--- # Stands up an ipsilon instance for simple SSO - name: Configure ipsilon server hosts: ipsilon become: true vars_files: - vars/vaults/encpass.yml - vars/ipsilon.yml # This is to try to avoid the handler issue in pre/post tasks handlers: - import_tasks: handlers/main.yml pre_tasks: - name: Check if ansible cannot be run here stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node" # EPEL and PowerTools are required for ipsilon to function # I also couldn't find an ansible built-in to do this - name: Enable the PowerTools repository ini_file: dest: /etc/yum.repos.d/CentOS-Linux-PowerTools.repo section: powertools option: enabled value: 1 owner: root group: root mode: '0644' # The CentOS extras repos has epel-release provided - name: Enable the EPEL repository yum: name: epel-release state: present tags: - packages - name: Install arrfab ipsilon repo yum_repository: name: copr:copr.fedorainfracloud.org:arrfab:noggin description: Copr repo for noggin owned by arrfab file: copr_repos baseurl: https://download.copr.fedorainfracloud.org/results/arrfab/noggin/epel-8-$basearch/ gpgcheck: true gpgkey: https://download.copr.fedorainfracloud.org/results/arrfab/noggin/pubkey.gpg enabled: true # For now, this is sufficient for testing with a localhost cert. In the # future we will come up with a way to issue either an internal cert with a # front-facing externally signed cert, or just external altogether. roles: - role: rockylinux.ipsilon state: present post_tasks: - name: Start and enable httpd service: name: httpd state: running enabled: true - name: Touching run file that ansible has ran here file: path: /var/log/ansible.run state: touch mode: '0644' owner: root group: root ...