From bd6001b0020b966288c09590c9cf766806aab9c8 Mon Sep 17 00:00:00 2001 From: Robin Schneider Date: Tue, 20 Sep 2016 22:34:07 +0200 Subject: [PATCH] WIP: Garther and expose OpenSSL and GnuTLS versions in local facts Based on: https://github.com/debops/ansible-pki/pull/81 Merge blocker: Changelog, git rebase --- tasks/main.yml | 4 +- templates/etc/ansible/facts.d/pki.fact.j2 | 68 +++++++++++++++-------- 2 files changed, 48 insertions(+), 24 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 7a37ea6..f7ad819 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -43,6 +43,8 @@ run_once: True always_run: True + # TODO: When there is any need to change this task, consider refactoring and + # using the versions provided in local facts. - name: Check Ansible Controller crypto library version shell: | {% if pki_ca_library == 'gnutls' %} @@ -500,7 +502,7 @@ dest: '/etc/ansible/facts.d/pki.fact' owner: 'root' group: 'root' - mode: '0644' + mode: '0755' register: pki_register_facts notify: [ 'Gather PKI facts' ] diff --git a/templates/etc/ansible/facts.d/pki.fact.j2 b/templates/etc/ansible/facts.d/pki.fact.j2 index ccf8209..e1f6af0 100644 --- a/templates/etc/ansible/facts.d/pki.fact.j2 +++ b/templates/etc/ansible/facts.d/pki.fact.j2 @@ -1,10 +1,12 @@ -{% set pki_tpl_acme = pki_acme | bool %} -{% set pki_tpl_enabled = pki_enabled | bool %} -{% set pki_tpl_internal = pki_internal | bool %} -{% set pki_tpl_hooks = pki_root + "/hooks" %} -{% set pki_tpl_path = pki_root + "/realms" %} -{% set pki_tpl_realm = pki_system_realm %} -{% set pki_tpl_ca_realm = pki_system_ca_realm %} +#!/usr/bin/env python + +# {{ ansible_managed }} + +from __future__ import print_function +from json import loads, dumps +import subprocess +import re + {% set pki_tpl_known_realms = [] %} {% if pki_enabled | bool %} {% for realm in (pki_realms + pki_default_realms + pki_group_realms + pki_host_realms + pki_dependent_realms) %} @@ -20,19 +22,39 @@ {% endfor %} {% endif %} {% endif %} -{ -"acme": "{{ pki_tpl_acme | bool | lower }}", -"base_path": "{{ pki_tpl_path }}", -"ca": "CA.crt", -"ca_realm": "{{ pki_tpl_ca_realm }}", -"crt": "default.crt", -"enabled": "{{ pki_tpl_enabled | bool | lower }}", -"hooks": "{{ pki_tpl_hooks }}", -"internal": "{{ pki_tpl_internal | bool | lower }}", -"key": "default.key", -"known_realms": {{ pki_tpl_known_realms | to_nice_json }}, -"path": "{{ pki_tpl_path }}", -"pem": "default.pem", -"realm": "{{ pki_tpl_realm }}", -"trusted": "trusted.crt" -} + +output = loads('''{{ ({ + "acme": (pki_acme | bool | lower), + "base_path": (pki_root + "/realms"), + "ca": "CA.crt", + "ca_realm": pki_system_ca_realm, + "crt": "default.crt", + "enabled": (pki_enabled | bool | lower), + "hooks": (pki_root + "/hooks"), + "internal": pki_internal | bool | lower, + "key": "default.key", + "known_realms": pki_tpl_known_realms, + "path": (pki_root + "/realms"), + "pem": "default.pem", + "realm": pki_system_realm, + "trusted": "trusted.crt", + }) | to_nice_json }}''') + +try: + openssl_version_stdout = subprocess.check_output(['openssl', 'version']) + _re = re.match(r'\w+ (?P(?P[^a-z ]+)[^ ]*)', openssl_version_stdout, re.IGNORECASE) + if _re: + output['openssl_strict_version'] = _re.group('strict_version') + output['openssl_version'] = _re.group('full_version') +except: + pass + +try: + certtool_version_stdout = subprocess.check_output(['certtool', '--version']).split('\n')[0] + _re = re.match(r'\w+ (?P[^ ]+)', certtool_version_stdout) + if _re: + output['gnutls_version'] = _re.group('version') +except: + pass + +print(dumps(output, sort_keys=True, indent=2))