WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-25 02:50:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
00a07f94e4f682e46d810a3b69080cde8bf18924
fedora-infra_ansible/roles/ipsilon/tasks/main.yml
Kevin Fenzi c7d3ba82f4 Enable fpdc scopes in ipsilon. Ticket 7299. 
This simply installs the ipsilon plugin for fpdc scopes and
restarts it. If there's an issue we can easily remove it to
roll back to where we were.

+1s?
2018-10-16 17:20:52 +00:00

218 lines
5.2 KiB
YAML
Raw Blame History

---
# Configuration for the ipsilon webapp
- name: install needed packages
package: name={{ item }} state=present update_cache=yes
with_items:
- ipsilon
- ipsilon-authfas
- ipsilon-openid
- ipsilon-saml2
- ipsilon-persona
- ipsilon-infofas
- ipsilon-authgssapi
- ipsilon-openidc
- mod_auth_gssapi
- python-psycopg2
- libsemanage-python
tags:
- ipsilon
- packages
- name: Copy OpenID API extension
copy: src=api.py
dest=/usr/lib/python2.7/site-packages/ipsilon/providers/openid/extensions/api.py
owner=root group=root mode=0644
notify:
- reload apache
tags:
- ipsilon
- name: Copy extended infofas
copy: src=infofas.py
dest=/usr/lib/python2.7/site-packages/ipsilon/info/infofas.py
owner=root group=root mode=0644
notify:
- reload apache
tags:
- ipsilon
- name: Copy OpenID Connect scope registrations
copy: src=oidc_scopes/{{item}}.py
dest=/usr/lib/python2.7/site-packages/ipsilon/providers/openidc/plugins/{{item}}.py
owner=root group=root mode=0644
with_items:
- account-scopes
- mbs
- beaker
- waiverdb
- odcs
- wiki
- freshmaker
- src
- fpdc
notify:
- reload apache
tags:
- ipsilon
- ipsilon/oidc_scopes
- name: Copy OpenID Connect scope registrations (STAGING)
copy: src=oidc_scopes/{{item}}.py
dest=/usr/lib/python2.7/site-packages/ipsilon/providers/openidc/plugins/{{item}}.py
owner=root group=root mode=0644
when: env == "staging"
with_items:
- modernpaste
notify:
- reload apache
tags:
- ipsilon
- ipsilon/oidc_scopes
- name: Apply hotfix for taiga to get POST results
copy: src=openid_server.py
dest=/usr/lib/python2.7/site-packages/openid/server/server.py
owner=root group=root mode=0644
notify:
- reload apache
tags:
- ipsilon
- name: copy ipsilon templates
copy: src=templates/
dest=/usr/share/ipsilon/templates-fedora
owner=ipsilon group=ipsilon mode=0666
notify:
- reload apache
tags:
- ipsilon
- name: copy ipsilon ui assets
copy: src=ui-fedora/
dest=/usr/share/ipsilon/ui/fedora
owner=ipsilon group=ipsilon mode=0666
notify:
- reload apache
tags:
- ipsilon
- name: copy ipsilon configuration
template: src={{ item }}.conf
dest=/etc/ipsilon/{{ item }}.conf
owner=ipsilon group=ipsilon mode=0600
with_items:
- ipsilon
- configuration
tags:
- ipsilon
- config
notify:
- restart apache
- name: copy ipsilon OIDC client config
copy: src={{ private }}/files/ipsilon/openidc.{{env}}.static dest=/etc/ipsilon/openidc.static.cfg
owner=ipsilon group=ipsilon mode=0600
tags:
- ipsilon
- config
notify:
- restart apache
- name: copy ipsilon httpd config
template: src=ipsilon-httpd.conf.j2
dest=/etc/httpd/conf.d/ipsilon.conf
tags:
- ipsilon
- name: Create Ipsilon config symlink
file: dest=/var/lib/ipsilon/ipsilon.conf
src=/etc/ipsilon/ipsilon.conf
state=link
tags:
- ipsilon
notify:
- reload apache
- name: create wellknown directory
file: path=/etc/ipsilon/wellknown state=directory
owner=ipsilon group=ipsilon mode=0755
tags:
- ipsilon
notify:
- reload apache
- name: copy persona private key
copy: src={{ private }}/files/ipsilon/persona.key dest=/etc/ipsilon/persona.key
owner=ipsilon group=ipsilon mode=0600
when: env != "staging"
tags:
- ipsilon
- name: copy persona public key
copy: src=browserid dest=/etc/ipsilon/wellknown/browserid
owner=ipsilon group=ipsilon mode=0644
when: env != "staging"
tags:
- ipsilon
- name: copy persona STG private key
copy: src={{ private }}/files/ipsilon/persona.stg.key dest=/etc/ipsilon/persona.stg.key
owner=ipsilon group=ipsilon mode=0600
when: env == "staging"
tags:
- ipsilon
- name: copy persona STG public key
copy: src=browserid.stg dest=/etc/ipsilon/wellknown/browserid
owner=ipsilon group=ipsilon mode=0644
when: env == "staging"
tags:
- ipsilon
- name: copy OIDC private key
copy: src={{ private }}/files/ipsilon/openidc.key dest=/etc/ipsilon/openidc.key
owner=ipsilon group=ipsilon mode=0600
when: env != "staging"
tags:
- ipsilon
- name: copy OIDC STG private key
copy: src={{ private }}/files/ipsilon/openidc.stg.key dest=/etc/ipsilon/openidc.stg.key
owner=ipsilon group=ipsilon mode=0600
when: env == "staging"
tags:
- ipsilon
- name: create SAML2 dir
file: path=/etc/ipsilon/saml2 state=directory mode=0700
owner=ipsilon group=ipsilon setype=httpd_var_lib_t
tags:
- ipsilon
- name: copy SAML2 private key
copy: src={{ private }}/files/saml2/{{ env }}/keys/idp.key dest=/etc/ipsilon/saml2/idp.key
owner=ipsilon group=ipsilon mode=0600
tags:
- ipsilon
- name: copy SAML2 public key
copy: src={{ private }}/files/saml2/{{ env }}/keys/idp.crt dest=/etc/ipsilon/saml2/idp.crt
owner=ipsilon group=ipsilon mode=0644
tags:
- ipsilon
- name: set sebooleans so ipsilon can talk to the db
seboolean: name=httpd_can_network_connect_db
state=true
persistent=true
tags:
- ipsilon
- name: apply selinux type to the wsgi file
file: >
dest=/usr/libexec/ipsilon
setype=httpd_sys_content_t
tags:
- ipsilon
Reference in New Issue View Git Blame Copy Permalink