In CentOS and Suse, /etc/ssl/certs is a symbolic link to
/etc/ssl/pki/tls/certs. The Ansible module "file" will fail if it is asked to
create a directory which is already a symbolic link.
This patch will check if /etc/ssl/certs exists before trying to create it.
The same check is done both on the host and the opnfv guest VM.
Also, /etc/certs is only writable by root, so we need a "become: true" clause
to be able to modify it in localhost (but not in opnvf VM).
Change-Id: Iab6c3c162548f84ad6082829e4a7c2ab63d2cfa0
Signed-off-by: Tapio Tallgren <tapio.tallgren@nokia.com>
- name: Load distribution variables
include_vars:
file: ../var/{{ ansible_os_family }}.yml
+ - name: check if certificate directory /etc/ssl/certs exists already
+ stat: path=/etc/ssl/certs
+ register: check_etc_ssl_certs
- name: create certificate directory /etc/ssl/certs
+ become: true
file:
path: "/etc/ssl/certs"
state: directory
- when: ansible_pkg_mgr != 'zypper'
+ when: check_etc_ssl_certs.stat.exists == false
- name: create key directory /etc/ssl/private
+ become: true
file:
path: "/etc/ssl/private"
state: directory
command: "python pw-token-gen.py --file {{OPENSTACK_OSA_ETC_PATH}}/user_secrets.yml"
args:
chdir: "{{OPENSTACK_OSA_PATH}}/scripts"
+ - name: check if certificate directory /etc/ssl/certs exists already
+ stat: path=/etc/ssl/certs
+ register: check_etc_ssl_certs
- name: create certificate directory /etc/ssl/certs
file:
path: "/etc/ssl/certs"
state: directory
- when: ansible_pkg_mgr != 'zypper'
+ when: check_etc_ssl_certs.stat.exists == false
- name: create key directory /etc/ssl/private
file:
path: "/etc/ssl/private"
copy:
src: "/etc/ssl/certs/xci.crt"
dest: "/etc/ssl/certs/"
- become: true
- name: read remote key from /etc/ssl/private
set_fact:
xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}"
Code Review / releng-xci.git / commitdiff