Skip to content
Snippets Groups Projects
main.yml 2.06 KiB
Newer Older
Todor Kondic's avatar
Todor Kondic committed
- name: Update and upgrade system.
  apt:
    upgrade: yes
    update_cache: yes
    cache_valid_time: 86400

- name: Install packages
  apt:
    name: [ 'nscd',
    'curl',
    'wget',
    'gzip',
    'atop',
    'git',
    'gvfs',
    'cifs-utils',
    's3fs',
    'default-jre-headless',
    'default-jdk-headless',
    'python3-cryptography']
Todor Kondic's avatar
Todor Kondic committed
- name: Set up dhclient.conf
  ansible.builtin.lineinfile:
    insertafter: EOF
    line: send dhcp-client-identifier = hardware;
    path: /etc/dhcp/dhclient.conf
  notify: restart-network
Todor Kondic's avatar
Todor Kondic committed
- name: Create /eci-users.
  ansible.builtin.file:
        path: /etc/eci-users
        state: directory
        mode: '0711'

- name: Create /eci-users/user.
  ansible.builtin.file:
        path: "/etc/eci-users/{{ item }}"
        state: directory
        mode: '0711'
  loop: "{{ eci_users }}"
Todor Kondic's avatar
Todor Kondic committed
  
- name: Create /etc/eci-platform.
  ansible.builtin.file:
        path: /etc/eci-platform
        state: directory
        mode: '0711'

- name: Create /etc/eci-platform/priv.
  ansible.builtin.file:
        path: /etc/eci-platform/priv
        state: directory
        mode: '0700'

- name: Create /etc/eci-platform/pub.
  ansible.builtin.file:
        path: /etc/eci-platform/pub
        state: directory
        mode: '0755'
        
- name: Create private key.
  community.crypto.openssl_privatekey:
    path: /etc/eci-platform/priv/certificate.key

- name: Create certificate signing request (CSR) for self-signed certificate.
  community.crypto.openssl_csr_pipe:
    privatekey_path: /etc/eci-platform/priv/certificate.key
    common_name: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}.uni.lux"
    organization_name: Environmental Cheminformatics
    subject_alt_name:
      - "DNS:{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}.uni.lux"
  register: csr

- name: Create self-signed certificate from CSR
  community.crypto.x509_certificate:
    path: /etc/eci-platform/pub/certificate.key
    csr_content: "{{ csr.csr }}"
    privatekey_path: /etc/eci-platform/priv/certificate.key
    provider: selfsigned