Log Message: |
Merge changed from 'upstream' ansible scripts
- use a locally downloaded Oracle java RPM
- install different trust anchors from basic role (hostcreds task), set the
values (RPMs and/or tarball) in each role separately: credstore needs hostcert
anchors + online CA anchors, sshhost needs hostcert anchors, masterportal
needs hostcert anchors and anchor for hostcert of delegation server. Don't use
cacert and signing_policy files, but use tarball. Set no defaults, but hint
with commented out values.
- Use inventory names to derive the credstore_host and masterportal_host in the
_env.yml files, this prevents defining them twice.
- define x509_cert_dir, hostcert and hostkey variables in the defaults for the
basic role. They are almost never changed.
- rename include: into include_tasks: (include: is deprecated)
- disable firewalld. On RH7 this conflicts with iptables and should not run.
- fix secrets.yml to create passwords: create new file from template, which we
can put in git. The secrets_env.yml file itself we can explicitly ignore.
- Unify mp_server_keystore_pw and mp_client_keystore_pw into mp_keystore_pw as
they have to be identical in any way
- rename secrets_env.yml into secrets_env.yml.PLACEHOLDER
- Update README with some further clarifications and typo-fixes
Add instructions on how to create a mp.jwk file
- Don't install the intermediate CA for non-TERENA CAs: default
hostcert_intermediate should be empty
- Set default passwords for generated passwords all to CHANGEME for easy
matching. Matching rules did not work properly in any case, now do.
- Set selinux to permissive. Ideally the rules are set properly.
- Update the download link for javax.mail.jar file (code is moved to github)
- sync some commented out stuff with DS ansible
|