WIP: Garther and expose OpenSSL and GnuTLS versions in local facts

Based on: #81 Merge blocker: Changelog, git rebase
debops · Sep 20, 2016 · bd6001b · bd6001b
1 parent 03409af
commit bd6001b
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 24 deletions.
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -43,6 +43,8 @@
   run_once: True
   always_run: True
 
+  # TODO: When there is any need to change this task, consider refactoring and
+  # using the versions provided in local facts.
 - name: Check Ansible Controller crypto library version
   shell: |
     {% if pki_ca_library == 'gnutls' %}
@@ -500,7 +502,7 @@
     dest: '/etc/ansible/facts.d/pki.fact'
     owner: 'root'
     group: 'root'
-    mode: '0644'
+    mode: '0755'
   register: pki_register_facts
   notify: [ 'Gather PKI facts' ]
 

diff --git a/templates/etc/ansible/facts.d/pki.fact.j2 b/templates/etc/ansible/facts.d/pki.fact.j2
@@ -1,10 +1,12 @@
-{% set pki_tpl_acme = pki_acme | bool %}
-{% set pki_tpl_enabled = pki_enabled | bool %}
-{% set pki_tpl_internal = pki_internal | bool %}
-{% set pki_tpl_hooks = pki_root + "/hooks" %}
-{% set pki_tpl_path = pki_root + "/realms" %}
-{% set pki_tpl_realm = pki_system_realm %}
-{% set pki_tpl_ca_realm = pki_system_ca_realm %}
+#!/usr/bin/env python
+
+# {{ ansible_managed }}
+
+from __future__ import print_function
+from json import loads, dumps
+import subprocess
+import re
+
 {% set pki_tpl_known_realms = [] %}
 {% if pki_enabled | bool %}
 {%   for realm in (pki_realms + pki_default_realms + pki_group_realms + pki_host_realms + pki_dependent_realms) %}
@@ -20,19 +22,39 @@
 {%     endfor %}
 {%   endif %}
 {% endif %}
-{
-"acme": "{{ pki_tpl_acme | bool | lower }}",
-"base_path": "{{ pki_tpl_path }}",
-"ca": "CA.crt",
-"ca_realm": "{{ pki_tpl_ca_realm }}",
-"crt": "default.crt",
-"enabled": "{{ pki_tpl_enabled | bool | lower }}",
-"hooks": "{{ pki_tpl_hooks }}",
-"internal": "{{ pki_tpl_internal | bool | lower }}",
-"key": "default.key",
-"known_realms": {{ pki_tpl_known_realms | to_nice_json }},
-"path": "{{ pki_tpl_path }}",
-"pem": "default.pem",
-"realm": "{{ pki_tpl_realm }}",
-"trusted": "trusted.crt"
-}
+
+output = loads('''{{ ({
+        "acme": (pki_acme | bool | lower),
+        "base_path": (pki_root + "/realms"),
+        "ca": "CA.crt",
+        "ca_realm": pki_system_ca_realm,
+        "crt": "default.crt",
+        "enabled": (pki_enabled | bool | lower),
+        "hooks": (pki_root + "/hooks"),
+        "internal": pki_internal | bool | lower,
+        "key": "default.key",
+        "known_realms": pki_tpl_known_realms,
+        "path": (pki_root + "/realms"),
+        "pem": "default.pem",
+        "realm": pki_system_realm,
+        "trusted": "trusted.crt",
+    }) | to_nice_json }}''')
+
+try:
+    openssl_version_stdout = subprocess.check_output(['openssl', 'version'])
+    _re = re.match(r'\w+ (?P<full_version>(?P<strict_version>[^a-z ]+)[^ ]*)', openssl_version_stdout, re.IGNORECASE)
+    if _re:
+        output['openssl_strict_version'] = _re.group('strict_version')
+        output['openssl_version'] = _re.group('full_version')
+except:
+    pass
+
+try:
+    certtool_version_stdout = subprocess.check_output(['certtool', '--version']).split('\n')[0]
+    _re = re.match(r'\w+ (?P<version>[^ ]+)', certtool_version_stdout)
+    if _re:
+        output['gnutls_version'] = _re.group('version')
+except:
+    pass
+
+print(dumps(output, sort_keys=True, indent=2))