- Регистрация
- 04.03.23
- Сообщения
- 344
- Реакции
- 60
Код:
{% if user is not defined %}
{% set user = salt['pillar.get']("user") %}
{% endif %}
{% if salt['pillar.get']('aldpro-users:'+ user) is defined %}
{% set homedir = salt['user.info'](user).home %}
{% set gpo_name = 'rbta_ldap_custom_gp_user_new_root_cert' %}
{% set gpo = salt['pillar.get']('aldpro-users:'+ user +':'+ gpo_name) %}
{% if gpo %}
check_libnss3-tools:
pkg.installed:
- name: libnss3-tools
{% if not salt['file.directory_exists'](homedir +'/.pki/nssdb') %}
prepare_dbdir:
cmd.run:
- names:
- mkdir -p {{ homedir }}/.pki/nssdb
- certutil -d {{ homedir }}/.pki/nssdb -T
- runas: {{ user }}
{% endif %}
{% for args in gpo %}
{% set src_patch = args.get('cert_name') %}
{% set filename = salt['file.basename'](src_patch) %}
{% set certpath = '/usr/local/share/ca-certificates/'+ filename %}
{{ certpath }}:
file.managed:
- source: {{ src_patch }}
- skip_verify: True
{% set installed = salt['cmd.shell']('[[ $(certutil -d ' + homedir + '/.pki/nssdb -L -n Company-' + filename + ' 2>/dev/null) ]] && echo True || echo False') %}
{% if installed == 'False' %}
add_cert_{{ filename }}:
cmd.run:
- name: certutil -d {{ homedir }}/.pki/nssdb -A -t "TC,," -n "Company-{{ filename }}" -i {{ certpath }}
- runas: {{ user }}
- watch:
- file: {{ certpath }}
{% endif %}
{% endfor %}
update_ca_cerificates:
cmd.run:
- name: update-ca-certificates
{% endif %}
{% endif %}
Последнее редактирование: