From d8f68ce3c40d7df4ea26d27a3496fa19e69e226a Mon Sep 17 00:00:00 2001 From: Marco Massari Calderone Date: Thu, 7 Jun 2018 14:36:53 -0500 Subject: [PATCH] add JC dependencies installation --- README.md | 3 +- defaults/main.yml | 82 +++++++++++++++++++++++++++++++++ tasks/install.yml | 95 ++++++++++++++++++++------------------- tasks/install_deps.yml | 37 +++++++++++++++ tasks/main.yml | 15 +++---- tasks/reset_jumpcloud.yml | 47 +++++++++++++++++++ 6 files changed, 222 insertions(+), 57 deletions(-) create mode 100644 tasks/install_deps.yml create mode 100644 tasks/reset_jumpcloud.yml diff --git a/README.md b/README.md index 354b335..130b85c 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,8 @@ Default: `no` Whether or not to use sudo during installation. -#### [`jumpcloud_tags`] +#### [`jumpcloud_tags`][jumpcloud-tagsh] + The list of JC tags you want a host or a group of hosts to be part of - 'tag_one' - 'tag_two' diff --git a/defaults/main.yml b/defaults/main.yml index 9b1a3df..f86d2df 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,9 @@ --- jumpcloud_directory: /opt/jc +jumpcloud_ca_cert: "{{ jumpcloud_directory }}/ca.crt" +jumpcloud_client_cert: "{{ jumpcloud_directory }}/client.crt" +jumpcloud_client_key: "{{ jumpcloud_directory }}/client.key" jumpcloud_agent_config: "{{ jumpcloud_directory }}/jcagent.conf" jumpcloud_x_connect_key: "{{ enc_jumpcloud_x_connect_key }}" #store enc_jumpcloud_x_connect_key in an ansible vault @@ -17,4 +20,83 @@ jumpcloud_allowPublicKeyAuthentication: 'true' jumpcloud_allowSshPasswordAuthentication: 'true' jumpcloud_allowSshRootLogin: 'true' jumpcloud_allowMultiFactorAuthentication: 'false' +jumpcloud_rhel_dependencies: + - chkconfig + - coreutils + - curl + - findutils + - gawk + - glibc-common + - grep + - initscripts + - lsof + - net-tools + - rpm + - shadow-utils + - tar + - util-linux + - which + - yum + - sudo + - psmisc + - redhat-lsb-core + +jumpcloud_centos_dependencies: + - chkconfig + - coreutils + - curl + - findutils + - gawk + - glibc-common + - grep + - initscripts + - lsof + - net-tools + - rpm + - shadow-utils + - tar + - util-linux + - which + - yum + - sudo + - policycoreutils + - psmisc + - redhat-lsb-core +jumpcloud_debian_dependencies: + - apt-rdepends + # - apt-show-versions + - coreutils + - curl + - dpkg + - grep + - hostname + - libc-bin + - lsb-release + - lsof + - mawk + - passwd + - procps + - sysv-rc + - sysvinit-utils + - tar + - libpam-runtime + - libpam-modules + - sudo + - psmisc +jumpcloud_ubuntu_dependencies: + - apt-rdepends + - coreutils + - curl + - dpkg + - grep + - hostname + - libc-bin + - lsb-release + - lsof + - mawk + - passwd + - procps + - sysvinit-utils + - tar + - sudo ... diff --git a/tasks/install.yml b/tasks/install.yml index 48e06b6..0980017 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -1,60 +1,63 @@ --- -- name: Download JumpCloud Kickstart script - get_url: - url: "{{ jumpcloud_x_connect_url }}" - dest: "{{ jumpcloud_kickstart_script }}" - mode: 0755 - headers: "x-connect-key: {{ jumpcloud_x_connect_key }}" - become: "{{ jumpcloud_use_sudo }}" -- name: if the system is a Ubuntu 12.xx then tricks the temporary the version for the Kickstarter to work +- name: If the system is a Ubuntu 12.xx then tricks the temporary the version for the Kickstarter to work lineinfile: - path: /etc/issue - regexp: '^Ubuntu 12' - line: 'Ubuntu 14.04.5 LTS \n \l' - state: present - backup: yes - when: ansible_distribution == "Ubuntu" and "12" in ansible_distribution_version - register: line_infile_result - -- name: saving the position of the `/etc/issue` backup + path: /etc/issue + regexp: '^Ubuntu 12' + line: 'Ubuntu 14.04.5 LTS \n \l' + state: present + backup: yes + when: ansible_distribution == "Ubuntu" and "12" in ansible_distribution_version and (jumpcloud_not_installed or jumpcloud_force_install) + register: line_infile_result + +- name: saving the position of the `/etc/issue` backup set_fact: issue_backup_file: "{{ line_infile_result.backup}}" - when: ansible_distribution == "Ubuntu" and "12" in ansible_distribution_version and line_infile_result is defined + when: ansible_distribution == "Ubuntu" and "12" in ansible_distribution_version and line_infile_result is defined and (jumpcloud_not_installed or jumpcloud_force_install) -- name: Install JumpCloud Agent - shell: "{{ jumpcloud_kickstart_script }}" +- name: Download JumpCloud Kickstart script + get_url: + url: "{{ jumpcloud_x_connect_url }}" + dest: "{{ jumpcloud_kickstart_script }}" + mode: 0755 + headers: "x-connect-key: {{ jumpcloud_x_connect_key }}" + become: "{{ jumpcloud_use_sudo }}" + +- name: Install JumpCloud Agent + shell: "{{ jumpcloud_kickstart_script }}" args: - creates: "{{ jumpcloud_agent_config}}" - become: "{{ jumpcloud_use_sudo }}" + creates: "{{ jumpcloud_agent_config}}" + become: "{{ jumpcloud_use_sudo }}" + -- name: restore '/etc/issue' backup if present +- name: check JumpCloud agent config again + stat: + path: "{{ jumpcloud_agent_config }}" + register: jumpcloud_agent_config_status + +- name: check again if JumpCloud has been initialised + set_fact: + jumpcloud_is_installed: "{{ jumpcloud_agent_config_status.stat.isreg is defined and jumpcloud_agent_config_status.stat.isreg}}" + +- name: Reset JumpCloud if `jcagent.conf` has not been created + import_tasks: reset_jumpcloud.yml + when: not jumpcloud_is_installed + +- name: restore '/etc/issue' backup if present file: - src: "{{issue_backup_file}}" - path: /etc/issue - state: hard - force: yes - when: issue_backup_file is defined + src: "{{issue_backup_file}}" + path: /etc/issue + state: hard + force: yes + when: issue_backup_file is defined -- name: removes '/etc/issue' backup file if present +- name: removes '/etc/issue' backup file if present file: - path: "{{issue_backup_file}}" - state: absent - when: issue_backup_file is defined - - -- name: Restart JumpCloud - service: - name: "{{ jumpcloud_agent_service }}" - state: restarted - become: "{{ jumpcloud_use_sudo }}" - -- name: Make Sure that jcagent.conf has been created - wait_for: - path: "{{ jumpcloud_agent_config}}" - state: present - timeout: 60 - msg: Timeout to find file "{{ jumpcloud_agent_config}}" + path: "{{issue_backup_file}}" + state: absent + when: issue_backup_file is defined + + ... diff --git a/tasks/install_deps.yml b/tasks/install_deps.yml new file mode 100644 index 0000000..669fedb --- /dev/null +++ b/tasks/install_deps.yml @@ -0,0 +1,37 @@ +--- +- debug: + msg: "Distribution {{ ansible_distribution }}" + +- name: Install dependencies in CentOS systems + yum: + name: "{{ item }}" + state: present + with_items: "{{ jumpcloud_centos_dependencies }}" + when: ansible_distribution == "CentOS" + become: "{{ jumpcloud_use_sudo }}" + +- name: Install dependencies in RHEL systems + yum: + name: "{{ item }}" + state: present + with_items: "{{ jumpcloud_rhel_dependencies }}" + when: ansible_distribution == "Red Hat Enterprise Linux" + become: "{{ jumpcloud_use_sudo }}" + +- name: Install JumpCloud depenedencies for Debian systems + apt: + name: "{{ item }}" + state: present + with_items: "{{ jumpcloud_debian_dependencies }}" + when: ansible_distribution == "Debian" + become: "{{ jumpcloud_use_sudo }}" + +- name: Install JumpCloud depenedencies for Ubuntu systems + apt: + name: "{{ item }}" + state: present + with_items: "{{ jumpcloud_ubuntu_dependencies }}" + when: ansible_distribution == "Ubuntu" + become: "{{ jumpcloud_use_sudo }}" + +... diff --git a/tasks/main.yml b/tasks/main.yml index 2bacd9c..9939e7f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -8,18 +8,13 @@ set_fact: jumpcloud_not_installed: "{{ not (jumpcloud_agent_config_status.stat.isreg is defined and jumpcloud_agent_config_status.stat.isreg) }}" -- name: Install JumpCloud if required - import_tasks: install.yml +- name: Install JumpCloud dependencies if required + import_tasks: install_deps.yml when: jumpcloud_not_installed or jumpcloud_force_install -- name: check JumpCloud agent config again - stat: - path: "{{ jumpcloud_agent_config }}" - register: jumpcloud_agent_config_status - -- name: check again if JumpCloud is installed - set_fact: - jumpcloud_is_installed: "{{ jumpcloud_agent_config_status.stat.isreg is defined and jumpcloud_agent_config_status.stat.isreg}}" +- name: Install JumpCloud if required + import_tasks: install.yml + when: jumpcloud_not_installed or jumpcloud_force_install - name: Get JumpCloud SystemKey command: grep -o -P '(?<=systemKey\":\")[a-zA-Z0-9]*' {{ jumpcloud_agent_config }} diff --git a/tasks/reset_jumpcloud.yml b/tasks/reset_jumpcloud.yml new file mode 100644 index 0000000..d5b5924 --- /dev/null +++ b/tasks/reset_jumpcloud.yml @@ -0,0 +1,47 @@ +--- +- name: stop JumpCloud + service: + name: "{{ jumpcloud_agent_service }}" + state: stopped + become: "{{ jumpcloud_use_sudo }}" + +- name: remove JumpCloud CA certificate + file: + path: "{{jumpcloud_ca_cert}}" + state: absent + become: "{{ jumpcloud_use_sudo }}" + +- name: remove JumpCloud Client certificate + file: + path: "{{jumpcloud_client_cert}}" + state: absent + become: "{{ jumpcloud_use_sudo }}" + +- name: remove JumpCloud Client Key + file: + path: "{{jumpcloud_client_key}}" + state: absent + become: "{{ jumpcloud_use_sudo }}" + +- name: Start JumpCloud + service: + name: "{{ jumpcloud_agent_service }}" + state: started + become: "{{ jumpcloud_use_sudo }}" + +- name: Make Sure that jcagent.conf has been created + wait_for: + path: "{{ jumpcloud_agent_config}}" + state: present + timeout: 60 + msg: Timeout to find file "{{ jumpcloud_agent_config}}" + +- name: check JumpCloud agent config again + stat: + path: "{{ jumpcloud_agent_config }}" + register: jumpcloud_agent_config_status + +- name: check again if JumpCloud is installed + set_fact: + jumpcloud_is_installed: "{{ jumpcloud_agent_config_status.stat.isreg is defined and jumpcloud_agent_config_status.stat.isreg}}" +...