同步Astana客户验证环境配置

roles/certstore/tasks/main.yml

@@ -0,0 +1,22 @@
+---
+- name: Ensures /home/tsg exists
+  file: path=/home/tsg state=directory 
+  tags: mkdir
+  
+- name: install certstore
+  unarchive:
+    src: "{{ role_path }}/files/certstore-base-online-20190701.tar.gz"
+    dest: /home/tsg
+
+- name: template certstore configure file
+  template:
+    src: "{{ role_path }}/templates/cert_store.ini.j2"
+    dest: /home/tsg/certstore-base/conf/cert_store.ini
+
+- name: bootup certstore
+  blockinfile:
+    marker: "## {mark} bootstrap certstore"
+    path: /etc/rc.d/rc.local
+    block: |
+        cd /home/tsg/certstore-base; ./r2_certstore
+

roles/certstore/templates/cert_store.ini.j2

@@ -0,0 +1,44 @@
+[SYSTEM]
+#1:print on screen, 0:don't
+DEBUG_SWITCH = 1
+#10:DEBUG, 20:INFO, 30:FATAL
+RUN_LOG_LEVEL = 30
+RUN_LOG_PATH = ./logs
+[CONFIG]
+#Number of running threads
+thread-nu = 4
+#Local default root certificate is valid for 30 days by default
+expire_after = 30
+#Local default root certificate path
+local_debug = 1
+ca_path = ./cert/tango-ca-v3-trust-ca.pem
+untrusted_ca_path = ./cert/mesalab-ca-untrust.pem
+[NTC_MAAT]
+#Configure the load mode,
+#0: using the configuration distribution network
+#1: using local json
+#2: using Redis reads
+maat_json_switch=2
+#When the loading mode is sent to the network, set the scanning configuration modification interval (s).
+effective_interval=1
+#Specify the location of the configuration library table file
+table_info=./conf/table_info.conf
+#Incremental profile path
+inc_cfg_dir=./rule/inc/index
+#Full profile path
+full_cfg_dir=./rule/full/index
+#Json file path when json schema is used
+pxy_obj_keyring=./conf/pxy_obj_keyring.json
+[LIBEVENT]
+#Local monitor port number, default is 9991
+port = 9991
+[CERTSTORE_REDIS]
+#The Redis server IP address and port number where the certificate is stored locally
+ip = 127.0.0.1
+port = 6379
+[MAAT_REDIS]
+#Maat monitors the Redsi server IP address and port number
+ip = 10.4.35.1
+port = 6379
+dbindex = 0
+