diff --git a/roles/stepupgateway/tasks/docker.yml b/roles/stepupgateway/tasks/docker.yml new file mode 100644 index 000000000..44861f4b1 --- /dev/null +++ b/roles/stepupgateway/tasks/docker.yml @@ -0,0 +1,3 @@ +--- +- name: Exiting since there is no docker support yet + meta: end_play diff --git a/roles/stepupgateway/tasks/main.yml b/roles/stepupgateway/tasks/main.yml index 52f24b95a..d55b2e516 100644 --- a/roles/stepupgateway/tasks/main.yml +++ b/roles/stepupgateway/tasks/main.yml @@ -1,125 +1,7 @@ -- name: Install Apache and FPM config - include_role: - name: apachefpm +- name: Include docker tasks when running docker + include_tasks: docker.yml + when: "'docker' in group_names" -- name: Install the symfony app - include_role: - name: stepupapp - -- name: Install images - include_role: - name: stepupapp - tasks_from: copyimages - -- name: Install second factor images - include_role: - name: stepupapp - tasks_from: copysfimages - -- name: Place config parameterfiles - template: - src: "{{ item }}.yml.j2" - dest: "{{ current_release_config_dir_name }}/{{ item }}.yaml" - mode: 0640 - owner: root - group: "{{ appname }}" - with_items: - - parameters - - samlstepupproviders - - samlstepupproviders_parameters - - global_view_parameters - notify: - - clear cache {{ appname }} - - reload php72-fpm {{ appname }} - -- name: Place .env file - template: - src: env.j2 - dest: "{{ current_release_appdir }}/.env.local" - mode: 0640 - owner: root - group: "{{ appname }}" - notify: - - clear cache {{ appname }} - - reload php72-fpm {{ appname }} - -# Writing all the SAML keys and certificates. Since the gateway is special no need to include it from other roles -- name: Write GateWay SAML SP private key - copy: - content: "{{ gateway_saml_sp_privatekey }}" - dest: "{{ current_release_config_file_dir_name }}/sp.key" - owner: "{{ appname }}" - mode: 0400 - -- name: Write SAML SP certificate - copy: - src: "{{ inventory_dir }}/files/certs/stepup/gateway_saml_sp.crt" - dest: "{{ current_release_config_file_dir_name }}/sp.crt" - group: "{{ appname }}" - mode: 0640 - -- name: Write GSSP SP private key - copy: - content: "{{ gateway_gssp_sp_privatekey }}" - dest: "{{ current_release_config_file_dir_name }}/sp_gssp.key" - owner: "{{ appname }}" - mode: 0400 - -- name: Write GSSP SP certificate - copy: - src: "{{ inventory_dir }}/files/certs/stepup/gateway_gssp_sp.crt" - dest: "{{ current_release_config_file_dir_name }}/sp_gssp.crt" - group: "{{ appname }}" - mode: 0640 - -- name: Write SAML IdP private key - copy: - content: "{{ gateway_saml_idp_privatekey }}" - dest: "{{ current_release_config_file_dir_name }}/idp.key" - owner: "{{ appname }}" - mode: 0400 - -- name: Write SAML IdP public key - copy: - src: "{{ inventory_dir }}/files/certs/stepup/gateway_saml_idp.crt" - dest: "{{ current_release_config_file_dir_name }}/idp.crt" - group: "{{ appname }}" - mode: 0640 - -- name: Write GSSP IdP cert - copy: - src: "{{ inventory_dir }}/files/certs/stepup/gateway_gssp_idp.crt" - dest: "{{ current_release_config_file_dir_name }}/idp_gssp.crt" - owner: "{{ appname }}" - mode: 0600 - -- name: Write GSSP IdP key - copy: - content: "{{ gateway_gssp_idp_privatekey }}" - dest: "{{ current_release_config_file_dir_name }}/idp_gssp.key" - owner: "{{ appname }}" - mode: 0600 - -- name: Activate the symlink - file: - src: "{{ current_release_appdir }}/" - dest: "{{ current_release_symlink }}" - state: link - -- name: Remove gateway database db_migrate script from /root/ - file: - path: "/root/01-gateway-db_migrate.sh" - state: absent - -- name: Put logout.php in public - template: - src: "logout.php.j2" - dest: "{{ current_release_appdir }}/public/logout.php" - mode: "444" - -- meta: flush_handlers - -- name: Include post installation tasks - include_role: - name: stepupapp - tasks_from: postinstall +- name: Include vm tasks when running on a vm + include_tasks: vm.yml + when: "'docker' not in group_names" diff --git a/roles/stepupgateway/tasks/vm.yml b/roles/stepupgateway/tasks/vm.yml new file mode 100644 index 000000000..52f24b95a --- /dev/null +++ b/roles/stepupgateway/tasks/vm.yml @@ -0,0 +1,125 @@ +- name: Install Apache and FPM config + include_role: + name: apachefpm + +- name: Install the symfony app + include_role: + name: stepupapp + +- name: Install images + include_role: + name: stepupapp + tasks_from: copyimages + +- name: Install second factor images + include_role: + name: stepupapp + tasks_from: copysfimages + +- name: Place config parameterfiles + template: + src: "{{ item }}.yml.j2" + dest: "{{ current_release_config_dir_name }}/{{ item }}.yaml" + mode: 0640 + owner: root + group: "{{ appname }}" + with_items: + - parameters + - samlstepupproviders + - samlstepupproviders_parameters + - global_view_parameters + notify: + - clear cache {{ appname }} + - reload php72-fpm {{ appname }} + +- name: Place .env file + template: + src: env.j2 + dest: "{{ current_release_appdir }}/.env.local" + mode: 0640 + owner: root + group: "{{ appname }}" + notify: + - clear cache {{ appname }} + - reload php72-fpm {{ appname }} + +# Writing all the SAML keys and certificates. Since the gateway is special no need to include it from other roles +- name: Write GateWay SAML SP private key + copy: + content: "{{ gateway_saml_sp_privatekey }}" + dest: "{{ current_release_config_file_dir_name }}/sp.key" + owner: "{{ appname }}" + mode: 0400 + +- name: Write SAML SP certificate + copy: + src: "{{ inventory_dir }}/files/certs/stepup/gateway_saml_sp.crt" + dest: "{{ current_release_config_file_dir_name }}/sp.crt" + group: "{{ appname }}" + mode: 0640 + +- name: Write GSSP SP private key + copy: + content: "{{ gateway_gssp_sp_privatekey }}" + dest: "{{ current_release_config_file_dir_name }}/sp_gssp.key" + owner: "{{ appname }}" + mode: 0400 + +- name: Write GSSP SP certificate + copy: + src: "{{ inventory_dir }}/files/certs/stepup/gateway_gssp_sp.crt" + dest: "{{ current_release_config_file_dir_name }}/sp_gssp.crt" + group: "{{ appname }}" + mode: 0640 + +- name: Write SAML IdP private key + copy: + content: "{{ gateway_saml_idp_privatekey }}" + dest: "{{ current_release_config_file_dir_name }}/idp.key" + owner: "{{ appname }}" + mode: 0400 + +- name: Write SAML IdP public key + copy: + src: "{{ inventory_dir }}/files/certs/stepup/gateway_saml_idp.crt" + dest: "{{ current_release_config_file_dir_name }}/idp.crt" + group: "{{ appname }}" + mode: 0640 + +- name: Write GSSP IdP cert + copy: + src: "{{ inventory_dir }}/files/certs/stepup/gateway_gssp_idp.crt" + dest: "{{ current_release_config_file_dir_name }}/idp_gssp.crt" + owner: "{{ appname }}" + mode: 0600 + +- name: Write GSSP IdP key + copy: + content: "{{ gateway_gssp_idp_privatekey }}" + dest: "{{ current_release_config_file_dir_name }}/idp_gssp.key" + owner: "{{ appname }}" + mode: 0600 + +- name: Activate the symlink + file: + src: "{{ current_release_appdir }}/" + dest: "{{ current_release_symlink }}" + state: link + +- name: Remove gateway database db_migrate script from /root/ + file: + path: "/root/01-gateway-db_migrate.sh" + state: absent + +- name: Put logout.php in public + template: + src: "logout.php.j2" + dest: "{{ current_release_appdir }}/public/logout.php" + mode: "444" + +- meta: flush_handlers + +- name: Include post installation tasks + include_role: + name: stepupapp + tasks_from: postinstall diff --git a/roles/stepupmiddleware/tasks/docker.yml b/roles/stepupmiddleware/tasks/docker.yml new file mode 100644 index 000000000..44861f4b1 --- /dev/null +++ b/roles/stepupmiddleware/tasks/docker.yml @@ -0,0 +1,3 @@ +--- +- name: Exiting since there is no docker support yet + meta: end_play diff --git a/roles/stepupmiddleware/tasks/main.yml b/roles/stepupmiddleware/tasks/main.yml index ceab80cb6..d55b2e516 100644 --- a/roles/stepupmiddleware/tasks/main.yml +++ b/roles/stepupmiddleware/tasks/main.yml @@ -1,133 +1,7 @@ -- name: Install Apache and FPM config - include_role: - name: apachefpm +- name: Include docker tasks when running docker + include_tasks: docker.yml + when: "'docker' in group_names" -- name: Install the symfony app - include_role: - name: stepupapp - -- name: Place parameters.yml - template: - src: parameters.yaml.j2 - dest: "{{ current_release_config_dir_name }}/parameters.yaml" - mode: 0640 - owner: root - group: "{{ appname }}" - notify: - - clear cache {{ appname }} - - reload php72-fpm {{ appname }} - -- name: Activate the symlink - file: - src: "{{ current_release_appdir }}" - dest: "{{ current_release_symlink }}" - state: link - -- name: Put middleware configuration scripts in /root/ - template: - src: "{{ item }}.j2" - dest: "/root/{{ item }}" - group: "root" - owner: "root" - mode: "0500" - with_items: - - "01-middleware-db_migrate.sh" - - "06-middleware-bootstrap-sraa-users.sh" - -- name: Create /opt/scripts - file: - path: /opt/scripts - state: directory - owner: root - group: root - mode: 0750 - -- name: Put middleware config from environment in /opt/scripts - template: - src: "{{ inventory_dir }}/templates/middleware/{{ item }}.j2" - dest: "/opt/scripts/{{ item }}" - group: "{{ appname }}" - owner: "{{ appname }}" - mode: "0400" - with_items: - - "middleware-config.json" - - "middleware-whitelist.json" - - "middleware-institution.json" - tags: - - push_mw_config - - push_mw_institution - - push_mw_whitelist - -- name: Put middleware configuration scripts in /opt/scripts - template: - src: "{{ item}}.j2" - dest: "/opt/scripts/{{ item }}" - group: "{{ appname }}" - owner: root - mode: "0550" - with_items: - - "middleware-push-config.sh" - - "middleware-push-whitelist.sh" - - "middleware-push-institution.sh" - -- name: Create symlinks to middleware configuration scripts in /root - file: - src: "/opt/scripts/{{ item.key }}" - dest: "/root/{{ item.value }}" - group: "{{ appname }}" - owner: root - state: link - force: true - with_dict: - "middleware-push-config.sh": "02-middleware-config.sh" - "middleware-push-whitelist.sh": "04-middleware-whitelist.sh" - "middleware-push-institution.sh": "05-middleware-institution.sh" - -- meta: flush_handlers - -- name: Include post installation tasks - include_role: - name: stepupapp - tasks_from: postinstall - -# The following push scripts have an additional conditional check on the presence of -# a tag, so these are only ran when explicitly called. - -- name: Push middleware configuration - command: /opt/scripts/middleware-push-config.sh - run_once: true - when: - - "'push_mw_config' in ansible_run_tags" - tags: - - push_mw_config - -- name: Push middleware whitelist - command: /opt/scripts/middleware-push-whitelist.sh - run_once: True - when: - - "'push_mw_whitelist' in ansible_run_tags" - tags: - - push_mw_whitelist - -- name: Push middleware institution configuration - command: /opt/scripts/middleware-push-institution.sh - run_once: True - when: - - "'push_mw_institution' in ansible_run_tags" - tags: - - push_mw_institution - - -# Middleware migrate identities from CSV - -- name: Migrate middleware identities from CSV - include_tasks: migrate_identities.yml - args: - apply: - tags: - - mw_migrate_identities - run_once: True - when: - - "'mw_migrate_identities' in ansible_run_tags" - tags: - - mw_migrate_identities +- name: Include vm tasks when running on a vm + include_tasks: vm.yml + when: "'docker' not in group_names" diff --git a/roles/stepupmiddleware/tasks/vm.yml b/roles/stepupmiddleware/tasks/vm.yml new file mode 100644 index 000000000..ceab80cb6 --- /dev/null +++ b/roles/stepupmiddleware/tasks/vm.yml @@ -0,0 +1,133 @@ +- name: Install Apache and FPM config + include_role: + name: apachefpm + +- name: Install the symfony app + include_role: + name: stepupapp + +- name: Place parameters.yml + template: + src: parameters.yaml.j2 + dest: "{{ current_release_config_dir_name }}/parameters.yaml" + mode: 0640 + owner: root + group: "{{ appname }}" + notify: + - clear cache {{ appname }} + - reload php72-fpm {{ appname }} + +- name: Activate the symlink + file: + src: "{{ current_release_appdir }}" + dest: "{{ current_release_symlink }}" + state: link + +- name: Put middleware configuration scripts in /root/ + template: + src: "{{ item }}.j2" + dest: "/root/{{ item }}" + group: "root" + owner: "root" + mode: "0500" + with_items: + - "01-middleware-db_migrate.sh" + - "06-middleware-bootstrap-sraa-users.sh" + +- name: Create /opt/scripts + file: + path: /opt/scripts + state: directory + owner: root + group: root + mode: 0750 + +- name: Put middleware config from environment in /opt/scripts + template: + src: "{{ inventory_dir }}/templates/middleware/{{ item }}.j2" + dest: "/opt/scripts/{{ item }}" + group: "{{ appname }}" + owner: "{{ appname }}" + mode: "0400" + with_items: + - "middleware-config.json" + - "middleware-whitelist.json" + - "middleware-institution.json" + tags: + - push_mw_config + - push_mw_institution + - push_mw_whitelist + +- name: Put middleware configuration scripts in /opt/scripts + template: + src: "{{ item}}.j2" + dest: "/opt/scripts/{{ item }}" + group: "{{ appname }}" + owner: root + mode: "0550" + with_items: + - "middleware-push-config.sh" + - "middleware-push-whitelist.sh" + - "middleware-push-institution.sh" + +- name: Create symlinks to middleware configuration scripts in /root + file: + src: "/opt/scripts/{{ item.key }}" + dest: "/root/{{ item.value }}" + group: "{{ appname }}" + owner: root + state: link + force: true + with_dict: + "middleware-push-config.sh": "02-middleware-config.sh" + "middleware-push-whitelist.sh": "04-middleware-whitelist.sh" + "middleware-push-institution.sh": "05-middleware-institution.sh" + +- meta: flush_handlers + +- name: Include post installation tasks + include_role: + name: stepupapp + tasks_from: postinstall + +# The following push scripts have an additional conditional check on the presence of +# a tag, so these are only ran when explicitly called. + +- name: Push middleware configuration + command: /opt/scripts/middleware-push-config.sh + run_once: true + when: + - "'push_mw_config' in ansible_run_tags" + tags: + - push_mw_config + +- name: Push middleware whitelist + command: /opt/scripts/middleware-push-whitelist.sh + run_once: True + when: + - "'push_mw_whitelist' in ansible_run_tags" + tags: + - push_mw_whitelist + +- name: Push middleware institution configuration + command: /opt/scripts/middleware-push-institution.sh + run_once: True + when: + - "'push_mw_institution' in ansible_run_tags" + tags: + - push_mw_institution + + +# Middleware migrate identities from CSV + +- name: Migrate middleware identities from CSV + include_tasks: migrate_identities.yml + args: + apply: + tags: + - mw_migrate_identities + run_once: True + when: + - "'mw_migrate_identities' in ansible_run_tags" + tags: + - mw_migrate_identities diff --git a/roles/stepupra/tasks/docker.yml b/roles/stepupra/tasks/docker.yml new file mode 100644 index 000000000..44861f4b1 --- /dev/null +++ b/roles/stepupra/tasks/docker.yml @@ -0,0 +1,3 @@ +--- +- name: Exiting since there is no docker support yet + meta: end_play diff --git a/roles/stepupra/tasks/main.yml b/roles/stepupra/tasks/main.yml index e3e4e242d..d55b2e516 100644 --- a/roles/stepupra/tasks/main.yml +++ b/roles/stepupra/tasks/main.yml @@ -1,55 +1,7 @@ -- name: Install Apache and FPM config - include_role: - name: apachefpm +- name: Include docker tasks when running docker + include_tasks: docker.yml + when: "'docker' in group_names" -- name: Install the symfony app - include_role: - name: stepupapp - -- name: Install GSSP SP key and certificates - include_role: - name: stepupapp - tasks_from: copygsspspcerts - -- name: Install SAML SP key and certificates - include_role: - name: stepupapp - tasks_from: copyspcerts - -- name: Install images - include_role: - name: stepupapp - tasks_from: copyimages - -- name: Install second factor images - include_role: - name: stepupapp - tasks_from: copysfimages - -- name: Put parameters, samlstepupproviders, samlstepupproviders_parameters and global_view_parameters YAML config - template: - src: "{{ item }}.yml.j2" - dest: "{{ current_release_config_dir_name }}/{{ item }}.yaml" - mode: 0640 - group: "{{ appname }}" - with_items: - - parameters - - samlstepupproviders - - samlstepupproviders_parameters - - global_view_parameters - notify: - - clear cache {{ appname }} - - reload php72-fpm {{ appname }} - -- name: Activate the symlink - file: - src: "{{ current_release_appdir }}/" - dest: "{{ current_release_symlink }}" - state: link - -- meta: flush_handlers - -- name: Include post installation tasks - include_role: - name: stepupapp - tasks_from: postinstall +- name: Include vm tasks when running on a vm + include_tasks: vm.yml + when: "'docker' not in group_names" diff --git a/roles/stepupra/tasks/vm.yml b/roles/stepupra/tasks/vm.yml new file mode 100644 index 000000000..e3e4e242d --- /dev/null +++ b/roles/stepupra/tasks/vm.yml @@ -0,0 +1,55 @@ +- name: Install Apache and FPM config + include_role: + name: apachefpm + +- name: Install the symfony app + include_role: + name: stepupapp + +- name: Install GSSP SP key and certificates + include_role: + name: stepupapp + tasks_from: copygsspspcerts + +- name: Install SAML SP key and certificates + include_role: + name: stepupapp + tasks_from: copyspcerts + +- name: Install images + include_role: + name: stepupapp + tasks_from: copyimages + +- name: Install second factor images + include_role: + name: stepupapp + tasks_from: copysfimages + +- name: Put parameters, samlstepupproviders, samlstepupproviders_parameters and global_view_parameters YAML config + template: + src: "{{ item }}.yml.j2" + dest: "{{ current_release_config_dir_name }}/{{ item }}.yaml" + mode: 0640 + group: "{{ appname }}" + with_items: + - parameters + - samlstepupproviders + - samlstepupproviders_parameters + - global_view_parameters + notify: + - clear cache {{ appname }} + - reload php72-fpm {{ appname }} + +- name: Activate the symlink + file: + src: "{{ current_release_appdir }}/" + dest: "{{ current_release_symlink }}" + state: link + +- meta: flush_handlers + +- name: Include post installation tasks + include_role: + name: stepupapp + tasks_from: postinstall