summaryrefslogtreecommitdiffstats
path: root/scripts/cryptctl/main.yml
blob: eabf88caf57dc4cd8a7ced0bac9e25a7175d4954 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

# Copyright (C) 2022 Peter Varkoly
# License: GNU General Public License (GPL)
version: 2.2
category: System Management
shortdesc:  A utility for setting up LUKS-based disk encryption
longdesc: |
  Configure a resource group containing a virtual IP address,
  a filesystem resource containing the disk encryption keys and records,
  and a systemd instance of the cryptctl server.

  Furthermore a resource group will be created to bind all resources on the same node.
parameters:
  - name: id
    shortdesc: ID of the resource group
    value: cryptctl
  - name: cert-path
    shortdesc: The path to the created certificate
    required: true
  - name: cert-key-path
    shortdesc: The path to the created certificate key
    required: true

include:
  - script: virtual-ip
    shortdesc: The IP address configured here will start before the cryptctl instance.
    required: true
    parameters:
      - name: id
        value: "{{id}}-vip"
  - script: filesystem
    shortdesc: Filesystem resource containing the disk encryption keys and records
    required: true
    parameters:
      - name: id
        value: "{{id}}-filesystem"
      - name: directory
        value: "/var/lib/cryptctl/keydb"
  - agent: systemd:cryptctl-server
    name: cryptctl-server
    parameters:
      - name: id
        value: cryptctl-server-service
    ops: |
      op monitor interval=10s

actions:
  - service: "cryptctl-server:disable"
    nodes: all
    shortdesc: "Disable cryptctl-server service on all nodes."
  - copy: "/etc/sysconfig/cryptctl-server"
    to: "/etc/sysconfig/cryptctl-server"
    nodes: all
    shortdesc: "Copy the configuration to all nodes"
  - copy: "{{cert-path}}"
    to: "{{cert-path}}"
    nodes: all
    shortdesc: "Copy the certificat file to all nodes"
  - copy: "{{cert-key-path}}"
    to: "{{cert-key-path}}"
    nodes: all
    shortdesc: "Copy the certificat key file to all nodes"
  - include: virtual-ip
  - include: filesystem
  - include: cryptctl-server
  - cib: |
      group group-{{id}}
        {{virtual-ip:id}}
        {{filesystem:id}}
        {{cryptctl-server:id}}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-25 09:50:05 +0000