Merge branch 'master' of adellam/ansible-roles into master

2020-02-13 14:14:40 +01:00 · 2020-02-13 14:14:40 +01:00 · 3f63b264f4
parent d65a45ff34 47ce8bf05c
commit 3f63b264f4
7 changed files with 20 additions and 14 deletions
--- a/library/roles/simplesaml/defaults/main.yml
+++ b/library/roles/simplesaml/defaults/main.yml
@ -24,6 +24,11 @@ simplesaml_protectindexpage: 'true'
 simplesaml_protectmetadata: 'false'
 # ERR, WARNING, NOTICE, INFO, DEBUG
 simplesaml_loglevel: NOTICE
+simplesaml_debug_saml: 'false'
+simplesaml_debug_backtraces: 'true'
+simplesaml_debug_validatexml: 'false'
+simplesaml_php_show_errors: 'false'
+simplesaml_error_reporting: 'false'

 # Change this one when we are setting up a cluster of simplesaml servers
 simplesaml_create_self_signed_cert_host: '{{ ansible_fqdn }}'
--- a/library/roles/simplesaml/tasks/main.yml
+++ b/library/roles/simplesaml/tasks/main.yml
@ -63,19 +63,19 @@
    tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_config' ]

  - name: Install the simplesaml config files
-    template: src={{ item }}.php dest={{ simplesaml_install_dir }}/config/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640
+    template: src={{ item }}.php.j2 dest={{ simplesaml_install_dir }}/config/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640
    with_items:
      - config
      - authsources
    tags: [ 'simplesaml', 'simplesaml_php', 'simplesaml_config' ]

  - name: Install some metadata files
-    template: src={{ item }}.php dest={{ simplesaml_install_dir }}/metadata/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640
+    template: src={{ item }}.php.j2 dest={{ simplesaml_install_dir }}/metadata/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640
    with_items:
      - saml20-idp-hosted
  
  - name: Install some metadata files
-    template: src={{ item }}.php dest={{ simplesaml_install_dir }}/metadata/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640
+    template: src={{ item }}.php.j2 dest={{ simplesaml_install_dir }}/metadata/{{ item }}.php owner=root group={{ simplesaml_user }} mode=0640
    with_items:
      - saml20-sp-remote
    when: simplesaml_global_sp_remote_template
@ -109,7 +109,7 @@

 - block:
  - name: Install the nginx virtualhosts
-    template: src=nginx-virthost.conf dest=/etc/nginx/sites-available/{{ item.virthost }} owner=root group=root mode=0444
+    template: src=nginx-virthost.conf.j2 dest=/etc/nginx/sites-available/{{ item.virthost }} owner=root group=root mode=0444
    with_items: '{{ phpfpm_pools }}'
    notify: Reload nginx

--- a/library/roles/simplesaml/templates/authsources.php.j2
+++ b/library/roles/simplesaml/templates/authsources.php.j2
--- a/library/roles/simplesaml/templates/config.php.j2
+++ b/library/roles/simplesaml/templates/config.php.j2
@ -66,7 +66,7 @@ $config = [
     * root directory.
     */
 {% endraw %}
-     'certdir' => '{{ simplesaml_cert_dir }}',
+    'certdir' => '{{ simplesaml_cert_dir }}',
    'loggingdir' => '{{ simplesaml_log_dir }}',
    'datadir' => '{{ simplesaml_data_dir }}',
    'tempdir' => '{{ simplesaml_tmp_dir }}',
@ -96,8 +96,6 @@ $config = [
     */
    'timezone' => null,

-
-
    /**********************************
     | SECURITY CONFIGURATION OPTIONS |
     **********************************/
@ -231,10 +229,11 @@ $config = [
     * If you want to disable debugging completely, unset this option or set it to an
     * empty array.
     */
+{% endraw %}
    'debug' => [
-        'saml' => false,
-        'backtraces' => true,
-        'validatexml' => false,
+        'saml' => {{ simplesaml_debug_saml}},
+        'backtraces' => {{ simplesaml_debug_backtraces }},
+        'validatexml' => {{ simplesaml_debug_validatexml }},
    ],

    /*
@ -244,9 +243,9 @@ $config = [
     * When 'errorreporting' is enabled, a form will be presented for the user to report
     * the error to 'technicalcontact_email'.
     */
-    'showerrors' => true,
-    'errorreporting' => true,
-
+    'showerrors' => {{ simplesaml_php_show_errors }},
+    'errorreporting' => {{ simplesaml_error_reporting }},
+{% raw %}
    /*
     * Custom error show function called from SimpleSAML\Error\Error::show.
     * See docs/simplesamlphp-errorhandling.txt for function code example.
@ -730,7 +729,9 @@ $config = [
        'et', 'he', 'id', 'sr', 'lv', 'ro', 'eu', 'el', 'af', 'zu', 'xh',
    ],
    'language.rtl' => ['ar', 'dv', 'fa', 'ur', 'he'],
+{% endraw %}
    'language.default' => '{{ simplesaml_language_default }}',
+{% raw %}

    /*
     * Options to override the default settings for the language parameter
@ -1112,7 +1113,7 @@ $config = [
     * The hostname and port of the Redis datastore instance.
     */
 {% endraw %}
-     'store.redis.host' => '{{ simplesaml_redis_host }}',
+    'store.redis.host' => '{{ simplesaml_redis_host }}',
    'store.redis.port' => 6379,
 {% raw %}

--- a/library/roles/simplesaml/templates/nginx-virthost.conf.j2
+++ b/library/roles/simplesaml/templates/nginx-virthost.conf.j2
--- a/library/roles/simplesaml/templates/saml20-idp-hosted.php.j2
+++ b/library/roles/simplesaml/templates/saml20-idp-hosted.php.j2
--- a/library/roles/simplesaml/templates/saml20-sp-remote.php.j2
+++ b/library/roles/simplesaml/templates/saml20-sp-remote.php.j2