From ebd3cf13086f3e9104e77336088225f37c22997f Mon Sep 17 00:00:00 2001
From: CVL-GitHub <jupiter.hu@monash.edu>
Date: Mon, 3 Aug 2015 16:30:34 +1000
Subject: [PATCH] (1) ssl.conf boken debian 8, removed; (2) fixed ldapserver
https for centos 7
---
roles/karaage3.1.17/tasks/apacheDebian.yml | 12 +++------
roles/karaage3.1.17/tasks/karaage.yml | 5 ----
roles/karaage3.1.17/templates/settings.py.j2 | 11 +++++---
roles/karaage3.1.17/templates/ssl.conf.j2 | 2 +-
roles/ldapserver/tasks/main.yml | 5 ++++
roles/mysql/tasks/mysql_server.yml | 12 ++++++++-
roles/mysql/templates/mysql.cnf.j2 | 2 ++
roles/shibboleth-sp/handlers/main.yml | 9 +++++++
.../shibboleth-sp/tasks/shibbolethConfig.yml | 25 ++++++++++++++++---
.../tasks/shibbolethPrerequisites.yml | 1 +
10 files changed, 62 insertions(+), 22 deletions(-)
create mode 100644 roles/shibboleth-sp/handlers/main.yml
diff --git a/roles/karaage3.1.17/tasks/apacheDebian.yml b/roles/karaage3.1.17/tasks/apacheDebian.yml
index f47cad3d..2ee1fdbb 100644
--- a/roles/karaage3.1.17/tasks/apacheDebian.yml
+++ b/roles/karaage3.1.17/tasks/apacheDebian.yml
@@ -6,9 +6,7 @@
- apache2
- apache2-dev
sudo: true
--
- name: "Setting default site"
- lineinfile: dest=/etc/apache2/sites-available/000-default.conf regexp="#ServerName" line="ServerName {{ ansible_nodename }}" backrefs=yes
+
-
name: "Setting default-ssl site"
lineinfile: dest=/etc/apache2/sites-available/default-ssl.conf regexp="{{ item.regexp }}" line="{{ item.line }}" backrefs=yes
@@ -16,6 +14,7 @@
- { regexp : "^\\s+SSLCertificateFile", line : " SSLCertificateFile {{ x509_cert_file }}" }
- { regexp : "SSLCertificateKeyFile", line : " SSLCertificateKeyFile {{ x509_key_file }}" }
- { regexp : "SSLCACertificateFile", line : " SSLCACertificateFile {{ x509_cacert_file }}" }
+ sudo: true
-
name: "Templating default-ssl site"
template: src=default-ssl.j2 dest=/etc/apache2/sites-available/default-ssl.conf owner=www-data group=www-data
@@ -24,11 +23,7 @@
name: "Templating default site"
template: src=default.j2 dest=/etc/apache2/sites-available/000-default.conf owner=www-data group=www-data
sudo: true
--
- name: "Templating ssl configuration"
- template: src=ssl.conf.j2 dest=/etc/apache2/mods-available/ssl.conf owner=www-data group=www-data
- sudo: true
- notify: restart apache2
+
-
name: "Enable ssl module"
apache2_module: state=present name=ssl
@@ -38,6 +33,7 @@
name: "Enable default-ssl site"
shell: a2ensite default-ssl
sudo: true
+ notify: restart apache2
-
name: "Starting Apache2"
diff --git a/roles/karaage3.1.17/tasks/karaage.yml b/roles/karaage3.1.17/tasks/karaage.yml
index cc847b80..49c3578f 100644
--- a/roles/karaage3.1.17/tasks/karaage.yml
+++ b/roles/karaage3.1.17/tasks/karaage.yml
@@ -133,11 +133,6 @@
- karaage-software
- karaage-usage
- karaage-cluster-tools
--
- name: "Set Secret Key"
- lineinfile: dest=/etc/karaage3/settings.py regexp="SECRET_KEY = ''" line="SECRET_KEY = 'imkaraage'" state=present
- sudo: true
-
-
# TODO: Fix it
name: "Check DB tables has been created or not"
diff --git a/roles/karaage3.1.17/templates/settings.py.j2 b/roles/karaage3.1.17/templates/settings.py.j2
index 9d05b119..752d980b 100644
--- a/roles/karaage3.1.17/templates/settings.py.j2
+++ b/roles/karaage3.1.17/templates/settings.py.j2
@@ -79,8 +79,8 @@ ADMINS = (
MANAGERS = ADMINS
{% if defaultProject is defined and defaultMachineCategory is defined %}
-DEFAULT_PROJECT_PID = {{ defaultProject }}
-DEFAULT_MACHINE_CATEGORY_NAME = {{ defaultMachineCategory }}
+DEFAULT_PROJECT_PID = "{{ defaultProject }}"
+DEFAULT_MACHINE_CATEGORY_NAME = "{{ defaultMachineCategory }}"
{% endif %}
# A dictionary containing the settings for all databases to be used with
@@ -168,7 +168,12 @@ LANGUAGE_CODE = 'en-au'
# A secret key for a particular Django installation. This is used to provide
# cryptographic signing, and should be set to a unique, unpredictable value.
-SECRET_KEY = ''
+{% if karaageSecretKey is defined %}
+SECRET_KEY = '{{ karaageSecretKey }}'
+{% else %}
+SECRET_KEY = 'default_ZT8VsL5CoURmUbui2hDrmEK0AwPvtR5h'
+{% endif %}
+
# A data structure containing configuration information. The contents of this
# data structure will be passed as the argument to the configuration method
diff --git a/roles/karaage3.1.17/templates/ssl.conf.j2 b/roles/karaage3.1.17/templates/ssl.conf.j2
index b9af9099..1b2e1339 100644
--- a/roles/karaage3.1.17/templates/ssl.conf.j2
+++ b/roles/karaage3.1.17/templates/ssl.conf.j2
@@ -75,7 +75,7 @@ SSLCryptoDevice builtin
# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
-#ServerName www.example.com:443
+ServerName {{ ansible_nodename }}.{{ ansible_domain }}:443
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
diff --git a/roles/ldapserver/tasks/main.yml b/roles/ldapserver/tasks/main.yml
index 356eeef7..437211fa 100644
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -98,6 +98,11 @@
sudo: true
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version < '7'
+- name: enable ssl centos 7
+ lineinfile: regexp="^SLAPD_URLS=" state=present line="SLAPD_URLS='ldaps:/// ldapi:/// ldap:///'" dest=/etc/sysconfig/slapd
+ sudo: true
+ when: ansible_os_family == 'RedHat' and ansible_distribution_major_version >= '7'
+
- name: start ldap
service: name=slapd state=restarted
sudo: true
diff --git a/roles/mysql/tasks/mysql_server.yml b/roles/mysql/tasks/mysql_server.yml
index 5fb1ce2e..a226cd72 100644
--- a/roles/mysql/tasks/mysql_server.yml
+++ b/roles/mysql/tasks/mysql_server.yml
@@ -61,8 +61,18 @@
sudo: true
when: ansible_os_family == "RedHat"
+- name: "Add my.cnf security"
+ lineinfile: dest=/etc/my.cnf line="{{ item }}" insertafter="symbolic-links=0"
+ with_items:
+ - 'log_warnings = 2'
+ - 'log_error = /var/log/mysql/error.log'
+ sudo: true
+ notify: Restart MySQL
+ when: ansible_os_family == "RedHat"
+
+
- name: "Editing my.cnf"
- lineinfile: dest=/etc/my.cnf line="{{ item }}"
+ lineinfile: dest=/etc/my.cnf line="{{ item }}"
with_items:
- '[client]'
- 'default-character-set = utf8'
diff --git a/roles/mysql/templates/mysql.cnf.j2 b/roles/mysql/templates/mysql.cnf.j2
index f32a6e4e..bcfe4d87 100644
--- a/roles/mysql/templates/mysql.cnf.j2
+++ b/roles/mysql/templates/mysql.cnf.j2
@@ -2,6 +2,8 @@
character_set_server=utf8
default-storage-engine = innodb
sql_mode = STRICT_ALL_TABLES
+log_warnings = 2
+log_error = /var/log/mysql/error.log
[client]
default-character-set = utf8
diff --git a/roles/shibboleth-sp/handlers/main.yml b/roles/shibboleth-sp/handlers/main.yml
new file mode 100644
index 00000000..0f9ae520
--- /dev/null
+++ b/roles/shibboleth-sp/handlers/main.yml
@@ -0,0 +1,9 @@
+---
+- name: "Restarting Apache"
+ service: name=apache2 state=restarted
+ sudo: true
+
+- name: "Restarting shibboleth"
+ service: name=shibd state=restarted
+ sudo: true
+
diff --git a/roles/shibboleth-sp/tasks/shibbolethConfig.yml b/roles/shibboleth-sp/tasks/shibbolethConfig.yml
index 0d7f23aa..9f6baf16 100644
--- a/roles/shibboleth-sp/tasks/shibbolethConfig.yml
+++ b/roles/shibboleth-sp/tasks/shibbolethConfig.yml
@@ -2,11 +2,13 @@
-
name: "Copying the metadata.aaf.xml and aaf-metadata-cert.pem"
template: src="{{ item }}.j2" dest="/etc/shibboleth/{{ item }}" mode=0644
+ sudo: true
with_items:
- metadata.aaf.xml
- aaf-metadata-cert.pem
-
name: "Setting shibboleth2.xml sp.example.org"
+ sudo: true
replace:
args:
dest: /etc/shibboleth/shibboleth2.xml
@@ -17,6 +19,7 @@
-
name: "Setting shibboleth2.xml handlerSSL"
+ sudo: true
replace:
args:
dest: /etc/shibboleth/shibboleth2.xml
@@ -26,6 +29,7 @@
-
name: "Setting shibboleth2.xml supportContact"
+ sudo: true
replace:
args:
dest: /etc/shibboleth/shibboleth2.xml
@@ -35,6 +39,7 @@
-
name: "Enabling MetadataProvider"
+ sudo: true
replace:
args:
dest: /etc/shibboleth/shibboleth2.xml
@@ -43,6 +48,7 @@
-
name: "Enabling MetadataProvider"
+ sudo: true
replace:
args:
dest: /etc/shibboleth/shibboleth2.xml
@@ -50,6 +56,7 @@
replace: '</MetadataProvider>'
-
name: "Setting shibboleth2.xml Federation URI"
+ sudo: true
replace:
args:
dest: /etc/shibboleth/shibboleth2.xml
@@ -58,6 +65,7 @@
-
name: "Setting shibboleth2.xml backingFilePath"
+ sudo: true
replace:
args:
dest: /etc/shibboleth/shibboleth2.xml
@@ -66,6 +74,7 @@
-
name: "Setting shibboleth2.xml aaf Certificate"
+ sudo: true
replace:
args:
dest: /etc/shibboleth/shibboleth2.xml
@@ -74,6 +83,7 @@
-
name: "Setting shibboleth2.xml AAF Discovery URL"
+ sudo: true
replace:
args:
dest: /etc/shibboleth/shibboleth2.xml
@@ -82,6 +92,7 @@
-
name: "Setting shibboleth2.xml Credential Resolver"
+ sudo: true
replace:
args:
dest: /etc/shibboleth/shibboleth2.xml
@@ -90,20 +101,26 @@
-
name: "Templating attribute-map.xml"
+ sudo: true
template:
args:
src: attribute-map.xml.j2
dest: /etc/shibboleth/attribute-map.xml
+ notify:
+ - Restarting Apache
+ - Restarting shibboleth
-
- name: "Restarting Apache"
+ name: "Starting Apache"
+ sudo: true
service:
args:
name: apache2
- state: restarted
+ state: tarted
-
- name: "Restarting shibboleth"
+ name: "Starting shibboleth"
+ sudo: true
service:
args:
name: shibd
- state: restarted
+ state: tarted
diff --git a/roles/shibboleth-sp/tasks/shibbolethPrerequisites.yml b/roles/shibboleth-sp/tasks/shibbolethPrerequisites.yml
index b6bdee02..f9e46165 100644
--- a/roles/shibboleth-sp/tasks/shibbolethPrerequisites.yml
+++ b/roles/shibboleth-sp/tasks/shibbolethPrerequisites.yml
@@ -1,6 +1,7 @@
---
-
name: Install base packages - Debian
+ sudo: true
apt: name={{ item }} state=present
with_items:
- shibboleth-sp2-schemas
--
GitLab