From 19f266a1d9f0ba8a16ac3b946b577fef1f74443a Mon Sep 17 00:00:00 2001
From: CVL-GitHub <jupiter.hu@monash.edu>
Date: Tue, 28 Oct 2014 23:18:35 +0000
Subject: [PATCH] Add with_first_found condition, and remove duplicated
 configuration directories

---
 .../tasks/copyConfigurationFile.yml           | 11 ++-
 roles/easy-rsa-CA-client/templates/vars.j2    | 80 -------------------
 roles/easy-rsa-CA-client/templates/vars.j2.v1 | 80 -------------------
 .../tasks/copyConfigurationFile.yml           | 11 ++-
 roles/easy-rsa-CA-server/templates/vars.j2    | 80 -------------------
 roles/easy-rsa-CA-server/templates/vars.j2.v1 | 80 -------------------
 .../tasks/copyConfigurationFile.yml           | 11 ++-
 7 files changed, 30 insertions(+), 323 deletions(-)
 delete mode 100644 roles/easy-rsa-CA-client/templates/vars.j2
 delete mode 100644 roles/easy-rsa-CA-client/templates/vars.j2.v1
 delete mode 100644 roles/easy-rsa-CA-server/templates/vars.j2
 delete mode 100644 roles/easy-rsa-CA-server/templates/vars.j2.v1

diff --git a/roles/easy-rsa-CA-client/tasks/copyConfigurationFile.yml b/roles/easy-rsa-CA-client/tasks/copyConfigurationFile.yml
index 9bf12285..0143e885 100644
--- a/roles/easy-rsa-CA-client/tasks/copyConfigurationFile.yml
+++ b/roles/easy-rsa-CA-client/tasks/copyConfigurationFile.yml
@@ -1,3 +1,12 @@
 --- 
 - name: "Copy the configuration file"
-  template: src=vars.j2 dest=/etc/easy-rsa/2.0/vars mode=0644 owner=root
+  template: src={{ item }} dest=/etc/easy-rsa/2.0/vars mode=0644 owner=root
+  with_first_found:
+    - files:
+        - vars.j2
+        - userConfig
+        - defaultConfig
+      paths:
+        - ../../easy-rsa-CA/templates/
+        - /mnt/nectar-nfs/root/ansible-config-root/ansible_cluster_in_a_box/roles/easy-rsa-CA/files/
+
diff --git a/roles/easy-rsa-CA-client/templates/vars.j2 b/roles/easy-rsa-CA-client/templates/vars.j2
deleted file mode 100644
index d176a1a9..00000000
--- a/roles/easy-rsa-CA-client/templates/vars.j2
+++ /dev/null
@@ -1,80 +0,0 @@
-# easy-rsa parameter settings
-
-# NOTE: If you installed from an RPM,
-# don't edit this file in place in
-# /usr/share/openvpn/easy-rsa --
-# instead, you should copy the whole
-# easy-rsa directory to another location
-# (such as /etc/openvpn) so that your
-# edits will not be wiped out by a future
-# OpenVPN package upgrade.
-
-# This variable should point to
-# the top level of the easy-rsa
-# tree.
-export EASY_RSA="/etc/easy-rsa/2.0"
-
-#
-# This variable should point to
-# the requested executables
-#
-export OPENSSL="openssl"
-export PKCS11TOOL="pkcs11-tool"
-export GREP="grep"
-
-
-# This variable should point to
-# the openssl.cnf file included
-# with easy-rsa.
-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
-
-# Edit this variable to point to
-# your soon-to-be-created key
-# directory.
-#
-# WARNING: clean-all will do
-# a rm -rf on this directory
-# so make sure you define
-# it correctly!
-export KEY_DIR="$EASY_RSA/keys"
-
-# Issue rm -rf warning
-echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
-
-# PKCS11 fixes
-export PKCS11_MODULE_PATH="dummy"
-export PKCS11_PIN="dummy"
-
-# Increase this to 2048 if you
-# are paranoid.  This will slow
-# down TLS negotiation performance
-# as well as the one-time DH parms
-# generation process.
-export KEY_SIZE=512
-
-# In how many days should the root CA key expire?
-export CA_EXPIRE=3650
-
-# In how many days should certificates expire?
-export KEY_EXPIRE=3650
-
-# These are the default values for fields
-# which will be placed in the certificate.
-# Don't leave any of these fields blank.
-export KEY_COUNTRY={{ countryName }}
-export KEY_PROVINCE={{ reginalName }}
-export KEY_CITY={{ cityName }}
-export KEY_ORG={{ organizationName }}
-export KEY_EMAIL={{ emailAddress }}
-export KEY_OU={{ organizationUnit }}
-
-# X509 Subject Field
-export KEY_NAME="EasyRSA"
-
-# PKCS11 Smart Card
-# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
-# export PKCS11_PIN=1234
-
-# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
-# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
-# export KEY_CN="CommonName"
diff --git a/roles/easy-rsa-CA-client/templates/vars.j2.v1 b/roles/easy-rsa-CA-client/templates/vars.j2.v1
deleted file mode 100644
index af221dfe..00000000
--- a/roles/easy-rsa-CA-client/templates/vars.j2.v1
+++ /dev/null
@@ -1,80 +0,0 @@
-# easy-rsa parameter settings
-
-# NOTE: If you installed from an RPM,
-# don't edit this file in place in
-# /usr/share/openvpn/easy-rsa --
-# instead, you should copy the whole
-# easy-rsa directory to another location
-# (such as /etc/openvpn) so that your
-# edits will not be wiped out by a future
-# OpenVPN package upgrade.
-
-# This variable should point to
-# the top level of the easy-rsa
-# tree.
-export EASY_RSA="/etc/easy-rsa/2.0"
-
-#
-# This variable should point to
-# the requested executables
-#
-export OPENSSL="openssl"
-export PKCS11TOOL="pkcs11-tool"
-export GREP="grep"
-
-
-# This variable should point to
-# the openssl.cnf file included
-# with easy-rsa.
-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
-
-# Edit this variable to point to
-# your soon-to-be-created key
-# directory.
-#
-# WARNING: clean-all will do
-# a rm -rf on this directory
-# so make sure you define
-# it correctly!
-export KEY_DIR="$EASY_RSA/keys"
-
-# Issue rm -rf warning
-echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
-
-# PKCS11 fixes
-export PKCS11_MODULE_PATH="dummy"
-export PKCS11_PIN="dummy"
-
-# Increase this to 2048 if you
-# are paranoid.  This will slow
-# down TLS negotiation performance
-# as well as the one-time DH parms
-# generation process.
-export KEY_SIZE=512
-
-# In how many days should the root CA key expire?
-export CA_EXPIRE=3650
-
-# In how many days should certificates expire?
-export KEY_EXPIRE=3650
-
-# These are the default values for fields
-# which will be placed in the certificate.
-# Don't leave any of these fields blank.
-export KEY_COUNTRY="AU"
-export KEY_PROVINCE="Victoria"
-export KEY_CITY="Melbourne"
-export KEY_ORG="Monash University"
-export KEY_EMAIL="shahaan.ayyub@monash.edu"
-export KEY_OU="MCC-R@CMON"
-
-# X509 Subject Field
-export KEY_NAME="EasyRSA"
-
-# PKCS11 Smart Card
-# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
-# export PKCS11_PIN=1234
-
-# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
-# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
-# export KEY_CN="CommonName"
diff --git a/roles/easy-rsa-CA-server/tasks/copyConfigurationFile.yml b/roles/easy-rsa-CA-server/tasks/copyConfigurationFile.yml
index 9bf12285..81654214 100644
--- a/roles/easy-rsa-CA-server/tasks/copyConfigurationFile.yml
+++ b/roles/easy-rsa-CA-server/tasks/copyConfigurationFile.yml
@@ -1,3 +1,12 @@
 --- 
 - name: "Copy the configuration file"
-  template: src=vars.j2 dest=/etc/easy-rsa/2.0/vars mode=0644 owner=root
+  template: src={{ item }} dest=/etc/easy-rsa/2.0/vars mode=0644 owner=root
+  with_first_found:
+    - files:
+        - vars.j2
+        - userConfig
+        - defaultConfig
+      paths:
+        - ../../easy-rsa-CA/templates
+        - /mnt/nectar-nfs/root/ansible-config-root/ansible_cluster_in_a_box/roles/easy-rsa-CA/files
+
diff --git a/roles/easy-rsa-CA-server/templates/vars.j2 b/roles/easy-rsa-CA-server/templates/vars.j2
deleted file mode 100644
index 52d7a3e5..00000000
--- a/roles/easy-rsa-CA-server/templates/vars.j2
+++ /dev/null
@@ -1,80 +0,0 @@
-# easy-rsa parameter settings
-
-# NOTE: If you installed from an RPM,
-# don't edit this file in place in
-# /usr/share/openvpn/easy-rsa --
-# instead, you should copy the whole
-# easy-rsa directory to another location
-# (such as /etc/openvpn) so that your
-# edits will not be wiped out by a future
-# OpenVPN package upgrade.
-
-# This variable should point to
-# the top level of the easy-rsa
-# tree.
-export EASY_RSA="/etc/easy-rsa/2.0"
-
-#
-# This variable should point to
-# the requested executables
-#
-export OPENSSL="openssl"
-export PKCS11TOOL="pkcs11-tool"
-export GREP="grep"
-
-
-# This variable should point to
-# the openssl.cnf file included
-# with easy-rsa.
-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
-
-# Edit this variable to point to
-# your soon-to-be-created key
-# directory.
-#
-# WARNING: clean-all will do
-# a rm -rf on this directory
-# so make sure you define
-# it correctly!
-export KEY_DIR="$EASY_RSA/keys"
-
-# Issue rm -rf warning
-echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
-
-# PKCS11 fixes
-export PKCS11_MODULE_PATH="dummy"
-export PKCS11_PIN="dummy"
-
-# Increase this to 2048 if you
-# are paranoid.  This will slow
-# down TLS negotiation performance
-# as well as the one-time DH parms
-# generation process.
-export KEY_SIZE=512
-
-# In how many days should the root CA key expire?
-export CA_EXPIRE=3650
-
-# In how many days should certificates expire?
-export KEY_EXPIRE=3650
-
-# These are the default values for fields
-# which will be placed in the certificate.
-# Don't leave any of these fields blank.
-export KEY_COUNTRY={{ countryName }}
-export KEY_PROVINCE={{ reginalName }} 
-export KEY_CITY={{ cityName }} 
-export KEY_ORG={{ organizationName }} 
-export KEY_EMAIL={{ emailAddress }} 
-export KEY_OU={{ organizationUnit }}
-
-# X509 Subject Field
-export KEY_NAME="EasyRSA"
-
-# PKCS11 Smart Card
-# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
-# export PKCS11_PIN=1234
-
-# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
-# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
-# export KEY_CN="CommonName"
diff --git a/roles/easy-rsa-CA-server/templates/vars.j2.v1 b/roles/easy-rsa-CA-server/templates/vars.j2.v1
deleted file mode 100644
index af221dfe..00000000
--- a/roles/easy-rsa-CA-server/templates/vars.j2.v1
+++ /dev/null
@@ -1,80 +0,0 @@
-# easy-rsa parameter settings
-
-# NOTE: If you installed from an RPM,
-# don't edit this file in place in
-# /usr/share/openvpn/easy-rsa --
-# instead, you should copy the whole
-# easy-rsa directory to another location
-# (such as /etc/openvpn) so that your
-# edits will not be wiped out by a future
-# OpenVPN package upgrade.
-
-# This variable should point to
-# the top level of the easy-rsa
-# tree.
-export EASY_RSA="/etc/easy-rsa/2.0"
-
-#
-# This variable should point to
-# the requested executables
-#
-export OPENSSL="openssl"
-export PKCS11TOOL="pkcs11-tool"
-export GREP="grep"
-
-
-# This variable should point to
-# the openssl.cnf file included
-# with easy-rsa.
-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
-
-# Edit this variable to point to
-# your soon-to-be-created key
-# directory.
-#
-# WARNING: clean-all will do
-# a rm -rf on this directory
-# so make sure you define
-# it correctly!
-export KEY_DIR="$EASY_RSA/keys"
-
-# Issue rm -rf warning
-echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
-
-# PKCS11 fixes
-export PKCS11_MODULE_PATH="dummy"
-export PKCS11_PIN="dummy"
-
-# Increase this to 2048 if you
-# are paranoid.  This will slow
-# down TLS negotiation performance
-# as well as the one-time DH parms
-# generation process.
-export KEY_SIZE=512
-
-# In how many days should the root CA key expire?
-export CA_EXPIRE=3650
-
-# In how many days should certificates expire?
-export KEY_EXPIRE=3650
-
-# These are the default values for fields
-# which will be placed in the certificate.
-# Don't leave any of these fields blank.
-export KEY_COUNTRY="AU"
-export KEY_PROVINCE="Victoria"
-export KEY_CITY="Melbourne"
-export KEY_ORG="Monash University"
-export KEY_EMAIL="shahaan.ayyub@monash.edu"
-export KEY_OU="MCC-R@CMON"
-
-# X509 Subject Field
-export KEY_NAME="EasyRSA"
-
-# PKCS11 Smart Card
-# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
-# export PKCS11_PIN=1234
-
-# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
-# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
-# export KEY_CN="CommonName"
diff --git a/roles/easy-rsa-CA/tasks/copyConfigurationFile.yml b/roles/easy-rsa-CA/tasks/copyConfigurationFile.yml
index 9bf12285..18c25603 100644
--- a/roles/easy-rsa-CA/tasks/copyConfigurationFile.yml
+++ b/roles/easy-rsa-CA/tasks/copyConfigurationFile.yml
@@ -1,3 +1,12 @@
 --- 
 - name: "Copy the configuration file"
-  template: src=vars.j2 dest=/etc/easy-rsa/2.0/vars mode=0644 owner=root
+  template: src={{ item }} dest=/etc/easy-rsa/2.0/vars mode=0644 owner=root
+  with_first_found:
+    - files:
+        - vars.j2
+        - userConfig
+        - defaultConfig
+      paths:
+        - ../templates
+        - /mnt/nectar-nfs/root/ansible-config-root/ansible_cluster_in_a_box/roles/easy-rsa-CA/files
+
-- 
GitLab