|
|
@@ -0,0 +1,110 @@
|
|
|
+# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
|
|
|
+#
|
|
|
+# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
+# you may not use this file except in compliance with the License.
|
|
|
+# You may obtain a copy of the License at
|
|
|
+#
|
|
|
+# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
+#
|
|
|
+# Unless required by applicable law or agreed to in writing, software
|
|
|
+# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
+# See the License for the specific language governing permissions and
|
|
|
+# limitations under the License.
|
|
|
+---
|
|
|
+
|
|
|
+- name: Check if omnia config file is encrypted
|
|
|
+ command: cat {{ role_path }}/../../{{ config_filename }}
|
|
|
+ changed_when: false
|
|
|
+ register: config_content
|
|
|
+ no_log: True
|
|
|
+ delegate_to: localhost
|
|
|
+
|
|
|
+- name: Decrpyt omnia_config.yml
|
|
|
+ command: >-
|
|
|
+ ansible-vault decrypt {{ role_path }}/../../{{ config_filename }}
|
|
|
+ --vault-password-file {{ role_path }}/../../{{ config_vaultname }}
|
|
|
+ when: "'$ANSIBLE_VAULT;' in config_content.stdout"
|
|
|
+ delegate_to: localhost
|
|
|
+
|
|
|
+- name: Include variable file omnia_config.yml
|
|
|
+ include_vars: "{{ role_path }}/../../{{ config_filename }}"
|
|
|
+ delegate_to: localhost
|
|
|
+ no_log: True
|
|
|
+
|
|
|
+- name: Validate login node parameters when login_node_reqd is set to true
|
|
|
+ fail:
|
|
|
+ msg: "{{ input_config_failure_msg }} for login_node"
|
|
|
+ when:
|
|
|
+ - ( domain_name | length < 1 or
|
|
|
+ realm_name | length < 1 or
|
|
|
+ directory_manager_password | length < 1 or
|
|
|
+ kerberos_admin_password | length < 1 )
|
|
|
+ - login_node_required
|
|
|
+ delegate_to: localhost
|
|
|
+
|
|
|
+- name: Verify the value of enable_secure_login_node
|
|
|
+ assert:
|
|
|
+ that:
|
|
|
+ - enable_secure_login_node == true or enable_secure_login_node == false
|
|
|
+ success_msg: "{{ secure_login_node_success_msg }}"
|
|
|
+ fail_msg: "{{ secure_login_node_fail_msg }}"
|
|
|
+ delegate_to: localhost
|
|
|
+
|
|
|
+- name: Login node to contain exactly 1 node
|
|
|
+ assert:
|
|
|
+ that:
|
|
|
+ - "groups['login_node'] | length | int == 1"
|
|
|
+ fail_msg: "{{ login_node_group_fail_msg }}"
|
|
|
+ success_msg: "{{ login_node_group_success_msg }}"
|
|
|
+ delegate_to: localhost
|
|
|
+
|
|
|
+- name: Validate the domain name
|
|
|
+ assert:
|
|
|
+ that:
|
|
|
+ - domain_name is regex("^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,}$")
|
|
|
+ success_msg: "{{ domain_name_success_msg }}"
|
|
|
+ fail_msg: "{{ domain_name_fail_msg }}"
|
|
|
+ delegate_to: localhost
|
|
|
+
|
|
|
+- name: Validate the realm name
|
|
|
+ assert:
|
|
|
+ that:
|
|
|
+ - realm_name is regex("^(?!-)[A-Z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Z]{2,}$")
|
|
|
+ - '"." in realm_name'
|
|
|
+ success_msg: "{{ realm_name_success_msg }}"
|
|
|
+ fail_msg: "{{ realm_name_fail_msg }}"
|
|
|
+ delegate_to: localhost
|
|
|
+
|
|
|
+- name: Assert directory_manager_password
|
|
|
+ assert:
|
|
|
+ that:
|
|
|
+ - directory_manager_password | length > min_length | int - 1
|
|
|
+ - directory_manager_password | length < max_length | int + 1
|
|
|
+ - '"-" not in directory_manager_password '
|
|
|
+ - '"\\" not in directory_manager_password '
|
|
|
+ - '"\"" not in directory_manager_password '
|
|
|
+ - " \"'\" not in directory_manager_password "
|
|
|
+ success_msg: "{{ success_msg_directory_manager_password }}"
|
|
|
+ fail_msg: "{{ fail_msg_directory_manager_password }}"
|
|
|
+ delegate_to: localhost
|
|
|
+
|
|
|
+- name: Assert kerberos_admin_password
|
|
|
+ assert:
|
|
|
+ that:
|
|
|
+ - kerberos_admin_password | length > min_length | int - 1
|
|
|
+ - kerberos_admin_password | length < max_length | int + 1
|
|
|
+ - '"-" not in kerberos_admin_password '
|
|
|
+ - '"\\" not in kerberos_admin_password '
|
|
|
+ - '"\"" not in kerberos_admin_password '
|
|
|
+ - " \"'\" not in kerberos_admin_password "
|
|
|
+ success_msg: "{{ success_msg_kerberos_admin_password }}"
|
|
|
+ fail_msg: "{{ fail_msg_kerberos_admin_password }}"
|
|
|
+ delegate_to: localhost
|
|
|
+
|
|
|
+- name: Encrypt input config file
|
|
|
+ command: >-
|
|
|
+ ansible-vault encrypt {{ role_path }}/../../{{ config_filename }}
|
|
|
+ --vault-password-file {{ role_path }}/../../{{ config_vaultname }}
|
|
|
+ changed_when: false
|
|
|
+ delegate_to: localhost
|
abhishek-sa1