[CORD-1530]
Make config file directory creation using become an optional step
Cleanup various incongruities in defaults
Change-Id: I6fb77ab1ccdf08a18468adbc59474f94d603fc11
diff --git a/roles/create-configdirs-become/defaults/main.yml b/roles/create-configdirs-become/defaults/main.yml
new file mode 100644
index 0000000..e2667d5
--- /dev/null
+++ b/roles/create-configdirs-become/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+# create-configdirs-privileged/defaults/main.yml
+
+# where the cord_profile directory is on the config node
+config_cord_profile_dir: "/opt/cord_profile"
+
+pki_dir: "{{ playbook_dir }}/pki"
+ssh_pki_dir: "{{ playbook_dir }}/ssh_pki"
+credentials_dir: "{{ playbook_dir }}/credentials"
+
+site_name: placeholder-sitename
+
diff --git a/roles/create-configdirs-become/tasks/main.yml b/roles/create-configdirs-become/tasks/main.yml
new file mode 100644
index 0000000..8f53f5d
--- /dev/null
+++ b/roles/create-configdirs-become/tasks/main.yml
@@ -0,0 +1,61 @@
+---
+# create-configdirs-privileged/tasks/main.yml
+
+# This role exists to work around issues with the local scenario, which may not
+# necessarily be run by a user with become (sudo) rights, which causes these
+# director creation tasks to fail when `become: yes` is used.
+
+# become version of directory creation from `cord-profile` role
+- name: Create cord_profile directory, privileged
+ become: yes
+ file:
+ path: "{{ config_cord_profile_dir }}"
+ state: directory
+ mode: 0755
+ owner: "{{ ansible_user_id }}"
+ group: "{{ ansible_user_gid }}"
+
+# become version of directory creation from `pki-root-ca` role
+- name: Create PKI and credentials directories, privileged
+ become: yes
+ file:
+ dest: "{{ item }}"
+ state: directory
+ owner: "{{ ansible_user_id }}"
+ mode: 0700
+ with_items:
+ - "{{ credentials_dir }}"
+ - "{{ pki_dir }}"
+
+- name: Create root CA directory, privileged
+ become: yes
+ file:
+ dest: "{{ pki_dir }}/root_ca"
+ state: directory
+ owner: "{{ ansible_user_id }}"
+ mode: 0755
+
+# become version of directory creation from `pki-intermediate-ca` role
+- name: Create intermediate CA directory, privileged
+ become: yes
+ file:
+ dest: "{{ pki_dir }}/{{ site_name }}_im_ca"
+ state: directory
+ owner: "{{ ansible_user_id }}"
+ mode: 0755
+
+# become version of directory creation from `ssh-pki` role
+- name: Create SSH CA Directory
+ become: yes
+ file:
+ dest: "{{ item }}"
+ state: directory
+ owner: "{{ ansible_user_id }}"
+ mode: 0700
+ with_items:
+ - "{{ ssh_pki_dir }}"
+ - "{{ ssh_pki_dir }}/ca"
+ - "{{ ssh_pki_dir }}/client_certs"
+ - "{{ ssh_pki_dir }}/host_certs"
+
+