|
|
|
---
|
|
|
|
|
|
|
|
- name: Install dependencies
|
|
|
|
yum:
|
|
|
|
name:
|
|
|
|
- openssl-devel
|
|
|
|
- openldap-devel
|
|
|
|
- libxml2-devel
|
|
|
|
- expat-devel
|
|
|
|
- mariadb-devel
|
|
|
|
- libapreq2-devel
|
|
|
|
- gcc
|
|
|
|
- perl-App-cpanminus
|
|
|
|
- gettext # To build I18N files
|
|
|
|
- pwgen # To generate random secrets
|
|
|
|
- java-1.8.0-openjdk-headless # For keytool utility
|
|
|
|
- systemd-devel # Needed for Log::Log4perl::Appender::Journald
|
|
|
|
- MySQL-python # To create and manage the MySQL DB
|
|
|
|
- mysql # To load the schema
|
|
|
|
- patch # To apply local patches
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Download OpenXPKI
|
|
|
|
get_url:
|
|
|
|
url: "{{ pki_archive_url }}"
|
|
|
|
dest: "{{ pki_root_dir }}/src"
|
|
|
|
checksum: "sha1:{{ pki_archive_sha1 }}"
|
|
|
|
register: pki_download
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Download OpenXPKI config
|
|
|
|
get_url:
|
|
|
|
url: "{{ pki_config_archive_url }}"
|
|
|
|
dest: "{{ pki_root_dir }}/src"
|
|
|
|
checksum: "sha1:{{ pki_config_archive_sha1 }}"
|
|
|
|
register: pki_config_download
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Extract OpenXPKI
|
|
|
|
unarchive:
|
|
|
|
src: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}.tar.gz"
|
|
|
|
dest: "{{ pki_root_dir }}/src"
|
|
|
|
remote_src: True
|
|
|
|
when: pki_download.changed
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Extract OpenXPKI config
|
|
|
|
unarchive:
|
|
|
|
src: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}.tar.gz"
|
|
|
|
dest: "{{ pki_root_dir }}/src"
|
|
|
|
remote_src: True
|
|
|
|
when: pki_config_download.changed
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
# This is needed or make will fail
|
|
|
|
- name: Write version in source dir
|
|
|
|
copy: content={{ pki_version }} dest={{ pki_root_dir }}/src/openxpki-{{ pki_version }}/VERSION
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Stop openxpki during upgrade
|
|
|
|
service: name=openxpki state=stopped
|
|
|
|
when: pki_install_mode == 'upgrade'
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
# With this, we ensure we update all perl modules each time we update OpenXPKI
|
|
|
|
- name: Wipe local lib dir
|
|
|
|
file: path={{ pki_root_dir }}/lib/perl5 state=absent
|
|
|
|
when: pki_install_mode == 'upgrade'
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Install perl modules needed to run the build
|
|
|
|
cpanm:
|
|
|
|
name: "{{ item }}"
|
|
|
|
locallib: "{{ pki_root_dir }}"
|
|
|
|
with_items:
|
|
|
|
- Config::Std
|
|
|
|
- Fatal
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Install perl module without tests
|
|
|
|
cpanm:
|
|
|
|
name: "{{ item }}"
|
|
|
|
locallib: "{{ pki_root_dir }}"
|
|
|
|
notest: True
|
|
|
|
with_items:
|
|
|
|
- Git::PurePerl
|
|
|
|
- Connector # This module tries to fetch web content without checking proxy from env
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Install OpenXPKI dependencies
|
|
|
|
cpanm:
|
|
|
|
locallib: "{{ pki_root_dir }}"
|
|
|
|
installdeps: True
|
|
|
|
from_path: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server"
|
|
|
|
environment:
|
|
|
|
PERL5LIB: "{{ pki_root_dir }}/lib/perl5"
|
|
|
|
PATH: "{{ pki_root_dir }}/bin:{{ ansible_env.PATH }}"
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Build OpenXPKI
|
|
|
|
cpanm:
|
|
|
|
locallib: "{{ pki_root_dir }}"
|
|
|
|
from_path: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server"
|
|
|
|
notest: True
|
|
|
|
when: pki_install_mode != 'none'
|
|
|
|
environment:
|
|
|
|
PERL5LIB: "{{ pki_root_dir }}/lib/perl5"
|
|
|
|
PATH: "{{ pki_root_dir }}/bin:{{ ansible_env.PATH }}"
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Install additional perl modules
|
|
|
|
cpanm:
|
|
|
|
name: "{{ item }}"
|
|
|
|
locallib: "{{ pki_root_dir }}"
|
|
|
|
with_items:
|
|
|
|
- Devel::CheckLib # Needed to build BDB::mysql >= 4.047
|
|
|
|
- DBD::mysql
|
|
|
|
- Log::Log4perl::Appender::Journald
|
|
|
|
- Data::Dump # Needed for the external ldap auth script
|
|
|
|
- String::Escape # Needed for the external ldap auth script
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Install OpenXPKI
|
|
|
|
command: make install
|
|
|
|
args:
|
|
|
|
chdir: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server"
|
|
|
|
when: pki_install_mode != 'none'
|
|
|
|
notify: restart openxpki
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Install OpenXPKI CGI::Session driver
|
|
|
|
copy:
|
|
|
|
src: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server/CGI_Session_Driver/openxpki.pm"
|
|
|
|
dest: "{{ pki_root_dir }}/lib/perl5/CGI/Session/Driver/openxpki.pm"
|
|
|
|
remote_src: True
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
# This is needed so the build-pot.pl script finds msg labels in config
|
|
|
|
# during the make scan step in next task
|
|
|
|
- name: Copy default conf in server source directory
|
|
|
|
synchronize:
|
|
|
|
src: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/"
|
|
|
|
dest: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/config/"
|
|
|
|
recursive: True
|
|
|
|
delete: True
|
|
|
|
delegate_to: "{{ inventory_hostname }}"
|
|
|
|
when: pki_install_mode != 'none'
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Scan, build and install translations
|
|
|
|
shell: make scan && make && make install LOCALE_DIR={{ pki_root_dir }}/locale
|
|
|
|
args:
|
|
|
|
chdir: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/i18n"
|
|
|
|
when: pki_install_mode != 'none'
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Install the web UI
|
|
|
|
synchronize:
|
|
|
|
src: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server/{{ item }}"
|
|
|
|
dest: "{{ pki_root_dir }}/web/"
|
|
|
|
recursive: True
|
|
|
|
delegate_to: "{{ inventory_hostname }}"
|
|
|
|
with_items:
|
|
|
|
- cgi-bin
|
|
|
|
- htdocs
|
|
|
|
when: pki_install_mode != 'none'
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Fix relative URL in the index page
|
|
|
|
command: sed -i -e 's|/openxpki/|{{ pki_web_alias }}|g' {{ pki_root_dir }}/web/htdocs/default.html
|
|
|
|
changed_when: False
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Install wrapper scripts
|
|
|
|
template: src=bin/{{ item }}.j2 dest=/usr/local/bin/{{ item }} mode=755
|
|
|
|
with_items:
|
|
|
|
- openxpkiadm
|
|
|
|
- openxpkicmd
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Deploy cron scripts
|
|
|
|
template: src=bin/{{ item }}.j2 dest={{ pki_root_dir }}/bin/{{ item }} mode=755
|
|
|
|
with_items:
|
|
|
|
- crl_update
|
|
|
|
- notify_expiry
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Setup cronjobs
|
|
|
|
cron:
|
|
|
|
name: "{{ item.script }}"
|
|
|
|
cron_file: openxpki
|
|
|
|
user: "{{ pki_user }}"
|
|
|
|
job: /bin/systemd-cat {{ pki_root_dir }}/bin/{{ item.script }}
|
|
|
|
special_time: "{{ item.freq }}"
|
|
|
|
with_items:
|
|
|
|
- script: crl_update
|
|
|
|
freq: hourly
|
|
|
|
- script: notify_expiry
|
|
|
|
freq: weekly
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- import_tasks: ../includes/webapps_create_mysql_db.yml
|
|
|
|
vars:
|
|
|
|
- db_name: "{{ pki_db_name }}"
|
|
|
|
- db_user: "{{ pki_db_user }}"
|
|
|
|
- db_server: "{{ pki_db_server }}"
|
|
|
|
- db_pass: "{{ pki_db_pass }}"
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Inject MySQL schema
|
|
|
|
mysql_db:
|
|
|
|
name: "{{ pki_db_name }}"
|
|
|
|
state: import
|
|
|
|
target: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/contrib/sql/schema-mysql.sql"
|
|
|
|
login_host: "{{ pki_db_server }}"
|
|
|
|
login_user: sqladmin
|
|
|
|
login_password: "{{ mysql_admin_pass }}"
|
|
|
|
when:
|
|
|
|
- pki_install_mode == 'install'
|
|
|
|
- pki_db.changed
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Copy additional sql scripts
|
|
|
|
copy: src={{ item }} dest={{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/contrib/sql/{{ item }}
|
|
|
|
loop:
|
|
|
|
- session_table.sql
|
|
|
|
- upgrade_to_v3.sql
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Create session table
|
|
|
|
mysql_db:
|
|
|
|
name: "{{ pki_db_name }}"
|
|
|
|
state: import
|
|
|
|
target: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/contrib/sql/session_table.sql"
|
|
|
|
login_host: "{{ pki_db_server }}"
|
|
|
|
login_user: sqladmin
|
|
|
|
login_password: "{{ mysql_admin_pass }}"
|
|
|
|
when:
|
|
|
|
- pki_install_mode != 'none'
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Create user for session table
|
|
|
|
mysql_user:
|
|
|
|
name: "{{ pki_db_session_user }}"
|
|
|
|
password: "{{ pki_db_session_pass }}"
|
|
|
|
priv: "{{ pki_db_name }}.frontend_session:SELECT,INSERT,UPDATE,DELETE"
|
|
|
|
append_privs: "{{ append_privs | default(False) }}"
|
|
|
|
host: "{{ ( pki_db_server == 'localhost' ) | ternary('localhost', item ) }}"
|
|
|
|
login_host: "{{ pki_db_server }}"
|
|
|
|
login_user: sqladmin
|
|
|
|
login_password: "{{ mysql_admin_pass }}"
|
|
|
|
state: present
|
|
|
|
with_items: "{{ ansible_all_ipv4_addresses }}"
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Upgrade database from v2 to v3
|
|
|
|
mysql_db:
|
|
|
|
name: "{{ pki_db_name }}"
|
|
|
|
state: import
|
|
|
|
target: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/contrib/sql/upgrade_to_v3.sql"
|
|
|
|
login_host: "{{ pki_db_server }}"
|
|
|
|
login_user: sqladmin
|
|
|
|
login_password: "{{ mysql_admin_pass }}"
|
|
|
|
when:
|
|
|
|
- pki_install_mode == 'upgrade'
|
|
|
|
- pki_current_version is match('^2')
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Copy DB upgrades scripts
|
|
|
|
copy: src=upgrade_to_v{{ item }}.sql dest={{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/contrib/sql/
|
|
|
|
loop:
|
|
|
|
- '3.4'
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Apply db upgrades
|
|
|
|
mysql_db:
|
|
|
|
name: "{{ pki_db_name }}"
|
|
|
|
state: import
|
|
|
|
target: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/contrib/sql/upgrade_to_v{{ item }}.sql"
|
|
|
|
login_host: "{{ pki_db_server }}"
|
|
|
|
login_user: sqladmin
|
|
|
|
login_password: "{{ mysql_admin_pass }}"
|
|
|
|
loop:
|
|
|
|
- '3.4'
|
|
|
|
when:
|
|
|
|
- pki_install_mode == 'upgrade'
|
|
|
|
- pki_current_version is version(item, '<')
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Deploy systemd unit
|
|
|
|
template: src=openxpki.service.j2 dest=/etc/systemd/system/openxpki.service
|
|
|
|
register: pki_unit
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Reload systemd
|
|
|
|
systemd: daemon_reload=True
|
|
|
|
when: pki_unit.changed
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Deploy authentication script helpers
|
|
|
|
copy: src={{ item }} dest={{ pki_root_dir }}/bin/{{ item }} mode=755
|
|
|
|
with_items:
|
|
|
|
- openxpki-auth-ldap
|
|
|
|
tags: pki
|
|
|
|
|
|
|
|
- name: Install pre and post backup scripts
|
|
|
|
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/openxpki mode=750
|
|
|
|
loop:
|
|
|
|
- pre
|
|
|
|
- post
|
|
|
|
tags: pki
|