WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
a943654af2095b3da4c730ce38e5c6c53a258b0f
fedora-infra_ansible/roles/ipsilon/templates/configmap.yml.j2
Ryan Lerch 5bdfe4b1e5 copr and ipsilon - rename yml templates to .j2 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
2025-01-14 08:37:33 +10:00

110 lines
4.3 KiB
Django/Jinja
Raw Blame History

{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ipsilon-configmap
labels:
app: ipsilon
data:
krb5.conf: |-
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = {{ ipa_realm }}
rdns = false
dns_canonicalize_hostname = false
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
default_keytab_name = FILE:/etc/keytabs/service.keytab
default_client_keytab_name = FILE:/etc/keytabs/service.keytab
[realms]
{{ ipa_realm }} = {
kdc = https://id{{ env_suffix }}.fedoraproject.org/KdcProxy
}
[domain_realm]
.fedoraproject.org = FEDORAPROJECT.ORG
fedoraproject.org = FEDORAPROJECT.ORG
{% if env == "staging" %}
.stg.phx2.fedoraproject.org = STG.FEDORAPROJECT.ORG
{% endif %}
.stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
prepare_saml2.py: |-
from ipsilon.providers.saml2idp import IdpMetadataGenerator, Certificate
from datetime import timedelta
cert = Certificate()
cert.import_cert('/etc/ipsilon/saml2_idp.crt', '/etc/ipsilon/saml2_idp.key')
meta = IdpMetadataGenerator('https://id{{ env_suffix }}.fedoraproject.org', cert, timedelta(3600))
meta.output('/httpdir/metadata.xml')
start.sh: |-
set -xe
# Clean up previous runs
rm -rf /httpdir/*
# Generate SAML2 metadata - must happen before start or init will fail
python3 /etc/ipsilon/prepare_saml2.py
# Prepare and start httpd
mkdir /httpdir/run
ln -s /etc/httpd/modules /httpdir/modules
truncate --size=0 /httpdir/accesslog /httpdir/errorlog
tail -qf /httpdir/accesslog /httpdir/errorlog &
exec httpd -f /etc/ipsilon/httpd.conf -DFOREGROUND -DNO_DETACH
httpd.conf: |-
Listen 0.0.0.0:8080
ServerRoot "/httpdir"
PidFile "/httpdir/httpd.pid"
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule mime_module modules/mod_mime.so
LoadModule status_module modules/mod_status.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule version_module modules/mod_version.so
LoadModule auth_gssapi_module modules/mod_auth_gssapi.so
LoadModule wsgi_module modules/mod_wsgi_python3.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule mpm_event_module modules/mod_mpm_event.so
StartServers 20
ServerLimit 100
MaxRequestsPerChild 2000
MaxRequestWorkers 100
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog /httpdir/accesslog combined
ErrorLog /httpdir/errorlog
LogLevel info
TypesConfig /etc/mime.types
AddDefaultCharset UTF-8
CoreDumpDirectory /tmp
# Ipsilon stuff
{{ load_file('httpd.conf.j2') | indent() }}
ipsilon.conf: |-
{{ load_file('ipsilon.conf') | indent() }}
configuration.conf: |-
{{ load_file('configuration.conf') | indent() }}
openidc.static.cfg: |-
{{ lookup('file', '{{ private }}/files/ipsilon/openidc.{{env}}.static') | indent() }}
openidc.key: |-
{{ lookup('file', '{{ private }}/files/ipsilon/openidc{{ env_suffix }}.key') | indent() }}
saml2_idp.key: |-
{{ lookup('file', '{{ private }}/files/saml2/{{ env }}/keys/idp.key') | indent() }}
saml2_idp.crt: |-
{{ lookup('file', '{{ private }}/files/saml2/{{ env }}/keys/idp.crt') | indent() }}
Reference in New Issue View Git Blame Copy Permalink