mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-09-21 11:52:38 +00:00
8e98dc04e0
This push is here to note that ipsilon is completed and ready to go. The infrastructure team at some point will need certificates, whether this is from let's encrypt or otherwise if this service is used.
50 lines
1.5 KiB
YAML
50 lines
1.5 KiB
YAML
---
|
|
# Stands up an ipsilon instance for simple SSO
|
|
- name: Configure ipsilon server
|
|
hosts: ipsilon
|
|
become: true
|
|
vars_files:
|
|
- vars/encpass.yml
|
|
|
|
# This is to try to avoid the handler issue in pre/post tasks
|
|
handlers:
|
|
- import_tasks: handlers/main.yml
|
|
|
|
pre_tasks:
|
|
- name: Check if ansible cannot be run here
|
|
stat:
|
|
path: /etc/no-ansible
|
|
register: no_ansible
|
|
|
|
- name: Verify if we can run ansible
|
|
assert:
|
|
that:
|
|
- "not no_ansible.stat.exists"
|
|
msg: "/etc/no-ansible exists - skipping run on this node"
|
|
|
|
- name: Install arrfab ipsilon repo
|
|
yum_repository:
|
|
name: copr:copr.fedorainfracloud.org:arrfab:noggin
|
|
description: Copr repo for noggin owned by arrfab
|
|
file: copr_repos
|
|
baseurl: https://download.copr.fedorainfracloud.org/results/arrfab/noggin/epel-8-$basearch/
|
|
gpgcheck: true
|
|
gpgkey: https://download.copr.fedorainfracloud.org/results/arrfab/noggin/pubkey.gpg
|
|
enabled: true
|
|
|
|
# For now, this is sufficient for testing with a localhost cert. In the
|
|
# future we will come up with a way to issue either an internal cert with a
|
|
# front-facing externally signed cert, or just external altogether.
|
|
roles:
|
|
- role: rockylinux.ipsilon
|
|
state: present
|
|
|
|
post_tasks:
|
|
- name: Touching run file that ansible has ran here
|
|
file:
|
|
path: /var/log/ansible.run
|
|
state: touch
|
|
mode: '0644'
|
|
owner: root
|
|
group: root
|