does most of the job

2023-05-22 20:23:57 +02:00 · 2023-05-22 20:23:57 +02:00 · 273d12c942
commit 273d12c942
parent 26280ef8e5
11 changed files with 79 additions and 38 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,2 +1,5 @@
 ---
 # defaults file for import_vault_root_ca
 import_vault_root_ca_certificate_list:
  - url: "https://openstack01.ednz.fr:8200/v1/ednz-root-ca/ca"
    cert_name: "ednz_ca"
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,2 +1,5 @@
 ---
 # handlers file for import_vault_root_ca
 - name: "Update the trust store"
  ansible.builtin.command: update-ca-certificates
  listen: "update-ca-certificates"
--- a/meta/main.yml
+++ b/meta/main.yml
@ -2,9 +2,9 @@
 # meta file for hashicorp_nomad
 galaxy_info:
  namespace: 'ednxzu'
-  role_name: 'hashicorp_nomad'
+  role_name: 'import_vault_root_ca'
  author: 'Bertrand Lanson'
-  description: 'Install and configure hashicorp nomad for debian-based distros.'
+  description: 'Imports root CA certificates from Vault to the trust store on debian-based distros.'
  license: 'license (BSD, MIT)'
  min_ansible_version: '2.10'
  platforms:
@ -18,7 +18,9 @@ galaxy_info:
  galaxy_tags:
    - 'ubuntu'
    - 'debian'
-    - 'hashicorp'
+    - 'vault'
-    - 'nomad'
+    - 'openssl'
    - 'store'
    - 'certificate'
 dependencies: []
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@ -20,7 +20,7 @@ provisioner:
    defaults:
      remote_tmp: /tmp/.ansible
 verifier:
-  name: testinfra
+  name: ansible
 scenario:
  name: default
  test_sequence:
--- a/molecule/default/tests/conftest.py
+++ b/molecule/default/tests/conftest.py
@ -1,22 +0,0 @@
 """PyTest Fixtures."""
 import os
 import pytest
 def pytest_runtest_setup(item):
    """Run tests only when under molecule with testinfra installed."""
    try:
        import testinfra
    except ImportError:
        pytest.skip("Test requires testinfra", allow_module_level=True)
    if "MOLECULE_INVENTORY_FILE" in os.environ:
        pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
            os.environ["MOLECULE_INVENTORY_FILE"],
        ).get_hosts("all")
    else:
        pytest.skip(
            "Test should run only from inside molecule.",
            allow_module_level=True,
        )
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@ -1,10 +0,0 @@
 """Role testing files using testinfra."""
 def test_hosts_file(host):
    """Validate /etc/hosts file."""
    f = host.file("/etc/hosts")
    assert f.exists
    assert f.user == "root"
    assert f.group == "root"
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@ -0,0 +1,10 @@
 ---
 # This is an example playbook to execute Ansible tests.
 - name: Verify
  hosts: all
  gather_facts: false
  tasks:
    - name: Example assertion
      ansible.builtin.assert:
        that: true
--- a/tasks/import.yml
+++ b/tasks/import.yml
@ -0,0 +1,17 @@
 ---
 # task/import file for import_vault_root_ca
 - name: "Download certificate file"
  ansible.builtin.get_url:
    url: "{{ item.url }}"
    validate_certs: false
    dest: "/tmp/{{ item.cert_name }}.tmp"
    mode: '0600'
  loop: "{{ import_vault_root_ca_certificate_list }}"
 - name: "Make sure certificate is in PEM format"
  ansible.builtin.command:
    cmd: "openssl x509 -in /tmp/{{ item.cert_name }}.tmp -out {{ import_vault_root_ca_cert_dir }}/{{ item.cert_name }}.crt -outform pem"
    creates: "{{ import_vault_root_ca_cert_dir }}/{{ item.cert_name }}.crt"
  loop: "{{ import_vault_root_ca_certificate_list }}"
  notify:
    - update-ca-certificates
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,2 +1,7 @@
 ---
-# tasks file for import_vault_root_ca
+# task/main file for import_vault_root_ca
 - name: "Import prerequisites.yml"
  ansible.builtin.include_tasks: prerequisites.yml
 - name: "Import import.yml"
  ansible.builtin.include_tasks: import.yml
--- a/tasks/prerequisites.yml
+++ b/tasks/prerequisites.yml
@ -0,0 +1,23 @@
 ---
 # task/prerequisites file for import_vault_root_ca
 - name: "Install required roles"
  ansible.builtin.command:
    cmd: "ansible-galaxy install {{ item }}"
  loop: "{{ import_vault_root_ca_prerequisites_roles }}"
  changed_when: false
  delegate_to: localhost
  run_once: true
 - name: "Install dependencies"
  ansible.builtin.include_role:
    name: ednxzu.manage_apt_packages
  vars:
    manage_apt_packages_list: "{{ import_vault_root_ca_packages }}"
 - name: "Create directory {{ import_vault_root_ca_cert_dir }}"
  ansible.builtin.file:
    path: "{{ import_vault_root_ca_cert_dir }}"
    state: directory
    owner: "root"
    group: "root"
    mode: '0755'
--- a/vars/main.yml
+++ b/vars/main.yml
@ -1,2 +1,12 @@
 ---
 # vars file for import_vault_root_ca
 import_vault_root_ca_cert_dir: /usr/local/share/ca-certificates
 import_vault_root_ca_prerequisites_roles:
  - ednxzu.manage_apt_packages
 import_vault_root_ca_packages:
  - name: openssl
    version: latest
    state: present
  - name: ca-certificates
    version: latest
    state: present