forked from DGunasekara/shibboleth-idp5-installer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
site_v5.yml
180 lines (173 loc) · 8.41 KB
/
site_v5.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
---
- hosts: all
pre_tasks:
vars:
installer:
root: "{{ install_base }}/shibboleth-idp5-installer"
path: "{{ install_base }}/shibboleth-idp5-installer/build"
repository: "{{ install_base }}/shibboleth-idp5-installer/repository"
tasks:
- name: 'Verify Ansible meets AAF Installer version requirments.'
assert:
that: "ansible_version.full is version_compare('2.14', '>=')"
msg: "You must update Ansible to at least 2.14 to use this version of the AAF IdP Installer."
- name: 'Create local_conf.yml if it does not exist'
copy:
src: '{{ installer.repository }}/templates/installer/local_conf.yml'
dest: '{{ installer.repository }}/tasks/local_conf.yml'
owner: root
group: root
mode: 0644
force: no
- hosts: idp_servers
vars:
aaf_binaries:
baseurl: https://aaf-binaries.s3-ap-southeast-2.amazonaws.com
download:
jetty:
baseurl: "{{ aaf_binaries.baseurl }}/jetty"
version: 12.0.13
sha256sum: f25b80e6905f660135a216bcca0466bdf113e2dc74ccf33b37713c616569dcae
shib_idp:
baseurl: "{{ aaf_binaries.baseurl }}/shibboleth"
version: 5.1.3
sha256sum: cc72f0b15fda49b43bdd38cef3bdc62cbe01684b59c3d024b5de1ffdba42206e
mysql_connector:
baseurl: "{{ aaf_binaries.baseurl }}/jars/Connector-J"
version: 8.0.28
sha256sum: 859afba47f1fd99eb7c010bfa101ed7c0f8bb278f6f62430adc8012ea82fb454
dta_ssl:
baseurl: "{{ aaf_binaries.baseurl }}/jars/jetty94-dta-ssl"
version: 1.0.0
sha256sum: 5e5de66e3517d30ff19ef66cf7a4aa5443b861d83e36a75e85845b007a03afbf
aaf_shib_ext:
baseurl: "{{ aaf_binaries.baseurl }}/jars/aaf-shibext"
version: 5.1.3
sha256sum: 63f2f49fbafbcaf7b478f26a9504a9924109c1194cf25991d5b7a283a176b962
keystore:
baseurl: "{{ aaf_binaries.baseurl }}/keystore"
version: "Unknown"
sha256sum: ae4185b2f0bb1af00abc6a4502fbfbdc6a90aec65c7bcee08e37a1bc20de5ac1
jcl_over_slf4j:
baseurl: "{{ aaf_binaries.baseurl }}/jars/slf4j"
version: 2.0.16
sha256sum: 5744d62c5af556e839ab922c9fa3f737f0a5971e478ba68b2eb5256b2842ec78
logback_classic:
baseurl: "{{ aaf_binaries.baseurl }}/jars/logback"
version: 1.5.7
sha256sum: 7cb17f6b12fda4ee691916048ca7a9ae4d1b0cdbe68125acf9d6e2dafdb2c17d
logback_core:
baseurl: "{{ aaf_binaries.baseurl }}/jars/logback"
version: 1.5.7
sha256sum: c32b29af69c201efde686225f8b439f9053e88ecaaac110c02fcbe1b4723fadc
spring_jdbc:
baseurl: "{{ aaf_binaries.baseurl }}/jars/spring-jdbc"
version: 6.1.12
sha256sum: 0288a6866389989d386a32aaad15394575da6d7868dcfea6e90f4ba6ed685c8b
plugins:
baseurl: "{{ aaf_binaries.baseurl }}/plugins"
nashorn:
name: "net.shibboleth.idp.plugin.nashorn"
filename: "idp-plugin-nashorn-jdk-dist"
version: 2.0.0
sha256sum: 6de49acf3a53fbec8698f1e985a0b7b2d16605d1a1a84f8ebf65a6476ba85f2a
storage_jdbc:
name: "net.shibboleth.plugin.storage.jdbc"
filename: "java-plugin-jdbc-storage"
version: 2.0.1
sha256sum: abac557a582c344c990b5f270c3d84fbe93f8f93d52894057bf50ed037b476bd
urls:
jetty:
url: "{{ download.jetty.baseurl }}/jetty-home-{{ download.jetty.version }}.tar.gz"
shib_idp:
url: "{{ download.shib_idp.baseurl }}/shibboleth-identity-provider-{{ download.shib_idp.version }}.tar.gz"
mysql_connector:
url: "{{ download.mysql_connector.baseurl }}/mysql-connector-java-{{ download.mysql_connector.version }}.tar.gz"
dta_ssl:
url: "{{ download.dta_ssl.baseurl }}/jetty94-dta-ssl-{{download.dta_ssl.version}}.jar"
aaf_shib_ext:
url: "{{ download.aaf_shib_ext.baseurl }}/aaf-shibext-{{ download.aaf_shib_ext.version }}.jar"
keystore:
url: "{{ download.keystore.baseurl }}/keystore"
logback_classic:
url: "{{ download.logback_classic.baseurl }}/logback-classic-{{ download.logback_classic.version }}.jar"
logback_core:
url: "{{ download.logback_core.baseurl }}/logback-core-{{ download.logback_core.version }}.jar"
jcl_over_slf4j:
url: "{{ download.jcl_over_slf4j.baseurl }}/jcl-over-slf4j-{{ download.jcl_over_slf4j.version }}.jar"
spring_jdbc:
url: "{{ download.spring_jdbc.baseurl }}/spring-jdbc-{{ download.spring_jdbc.version }}.jar"
plugins:
nashorn:
truststore_url: "{{ download.plugins.baseurl }}/{{ download.plugins.nashorn.name }}/truststore.asc.{{ download.plugins.nashorn.version }}"
plugin_url: "{{ download.plugins.baseurl }}/{{ download.plugins.nashorn.name }}/{{ download.plugins.nashorn.filename }}-{{ download.plugins.nashorn.version }}.tar.gz"
storage_jdbc:
truststore_url: "{{ download.plugins.baseurl }}/{{ download.plugins.storage_jdbc.name }}/truststore.asc.{{ download.plugins.storage_jdbc.version }}"
plugin_url: "{{ download.plugins.baseurl }}/{{ download.plugins.storage_jdbc.name }}/{{ download.plugins.storage_jdbc.filename }}-{{ download.plugins.storage_jdbc.version }}.tar.gz"
installer:
root: "{{ install_base }}/shibboleth-idp5-installer"
path: "{{ install_base }}/shibboleth-idp5-installer/build"
repository: "{{ install_base }}/shibboleth-idp5-installer/repository"
jetty:
root: "{{ install_base }}/jetty"
home: "{{ install_base }}/jetty/jetty-home-{{ download.jetty.version }}"
base: "{{ install_base }}/shibboleth/jetty12"
current: "{{ install_base }}/jetty/current"
tmp_directory: "{{ install_base }}/shibboleth/jetty12/tmp"
state_directory: "{{ install_base }}/shibboleth/jetty12/tmp"
web_443_keystore_pw: "{{ lookup('password', installer.repository + '/passwords/' + inventory_hostname + '/web_443_keystore chars=letters,digits length=64') }}"
shib_idp:
home_root: "{{ install_base }}/shibboleth/shibboleth-idp"
home: "{{ install_base }}/shibboleth/shibboleth-idp/shibboleth-idp-{{ download.shib_idp.version }}"
libs: "{{ install_base }}/shibboleth/libs"
src_root: "{{ install_base }}/shibboleth/shibboleth-src"
src: "{{ install_base }}/shibboleth/shibboleth-src/shibboleth-identity-provider-{{ download.shib_idp.version }}"
current: "{{ install_base }}/shibboleth/shibboleth-idp/current"
keystore_password: "{{ lookup('password', installer.repository + '/passwords/' + inventory_hostname + '/shib_idp_keystore chars=letters,digits length=64') }}"
cookie_enc_key_password: "{{ lookup('password', installer.repository + '/passwords/' + inventory_hostname + '/cookie_enc_key chars=letters,digits length=64') }}"
aepst_salt: "{{ lookup('password', installer.repository + '/passwords/' + inventory_hostname + '/aespt_salt chars=letters,digits length=64') }}"
targeted_id_salt: "{{ lookup('password', installer.repository + '/passwords/' + inventory_hostname + '/targeted_id_salt chars=letters,digits length=64') }}"
db:
name: idp_db
username: idp_admin
password: "{{ lookup('password', installer.repository + '/passwords/' + inventory_hostname + '/mariadb chars=letters,digits length=64') }}"
fticks:
forwarder:
region: ap-southeast-2
salt: "{{ lookup('password', installer.repository + '/passwords/' + inventory_hostname + '/fticks_salt chars=letters,digits length=64') }}"
tasks:
- name: 'Create required directories for installer setup'
file:
name: '{{ item }}'
state: directory
owner: root
group: root
mode: 0700
with_items:
- '{{ installer.root }}'
- '{{ installer.path }}'
- include_tasks: tasks/system.yml
- include_tasks: tasks/jetty.yml
- include_tasks: tasks/db.yml
- include_tasks: tasks/idp.yml
- include_tasks: tasks/firewalld.yml
when: firewall is defined and firewall=="firewalld"
- include_tasks: tasks/fticks-forwarder.yml
when: >
fticks_key_id | default('', true) | trim != '' and
fticks_secret_key | default('', true) | trim != ''
- include_tasks: tasks/local_conf.yml
- include_tasks: tasks/final.yml
handlers:
- name: Restart idp
service:
name: idp
state: restarted
- name: Restart database
service:
name: mariadb
state: restarted
- name: Restart td-agent
service:
name: td-agent
state: restarted