Merge pull request #83 from l1ll1/master

a strudel_build and strudel_test role to create strudel and test on vari...

roles/easy-rsa-CA/tasks/buildCA.yml

 --- 
 - 
   name: "Building the CA Certificate"
-  shell: ' cd /etc/easy-rsa/2.0; source ./vars; ./clean-all;  export EASY_RSA="${EASY_RSA:-.}"; "$EASY_RSA/pkitool" --initca $*'
+  shell: ' bash -c " cd /etc/easy-rsa/2.0; source ./vars; ./clean-all;  export EASY_RSA=/etc/easy-rsa/2.0; /etc/easy-rsa/2.0/pkitool --initca $* "'
   args:
     creates: /etc/easy-rsa/2.0/keys/ca.crt
+  register: initca
   sudo: True
+
+- name: debug
+  debug: var=initca
+

roles/ldapserver/tasks/main.yml

@@ -28,6 +28,12 @@
 - name: template manager.ldif
   template: src=manager_ldif.j2 dest=/tmp/manager.ldif mode=600
   sudo: true
+- name: template manager2.ldif
+  template: src=manager_ldif2.j2 dest=/tmp/manager2.ldif mode=600
+  sudo: true
+- name: template manager3.ldif
+  template: src=manager_ldif3.j2 dest=/tmp/manager3.ldif mode=600
+  sudo: true
 
 - name: template binddn.ldif
   template: src=binddn_ldif.j2 dest=/tmp/binddn.ldif mode=600
@@ -57,21 +63,32 @@
 - name: template default_ppolicy.ldif
   template: src=default_ppolicy_ldif.j2 dest=/tmp/default_ppolicy.ldif
 
+- name: make cert dir
+  file: path={{ ldapcert | dirname }} state=directory owner={{ ldapuser }} group={{ ldapgroup }}
+  sudo: true
+
+- name: make key dir
+  file: path={{ ldapkey | dirname }} state=directory owner={{ ldapuser }} group={{ ldapgroup }}
+  sudo: true
+
+- name: make ca dir
+  file: path={{ cacert | dirname }} state=directory owner={{ ldapuser }} group={{ ldapgroup }}
+  sudo: true
 
 - name: copy cert
-  command: cp /etc/ssl/certs/server.crt /etc/openldap/certs/ldapcert.pem
+  command: cp /etc/ssl/certs/server.crt {{ ldapcert }}
   sudo: true
 
 - name: copy cacert
-  command: cp /etc/ssl/certs/ca.crt /etc/openldap/certs/cacert.pem
+  command: cp /etc/ssl/certs/ca.crt {{ cacert }}
   sudo: true
 
 - name: copy key
-  command: cp /etc/ssl/private/server.key /etc/openldap/certs/ldapkey.pem
+  command: cp /etc/ssl/private/server.key {{ ldapkey }}
   sudo: true
 
 - name: chmod key
-  file: path=/etc/openldap/certs/ldapkey.pem owner={{ ldapuser }} group={{ ldapgroup }} mode=600
+  file: path={{ ldapkey }} owner={{ ldapuser }} group={{ ldapgroup }} mode=600
   sudo: true
 
 - name: enable ssl centos
@@ -84,7 +101,7 @@
   sudo: true
 
 - name: check TLS config
-  shell: "slapcat -b cn=config | grep 'olcTLSCertificateKeyFile: /etc/openldap/certs/ldapkey.pem'"
+  shell: "slapcat -b cn=config | grep 'olcTLSCertificateKeyFile: {{ ldapkey }}'"
   ignore_errors: true
   sudo: true
   register: tlsConfigured
@@ -133,6 +150,15 @@
   shell:  ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/manager.ldif -D cn=config 
   sudo: true
   when: managerConfigured|failed
+- name: initialise server manager
+  shell:  ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/manager2.ldif -D cn=config 
+  sudo: true
+  ignore_errors: true
+  when: managerConfigured|failed
+- name: initialise server manager
+  shell:  ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/manager3.ldif -D cn=config 
+  sudo: true
+  when: managerConfigured|failed
 
 - name: initialise server acls
   shell:  ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/acls.ldif -D cn=config

roles/ldapserver/templates/acls_ldif.j2

-dn: olcDatabase={2}bdb,cn=config
+dn: {{ dbname }},cn=config
 changetype: modify
 add: olcAccess
 olcAccess: {0}to attrs=userPassword by dn="{{ ldapManager }}" write by self write by * auth

roles/ldapserver/templates/manager_ldif.j2

-dn: olcDatabase={2}bdb,cn=config
+dn: {{ dbname }},cn=config
 changetype: modify
 replace: olcSuffix
 olcSuffix: {{ ldapDomain }}
 -
 replace: olcRootDN
 olcRootDN: {{ ldapManager }}
--
-add: olcRootPW
-olcRootPW: {{ ldapManagerHash.stdout }}

roles/ldapserver/templates/manager_ldif2.j2

+dn: {{ dbname }},cn=config
+changetype: modify
+add: olcRootPW
+olcRootPW: {{ ldapManagerHash.stdout }}

roles/ldapserver/templates/manager_ldif3.j2

+dn: {{ dbname }},cn=config
+changetype: modify
+replace: olcRootPW
+olcRootPW: {{ ldapManagerHash.stdout }}

roles/ldapserver/templates/ppolicy_overlay_ldif.j2

-dn: olcOverlay=ppolicy,olcDatabase={2}bdb,cn=config
+dn: olcOverlay=ppolicy,{{ dbname }},cn=config
 olcOverlay: ppolicy
 objectClass: olcOverlayConfig
 objectClass: olcPPolicyConfig

roles/ldapserver/templates/ssl_ldif.j2

 dn: cn=config
 replace: olcTLSCACertificateFile
-olcTLSCACertificateFile: /etc/openldap/certs/cacert.pem
+olcTLSCACertificateFile: {{ cacert }}
 -
 replace: olcTLSCertificateFile
-olcTLSCertificateFile: /etc/openldap/certs/ldapcert.pem
+olcTLSCertificateFile:  {{ ldapcert }}
 -
 replace: olcTLSCertificateKeyFile
-olcTLSCertificateKeyFile: /etc/openldap/certs/ldapkey.pem
+olcTLSCertificateKeyFile: {{ ldapkey }}

roles/ldapserver/vars/CentOS_6.6_x86_64.yml

@@ -3,3 +3,6 @@
   - openldap-servers
   - openldap-clients
   - openssl
+ ldapuser:  ldap
+ ldapgroup: ldap
+ dbname: olcDatabase={2}bdb

roles/ldapserver/vars/Debian_7.6_x86_64.yml

+---
+ system_packages:
+  - slapd
+  - ldap-utils
+  - openssl
+
+ ldapuser: openldap
+ ldapgroup: openldap
+ dbname: olcDatabase={1}hdb

roles/ldapserver/vars/main.yml

 ---
-  ldapuser:  ldap
-  ldapgroup: ldap
+  ldapcert: /etc/openldap/certs/ldapcert.pem
+  ldapkey: /etc/openldap/certs/ldapkey.pem
+  cacert: /etc/openldap/certs/cacert.pem

roles/strudel_build/tasks/main.yml

 ---
 
-- include_vars: "{{ hostvars[ansible_hostname]['ansible_distribution'] }}_{{ hostvars[ansible_hostname]['ansible_distribution_version'] }}_{{ ansible_architecture }}.yml"
+#- include_vars: "{{ hostvars[ansible_hostname]['ansible_distribution'] }}_{{ hostvars[ansible_hostname]['ansible_distribution_major_version'] }}_{{ ansible_architecture }}.yml"
+- include_vars: "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}_{{ ansible_architecture }}.yml"
+
+- name: add epel on CentOS 7
+  shell: rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
+  sudo: true
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
+  ignore_errors: true
+
+- name: add epel on CentOS 7
+  shell: yum -y update
+  sudo: true
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
+
+
+
 
 - name: install system packages apt
   apt: name={{ item }} state=installed update_cache=true
@@ -35,8 +50,11 @@
 - name: build
   shell: /tmp/strudel/{{ build_launcher }} chdir=/tmp/strudel
 
-- name: scan host
-  shell: ssh-keyscan cvl.massive.org.au >> ~/.ssh/known_hosts
+#- name: remove old host key
+#  shell: ssh-keygen -f "/home/ubuntu/.ssh/known_hosts" -R 118.138.240.227
+#
+#- name: scan host
+#  shell: ssh-keyscan cvl.massive.org.au >> ~/.ssh/known_hosts
 
 - name: ls package
   shell: ls -l /tmp/strudel/{{ pkg_name }}
@@ -46,5 +64,8 @@
 #  when: ansible_os_family == 'Debian'
 
 - name: copy package
-  shell: rsync {{ hostvars[ansible_hostname]['ansible_user_id'] }}@{{ ansible_ssh_host }}:/tmp/strudel/{{ pkg_name }} /tmp/{{ dest_pkg_name }}
-  delegate_to: 127.0.0.1
+  fetch: src=/tmp/strudel/{{ pkg_name }} dest=/tmp/{{ dest_pkg_name }} flat=yes
+
+#- name: copy package
+#  shell: rsync {{ hostvars[ansible_hostname]['ansible_user_id'] }}@{{ ansible_ssh_host }}:/tmp/strudel/{{ pkg_name }} /tmp/{{ dest_pkg_name }}
+#  delegate_to: 127.0.0.1

roles/strudel_build/vars/CentOS_6_x86_64.yml

+---
+ strudel_ver: "20150417"
+ install_prerequisites: install_centos6_64bit_prerequisites.sh
+ build_launcher: package_centos_version.sh
+ pip_packages:
+   - appdirs
+ system_packages:
+   - python-pip
+   - git
+   - curl
+   - gcc
+   - bc
+   - glibc-devel
+   - libgcc
+   - libxml2-devel
+   - libxslt-devel
+   - ncurses-libs
+   - ncurses-devel
+   - readline
+   - readline-devel
+   - zlib
+   - zlib-devel
+   - bzip2-libs
+   - bzip2-devel
+   - gdbm
+   - gdbm-devel
+   - sqlite
+   - sqlite-devel
+   - db4
+   - db4-devel
+   - openssl
+   - openssl-devel
+   - libX11
+   - libX11-devel
+   - tk
+   - tk-devel
+   - gcc-c++
+   - gtk2-devel
+   - gtk2-engines
+   - glib2-devel
+   - mesa-libGL
+   - mesa-libGL-devel
+   - mesa-libGLU
+   - mesa-libGLU-devel
+   - mesa-libGLw
+   - mesa-libGLw-devel
+   - gtkglext-libs
+   - gtkglext-devel
+   - gimp-libs
+   - gimp-devel
+   - gvfs
+   - atk-devel
+   - pango-devel
+   - cairo-devel
+   - freetype-devel
+   - fontconfig-devel
+   - libcanberra-gtk2
+   - PackageKit-gtk-module
+   - make
+   - cmake
+   - rpm-build
+   - wxPython
+   - python-paramiko
+   - python-crypto
+   - python-requests
+   - pexpect
+   - python-lxml
+   - python-psutil
+
+
+ 
+ pkg_name: ./rpmbuild/RPMS/x86_64/strudel-{{ strudel_ver }}-1.x86_64.rpm
+ dest_pkg_name: strudel_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}_{{ strudel_ver }}_x86_64.rpm

roles/strudel_build/vars/CentOS_7_x86_64.yml

+---
+ strudel_ver: "20150417"
+ install_prerequisites: install_centos6_64bit_prerequisites.sh
+ build_launcher: package_centos_version.sh
+ pip_packages:
+   - appdirs
+ system_packages:
+   - python-pip
+   - git
+   - curl
+   - gcc
+   - bc
+   - glibc-devel
+   - libgcc
+   - libxml2-devel
+   - libxslt-devel
+   - ncurses-libs
+   - ncurses-devel
+   - readline
+   - readline-devel
+   - zlib
+   - zlib-devel
+   - bzip2-libs
+   - bzip2-devel
+   - gdbm
+   - gdbm-devel
+   - sqlite
+   - sqlite-devel
+   - db4
+   - db4-devel
+   - openssl
+   - openssl-devel
+   - libX11
+   - libX11-devel
+   - tk
+   - tk-devel
+   - gcc-c++
+   - gtk2-devel
+   - gtk2-engines
+   - glib2-devel
+   - mesa-libGL
+   - mesa-libGL-devel
+   - mesa-libGLU
+   - mesa-libGLU-devel
+   - mesa-libGLw
+   - mesa-libGLw-devel
+   - gimp-libs
+   - gimp-devel
+   - gvfs
+   - atk-devel
+   - pango-devel
+   - cairo-devel
+   - freetype-devel
+   - fontconfig-devel
+   - libcanberra-gtk2
+   - make
+   - cmake
+   - rpm-build
+   - wxPython
+   - python-paramiko
+   - python-crypto
+   - python-requests
+   - pexpect
+   - python-lxml
+   - python-psutil
+
+
+ 
+ pkg_name: ./rpmbuild/RPMS/x86_64/strudel-{{ strudel_ver }}-1.x86_64.rpm
+ dest_pkg_name: strudel_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}_{{ strudel_ver }}_x86_64.rpm

roles/strudel_build/vars/Debian_7_x86_64.yml

+---
+ strudel_ver: "20150417"
+ install_prerequisites: install_ubuntu_64bit_prerequisites.sh
+ build_launcher: "package_ubuntu_version.sh"
+ system_packages:
+   - git
+   - curl
+   - gcc
+   - python-dev
+   - libwxgtk2.8-dev
+   - python-wxgtk2.8
+   - python-pexpect
+   - python-paramiko
+   - python-pycryptopp
+   - python-appdirs
+ pip_packages:
+   - requests
+ pkg_name: strudel_UBUNTU_{{ strudel_ver }}_amd64.deb
+ dest_pkg_name: strudel_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}_{{ strudel_ver }}x86_64.deb
+

roles/strudel_build/vars/Fedora_20_x86_64.yml

 ---
+ strudel_ver: "20150417"
  install_prerequisites: install_centos6_64bit_prerequisites.sh
  build_launcher: package_centos_version.sh
  pip_packages:
@@ -67,5 +68,5 @@
 
 
  
- pkg_name: ./rpmbuild/RPMS/x86_64/strudel-0.6.0-1.x86_64.rpm
- dest_pkg_name: strudel_{{ ansible_distribution }}_{{ ansible_distribution_version }}_{{ hostvars[ansible_hostname]['ansible_date_time']['date'] }}_x86_64.rpm
+ pkg_name: ./rpmbuild/RPMS/x86_64/strudel-{{ strudel_ver }}-1.x86_64.rpm
+ dest_pkg_name: strudel_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}_{{ strudel_ver }}_x86_64.rpm

roles/strudel_build/vars/Ubuntu_12_x86_64.yml

+---
+ strudel_ver: "20150417"
+ build_launcher: "package_ubuntu_version.sh"
+ pip_packages:
+   - appdirs
+   - requests
+ system_packages:
+   - git
+   - curl
+   - gcc
+   - python-dev
+   - libwxgtk2.8-dev
+   - python-wxgtk2.8
+   - python-pexpect
+   - python-paramiko
+   - python-pycryptopp
+   - python-pip
+   - python-psutil
+ pkg_name: strudel_UBUNTU_{{ strudel_ver }}_amd64.deb
+ dest_pkg_name: strudel_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}_{{ strudel_ver }}_x86_64.deb
+

roles/strudel_build/vars/Ubuntu_14.04_x86_64.yml → roles/strudel_build/vars/Ubuntu_14_x86_64.yml

 ---
+ strudel_ver: "20150417"
  install_prerequisites: install_ubuntu_64bit_prerequisites.sh
  build_launcher: "package_ubuntu_version.sh"
  system_packages:
@@ -13,6 +14,6 @@
    - python-pycryptopp
    - python-appdirs
    - python-requests
- pkg_name: strudel_UBUNTU_0.6.0_amd64.deb
- dest_pkg_name: strudel_{{ ansible_distribution }}_{{ ansible_distribution_version }}_{{ hostvars[ansible_hostname]['ansible_date_time']['date'] }}_x86_64.deb
+ pkg_name: strudel_UBUNTU_{{ strudel_ver }}_amd64.deb
+ dest_pkg_name: strudel_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}_{{ strudel_ver }}_x86_64.deb
 

roles/strudel_test/meta/main.yml

+---
+

roles/strudel_test/tasks/main.yml

+---
+- include_vars: "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}_{{ ansible_architecture }}.yml"
+
+- name: get turbovnc
+  shell: wget http://sourceforge.net/projects/turbovnc/files/1.2.3/turbovnc_1.2.3_amd64.deb 
+  when: ansible_os_family == "Debian"
+
+- name: install turobvnc
+  apt: deb=turbovnc_1.2.3_amd64.deb
+  sudo: true
+  when: ansible_os_family == "Debian"
+
+- name: get turbovnc
+  shell: wget http://sourceforge.net/projects/turbovnc/files/1.2.3/turbovnc-1.2.3.x86_64.rpm
+  when: ansible_os_family == "RedHat"
+
+- name: install turobvnc
+  yum: src=turbovnc-1.2.3.x86_64.rpm
+  sudo: true
+  when: ansible_os_family == "RedHat"
+
+- name: copy launcher
+  copy: src=/tmp/{{ dest_pkg_name }} dest=/tmp/{{ dest_pkg_name }}
+
+- name: install launhcer
+  apt: deb=/tmp/{{ dest_pkg_name }} 
+  sudo: true
+  when: ansible_os_family == "Debian"
+
+- name: install launcher
+  yum: src=/tmp/{{ dest_pkg_name }}
+  sudo: true
+  when: ansible_os_family == "RedHat"
+