From 326de975559369d3c1abba51e317b53a9de86e6d Mon Sep 17 00:00:00 2001 From: Thomas Gambier Date: Wed, 6 Nov 2019 20:58:11 +0100 Subject: [PATCH 1/2] re6stnet-install: don't put token in the title of the certificate --- .../roles/re6stnet-install/tasks/main.yml | 38 ++++++++++++------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/playbook/roles/re6stnet-install/tasks/main.yml b/playbook/roles/re6stnet-install/tasks/main.yml index c824c8d3..8e156555 100644 --- a/playbook/roles/re6stnet-install/tasks/main.yml +++ b/playbook/roles/re6stnet-install/tasks/main.yml @@ -5,25 +5,37 @@ - include: sysctl.yml - - name: Configure Re6st with re6st-conf + - name: Configure Re6st with re6st-conf (with computer_name, fingerprint, no token) shell: "re6st-conf --registry {{ re6st_registry_url }} -r title {{ computer_name }} --fingerprint {{ re6st_fingerprint }} -d /etc/re6stnet --anonymous" - when: re6st_annon == True and re6stnet_conf.stat.exists == False and "{{ computer_name }}" != "noname" + when: re6st_annon == False and re6stnet_conf.stat.exists == False and "{{ re6sttoken }}" == "notoken" and "{{ re6st_fingerprint }}" != "nofingerprint" and "{{ computer_name }}" != "noname" - - name: Update Facts - set_fact: - computer_name: "{{ re6sttoken }}" - when: computer_name == "noname" + - name: Configure Re6st with re6st-conf (with computer_name, fingerprint, token) + shell: "re6st-conf --registry {{ re6st_registry_url }} -r title {{ computer_name }} --fingerprint {{ re6st_fingerprint }} -d /etc/re6stnet --token {{ re6sttoken }}" + when: re6st_annon == False and re6stnet_conf.stat.exists == False and "{{ re6sttoken }}" != "notoken" and "{{ re6st_fingerprint }}" != "nofingerprint" and "{{ computer_name }}" != "noname" - - debug: msg="{{ computer_name }}" + - name: Configure Re6st with re6st-conf (with computer_name, no fingerprint, no token) + shell: "re6st-conf --registry {{ re6st_registry_url }} -r title {{ computer_name }} -d /etc/re6stnet --anonymous" + when: re6st_annon == False and re6stnet_conf.stat.exists == False and "{{ re6sttoken }}" == "notoken" and "{{ re6st_fingerprint }}" == "nofingerprint" and "{{ computer_name }}" != "noname" + - name: Configure Re6st with re6st-conf (with computer_name, no fingerprint, token) + shell: "re6st-conf --registry {{ re6st_registry_url }} -r title {{ computer_name }} -d /etc/re6stnet --token {{ re6sttoken }}" + when: re6st_annon == False and re6stnet_conf.stat.exists == False and "{{ re6sttoken }}" != "notoken" and "{{ re6st_fingerprint }}" == "nofingerprint" and "{{ computer_name }}" != "noname" - - name: Configure Re6st with re6st-conf - shell: "re6st-conf --registry {{ re6st_registry_url }} --token {{ re6sttoken }} -r title {{ computer_name }} --fingerprint {{ re6st_fingerprint }} -d /etc/re6stnet" - when: re6st_annon == False and re6stnet_conf.stat.exists == False and "{{ re6sttoken }}" != "notoken" and "{{ re6st_fingerprint }}" != "nofingerprint" + - name: Configure Re6st with re6st-conf (with no computer_name, fingerprint, no token) + shell: "re6st-conf --registry {{ re6st_registry_url }} --fingerprint {{ re6st_fingerprint }} -d /etc/re6stnet --anonymous" + when: re6st_annon == False and re6stnet_conf.stat.exists == False and "{{ re6sttoken }}" == "notoken" and "{{ re6st_fingerprint }}" != "nofingerprint" and "{{ computer_name }}" == "noname" - - name: Configure Re6st with re6st-conf - shell: "re6st-conf --registry {{ re6st_registry_url }} --token {{ re6sttoken }} -r title {{ re6sttoken }} -d /etc/re6stnet" - when: re6st_annon == False and re6stnet_conf.stat.exists == False and "{{ re6sttoken }}" != "notoken" and "{{ re6st_fingerprint }}" == "nofingerprint" + - name: Configure Re6st with re6st-conf (with no computer_name, fingerprint, token) + shell: "re6st-conf --registry {{ re6st_registry_url }} --fingerprint {{ re6st_fingerprint }} -d /etc/re6stnet --token {{ re6sttoken }}" + when: re6st_annon == False and re6stnet_conf.stat.exists == False and "{{ re6sttoken }}" != "notoken" and "{{ re6st_fingerprint }}" != "nofingerprint" and "{{ computer_name }}" == "noname" + + - name: Configure Re6st with re6st-conf (with no computer_name, no fingerprint, no token) + shell: "re6st-conf --registry {{ re6st_registry_url }} -d /etc/re6stnet --anonymous" + when: re6st_annon == False and re6stnet_conf.stat.exists == False and "{{ re6sttoken }}" == "notoken" and "{{ re6st_fingerprint }}" == "nofingerprint" and "{{ computer_name }}" == "noname" + + - name: Configure Re6st with re6st-conf (with no computer_name, no fingerprint, token) + shell: "re6st-conf --registry {{ re6st_registry_url }} -d /etc/re6stnet --token {{ re6sttoken }}" + when: re6st_annon == False and re6stnet_conf.stat.exists == False and "{{ re6sttoken }}" != "notoken" and "{{ re6st_fingerprint }}" == "nofingerprint" and "{{ computer_name }}" == "noname" - name: Recheck if configuration already exists (after running re6st-conf) stat: path=/etc/re6stnet/re6stnet.conf -- 2.30.9 From bbc008498400f08e8be2377785cdda223c7b211b Mon Sep 17 00:00:00 2001 From: Thomas Gambier Date: Thu, 7 Nov 2019 09:40:28 +0100 Subject: [PATCH 2/2] Give a title to re6st certificate when installing through re6st playbook --- playbook/re6stnet.yml | 6 +++++- playbook/vifib-re6stnet.yml | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/playbook/re6stnet.yml b/playbook/re6stnet.yml index 40382d4d..a1a1f0cb 100644 --- a/playbook/re6stnet.yml +++ b/playbook/re6stnet.yml @@ -4,7 +4,6 @@ vars: - re6st_annon: False - - computer_name: noname - re6st_fingerprint: nofingerprint vars_prompt: @@ -13,6 +12,11 @@ private: no default: "http://re6stnet.nexedi.com/" + - name: "computer_name" + prompt: "Please give a title to your re6st certificate (e.g. your computer name):" + private: no + default: "noname" + - name: "re6sttoken" prompt: "Please insert your re6stnet token:" private: no diff --git a/playbook/vifib-re6stnet.yml b/playbook/vifib-re6stnet.yml index f10afd8c..33b89dd5 100644 --- a/playbook/vifib-re6stnet.yml +++ b/playbook/vifib-re6stnet.yml @@ -10,7 +10,7 @@ vars_prompt: - name: "computer_name" - prompt: "Please insert your email or a name of this computer, it will be used to configure re6st:" + prompt: "Please give a title to your re6st certificate (e.g. your computer name):" private: no default: "noname" -- 2.30.9