ansible-role-simplesaml/tasks/main.yml

126 lines
5.5 KiB
YAML

---
- block:
- name: Install the php postgresql driver
apt: name={{ simplesaml_php_pg_driver }} state=present cache_valid_time=1800
when: simplesaml_use_postgresql
- name: Install the php ldap driver
apt: name={{ simplesaml_php_ldap_driver }} state=present cache_valid_time=1800
when: simplesaml_use_ldap
- name: Install the php redis driver
apt: name={{ simplesaml_php_redis_driver }} state=present cache_valid_time=1800
when: simplesaml_use_redis_sessions
- name: Install the php memcache driver
apt: name={{ simplesaml_php_memcache_driver }} state=present cache_valid_time=1800
when: simplesaml_use_memcache_sessions
- name: Ensure that the data, log, etc dirs exist
file: path={{ item }} state=directory owner={{ simplesaml_user }} mode=0700
with_items:
- '{{ simplesaml_tmp_dir }}'
- '{{ simplesaml_cert_dir}}'
- '{{ simplesaml_data_dir }}'
- '{{ simplesaml_log_dir }}'
- '{{ simplesaml_maintenance_dir }}'
- name: Ensure that the download dir exists
file: path={{ item }} state=directory
with_items:
- '{{ simplesaml_download_dir }}'
- name: Verify if the simplesaml dest data exists
stat: path={{ simplesaml_install_dir }}
register: simplesaml_inst_dir_status
- name: Download the simplesaml distribution file
get_url: url={{ simplesaml_tar_url }} dest={{ simplesaml_download_dir }} validate_certs=yes
when: simplesaml_inst_dir_status.stat.isdir is not defined
- name: Unpack the simplesaml distribution file
unarchive: src={{ simplesaml_download_dir }}/{{ simplesaml_dist_file }} dest={{ simplesaml_srv_base_dir }} remote_src=yes
when: simplesaml_inst_dir_status.stat.isdir is not defined
- name: Move the simplesaml distribution data
shell: mv {{ simplesaml_srv_base_dir }}/{{ simplesaml_dist_basename }} {{ simplesaml_install_dir }}
when: simplesaml_inst_dir_status.stat.isdir is not defined
- name: Create the secret salt
shell: LC_CTYPE=C tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=32 count=1 2>/dev/null > '{{ simplesaml_maintenance_dir }}/.simplesaml_salt'
args:
creates: '{{ simplesaml_maintenance_dir }}/.simplesaml_salt'
tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_config' ]
- name: Get the salt value, encode
slurp: src={{ simplesaml_maintenance_dir }}/.simplesaml_salt
register: simplesaml_salt_encoded_value
tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_config' ]
- name: Decode the salt value
set_fact:
simplesaml_salt_value: "{{ simplesaml_salt_encoded_value['content'] | b64decode }}"
tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_config' ]
- name: Install the simplesaml config files
template: src={{ item }}.php.j2 dest={{ simplesaml_install_dir }}/config/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640
with_items:
- config
- authsources
tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_config' ]
- name: Install some metadata files
template: src={{ item }}.php.j2 dest={{ simplesaml_install_dir }}/metadata/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640
with_items:
- saml20-idp-hosted
- name: Install some metadata files
template: src={{ item }}.php.j2 dest={{ simplesaml_install_dir }}/metadata/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640
with_items:
- saml20-sp-remote
when: simplesaml_global_sp_remote_template
tags: [ 'simplesaml', 'simplesaml_php' ]
- block:
- name: Create a long lived self signed certificate for simplesaml
shell: openssl req -x509 -newkey rsa:2048 -keyout {{ simplesaml_cert_dir }}/key.pem -out {{ simplesaml_cert_dir }}/server.crt -days 3650 -nodes -subj '/CN={{ simplesaml_servername }}'
args:
creates: '{{ simplesaml_cert_dir }}/server.crt'
run_once: True
when: ansible_fqdn == simplesaml_create_self_signed_cert_host
- name: Copy the self signed certificate from the first server to all the others
synchronize: src={{ simplesaml_cert_dir }}/server.crt dest={{ simplesaml_cert_dir }}/server.crt mode=push checksum=yes
delegate_to: '{{ simplesaml_create_self_signed_cert_host }}'
when: ansible_fqdn != simplesaml_create_self_signed_cert_host
- name: Copy the self signed key from the first server to all the others
synchronize: src={{ simplesaml_cert_dir }}/key.pem dest={{ simplesaml_cert_dir }}/key.pem mode=push checksum=yes
delegate_to: '{{ simplesaml_create_self_signed_cert_host }}'
when: ansible_fqdn != simplesaml_create_self_signed_cert_host
- name: Fix the self certificate key permissions
file: dest={{ simplesaml_cert_dir }}/key.pem owner={{ simplesaml_user }} mode=0400
when: not simplesaml_provide_an_external_cert | bool
tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_cert' ]
- block:
- name: Install the nginx virtualhosts
template: src=nginx-virthost.conf.j2 dest=/etc/nginx/sites-available/{{ item.virthost }} owner=root group=root mode=0444
with_items: '{{ phpfpm_pools }}'
notify: Reload nginx
- name: Enable the nginx virtualhosts
file: src=/etc/nginx/sites-available/{{ item.virthost }} dest=/etc/nginx/sites-enabled/{{ item.virthost }} state=link
with_items: '{{ phpfpm_pools }}'
notify: Reload nginx
- name: Create the nginx body temp directory
file: dest={{ nginx_client_body_temp_dir }} state=directory owner=www-data group=www-data mode=1700
when: nginx_client_body_temp_dir is defined
tags: [ 'simplesaml', 'simplesaml_php', 'nginx', 'virtualhost' ]