WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-06-15 06:39:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

Make IPA API available from external

Browse Source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk
2016-12-20 08:04:23 +00:00
parent 1e9775a1be
commit 5ced2ec87a
3 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
playbooks/groups/ipa.yml
View File

@@ -76,6 +76,15 @@
tags:
- krb5
- ipa/server
- config
- name: Make IPA HTTP use the id.fp.o client keytab
lineinfile: dest=/etc/httpd/conf.d/ipa.conf
regexp='GssapiCredStore client_keytab:'
line=' GssapiCredStore client_keytab:/etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab'
tags:
- krb5
- ipa/server
- config
- name: do base role once more to revert any resolvconf changes
hosts: ipa:ipa-stg

18
roles/ipa/server/tasks/main.yml
View File

@@ -230,3 +230,21 @@
register: grant_repl_status_output
changed_when: "'Type or value exists' not in grant_repl_status_output.stderr"
failed_when: "'Type or value exists' not in grant_repl_status_output.stderr and 'modifying entry' not in grant_repl_status_output.stdout"
# Make some httpd changes
- name: Configure referer override
template: src=referer-override.conf
dest=/etc/httpd/conf.d/referer-override.conf
notify:
- reload apache
tags:
- ipa/server
- config
- name: Update xmlrpc_uri
lineinfile: dest=/etc/ipa/default.conf
regexp='xmlrpc_uri ='
line='xmlrpc_uri = https://id{{env_suffix}}.fedoraproject.org/ipa/xml'
tags:
- ipa/server
- config

2
roles/ipa/server/templates/referer-override.conf Normal file
View File

@@ -0,0 +1,2 @@
SetEnvIf Referer "https://id{{env_suffix}}.fedoraproject.org/ipa" HAVE_CORRECT_REFERER
RequestHeader set Referer "https://{{inventory_hostname}}/ipa" env=HAVE_CORRECT_REFERER