/[pdpsoft]/trunk/egi-pilot/onlineCA/DS/ansible/roles/delegserver/tasks/dep-shib.yml
ViewVC logotype

Contents of /trunk/egi-pilot/onlineCA/DS/ansible/roles/delegserver/tasks/dep-shib.yml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3232 - (show annotations) (download) (as text)
Fri Apr 20 13:46:40 2018 UTC (4 years, 5 months ago) by msalle
File MIME type: text/x-yaml
File size: 2398 byte(s)
Update http config to easily allow banning users

1 ---
2
3 # install shibboleth
4
5 #- name: add shib repository
6 # yumrepo:
7 # name: shibboleth
8 # description: shibboleth opensuse repository
9 # baseurl: "{{ shib_repo_baseurl }}"
10 # gpgcheck: yes
11 # gpgkey: "{{ shib_repo_gpgkey }}"
12 # protect: yes
13 # enabled: yes
14 # when: (shib_repo_baseurl is defined) and (shib_repo_gpgkey is defined)
15
16 - name: install shibboleth SP
17 yum:
18 name: "{{ item }}"
19 state: present
20 with_items: "{{ shib_packages }}"
21
22 # configure shibboleth SP
23
24 - name: add attribute map
25 template:
26 src: attribute-map.xml.j2
27 dest: "{{ shib_attr_map_file }}"
28 owner: "root"
29 group: "root"
30 mode: 0644
31 backup: yes
32 notify:
33 - restart shibd
34 - restart httpd
35
36 - name: add shibboleth2.xml
37 template:
38 src: shibboleth2.xml.j2
39 dest: "{{ shib_conf_file }}"
40 owner: "root"
41 group: "root"
42 mode: 0644
43 backup: yes
44 notify:
45 - restart shibd
46 - restart httpd
47
48 - name: update shibd_log.maxFileSize to 10MB
49 lineinfile:
50 dest: /etc/shibboleth/shibd.logger
51 regexp: '^log4j.appender.shibd_log.maxFileSize=.*'
52 line: 'log4j.appender.shibd_log.maxFileSize=10000000'
53 owner: root
54 group: root
55 mode: 0644
56 backup: yes
57 notify:
58 - restart shibd
59 - restart httpd
60
61 - name: register protected resource /authorize in httpd
62 blockinfile:
63 dest: "{{ shib_httpd_conf }}"
64 marker: "# {mark} ANSIBLE MANAGED BLOCK /authorize"
65 owner: "root"
66 group: "root"
67 mode: 0644
68 block: |
69 <Location /{{oa4mp_server}}/authorize>
70 AuthType shibboleth
71 ShibRequestSetting requireSession 1
72 ShibRequestSetting exportAssertion true
73 ShibUseHeaders On
74 <RequireAll>
75 # Require not user jdoe@example.org
76 Require valid-user
77 </RequireAll>
78 </Location>
79 notify: restart httpd
80
81 - name: register protected resource /register in httpd
82 blockinfile:
83 dest: "{{ shib_httpd_conf }}"
84 marker: "# {mark} ANSIBLE MANAGED BLOCK /register"
85 owner: "root"
86 group: "root"
87 mode: 0644
88 block: |
89 <Location /{{oa4mp_server}}/register>
90 AuthType shibboleth
91 ShibRequestSetting requireSession 1
92 ShibUseHeaders On
93 <RequireAll>
94 # Require not user jdoe@example.org
95 Require valid-user
96 </RequireAll>
97 </Location>
98 notify: restart httpd

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28