API tools faq
paste
Advertisement
ragbalak

Untitled

ragbalak
Jun 20th, 2018
73
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.49 KB | None | 0 0
raw download clone embed print report
  1. ---
  2. - name: 'Connecting to the remote Host'
  3. hosts: centos
  4. vars:
  5. aes_file_path: '/proc/cpuinfo '
  6. grub_default_path: '/etc/default/grub'
  7. efi_file_path: '/sys/firmware/efi'
  8. grub_bios_config: '/etc/grub2.cfg'
  9. grub_efi_config: '/etc/grub2-efi.cfg'
  10. fips_check_path: "/proc/sys/crypto/fips_enabled"
  11.  
  12. tasks:
  13. - name: Check whether Fips is enabled
  14. command: grep 1 {{fips_check_path}}
  15. register: fips_check
  16. check_mode: no
  17. ignore_errors: yes
  18. changed_when: no
  19.  
  20.  
  21. - name: Halting Execution when Fips is enabled in the machine
  22. meta: end_play
  23. when: fips_check.rc == 0
  24.  
  25.  
  26.  
  27. - name: Installed Dracut Fips Package
  28. yum:
  29. name: dracut-fips
  30. state: latest
  31.  
  32. - name: Register aes installation
  33. command: grep -q aes {{aes_file_path}}
  34. register: cpu_info
  35. ignore_errors: yes
  36.  
  37.  
  38. - name: Check and Install Dracut Aes
  39. yum:
  40. name: dracut-fips-aesni
  41. state: latest
  42. when:
  43. cpu_info.rc == 0
  44.  
  45. - name: Regeneratting initramfs
  46. command: 'dracut -f'
  47.  
  48. - name: Get the Boot filesystem
  49. shell: "df /boot --output=source |tail -n+2"
  50. register: boot_dev
  51.  
  52. - name: Get UUID of the Boot filesystem
  53. shell: "blkid {{boot_dev.stdout}} -o export|grep UUID"
  54. register: uuid_dev
  55.  
  56. - name: Check whether Grub contains fips command
  57. command: grep -q -i fips {{grub_default_path}}
  58. register: is_fips_in_grub
  59. ignore_errors: yes
  60. check_mode: no
  61.  
  62. - name: Edit the Grub to include fips
  63. lineinfile:
  64. path: "{{grub_default_path}}"
  65. regexp: "^(.*GRUB_CMDLINE_LINUX.*?\")(.*)"
  66. line: '\1 fips=1 boot={{uuid_dev.stdout}} \2'
  67. backrefs: yes
  68. when:
  69. is_fips_in_grub.rc != 0
  70.  
  71. - name: Get Stats of Efi file
  72. stat:
  73. path: "{{efi_file_path}}"
  74. register: efi_file
  75.  
  76. - name: Run Grub Reconfig in Bios mode is EFI doesnt exist
  77. command: "grub2-mkconfig -o {{grub_bios_config}}"
  78. when:
  79. efi_file.stat.exists == False
  80.  
  81. - name: Run Grub Reconfig in EFI mode is EFI exist
  82. command: "grub2-mkconfig -o {{grub_efi_config}}"
  83. when:
  84. efi_file.stat.exists == True
  85.  
  86. - name: restart the machine
  87. shell: "sleep 5 & shutdown -r"
  88. async: 1
  89. poll: 0
  90. ignore_errors: true
  91.  
  92. - name: wait for reboot
  93. wait_for_connection:
  94. delay: 30
  95. timeout: 300
  96. connect_timeout: 20
  97. sleep: 5
  98.  
  99. - name: Check whether Fips is enabled
  100. command: "grep 1 {{fips_check_path}}"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!