From 7d67c37b063ad1543e6e5eaf50487c304a979719 Mon Sep 17 00:00:00 2001
From: CVL-GitHub <jupiter.hu@monash.edu>
Date: Fri, 21 Aug 2015 12:55:17 +1000
Subject: [PATCH] fixed build error

---
 roles/extra_rpms/tasks/main.yml                |  6 ------
 roles/karaage3.1.17/tasks/main.yml             |  9 +++++++--
 roles/karaage3.1.17/templates/default-ssl.j2   | 14 ++++----------
 roles/karaage3.1.17/vars/readme.txt            |  1 +
 roles/package_update/tasks/main.yml            | 13 +++++++++++++
 roles/shibboleth-sp/tasks/shibbolethConfig.yml |  4 ++--
 6 files changed, 27 insertions(+), 20 deletions(-)
 create mode 100644 roles/package_update/tasks/main.yml

diff --git a/roles/extra_rpms/tasks/main.yml b/roles/extra_rpms/tasks/main.yml
index 1075221..8dcf07d 100644
--- a/roles/extra_rpms/tasks/main.yml
+++ b/roles/extra_rpms/tasks/main.yml
@@ -1,10 +1,4 @@
 ---
-
-- name: "update cache"
-  shell: yum update -y
-  sudo: true
-  when: ansible_os_family == 'RedHat'
-
 - name: "Install extra packages"
   yum: "name={{ item }} state=latest"
   with_items:
diff --git a/roles/karaage3.1.17/tasks/main.yml b/roles/karaage3.1.17/tasks/main.yml
index 97bee76..555217c 100644
--- a/roles/karaage3.1.17/tasks/main.yml
+++ b/roles/karaage3.1.17/tasks/main.yml
@@ -1,13 +1,18 @@
 ---
  - name: "Copying the apache key file"
-   template: src="files/{{ apache_key_file }}" dest="{{ x509_key_file }}" mode=0644
+   template: src="files/{{ apache_key_file }}" dest="/etc/ssl/private/{{ apache_key_file }}" mode=0600 owner=www-data group=www-data
    sudo: true
    when: apache_key_file is defined
  
  - name: "Copying the apache cert file"
-   template: src="files/{{ apache_cert_file }}" dest="{{ x509_cert_file }}" mode=0644
+   template: src="files/{{ apache_cert_file }}" dest="/etc/ssl/certs/{{ apache_cert_file }}" mode=0644 owner=www-data group=www-data
    sudo: true
    when: apache_cert_file is defined
+ 
+ - name: "Copying the apache cert chain file"
+   template: src="files/{{ apache_chain_file }}" dest="/etc/ssl/certs/{{ apache_chain_file }}" mode=0644 owner=www-data group=www-data
+   sudo: true
+   when: apache_chain_file is defined
 
  - include: prerequisitesDebian.yml
    when: ansible_os_family == "Debian"
diff --git a/roles/karaage3.1.17/templates/default-ssl.j2 b/roles/karaage3.1.17/templates/default-ssl.j2
index 6462e0a..761a487 100644
--- a/roles/karaage3.1.17/templates/default-ssl.j2
+++ b/roles/karaage3.1.17/templates/default-ssl.j2
@@ -42,15 +42,16 @@
 	#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
 	#   If both key and certificate are stored in the same file, only the
 	#   SSLCertificateFile directive is needed.
-	SSLCertificateFile    {{ x509_cert_file }}
-	SSLCertificateKeyFile {{ x509_key_file }} 
+	SSLCertificateFile    /etc/ssl/certs/{{ apache_cert_file }}
+	SSLCertificateKeyFile /etc/ssl/private/{{ apache_key_file }} 
+
 	#   Server Certificate Chain:
 	#   Point SSLCertificateChainFile at a file containing the
 	#   concatenation of PEM encoded CA certificates which form the
 	#   certificate chain for the server certificate. Alternatively
 	#   when the CA certificates are directly appended to the server
 	#   certificate for convinience.
-	#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+	SSLCertificateChainFile /etc/ssl/certs/{{ apache_chain_file }} 
 
 	#   Certificate Authority (CA):
 	#   Set the CA certificate verification path where to find CA
@@ -59,13 +60,6 @@
 	#   Note: Inside SSLCACertificatePath you need hash symlinks
 	#         to point to the certificate files. Use the provided
 	#         Makefile to update the hash symlinks after changes.
-    {% if ldapCaCertFile is defined and ldapCaCertDir is defined %}
-    SSLCACertificatePath {{ ldapCaCertDir }} 
-    SSLCACertificateFile {{ ldapCaCertDir }}/{{ ldapCaCertFile }}
-    {% else %}
-    SSLCACertificatePath /etc/ssl/certs/
-    SSLCACertificateFile {{ x509_cacert_file }}
-    {% endif %}
 
 	#   Certificate Revocation Lists (CRL):
 	#   Set the CA revocation path where to find CA CRLs for client
diff --git a/roles/karaage3.1.17/vars/readme.txt b/roles/karaage3.1.17/vars/readme.txt
index ab2fcb0..d12bb5a 100644
--- a/roles/karaage3.1.17/vars/readme.txt
+++ b/roles/karaage3.1.17/vars/readme.txt
@@ -1,4 +1,5 @@
 
 apache_cert_file: "{{ inventory_hostname }}.{{ domain }}.crt"
 apache_key_file: "{{ inventory_hostname }}.{{ domain }}.key"
+apache_chain_file: "merc_hpc_apache_chain.pem"
 
diff --git a/roles/package_update/tasks/main.yml b/roles/package_update/tasks/main.yml
new file mode 100644
index 0000000..acbd63e
--- /dev/null
+++ b/roles/package_update/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+
+- name: "update cache centos"
+  shell: yum update -y
+  sudo: true
+  when: ansible_os_family == 'RedHat'
+
+- name: "update cache debian"
+  shell: apt-get update -y
+  sudo: true
+  when: ansible_os_family == 'Debian'
+
+
diff --git a/roles/shibboleth-sp/tasks/shibbolethConfig.yml b/roles/shibboleth-sp/tasks/shibbolethConfig.yml
index 14b57c9..1756ff5 100644
--- a/roles/shibboleth-sp/tasks/shibbolethConfig.yml
+++ b/roles/shibboleth-sp/tasks/shibbolethConfig.yml
@@ -101,7 +101,7 @@
   file: path=/etc/shibboleth/private, state=directory, mode=700, owner=_shibd
   sudo: true
 
-- name: copy shib key:
+- name: copy shib key
   sudo: true
   copy: src=files/{{ shib_key }} dest=/etc/shibboleth/private/{{ shib_key }} owner=_shibd, mode=600
 
@@ -109,7 +109,7 @@
   file: path=/etc/shibboleth/certs, state=directory, mode=755, owner=_shibd
   sudo: true
 
-- name: copy shib cert:
+- name: copy shib cert
   sudo: true
   copy: src=files/{{ shib_cert }} dest=/etc/shibboleth/certs/{{ shib_cert }} owner=_shibd, mode=644
 
-- 
GitLab