fix conflict

057e1843 · Chris Hines · bce5a23f · c8ae66e1 · 057e1843 · 057e1843
Commit 057e1843 authored 9 years ago by Chris Hines
--- a/roles/easy-rsa-common/defaults/readme.txt
+++ b/roles/easy-rsa-common/defaults/readme.txt
@@ -5,4 +5,4 @@ cityName: "Melbourne"
 organizationName: "Monash University"
 emailAddress: "default@default.org"
 organizationUnit: "defaultUnit"
-
+keySize: "512"
--- a/roles/karaage3.1.17/tasks/apacheDebian.yml
+++ b/roles/karaage3.1.17/tasks/apacheDebian.yml
@@ -6,9 +6,7 @@
  - apache2
  - apache2-dev
 sudo: true
-
- name: "Setting default site"
- lineinfile: dest=/etc/apache2/sites-available/000-default.conf regexp="#ServerName" line="ServerName {{ ansible_nodename }}" backrefs=yes
+
 -
 name: "Setting default-ssl site"
 lineinfile: dest=/etc/apache2/sites-available/default-ssl.conf  regexp="{{ item.regexp }}" line="{{ item.line }}" backrefs=yes
@@ -16,6 +14,7 @@
  - { regexp : "^\\s+SSLCertificateFile", line : "		SSLCertificateFile {{ x509_cert_file }}" }
  - { regexp : "SSLCertificateKeyFile", line : "		SSLCertificateKeyFile {{ x509_key_file }}" }
  - { regexp : "SSLCACertificateFile", line : "		SSLCACertificateFile {{ x509_cacert_file }}" }
+ sudo: true
 -
 name: "Templating default-ssl site"
 template: src=default-ssl.j2 dest=/etc/apache2/sites-available/default-ssl.conf owner=www-data group=www-data
@@ -24,11 +23,7 @@
 name: "Templating default site"
 template: src=default.j2 dest=/etc/apache2/sites-available/000-default.conf owner=www-data group=www-data
 sudo: true
-
- name: "Templating ssl configuration"
- template: src=ssl.conf.j2 dest=/etc/apache2/mods-available/ssl.conf owner=www-data group=www-data
- sudo: true
- notify: restart apache2
+
 -
 name: "Enable ssl module"
 apache2_module: state=present name=ssl
@@ -38,6 +33,7 @@
 name: "Enable default-ssl site"
 shell: a2ensite default-ssl
 sudo: true
+ notify: restart apache2

 -
 name: "Starting Apache2"

--- a/roles/karaage3.1.17/tasks/karaage.yml
+++ b/roles/karaage3.1.17/tasks/karaage.yml
@@ -135,7 +135,7 @@
    - karaage-cluster-tools
 -
 name: "Set Secret Key"
- lineinfile: dest=/etc/karaage3/settings.py regexp="SECRET_KEY = ''" line="SECRET_KEY = 'imkaraage'" state=present
+ lineinfile: dest=/etc/karaage3/settings.py regexp="SECRET_KEY = ''" line="SECRET_KEY = '{{ karaageSecretKey }}'" state=present
 sudo: true

 -

--- a/roles/karaage3.1.17/templates/settings.py.j2
+++ b/roles/karaage3.1.17/templates/settings.py.j2
@@ -79,8 +79,8 @@ ADMINS = (
 MANAGERS = ADMINS

 {% if defaultProject is defined and defaultMachineCategory is defined %}
-DEFAULT_PROJECT_PID = {{ defaultProject }}
-DEFAULT_MACHINE_CATEGORY_NAME = {{ defaultMachineCategory }}
+DEFAULT_PROJECT_PID = "{{ defaultProject }}"
+DEFAULT_MACHINE_CATEGORY_NAME = "{{ defaultMachineCategory }}"
 {% endif %}

 # A dictionary containing the settings for all databases to be used with
@@ -270,7 +270,7 @@ LOGGING = {
 ACCOUNTS_EMAIL = '{{ karaageAdminEmail }}'

 # This organisation name, used in outgoing emails.
-ACCOUNTS_ORG_NAME = 'Example'
+ACCOUNTS_ORG_NAME = '{{ karaageAcountName }}' 

 # Registration base URL - Used in email templates
 # Uncomment to override default

--- a/roles/karaage3.1.17/templates/ssl.conf.j2
+++ b/roles/karaage3.1.17/templates/ssl.conf.j2
@@ -75,7 +75,7 @@ SSLCryptoDevice builtin

 # General setup for the virtual host, inherited from global configuration
 #DocumentRoot "/var/www/html"
-#ServerName www.example.com:443
+ServerName {{ ansible_nodename }}.{{ ansible_domain }}:443

 # Use separate log files for the SSL virtual host; note that LogLevel
 # is not inherited from httpd.conf.

--- a/roles/karaage3.1.17/vars/main.yml
+++ b/roles/karaage3.1.17/vars/main.yml
 ---
 apache_user: "{% if ansible_os_family == 'RedHat'  %}apache{% else %}www-data{% endif %}"
+ karaageSecretKey: "imkaraage"
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -98,6 +98,11 @@
  sudo: true
  when: ansible_os_family == 'RedHat' and ansible_distribution_major_version < '7'

+- name: enable ssl centos 7
+  lineinfile: regexp="^SLAPD_URLS=" state=present line="SLAPD_URLS='ldaps:/// ldapi:/// ldap:///'" dest=/etc/sysconfig/slapd
+  sudo: true
+  when: ansible_os_family == 'RedHat' and ansible_distribution_major_version >= '7'
+
 - name: start ldap
  service: name=slapd state=restarted
  sudo: true

--- a/roles/mysql/templates/mysql.cnf.j2
+++ b/roles/mysql/templates/mysql.cnf.j2
@@ -2,6 +2,8 @@
 character_set_server=utf8
 default-storage-engine = innodb
 sql_mode = STRICT_ALL_TABLES
+log_warnings = 2
+log_error = /var/log/mysql/error.log

 [client]
 default-character-set = utf8
--- a/roles/shibboleth-sp/handlers/main.yml
+++ b/roles/shibboleth-sp/handlers/main.yml
+---
+- name: "Restarting Apache"  
+  service: name=apache2 state=restarted
+  sudo: true
+
+- name: "Restarting shibboleth"  
+  service: name=shibd state=restarted
+  sudo: true
+
--- a/roles/shibboleth-sp/tasks/shibbolethConfig.yml
+++ b/roles/shibboleth-sp/tasks/shibbolethConfig.yml
@@ -2,11 +2,13 @@
 -
 name: "Copying the metadata.aaf.xml and aaf-metadata-cert.pem"
 template: src="{{ item }}.j2" dest="/etc/shibboleth/{{ item }}" mode=0644
+ sudo: true
 with_items:
  - metadata.aaf.xml
  - aaf-metadata-cert.pem
 - 
  name: "Setting shibboleth2.xml sp.example.org"
+  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
@@ -17,6 +19,7 @@
  
 - 
  name: "Setting shibboleth2.xml handlerSSL"
+  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
@@ -26,6 +29,7 @@

 - 
  name: "Setting shibboleth2.xml supportContact"
+  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
@@ -35,6 +39,7 @@

 - 
  name: "Enabling MetadataProvider"
+  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
@@ -43,6 +48,7 @@
   
 - 
  name: "Enabling MetadataProvider"
+  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
@@ -50,6 +56,7 @@
   replace: '</MetadataProvider>'
 - 
  name: "Setting shibboleth2.xml Federation URI"
+  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
@@ -58,6 +65,7 @@
   
 - 
  name: "Setting shibboleth2.xml backingFilePath"
+  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
@@ -66,6 +74,7 @@
   
 - 
  name: "Setting shibboleth2.xml aaf Certificate"
+  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
@@ -74,6 +83,7 @@
   
 - 
  name: "Setting shibboleth2.xml AAF Discovery URL"
+  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
@@ -82,6 +92,7 @@
   
 - 
  name: "Setting shibboleth2.xml Credential Resolver"
+  sudo: true
  replace: 
  args:
   dest: /etc/shibboleth/shibboleth2.xml 
@@ -90,20 +101,26 @@

 -
 name: "Templating attribute-map.xml"
+ sudo: true
 template:
 args:
   src: attribute-map.xml.j2
   dest: /etc/shibboleth/attribute-map.xml
+ notify:
+   - Restarting Apache
+   - Restarting shibboleth
 -
- name: "Restarting Apache"
+ name: "Starting Apache"
+ sudo: true
 service:
 args:
  name: apache2
-  state: restarted
+  state: started

 -
- name: "Restarting shibboleth"
+ name: "Starting shibboleth"
+ sudo: true
 service:
 args:
  name: shibd
-  state: restarted
+  state: started
--- a/roles/shibboleth-sp/tasks/shibbolethPrerequisites.yml
+++ b/roles/shibboleth-sp/tasks/shibbolethPrerequisites.yml
 ---
 -
 name: Install base packages - Debian
+ sudo: true
 apt: name={{ item }} state=present
 with_items:
  - shibboleth-sp2-schemas 

--- a/templates/easy-rsa/vars.j2
+++ b/templates/easy-rsa/vars.j2
@@ -50,7 +50,7 @@ export PKCS11_PIN="dummy"
 # down TLS negotiation performance
 # as well as the one-time DH parms
 # generation process.
-export KEY_SIZE=512
+export KEY_SIZE={{ keySize }}

 # In how many days should the root CA key expire?
 export CA_EXPIRE=3650