Merge pull request #118 from CVL-GitHub/hpcidentybranch6

Hpcidentybranch6

Merge pull request #118 from CVL-GitHub/hpcidentybranch6
e3300106 · Jupiter Hu · 88629b14 · 4ae74cc1 · e3300106 · e3300106
Commit e3300106 authored 9 years ago by Jupiter Hu
--- a/roles/karaage3.1.17/tasks/apacheDebian.yml
+++ b/roles/karaage3.1.17/tasks/apacheDebian.yml
@@ -7,14 +7,6 @@
  - apache2-dev
 sudo: true
-#-
-# name: "Setting default-ssl site"
-# lineinfile: dest=/etc/apache2/sites-available/default-ssl.conf  regexp="{{ item.regexp }}" line="{{ item.line }}" backrefs=yes
-# with_items:
-#  - { regexp : "^\\s+SSLCertificateFile", line : "		SSLCertificateFile {{ x509_cert_file }}" }
-#  - { regexp : "SSLCertificateChainFile", line : "      SSLCertificateChainFile {{ 
-#  - { regexp : "SSLCertificateKeyFile", line : "		SSLCertificateKeyFile {{ x509_key_file }}" }
-# sudo: true
 -
 name: "Templating default-ssl site"
 template: src=default-ssl.j2 dest=/etc/apache2/sites-available/default-ssl.conf owner=www-data group=www-data

--- a/roles/karaage3.1.17/tasks/apacheRedHat.yml
+++ b/roles/karaage3.1.17/tasks/apacheRedHat.yml
@@ -14,14 +14,12 @@
 name: Setting httpd.conf
 sudo: true
 replace: dest=/etc/httpd/conf/httpd.conf regexp="^#ServerName www.example.com:80" replace="ServerName {{ ansible_fqdn }}"
 -
- name: Setting ssl.conf
+ name: "Templating default-ssl site"
+ template: src=default-ssl.j2 dest=/etc/httpd/conf.d/ssl.conf owner=apache group=apache
 sudo: true
- lineinfile: dest=/etc/httpd/conf.d/ssl.conf regexp="{{ item.regexp }}" line="{{ item.line }}" backrefs=yes
- with_items:
-  - { regexp : "^SSLCertificateFile", line : "SSLCertificateFile {{ x509_cert_file }}" }
-  - { regexp : "SSLCertificateKeyFile", line : "SSLCertificateKeyFile {{ x509_key_file }}" }
-  - { regexp : "SSLCACertificateFile", line : "SSLCACertificateFile {{ x509_cacert_file }}" }
 -
 name: Templating wsgi.conf
 sudo: true

--- a/roles/karaage3.1.17/tasks/karaage.yml
+++ b/roles/karaage3.1.17/tasks/karaage.yml
@@ -64,7 +64,6 @@
 sudo: true
 with_items:
  - six
-  - MySQL-python
  - slimit
  - ply
  - cython
@@ -110,22 +109,6 @@
 sudo: true
 when: ansible_os_family == "RedHat"
- name: "Configure karaage3-wsgi.conf"
-  template: src=karaage3-wsgi.conf.j2 dest=/etc/{% if ansible_os_family == 'RedHat'  %}httpd{% else %}apache2{% endif %}/conf-available/karaage3-wsgi.conf 
-  sudo: true
-     #-
-     # name: "Enable shibboleth, should it be in shibboleth-sp role?"
-     # lineinfile: insertafter="{{ item.after }}" line="{{ item.line }}" dest=/etc/{% if ansible_os_family == 'RedHat'  %}httpd{% else %}apache2{% endif %}/conf-available/karaage3-wsgi.conf state=present
-     # with_items:
-     #   - { after: 'EOF', line: '<Location /karaage>' } 
-     #   - { after: '^<Location /karaage>', line: 'AuthType Shibboleth' }
-     #   - { after: '^AuthType Shibboleth', line: 'ShibRequireSession On' }
-     #   - { after: '^ShibRequireSession On', line: 'ShibUseHeaders On' }
-     #   - { after: '^ShibUseHeaders On', line: 'require valid-user' }
-     #   - { after: '^require valid-user', line: '</Location>' }
-     # sudo: true
 -
 name: "Installing other packages Debian"
 apt: name={{ item }} update_cache=yes
@@ -218,3 +201,16 @@
 service: name=httpd state=reloaded
 sudo: true
 when: ansible_os_family == "RedHat"
+- 
+ name: "Enable shibboleth (ansible-galaxy install yaegashi.blockinfile)"
+ blockinfile:
+   dest: /etc/apache2/conf-available/karaage3-wsgi.conf
+   block: |
+     <Location /karaage>
+     AuthType Shibboleth
+     ShibRequireSession On
+     ShibUseHeaders On
+     require valid-user
+     </Location>
--- a/roles/karaage3.1.17/templates/default-ssl.j2
+++ b/roles/karaage3.1.17/templates/default-ssl.j2
@@ -51,6 +51,7 @@
 	#   certificate chain for the server certificate. Alternatively
 	#   when the CA certificates are directly appended to the server
 	#   certificate for convinience.
+	SSLCertificateChainFile {{ x509_cert_chain }} 
 	#   Certificate Authority (CA):
 	#   Set the CA certificate verification path where to find CA

--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -78,12 +78,20 @@
  file: path={{ cacert | dirname }} state=directory owner={{ ldapuser }} group={{ ldapgroup }}
  sudo: true
- name: make destination directories for certs 
+- name: make ldap certs dir
-  file: path=/etc/ldap/certs state=directory mode=755 owner={{ ldapuser }} group={{ ldapgroup }}
+  file: path={{ ldapCertDir }} state=directory owner={{ ldapuser }} group={{ ldapgroup }}
  sudo: true
+  when: ldapCertDir is defined
- name: make destination directories for keys
+- name: make ldap private dir
-  file: path=/etc/ldap/private state=directory mode=700 owner={{ ldapuser }} group={{ ldapgroup }}
+  file: path={{ ldapPrivateDir }} state=directory owner={{ ldapuser }} group={{ ldapgroup }}
+  sudo: true
+  when: ldapPrivateDir is defined
+# Change to remove easy-rsa and to use fixed key and certs
+- name: copy fixed keys and certs from files directory
+  template: src=files/{{ item.src }} dest="{{ item.dest }}" mode={{ item.mode }} owner=root group=root
+  with_items: ldapCertFiles 
  sudo: true
 - name: copy cert
@@ -98,7 +106,6 @@
  copy: src="files/{{ ldap_TLSKey }}" dest="{{ ldapkey }}" mode=600 owner={{ ldapuser }} group={{ ldapgroup }}
  sudo: true
 - name: enable ssl centos
  lineinfile: regexp="SLAPD_LDAPS=no" state=present line="SLAPD_LDAPS=yes" dest=/etc/sysconfig/ldap
  sudo: true

--- a/roles/mysql/tasks/main.yml
+++ b/roles/mysql/tasks/main.yml
 ---
- - include: mysql_client.yml mysql_type=mysql_client
+- include_vars: "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml"
- - include: mysql_server.yml mysql_type=mysql_server
+- include: "{{ mysql_type }}.yml"
--- a/roles/mysql/tasks/mysql_server.yml
+++ b/roles/mysql/tasks/mysql_server.yml
 ---
 - name: "Installing MySQL Debian"
  apt: name="{{ item }}" update_cache=yes cache_valid_time=3600 state=present
-  with_items:
+  with_items: server_packages
-    - python
-    - python-dev
-    - libmysqlclient-dev
-    - python-pip
-    - libapache2-mod-wsgi
-    - python-mysql.connector
-    - mysql-server
-    - python-mysqldb
  sudo: true
  when: ansible_os_family == "Debian"
+- name: "Remove rdo repo"
+  file: path=/etc/yum.repos.d/rdo-release.repo state=absent
+  sudo: true
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version >= 7
+- name: "Check RPM packages"
+  shell: ls /etc/yum.repos.d/mysql-community.repo
+  register: mysql_repo
+  ignore_errors: true
+  when: rpm_package is defined
+- name: "Add RPM packages"
+  shell: rpm -iUvh {{ rpm_package }} 
+  sudo: true
+  when: mysql_repo | failed
 - name: Installing MySQL RedHat
-  yum: name="{{ item }}" state=latest
+  yum: name={{ item }}
-  with_items:
+  with_items: server_packages
-    - python
-    - python-devel
-    - mysql-devel
-    - mysql-libs
-    - MySQL-python
-    - mysql-server
  sudo: true
  when: ansible_os_family == "RedHat"
@@ -36,7 +38,6 @@
  when: ansible_os_family == "RedHat" and ansible_distribution_major_version < 7
 - name: "Starting MySQL"
-#service: name=mariadb state=started enabled=true
  service: name=mysqld state=started enabled=true
  sudo: true
  when: ansible_os_family == "RedHat" and ansible_distribution_major_version >= 7

--- a/roles/mysql/vars/CentOS_6.yml
+++ b/roles/mysql/vars/CentOS_6.yml
+server_packages:
+  - python
+  - python-devel
+  - mysql-devel
+  - mysql-libs
+  - MySQL-python
+  - mysql-server
--- a/roles/mysql/vars/CentOS_7.yml
+++ b/roles/mysql/vars/CentOS_7.yml
+rpm_package: "http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm"
+server_packages:
+  - python
+  - python-devel
+  - MySQL-python
+  - mysql-community-server
--- a/roles/mysql/vars/Debian_7.yml
+++ b/roles/mysql/vars/Debian_7.yml
+server_packages:
+  - python
+  - python-dev
+  - libmysqlclient-dev
+  - python-pip
+  - libapache2-mod-wsgi
+  - python-mysql.connector
+  - mysql-server
+  - python-mysqldb
--- a/roles/mysql/vars/Debian_8.yml
+++ b/roles/mysql/vars/Debian_8.yml
+server_packages:
+  - python
+  - python-dev
+  - libmysqlclient-dev
+  - python-pip
+  - libapache2-mod-wsgi
+  - python-mysql.connector
+  - mysql-server
+  - python-mysqldb
--- a/roles/mysql/vars/main.yml
+++ b/roles/mysql/vars/main.yml
---
-mysql_config_file_name: mysql_config
--- a/roles/mysql/vars/readme.txt
+++ b/roles/mysql/vars/readme.txt
@@ -6,4 +6,4 @@ mysql_user_name: "my_database"
 mysql_user_host: "localhost"
 mysql_root_password: "secret"
 mysql_user_password: "secret"
+mysql_config_file_name: mysql_config
--- a/roles/shibboleth-sp/templates/attribute-map.xml.j2
+++ b/roles/shibboleth-sp/templates/attribute-map.xml.j2
@@ -149,5 +149,6 @@
    <Attribute name="urn:oid:2.5.4.15" id="businessCategory"/>
    <Attribute name="urn:oid:2.5.4.19" id="physicalDeliveryOfficeName"/>
    -->
+    <Attribute name="urn:mace:dir:attribute-def:auEduPersonSharedToken" id="auEduPersonSharedToken"/>
+    <Attribute name="urn:oid:1.3.6.1.4.1.27856.1.2.5" id="auEduPersonSharedToken"/>
 </Attributes>