126 lines
5.5 KiB
YAML
126 lines
5.5 KiB
YAML
---
|
|
- block:
|
|
- name: Install the php postgresql driver
|
|
apt: name={{ simplesaml_php_pg_driver }} state=present cache_valid_time=1800
|
|
when: simplesaml_use_postgresql
|
|
|
|
- name: Install the php ldap driver
|
|
apt: name={{ simplesaml_php_ldap_driver }} state=present cache_valid_time=1800
|
|
when: simplesaml_use_ldap
|
|
|
|
- name: Install the php redis driver
|
|
apt: name={{ simplesaml_php_redis_driver }} state=present cache_valid_time=1800
|
|
when: simplesaml_use_redis_sessions
|
|
|
|
- name: Install the php memcache driver
|
|
apt: name={{ simplesaml_php_memcache_driver }} state=present cache_valid_time=1800
|
|
when: simplesaml_use_memcache_sessions
|
|
|
|
- name: Ensure that the data, log, etc dirs exist
|
|
file: path={{ item }} state=directory owner={{ simplesaml_user }} mode=0700
|
|
with_items:
|
|
- '{{ simplesaml_tmp_dir }}'
|
|
- '{{ simplesaml_cert_dir}}'
|
|
- '{{ simplesaml_data_dir }}'
|
|
- '{{ simplesaml_log_dir }}'
|
|
- '{{ simplesaml_maintenance_dir }}'
|
|
|
|
- name: Ensure that the download dir exists
|
|
file: path={{ item }} state=directory
|
|
with_items:
|
|
- '{{ simplesaml_download_dir }}'
|
|
|
|
- name: Verify if the simplesaml dest data exists
|
|
stat: path={{ simplesaml_install_dir }}
|
|
register: simplesaml_inst_dir_status
|
|
|
|
- name: Download the simplesaml distribution file
|
|
get_url: url={{ simplesaml_tar_url }} dest={{ simplesaml_download_dir }} validate_certs=yes
|
|
when: simplesaml_inst_dir_status.stat.isdir is not defined
|
|
|
|
- name: Unpack the simplesaml distribution file
|
|
unarchive: src={{ simplesaml_download_dir }}/{{ simplesaml_dist_file }} dest={{ simplesaml_srv_base_dir }} remote_src=yes
|
|
when: simplesaml_inst_dir_status.stat.isdir is not defined
|
|
|
|
- name: Move the simplesaml distribution data
|
|
shell: mv {{ simplesaml_srv_base_dir }}/{{ simplesaml_dist_basename }} {{ simplesaml_install_dir }}
|
|
when: simplesaml_inst_dir_status.stat.isdir is not defined
|
|
|
|
- name: Create the secret salt
|
|
shell: LC_CTYPE=C tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=32 count=1 2>/dev/null > '{{ simplesaml_maintenance_dir }}/.simplesaml_salt'
|
|
args:
|
|
creates: '{{ simplesaml_maintenance_dir }}/.simplesaml_salt'
|
|
tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_config' ]
|
|
|
|
- name: Get the salt value, encode
|
|
slurp: src={{ simplesaml_maintenance_dir }}/.simplesaml_salt
|
|
register: simplesaml_salt_encoded_value
|
|
tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_config' ]
|
|
|
|
- name: Decode the salt value
|
|
set_fact:
|
|
simplesaml_salt_value: "{{ simplesaml_salt_encoded_value['content'] | b64decode }}"
|
|
tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_config' ]
|
|
|
|
- name: Install the simplesaml config files
|
|
template: src={{ item }}.php.j2 dest={{ simplesaml_install_dir }}/config/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640
|
|
with_items:
|
|
- config
|
|
- authsources
|
|
tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_config' ]
|
|
|
|
- name: Install some metadata files
|
|
template: src={{ item }}.php.j2 dest={{ simplesaml_install_dir }}/metadata/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640
|
|
with_items:
|
|
- saml20-idp-hosted
|
|
|
|
- name: Install some metadata files
|
|
template: src={{ item }}.php.j2 dest={{ simplesaml_install_dir }}/metadata/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640
|
|
with_items:
|
|
- saml20-sp-remote
|
|
when: simplesaml_global_sp_remote_template
|
|
|
|
|
|
tags: [ 'simplesaml', 'simplesaml_php' ]
|
|
|
|
- block:
|
|
- name: Create a long lived self signed certificate for simplesaml
|
|
shell: openssl req -x509 -newkey rsa:2048 -keyout {{ simplesaml_cert_dir }}/key.pem -out {{ simplesaml_cert_dir }}/server.crt -days 3650 -nodes -subj '/CN={{ simplesaml_servername }}'
|
|
args:
|
|
creates: '{{ simplesaml_cert_dir }}/server.crt'
|
|
run_once: True
|
|
when: ansible_fqdn == simplesaml_create_self_signed_cert_host
|
|
|
|
- name: Copy the self signed certificate from the first server to all the others
|
|
synchronize: src={{ simplesaml_cert_dir }}/server.crt dest={{ simplesaml_cert_dir }}/server.crt mode=push checksum=yes
|
|
delegate_to: '{{ simplesaml_create_self_signed_cert_host }}'
|
|
when: ansible_fqdn != simplesaml_create_self_signed_cert_host
|
|
|
|
- name: Copy the self signed key from the first server to all the others
|
|
synchronize: src={{ simplesaml_cert_dir }}/key.pem dest={{ simplesaml_cert_dir }}/key.pem mode=push checksum=yes
|
|
delegate_to: '{{ simplesaml_create_self_signed_cert_host }}'
|
|
when: ansible_fqdn != simplesaml_create_self_signed_cert_host
|
|
|
|
- name: Fix the self certificate key permissions
|
|
file: dest={{ simplesaml_cert_dir }}/key.pem owner={{ simplesaml_user }} mode=0400
|
|
|
|
when: not simplesaml_provide_an_external_cert | bool
|
|
tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_cert' ]
|
|
|
|
- block:
|
|
- name: Install the nginx virtualhosts
|
|
template: src=nginx-virthost.conf.j2 dest=/etc/nginx/sites-available/{{ item.virthost }} owner=root group=root mode=0444
|
|
with_items: '{{ phpfpm_pools }}'
|
|
notify: Reload nginx
|
|
|
|
- name: Enable the nginx virtualhosts
|
|
file: src=/etc/nginx/sites-available/{{ item.virthost }} dest=/etc/nginx/sites-enabled/{{ item.virthost }} state=link
|
|
with_items: '{{ phpfpm_pools }}'
|
|
notify: Reload nginx
|
|
|
|
- name: Create the nginx body temp directory
|
|
file: dest={{ nginx_client_body_temp_dir }} state=directory owner=www-data group=www-data mode=1700
|
|
when: nginx_client_body_temp_dir is defined
|
|
|
|
tags: [ 'simplesaml', 'simplesaml_php', 'nginx', 'virtualhost' ]
|