-
Notifications
You must be signed in to change notification settings - Fork 2
/
ansible-te-certinstall.yml
80 lines (67 loc) · 2.77 KB
/
ansible-te-certinstall.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
---
- name: Automated Distribution of ThousandEyes Proxy SSL Certificates
hosts: cat9k
gather_facts: no
tasks:
- include_vars: params.yml
- name: Checking if App is running
cisco.ios.ios_command:
commands: "show app-hosting list | i {{te_appid}}"
register: appid_presence
- block:
- name: Checking PEM certificates | local
stat:
path: "{{pem_dir}}{{item}}"
register: dirlocalpem
with_items:
- "{{pem_file}}"
- name: Checking PEM certificates | remote
cisco.ios.ios_command:
commands: "dir {{flash_path}}: | inc {{item}}"
with_items:
- "{{pem_file}}"
register: dirflashpem
- name: Setting PEM facts | local
set_fact:
local_pem_files: "{{ local_pem_files|default([]) + [ { 'pem': item.item, 'size': item.stat.size } ] }}"
with_items: "{{dirlocalpem.results}}"
- name: Setting PEM facts | remote
set_fact:
remote_pem_files: "{{ remote_pem_files|default([]) + [ { 'pem': item.item, 'size': (item.stdout[0]|regex_findall('([^\\s]+)'))[2] if (item.stdout[0] | length) > 0 else '0' } ] }}"
with_items: "{{dirflashpem.results}}"
- name: Checking for presence of certificate PEM on local machine
stat:
path: "{{pem_dir}}{{item}}"
register: dirlocalpem
with_items:
- "{{pem_file}}"
- name: Copying certificate pem file to target
ansible.netcommon.net_put:
src: '{{pem_dir}}{{item.0.pem}}'
protocol: scp
dest: '{{flash_path}}:/{{item.0.pem}}'
with_together:
- '{{local_pem_files}}'
- '{{remote_pem_files}}'
when: item.0.pem == item.1.pem and item.0.size != item.1.size
- block:
- name: Injecting certificate pem into running TE container
cisco.ios.ios_command:
commands:
- command: 'app-hosting data appid {{te_appid}} copy {{flash_path}}:{{item}} {{item}}'
with_items: '{{pem_file}}'
failed_when: false
rescue:
- name: Rescue block
debug:
msg: 'File {{item.item}} exists on {{te_appid}}. Skipping...'
- name: Moving certificate in running TE container to cert store folder
cisco.ios.ios_command:
commands:
- command: 'app-hosting connect appid {{te_appid}} session /bin/bash'
- command: 'cp /iox_data/appdata/{{item}} /usr/share/ca-certificates/{{item}}'
- command: 'grep -qxF {{item}} /etc/ca-certificates.conf || echo {{item}} >> /etc/ca-certificates.conf'
- command: 'update-ca-certificates'
- command: 'exit'
with_items: '{{pem_file}}'
when: appid_presence.stdout_lines is match(".*RUNNING")