/[pdpsoft]
ViewVC logotype

Revision 3235


Jump to revision: Previous Next
Author: msalle
Date: Mon May 14 13:33:25 2018 UTC (3 years, 8 months ago)
Changed paths: 31
Log Message:
Merge changed from 'upstream' ansible scripts

- use a locally downloaded Oracle java RPM
- install different trust anchors from basic role (hostcreds task), set the
  values (RPMs and/or tarball) in each role separately: credstore needs hostcert
  anchors + online CA anchors, sshhost needs hostcert anchors, masterportal
  needs hostcert anchors and anchor for hostcert of delegation server. Don't use
  cacert and signing_policy files, but use tarball. Set no defaults, but hint
  with commented out values.
- Use inventory names to derive the credstore_host and masterportal_host in the
  _env.yml files, this prevents defining them twice.
- define x509_cert_dir, hostcert and hostkey variables in the defaults for the
  basic role. They are almost never changed.
- rename include: into include_tasks: (include: is deprecated)
- disable firewalld. On RH7 this conflicts with iptables and should not run.
- fix secrets.yml to create passwords: create new file from template, which we
  can put in git. The secrets_env.yml file itself we can explicitly ignore.
- Unify mp_server_keystore_pw and mp_client_keystore_pw into mp_keystore_pw as
  they have to be identical in any way
- rename secrets_env.yml into secrets_env.yml.PLACEHOLDER
- Update README with some further clarifications and typo-fixes
  Add instructions on how to create a mp.jwk file
- Don't install the intermediate CA for non-TERENA CAs: default
  hostcert_intermediate should be empty
- Set default passwords for generated passwords all to CHANGEME for easy
  matching. Matching rules did not work properly in any case, now do.
- Set selinux to permissive. Ideally the rules are set properly.
- Update the download link for javax.mail.jar file (code is moved to github)
- sync some commented out stuff with DS ansible



Changed paths

Path Details
Directorytrunk/egi-pilot/master-portal/ansible/README modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/basic_env.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/credstore_env.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/masterportal_env.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/passwd_generator.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/basic/defaults/main.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/basic/tasks/hostcreds.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/basic/tasks/main.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/basic/tasks/selinux.yml added
Directorytrunk/egi-pilot/master-portal/ansible/roles/basic/vars/rh7.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/credstore/defaults/main.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/credstore/tasks/deploy-trustedca.yml deleted
Directorytrunk/egi-pilot/master-portal/ansible/roles/credstore/tasks/main.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/masterportal/defaults/main.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/masterportal/files/jre.rpm.PLACEHOLDER added
Directorytrunk/egi-pilot/master-portal/ansible/roles/masterportal/tasks/dep-java.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/masterportal/tasks/main.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/masterportal/tasks/oa4mp-client.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/masterportal/tasks/oa4mp-server.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/masterportal/tasks/sshkey-portal.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/masterportal/tasks/vo-portal.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/masterportal/templates/client-cfg.xml.j2 modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/masterportal/templates/server-cfg.xml.j2 modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/masterportal/vars/rh6.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/masterportal/vars/rh7.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/sshhost/defaults/main.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/sshhost/tasks/main.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/roles/sshhost/templates/authz_cmd.j2 modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/secrets.yml modified , text changed
Directorytrunk/egi-pilot/master-portal/ansible/secrets_env.yml.PLACEHOLDER added
Directorytrunk/egi-pilot/master-portal/ansible/sshhost_env.yml modified , text changed

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28