-
Notifications
You must be signed in to change notification settings - Fork 0
/
shibboleth.yml
113 lines (109 loc) · 2.87 KB
/
shibboleth.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
---
- hosts: localhost
remote_user: root
pre_tasks:
- name: Copy Shibboleth repository data
copy:
src: /srv/ansible/files_shibboleth/shibboleth.repo
dest: /etc/yum.repos.d/shibboleth.repo
owner: root
group: root
mode: 0644
- name: Install Shibboleth package
yum:
name: shibboleth
- name: Create metadata directory
file:
path: /etc/shibboleth/metadata
state: directory
owner: root
group: root
mode: 0755
- name: Check for LE certificate
stat:
path: /etc/letsencrypt/live/demo.velmu.fi/cert.pem
register: letsencrypt
tasks:
- name: Copy shibboleth2.xml
copy:
src: /srv/ansible/files_shibboleth/shibboleth2.xml
dest: /etc/shibboleth/shibboleth2.xml
owner: root
group: root
mode: 0644
- name: Copy MPASS-test metadata
copy:
src: /srv/ansible/files_shibboleth/mpass-test.xml
dest: /etc/shibboleth/metadata/mpass.xml
owner: root
group: root
mode: 0644
- name: Copy attribute-map.xml
copy:
src: /srv/ansible/files_shibboleth/attribute-map.xml
dest: /etc/shibboleth/attribute-map.xml
owner: root
group: root
mode: 0644
- name: Copy sp-cert.pem
copy:
src: /srv/ansible/files_shibboleth/sp-cert.pem
dest: /etc/shibboleth/sp-cert.pem
owner: root
group: root
mode: 0644
- name: Copy sp-key.pem
copy:
src: /srv/ansible/files_shibboleth/sp-key.pem
dest: /etc/shibboleth/sp-key.pem
owner: root
group: root
mode: 0644
- name: Copy Apache ssl.conf
copy:
src: /srv/ansible/files_shibboleth/ssl.conf
dest: /etc/httpd/conf.d/ssl.conf
owner: root
group: root
mode: 0644
- name: Copy Apache shib.conf
copy:
src: /srv/ansible/files_shibboleth/shib.conf
dest: /etc/httpd/conf.d/shib.conf
owner: root
group: root
mode: 0644
- name: Insert Apache vhost config
template:
src: /srv/ansible/files_shibboleth/apache-vhost.conf.j2
dest: /etc/httpd/conf.d/001-vhost-bew.conf
owner: root
group: root
mode: 0644
- name: Insert Apache subvhost config
template:
src: /srv/ansible/files_shibboleth/apache-subvhost.conf.j2
dest: /etc/httpd/conf.d/002-vhost-{{ item.name }}.conf
owner: root
group: root
mode: 0644
with_items:
- { name: 'one', port: '{{ one_port }}' }
- { name: 'two', port: '{{ two_port }}' }
- { name: 'three', port: '{{ three_port }}' }
- { name: 'four', port: '{{ four_port }}' }
- { name: 'five', port: '{{ five_port }}' }
post_tasks:
- name: Restart Shibboleth
service:
name: shibd
state: restarted
enabled: yes
- name: Restart Apache
service:
name: httpd
state: restarted
enabled: yes
vars_files:
- group_vars/vars
- group_vars/vault