From 566eb05ce1e9fb5fc6197a482a0f9dff37a07e94 Mon Sep 17 00:00:00 2001
From: Tapio Tallgren <tapio.tallgren@nokia.com>
Date: Wed, 20 Sep 2017 10:19:12 +0300
Subject: Check if /etc/ssl/certs exists before creating it

In CentOS and Suse, /etc/ssl/certs is a symbolic link to
/etc/ssl/pki/tls/certs.  The Ansible module "file" will fail if it is asked to
create a directory which is already a symbolic link.

This patch will check if /etc/ssl/certs exists before trying to create it.

The same check is done both on the host and the opnfv guest VM.

Also, /etc/certs is only writable by root, so we need a "become: true" clause
to be able to modify it in localhost (but not in opnvf VM).

Change-Id: Iab6c3c162548f84ad6082829e4a7c2ab63d2cfa0
Signed-off-by: Tapio Tallgren <tapio.tallgren@nokia.com>
---
 xci/playbooks/configure-localhost.yml | 7 ++++++-
 xci/playbooks/configure-opnfvhost.yml | 6 ++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

(limited to 'xci')

diff --git a/xci/playbooks/configure-localhost.yml b/xci/playbooks/configure-localhost.yml
index 7bbe420b..e242a7ee 100644
--- a/xci/playbooks/configure-localhost.yml
+++ b/xci/playbooks/configure-localhost.yml
@@ -82,12 +82,17 @@
     - name: Load distribution variables
       include_vars:
         file: ../var/{{ ansible_os_family }}.yml
+    - name: check if certificate directory /etc/ssl/certs exists already
+      stat: path=/etc/ssl/certs
+      register: check_etc_ssl_certs
     - name: create certificate directory /etc/ssl/certs
+      become: true
       file:
         path: "/etc/ssl/certs"
         state: directory
-      when: ansible_pkg_mgr != 'zypper'
+      when: check_etc_ssl_certs.stat.exists == false
     - name: create key directory /etc/ssl/private
+      become: true
       file:
         path: "/etc/ssl/private"
         state: directory
diff --git a/xci/playbooks/configure-opnfvhost.yml b/xci/playbooks/configure-opnfvhost.yml
index 3ba2ae12..b6dbbb13 100644
--- a/xci/playbooks/configure-opnfvhost.yml
+++ b/xci/playbooks/configure-opnfvhost.yml
@@ -113,11 +113,14 @@
       command: "python pw-token-gen.py --file {{OPENSTACK_OSA_ETC_PATH}}/user_secrets.yml"
       args:
         chdir: "{{OPENSTACK_OSA_PATH}}/scripts"
+    - name: check if certificate directory /etc/ssl/certs exists already
+      stat: path=/etc/ssl/certs
+      register: check_etc_ssl_certs
     - name: create certificate directory /etc/ssl/certs
       file:
         path: "/etc/ssl/certs"
         state: directory
-      when: ansible_pkg_mgr != 'zypper'
+      when: check_etc_ssl_certs.stat.exists == false
     - name: create key directory /etc/ssl/private
       file:
         path: "/etc/ssl/private"
@@ -126,7 +129,6 @@
       copy:
         src: "/etc/ssl/certs/xci.crt"
         dest: "/etc/ssl/certs/"
-      become: true
     - name: read remote key from /etc/ssl/private
       set_fact:
         xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}"
-- 
cgit 1.2.3-korg