# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- - name: Check if omnia config file is encrypted command: cat {{ role_path }}/../../{{ config_filename }} changed_when: false register: config_content no_log: True delegate_to: localhost - name: Decrpyt omnia_config.yml command: >- ansible-vault decrypt {{ role_path }}/../../{{ config_filename }} --vault-password-file {{ role_path }}/../../{{ config_vaultname }} when: "'$ANSIBLE_VAULT;' in config_content.stdout" delegate_to: localhost - name: Include variable file omnia_config.yml include_vars: "{{ role_path }}/../../{{ config_filename }}" delegate_to: localhost no_log: True - name: Validate login node parameters when login_node_reqd is set to true fail: msg: "{{ input_config_failure_msg }} for login_node" when: - ( domain_name | length < 1 or realm_name | length < 1 or directory_manager_password | length < 1 or kerberos_admin_password | length < 1 ) - login_node_required delegate_to: localhost - name: Verify the value of enable_secure_login_node assert: that: - enable_secure_login_node == true or enable_secure_login_node == false success_msg: "{{ secure_login_node_success_msg }}" fail_msg: "{{ secure_login_node_fail_msg }}" delegate_to: localhost - name: Login node to contain exactly 1 node assert: that: - "groups['login_node'] | length | int == 1" fail_msg: "{{ login_node_group_fail_msg }}" success_msg: "{{ login_node_group_success_msg }}" delegate_to: localhost - name: Validate the domain name assert: that: - domain_name is regex("^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,}$") success_msg: "{{ domain_name_success_msg }}" fail_msg: "{{ domain_name_fail_msg }}" delegate_to: localhost - name: Validate the realm name assert: that: - realm_name is regex("^(?!-)[A-Z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Z]{2,}$") - '"." in realm_name' success_msg: "{{ realm_name_success_msg }}" fail_msg: "{{ realm_name_fail_msg }}" delegate_to: localhost - name: Assert directory_manager_password assert: that: - directory_manager_password | length > min_length | int - 1 - directory_manager_password | length < max_length | int + 1 - '"-" not in directory_manager_password ' - '"\\" not in directory_manager_password ' - '"\"" not in directory_manager_password ' - " \"'\" not in directory_manager_password " success_msg: "{{ success_msg_directory_manager_password }}" fail_msg: "{{ fail_msg_directory_manager_password }}" delegate_to: localhost - name: Assert kerberos_admin_password assert: that: - kerberos_admin_password | length > min_length | int - 1 - kerberos_admin_password | length < max_length | int + 1 - '"-" not in kerberos_admin_password ' - '"\\" not in kerberos_admin_password ' - '"\"" not in kerberos_admin_password ' - " \"'\" not in kerberos_admin_password " success_msg: "{{ success_msg_kerberos_admin_password }}" fail_msg: "{{ fail_msg_kerberos_admin_password }}" delegate_to: localhost - name: Encrypt input config file command: >- ansible-vault encrypt {{ role_path }}/../../{{ config_filename }} --vault-password-file {{ role_path }}/../../{{ config_vaultname }} changed_when: false delegate_to: localhost