Created
February 17, 2017 14:40
-
-
Save thetooth/bde3b5ded28f1e93d525f73287c9077d to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: localhost | |
| connection: local | |
| gather_facts: False | |
| tasks: | |
| - name: Build client | |
| shell: "GOARM=7 GOARCH=arm GOOS=linux go build -v -i -o client cmd/client/main.go" | |
| register: build | |
| - debug: var=build.stderr | |
| - name: Build client (AARCH64) | |
| shell: "GOARCH=arm64 GOOS=linux go build -v -i -o client64 cmd/client/main.go" | |
| register: build | |
| - debug: var=build.stderr | |
| - hosts: chips | |
| become: yes | |
| handlers: | |
| - name: reload systemctl | |
| command: systemctl daemon-reload | |
| - name: restart unit | |
| service: name=client.service state=restarted | |
| tasks: | |
| - name: Create directory | |
| file: path=/opt/chip/certs state=directory | |
| - name: Copy binary | |
| copy: | |
| src: client{{ arch }} | |
| dest: /opt/chip/client | |
| mode: "0755" | |
| notify: | |
| - restart unit | |
| - name: Generate certificates | |
| command: chdir=./certs/ creates={{ item.file }} {{ item.command }} | |
| with_items: | |
| - { command: 'openssl genrsa -out client-{{ inventory_hostname }}-key.pem 4096', file: 'client-{{ inventory_hostname }}-key.pem' } | |
| - { command: 'openssl req -new -key client-{{ inventory_hostname }}-key.pem -out client-{{ inventory_hostname }}.csr -subj "/CN={{ inventory_hostname }}" -config client-openssl.cnf', file: 'client-{{ inventory_hostname }}.csr' } | |
| - { command: 'openssl x509 -req -in client-{{ inventory_hostname }}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out client-{{ inventory_hostname }}.pem -days 365 -extensions v3_req -extfile client-openssl.cnf', file: 'client-{{ inventory_hostname }}.pem' } | |
| connection: local | |
| - name: Copy certificates | |
| copy: src={{ item.src }} dest={{ item.dest }} mode="0400" | |
| with_items: | |
| - { src: './certs/ca.pem', dest: '/opt/chip/certs/ca.pem' } | |
| - { src: './certs/client-{{ inventory_hostname }}-key.pem', dest: '/opt/chip/certs/client-key.pem' } | |
| - { src: './certs/client-{{ inventory_hostname }}.pem', dest: '/opt/chip/certs/client.pem' } | |
| notify: | |
| - restart unit | |
| - name: Copy unit file | |
| template: src=client.service.j2 dest=/lib/systemd/system/client.service mode=644 | |
| notify: | |
| - reload systemctl | |
| - restart unit | |
| - name: Client running | |
| service: name=client.service state=started enabled=yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment