From 84e841451f30566d851f7cf8a31c601c5676a01a Mon Sep 17 00:00:00 2001
From: Alexander Gabriel <alexander.gabriel@digital-infinity.de>
Date: Sun, 25 Jun 2023 00:31:22 +0200
Subject: [PATCH] updated playbook for ste-ca

---
 tasks/main.yml | 89 +++++++++++++++++++-------------------------------
 1 file changed, 34 insertions(+), 55 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index c5af148..8c3d2d1 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,52 +1,31 @@
 ---
-- name: set package-names for armv7l
+- name: show ansible_architecture
+  ansible.builtin.debug:
+    var: ansible_architecture
+
+- name: set package-names for aarch64
   set_fact:
-    step: step_linux_0.15.16_armv7.tar.gz
-    stepca: step-ca_linux_0.15.15_armv7.tar.gz
-  when: 'ansible_architecture == "armv7l"'
+    step: https://github.com/smallstep/cli/releases/download/v0.24.2-rc.6/step-cli_0.24.2-rc.6_arm64.deb
+    stepca: https://github.com/smallstep/certificates/releases/download/v0.24.3-rc.2/step-ca_0.24.3-rc.2_arm64.deb
+  when: 'ansible_architecture == "aarch64"'
 
 - name: set package-names for amd64
   set_fact:
-    step: step_linux_0.15.16_amd64.tar.gz
-    stepca: step-ca_linux_0.15.15_amd64.tar.gz
+    step: https://github.com/smallstep/certificates/releases/download/v0.24.3-rc.2/step-ca_0.24.3-rc.2_amd64.deb
+    stepca: https://github.com/smallstep/certificates/releases/download/v0.24.3-rc.2/step-ca_0.24.3-rc.2_amd64.deb
   when: ansible_architecture == "amd64"
 
 - name: stop when facts not set to download Packages
   meta: end_play
   when: step is not defined or stepca is not defined
 
-- name: Download Packages
-  get_url:
-    url: "{{ item }}"
-    dest: /opt/ansiblepackages
-    owner: root
-    group: root
-    mode: '0440'
-  with_items:
-    - "https://github.com/smallstep/certificates/releases/download/v0.15.15/{{ stepca }}"
-    - "https://github.com/smallstep/cli/releases/download/v0.15.16/{{ step }}"
+- name: Install step-cli
+  apt:
+    deb: "{{ step }}"
 
-- name: extract Packages
-  unarchive:
-    src: "/opt/ansiblepackages/{{ item }}"
-    dest: /opt/ansiblepackages
-    remote_src: yes
-  with_items:
-    - "{{ step }}"
-    - "{{ stepca }}"
-
-- name: copy binaries
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dst }}"
-    owner: root
-    group: root
-    mode: '0755'
-    backup: no
-    remote_src: yes
-  with_items:
-    - { src: "/opt/ansiblepackages/step_0.15.16/bin/step", dst: "/usr/bin/step" }
-    - { src: "/opt/ansiblepackages/step-ca_0.15.15/bin/step-ca", dst: "/usr/bin/step-ca" }
+- name: Install step-ca
+  apt:
+    deb: "{{ stepca }}"
 
 - name: create user for step-ca
   user:
@@ -66,7 +45,7 @@
     mode: "0770"
 
 - name: init step-ca
-  command: sudo -u step step ca init -ssh --name="{{ pki_name }}" --dns {{ ansible_hostname }} --issuer="{{ pki_name }}" --address=:4343 --provisioner="{{ pki_name }}" --password-file=/etc/step-ca/password.txt --provisioner-password-file=/etc/step-ca/password.txt
+  command: sudo -u step step ca init --name="{{ pki_name }}" --dns {{ ansible_hostname }} --issuer="{{ pki_name }}" --address=:4343 --provisioner="{{ pki_name }}" --password-file=/etc/step-ca/password.txt --provisioner-password-file=/etc/step-ca/password.txt
   args:
     creates: /etc/step-ca/.step/config
 
@@ -88,23 +67,23 @@
   notify:
     - reload systemd
 
-- name: correct ca.json step 1
-  lineinfile:
-    path: /etc/step-ca/.step/config/ca.json
-    line: "{{'\t'}}{{'\t'}}\"type\": \"badgerV2\","
-    state: present
-    regexp: "^{{'\t'}}{{'\t'}}\"type\": \"badger"
-  notify:
-    - restart step-ca
+#- name: correct ca.json step 1
+#  lineinfile:
+#    path: /etc/step-ca/.step/config/ca.json
+#    line: "{{'\t'}}{{'\t'}}\"type\": \"badgerV2\","
+#    state: present
+#    regexp: "^{{'\t'}}{{'\t'}}\"type\": \"badger"
+#  notify:
+#    - restart step-ca
 
-- name: correct ca.json step 2
-  lineinfile:
-    path: /etc/step-ca/.step/config/ca.json
-    line: "{{'\t'}}{{'\t'}}\"badgerFileLoadingMode\": \"FileIO\""
-    state: present
-    regexp: "^{{'\t'}}{{'\t'}}\"badgerFileLoadingMode\":"
-  notify:
-    - restart step-ca
+#- name: correct ca.json step 2
+#  lineinfile:
+#    path: /etc/step-ca/.step/config/ca.json
+#    line: "{{'\t'}}{{'\t'}}\"badgerFileLoadingMode\": \"FileIO\""
+#    state: present
+#    regexp: "^{{'\t'}}{{'\t'}}\"badgerFileLoadingMode\":"
+#  notify:
+#    - restart step-ca
 
 - name: Flush handlers
   meta: flush_handlers
@@ -145,7 +124,7 @@
   register: jwkabsent
 
 - name: remove jwk provisioner
-  command: sudo -u step step ca provisioner remove "{{ pki_name }}" --type JWK
+  command: sudo -u step step ca provisioner remove "{{ pki_name }}"
   when: jwkabsent is changed
   notify:
     - restart step-ca
\ No newline at end of file