you define
-# it correctly!
-export KEY_DIR="$EASY_RSA/keys"
-
-# Issue rm -rf warning
-echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
-
-# PKCS11 fixes
-export PKCS11_MODULE_PATH="dummy"
-export PKCS11_PIN="dummy"
-
-# Increase this to 2048 if you
-# are paranoid.  This will slow
-# down TLS negotiation performance
-# as well as the one-time DH parms
-# generation process.
-export KEY_SIZE=512
-
-# In how many days should the root CA key expire?
-export CA_EXPIRE=3650
-
-# In how many days should certificates expire?
-export KEY_EXPIRE=3650
-
-# These are the default values for fields
-# which will be placed in the certificate.
-# Don't leave any of these fields blank.
-export KEY_COUNTRY="AU"
-export KEY_PROVINCE="Victoria"
-export KEY_CITY="Melbourne"
-export KEY_ORG="Monash University"
-export KEY_EMAIL="shahaan.ayyub@monash.edu"
-export KEY_OU="MCC-R@CMON"
-
-# X509 Subject Field
-export KEY_NAME="EasyRSA"
-
-# PKCS11 Smart Card
-# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
-# export PKCS11_PIN=1234
-
-# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
-# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
-# export KEY_CN="CommonName"
diff --git a/roles/easy-rsa-CA-server/meta/main.yml b/roles/easy-rsa-CA-server/meta/main.yml
new file mode 100644
index 0000000..47d8292
--- /dev/null
+++ b/roles/easy-rsa-CA-server/meta/main.yml
@@ -0,0 +1,4 @@
+---
+depdenencies:
+  - {role: easy-rsa-common }
+
diff --git a/roles/easy-rsa-CA-server/tasks/copyConfigurationFile.yml b/roles/easy-rsa-CA-server/tasks/copyConfigurationFile.yml
deleted file mode 100644
index 0bd4409..0000000
--- a/roles/easy-rsa-CA-server/tasks/copyConfigurationFile.yml
+++ /dev/null
@@ -1,12 +0,0 @@
---- 
-- name: "Copy the configuration file"
-  template: src={{ item }} dest=/etc/easy-rsa/2.0/vars mode=0644 owner=root
-  with_first_found:
-    - files:
-        - vars.j2
-        - userConfig
-        - defaultConfig
-      paths:
-        - ../../../templates/easy-rsa/
-        - ../files/
-
diff --git a/roles/easy-rsa-CA-server/tasks/installEasyRsa.yml b/roles/easy-rsa-CA-server/tasks/installEasyRsa.yml
deleted file mode 100644
index 8acdd71..0000000
--- a/roles/easy-rsa-CA-server/tasks/installEasyRsa.yml
+++ /dev/null
@@ -1,10 +0,0 @@
---- 
-- 
-  name: "Installing easy-rsa"
-  yum: "name=easy-rsa state=latest"
-- 
-  name: "Moving easy-rsa to /etc"
-  shell: "cp -rf /usr/share/easy-rsa /etc/"
-  args:
-    chdir: /etc/easy-rsa/2.0/
-    creates: build-ca
diff --git a/roles/easy-rsa-CA-server/tasks/main.yml b/roles/easy-rsa-CA-server/tasks/main.yml
index c9de117..6933364 100644
--- a/roles/easy-rsa-CA-server/tasks/main.yml
+++ b/roles/easy-rsa-CA-server/tasks/main.yml
@@ -1,7 +1,3 @@
 --- 
-- 
-  include: installEasyRsa.yml
-- 
-  include: copyConfigurationFile.yml
 - 
   include: buildServerCert.yml
diff --git a/roles/easy-rsa-CA/defaults/main.yml b/roles/easy-rsa-CA/defaults/main.yml
deleted file mode 100644
index 6d22a91..0000000
--- a/roles/easy-rsa-CA/defaults/main.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-countryName: "AU" 
-reginalName: "Victoria" 
-cityName: "Melbourne"
-organizationName: "Monash University"
-emailAddress: "default@default.org"
-organizationUnit: "defaultUnit"
-
diff --git a/roles/easy-rsa-CA/defaults/main.yml.v1 b/roles/easy-rsa-CA/defaults/main.yml.v1
deleted file mode 100644
index 3e0df58..0000000
--- a/roles/easy-rsa-CA/defaults/main.yml.v1
+++ /dev/null
@@ -1,3 +0,0 @@
----
-key_email: shahaan.ayyub@monash.edu 
-key_ou: MCC-R@CMON
diff --git a/roles/easy-rsa-CA/files/defaultConfig b/roles/easy-rsa-CA/files/defaultConfig
deleted file mode 100644
index af221df..0000000
--- a/roles/easy-rsa-CA/files/defaultConfig
+++ /dev/null
@@ -1,80 +0,0 @@
-# easy-rsa parameter settings
-
-# NOTE: If you installed from an RPM,
-# don't edit this file in place in
-# /usr/share/openvpn/easy-rsa --
-# instead, you should copy the whole
-# easy-rsa directory to another location
-# (such as /etc/openvpn) so that your
-# edits will not be wiped out by a future
-# OpenVPN package upgrade.
-
-# This variable should point to
-# the top level of the easy-rsa
-# tree.
-export EASY_RSA="/etc/easy-rsa/2.0"
-
-#
-# This variable should point to
-# the requested executables
-#
-export OPENSSL="openssl"
-export PKCS11TOOL="pkcs11-tool"
-export GREP="grep"
-
-
-# This variable should point to
-# the openssl.cnf file included
-# with easy-rsa.
-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
-
-# Edit this variable to point to
-# your soon-to-be-created key
-# directory.
-#
-# WARNING: clean-all will do
-# a rm -rf on this directory
-# so make sure you define
-# it correctly!
-export KEY_DIR="$EASY_RSA/keys"
-
-# Issue rm -rf warning
-echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
-
-# PKCS11 fixes
-export PKCS11_MODULE_PATH="dummy"
-export PKCS11_PIN="dummy"
-
-# Increase this to 2048 if you
-# are paranoid.  This will slow
-# down TLS negotiation performance
-# as well as the one-time DH parms
-# generation process.
-export KEY_SIZE=512
-
-# In how many days should the root CA key expire?
-export CA_EXPIRE=3650
-
-# In how many days should certificates expire?
-export KEY_EXPIRE=3650
-
-# These are the default values for fields
-# which will be placed in the certificate.
-# Don't leave any of these fields blank.
-export KEY_COUNTRY="AU"
-export KEY_PROVINCE="Victoria"
-export KEY_CITY="Melbourne"
-export KEY_ORG="Monash University"
-export KEY_EMAIL="shahaan.ayyub@monash.edu"
-export KEY_OU="MCC-R@CMON"
-
-# X509 Subject Field
-export KEY_NAME="EasyRSA"
-
-# PKCS11 Smart Card
-# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
-# export PKCS11_PIN=1234
-
-# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
-# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
-# export KEY_CN="CommonName"
diff --git a/roles/easy-rsa-CA/meta/main.yml b/roles/easy-rsa-CA/meta/main.yml
new file mode 100644
index 0000000..47d8292
--- /dev/null
+++ b/roles/easy-rsa-CA/meta/main.yml
@@ -0,0 +1,4 @@
+---
+depdenencies:
+  - {role: easy-rsa-common }
+
diff --git a/roles/easy-rsa-CA/tasks/buildServerCert.yml b/roles/easy-rsa-CA/tasks/buildServerCert.yml
deleted file mode 100644
index 2508a89..0000000
--- a/roles/easy-rsa-CA/tasks/buildServerCert.yml
+++ /dev/null
@@ -1,12 +0,0 @@
---- 
-- name: "Creating Server certificate"
-  shell: " cd /etc/easy-rsa/2.0; source ./vars; export EASY_RSA=\"${EASY_RSA:-.}\"; \"$EASY_RSA/pkitool\"  --server {{ server }}"
-  args:
-    chdir: /etc/easy-rsa/2.0/keys/
-    creates: server.crt
-
-- name: "Generating Diffie-Hellman Parameters"
-  shell: "cd /etc/easy-rsa/2.0; source ./vars; ./build-dh"
-  args:
-    chdir: /etc/easy-rsa/2.0/keys/
-    creates: dh512.pem
diff --git a/roles/easy-rsa-CA/tasks/copyConfigurationFile.yml b/roles/easy-rsa-CA/tasks/copyConfigurationFile.yml
deleted file mode 100644
index 0bd4409..0000000
--- a/roles/easy-rsa-CA/tasks/copyConfigurationFile.yml
+++ /dev/null
@@ -1,12 +0,0 @@
---- 
-- name: "Copy the configuration file"
-  template: src={{ item }} dest=/etc/easy-rsa/2.0/vars mode=0644 owner=root
-  with_first_found:
-    - files:
-        - vars.j2
-        - userConfig
-        - defaultConfig
-      paths:
-        - ../../../templates/easy-rsa/
-        - ../files/
-
diff --git a/roles/easy-rsa-CA/tasks/main.yml b/roles/easy-rsa-CA/tasks/main.yml
index 947bff3..50dfbfa 100644
--- a/roles/easy-rsa-CA/tasks/main.yml
+++ b/roles/easy-rsa-CA/tasks/main.yml
@@ -1,7 +1,3 @@
 --- 
--
-  include: installEasyRsa.yml
--
-  include: copyConfigurationFile.yml
 - 
   include: buildCA.yml
diff --git a/roles/easy-rsa-CA-client/defaults/main.yml b/roles/easy-rsa-common/defaults/main.yml
similarity index 100%
rename from roles/easy-rsa-CA-client/defaults/main.yml
rename to roles/easy-rsa-common/defaults/main.yml
diff --git a/roles/easy-rsa-CA-client/files/defaultConfig b/roles/easy-rsa-common/files/defaultConfig
similarity index 100%
rename from roles/easy-rsa-CA-client/files/defaultConfig
rename to roles/easy-rsa-common/files/defaultConfig
diff --git a/roles/easy-rsa-CA-client/tasks/copyConfigurationFile.yml b/roles/easy-rsa-common/tasks/copyConfigurationFile.yml
similarity index 100%
rename from roles/easy-rsa-CA-client/tasks/copyConfigurationFile.yml
rename to roles/easy-rsa-common/tasks/copyConfigurationFile.yml
diff --git a/roles/easy-rsa-CA/tasks/installEasyRsa.yml b/roles/easy-rsa-common/tasks/installEasyRsa.yml
similarity index 100%
rename from roles/easy-rsa-CA/tasks/installEasyRsa.yml
rename to roles/easy-rsa-common/tasks/installEasyRsa.yml
diff --git a/roles/easy-rsa-common/tasks/main.yml b/roles/easy-rsa-common/tasks/main.yml
new file mode 100644
index 0000000..fe7a5a8
--- /dev/null
+++ b/roles/easy-rsa-common/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+-
+  include: installEasyRsa.yml
+-
+  include: copyConfigurationFile.yml
+
-- 
GitLab