| Matteo Scandolo | 3896c47 | 2017-08-01 13:31:42 -0700 | [diff] [blame] | 1 | |
| 2 | # Copyright 2017-present Open Networking Foundation |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | # you may not use this file except in compliance with the License. |
| 6 | # You may obtain a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | # See the License for the specific language governing permissions and |
| 14 | # limitations under the License. |
| 15 | |
| 16 | |
| Zack Williams | 7928696 | 2017-07-10 12:24:37 -0700 | [diff] [blame] | 17 | --- |
| 18 | # create-configdirs-privileged/tasks/main.yml |
| 19 | |
| 20 | # This role exists to work around issues with the local scenario, which may not |
| 21 | # necessarily be run by a user with become (sudo) rights, which causes these |
| 22 | # director creation tasks to fail when `become: yes` is used. |
| 23 | |
| 24 | # become version of directory creation from `cord-profile` role |
| 25 | - name: Create cord_profile directory, privileged |
| 26 | become: yes |
| 27 | file: |
| 28 | path: "{{ config_cord_profile_dir }}" |
| 29 | state: directory |
| 30 | mode: 0755 |
| 31 | owner: "{{ ansible_user_id }}" |
| 32 | group: "{{ ansible_user_gid }}" |
| 33 | |
| 34 | # become version of directory creation from `pki-root-ca` role |
| 35 | - name: Create PKI and credentials directories, privileged |
| 36 | become: yes |
| 37 | file: |
| 38 | dest: "{{ item }}" |
| 39 | state: directory |
| 40 | owner: "{{ ansible_user_id }}" |
| 41 | mode: 0700 |
| 42 | with_items: |
| 43 | - "{{ credentials_dir }}" |
| 44 | - "{{ pki_dir }}" |
| 45 | |
| 46 | - name: Create root CA directory, privileged |
| 47 | become: yes |
| 48 | file: |
| 49 | dest: "{{ pki_dir }}/root_ca" |
| 50 | state: directory |
| 51 | owner: "{{ ansible_user_id }}" |
| 52 | mode: 0755 |
| 53 | |
| 54 | # become version of directory creation from `pki-intermediate-ca` role |
| 55 | - name: Create intermediate CA directory, privileged |
| 56 | become: yes |
| 57 | file: |
| 58 | dest: "{{ pki_dir }}/{{ site_name }}_im_ca" |
| 59 | state: directory |
| 60 | owner: "{{ ansible_user_id }}" |
| 61 | mode: 0755 |
| 62 | |
| 63 | # become version of directory creation from `ssh-pki` role |
| 64 | - name: Create SSH CA Directory |
| 65 | become: yes |
| 66 | file: |
| 67 | dest: "{{ item }}" |
| 68 | state: directory |
| 69 | owner: "{{ ansible_user_id }}" |
| 70 | mode: 0700 |
| 71 | with_items: |
| 72 | - "{{ ssh_pki_dir }}" |
| 73 | - "{{ ssh_pki_dir }}/ca" |
| 74 | - "{{ ssh_pki_dir }}/client_certs" |
| 75 | - "{{ ssh_pki_dir }}/host_certs" |
| 76 | |
| 77 | |