homelab/ansible-collection
0
0
Fork 0
Code Issues 1 Pull requests 1 Releases 159 Activity Actions
ansible-collection/roles/common/tasks/pre-ca-setup-and-validation.yml
GregoryDosh b19fa02af3
All checks were successful
Update Version / Update Version (push) Successful in 11s
Details
fix: small quick hack for TZ /etc/timezone when missing (deprecated path)
2025-09-10 13:27:48 -05:00

129 lines
5.5 KiB
YAML
Raw Permalink Blame History

# Ansible Roles for managing Auengun.net Infrastructure & Testing/Learning.
# Source available at git.auengun.net/homelab/ansible-collection
# Copyright (C) 2023 GregoryDosh
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# SPDX-License-Identifier: AGPL-3.0-or-later
# SPDX-FileCopyrightText: 2023 GregoryDosh
---
- name: Grab System TZ for CA Healthchecks
ansible.builtin.shell: |
cat /etc/timezone 2>/dev/null || echo -n 'Etc/UTC'
ignore_errors: true
changed_when: false
register: "_host_tz_stdout"
- name: Register absolute paths for binaries
ansible.builtin.shell: |
command -v {{ item.bin }}
ignore_errors: true
changed_when: false
register: "_BIN_ABSOLUTE_PATHS"
with_items:
- { var: STEP_BIN_ABSOLUTE_PATH, bin: "{{ STEP_BIN_NAME }}" }
- { var: CURL_BIN_ABSOLUTE_PATH, bin: "curl" }
- { var: SH_BIN_ABSOLUTE_PATH, bin: "sh" }
- { var: SSHD_BIN_ABSOLUTE_PATH, bin: "sshd" }
- { var: SYSTEMCTL_BIN_ABSOLUTE_PATH, bin: "systemctl" }
- { var: HEAD_BIN_ABSOLUTE_PATH, bin: "head" }
- { var: CUT_BIN_ABSOLUTE_PATH, bin: "cut" }
- { var: MKTEMP_BIN_ABSOLUTE_PATH, bin: "mktemp" }
- { var: SERVICE_BIN_ABSOLUTE_PATH, bin: "service" }
- { var: PAM_AUTH_UPDATE_BIN_ABSOLUTE_PATH, bin: "pam-auth-update" }
- ansible.builtin.set_fact:
HOST_TZ: "{{ HOST_TZ | default(_host_tz_stdout.stdout) }}"
STEP_BIN_ABSOLUTE_PATH: "{{ STEP_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[0].stdout) }}"
CURL_BIN_ABSOLUTE_PATH: "{{ CURL_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[1].stdout) }}"
SH_BIN_ABSOLUTE_PATH: "{{ SH_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[2].stdout) }}"
SSHD_BIN_ABSOLUTE_PATH: "{{ SSHD_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[3].stdout) }}"
HEAD_BIN_ABSOLUTE_PATH: "{{ HEAD_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[5].stdout) }}"
CUT_BIN_ABSOLUTE_PATH: "{{ CUT_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[6].stdout) }}"
MKTEMP_BIN_ABSOLUTE_PATH: "{{ MKTEMP_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[7].stdout) }}"
SERVICE_BIN_ABSOLUTE_PATH: "{{ SERVICE_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[8].stdout) }}"
PAM_AUTH_UPDATE_BIN_ABSOLUTE_PATH: "{{ PAM_AUTH_UPDATE_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[9].stdout) }}"
# Note that putting this on one line and including "" will change new line behavior
# and cause diffs/changes unexpectedly later in the app. Be cautious refactoring this.
_cert_san_json: |
{{ CERT_SAN | sort | to_json(indent=4) }}
- name: Validate required variables defined.
ansible.builtin.assert:
that:
- "HOST_TZ | length > 0"
- "CURL_BIN_ABSOLUTE_PATH | length > 0"
- "GRAFANA_ALLOY_ORGID | length > 0"
- "HEALTHCHECK_SITE_API_KEY | length > 0"
- "LDAPD_BINDDN | length > 0"
- "LDAPD_BINDPW | length > 0"
- "PAM_AUENGUN_SSH_AUTHORIZED_PRINCIPALS | length > 0"
- "PAM_AUENGUN_SSH_DEFAULT | length > 0"
- "PAM_AUENGUN_SSH_PRIORITY | string | length > 0"
- "PAM_MKHOMEDIR_SPM_DEFAULT | length > 0"
- "PAM_MKHOMEDIR_SPM_PRIORITY | string | length > 0"
- "PAM_SHARED_MODULE_PATH | length > 0"
- "SH_BIN_ABSOLUTE_PATH | length > 0"
- "SSHD_BIN_ABSOLUTE_PATH | length > 0"
- "SSSD_DEFAULT_SHELL | length > 0"
- "SSSD_LDAP_FILTER | length > 0"
- "STEP_BIN_ABSOLUTE_PATH | length > 0"
- "STEP_BOOTSTRAP_FINGERPRINT | length > 0"
- "STEP_CERTS_ACME_CA_PROVISIONER | length > 0"
- "_cert_san_json | length > 0"
- name: Validate required variables defined.
when: (PAM_MKHOMEDIR_SPM_ENABLE | bool ) or ( PAM_AUENGUN_SSH_ENABLE | bool )
ansible.builtin.assert:
that:
- "PAM_AUTH_UPDATE_BIN_ABSOLUTE_PATH | length > 0"
- name: create config directories
become: true
ansible.builtin.file:
path: "{{ item }}"
owner: "{{ STEP_USER_NAME }}"
group: "{{ STEP_GROUP_NAME }}"
state: directory
with_items:
- "{{ STEP_PATH }}"
- "{{ STEP_CONFIG_PATH }}"
- "{{ STEP_CERTS_PATH }}"
- when: ansible_service_mgr == 'systemd'
become: true
block:
- ansible.builtin.set_fact:
SYSTEMCTL_BIN_ABSOLUTE_PATH: "{{ SYSTEMCTL_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[4].stdout) }}"
- name: "shell: get systemd version"
changed_when: false
ansible.builtin.shell: |
{{ SYSTEMCTL_BIN_ABSOLUTE_PATH }} --version | {{ HEAD_BIN_ABSOLUTE_PATH }} -n 1 | {{ CUT_BIN_ABSOLUTE_PATH }} -f 2 -d" "
register: _shell_systemd_version
- name: "set_fact: _systemd_version"
changed_when: false
ansible.builtin.set_fact:
_systemd_version: |
{{ _shell_systemd_version.stdout | int }}
- name: Validate systemd variables defined.
ansible.builtin.fail:
msg: >-
Required variable not defined: {{ item }}
when: "vars[item] == ''"
with_items:
- SYSTEMCTL_BIN_ABSOLUTE_PATH
- _systemd_version
Reference in a new issue View git blame Copy permalink