Intial commit

hellofresh · Feb 19, 2016 · 6ce1deb · 6ce1deb
1 parent 2370261
commit 6ce1deb
Show file tree

Hide file tree

Showing 6 changed files with 287 additions and 0 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -0,0 +1,25 @@
+---
+
+oaut2_proxy_http                         : "https://github.com/bitly/oauth2_proxy/releases/download/v2.0.1/oauth2_proxy-2.0.1.linux-amd64.go1.4.2.tar.gz"
+oaut2_proxy_http_sha256                  : "c6d8f6d74e1958ce1688f3cf7d60648b9d0d6d4344d74c740c515a00b4e023ad"
+oauth2_user                              : "oauth2"
+oauth2_dir                               : "/var/oauth2_proxy"
+oauth2_dir_tmp                           : "/var/oauth2_proxy/tmp"
+oauth2_dir_log                           : "/var/log/oauth2-proxy/"
+oauth2_config_path                       : "/var/oauth2_proxy/oauth2_config.cfg"
+oauth2_compress_filename                 : "{{ oaut2_proxy_http | basename }}"
+oauth2_filename                          : "{{ oauth2_compress_filename |replace('.tar.gz', '') }}"
+
+# See for all options https://raw.githubusercontent.com/bitly/oauth2_proxy/master/contrib/oauth2_proxy.cfg.example
+oauth2_proxy_config                      :
+    http_address                         : "127.0.0.1:5000"
+    upstreams                            : [ "127.0.0.1:6060" ]
+    provider                             : "github" 
+    email-domain                         : "*"
+    cookie-secure                        : false
+    cookie-domain                        : "localhost:5000"
+    cookie_secret                        : "COOK_SECRET"
+    client_id                            : "YOUR_CLIENT_ID"
+    client_secret                        : "CLIENT_SECERET"
+
+oauth2_config_cmdline_args               : "-github-org='MYCoolORg'"
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: oauth2-proxy restart
+  service:
+    name="oauth2-proxy"
+    state=restarted
diff --git a/meta/main.yml b/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+  author: Adham Helal
+  description: 
+  company: Hellofresh
+
+  license: license (MIT)
+  min_ansible_version: 1.9
+  platforms:
+  - name: Ubuntu
+    versions:
+    - trusty
+  categories:
+  - networking
+
+dependencies: []
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -0,0 +1,66 @@
+---
+
+- name: Create the directories for site specific configurations
+  user: 
+    name="{{ oauth2_user }}"
+    shell="/bin/false"
+    home="{{ oauth2_dir }}"
+
+- name: Create the directories for site specific configurations
+  file: 
+    path="{{ item }}"
+    state=directory
+    owner="{{ oauth2_user }}"
+    group=root
+    mode=0750
+  with_items:
+     - "{{ oauth2_dir }}"
+     - "{{ oauth2_dir_tmp }}"
+     - "{{ oauth2_dir_log }}"
+
+- name: Download compressed oauth2 binary
+  get_url:
+    url="{{ oaut2_proxy_http }}"
+    sha256sum="{{ oaut2_proxy_http_sha256 | default(omit) }}"
+    dest="{{ oauth2_dir_tmp }}"
+    owner="{{ oauth2_user }}"
+
+- name: unarchive oauth2 binary
+  unarchive: 
+    src="{{ oauth2_dir_tmp }}/{{ oauth2_compress_filename }}"
+    dest="{{ oauth2_dir }}/"
+    creates="{{ oauth2_dir }}/{{ oauth2_compress_filename }}"
+    copy=no
+
+- name: Create current symlink
+  file: 
+    src="{{ oauth2_dir }}/{{ oauth2_filename }}"
+    dest="{{ oauth2_dir }}/current"
+    owner="{{ oauth2_user }}"
+    mode="0755"
+    state="link"
+  notify: 
+    - oauth2-proxy restart
+
+- name: Deploy init.d script
+  template: 
+    src="init.d.sh.j2.sh"
+    dest="/etc/init.d/oauth2-proxy"
+    mode="0755"
+  notify: 
+    - oauth2-proxy restart
+
+- name: Deploy Config
+  template: 
+    src="config.j2"
+    dest="{{ oauth2_config_path }}"
+    owner="{{ oauth2_user }}"
+    mode="0600"
+  notify: 
+    - oauth2-proxy restart
+
+- name: Service start
+  service:
+    name="oauth2-proxy"
+    state="started"
+    enabled="True"
diff --git a/templates/config.j2 b/templates/config.j2
@@ -0,0 +1,11 @@
+## OAuth2 Proxy Config File
+## https://github.com/bitly/oauth2_proxy
+## https://github.com/bitly/oauth2_proxy/blob/master/contrib/oauth2_proxy.cfg.example
+
+{% for k,v in oauth2_proxy_config.iteritems() %}
+{% if v is string %}
+{{ k }} = "{{ v }}"
+{% else %}
+{{ k }} = {{ v | to_json }}
+{% endif %}
+{% endfor %}
diff --git a/templates/init.d.sh.j2.sh b/templates/init.d.sh.j2.sh
@@ -0,0 +1,163 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:          oauth2-proxy
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start oauth2-proxy at boot time.
+# Description:       A reverse proxy that provides authentication with Google, Github or other provider.
+### END INIT INFO
+
+# Author: Yves H. <[email protected]>
+
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="A reverse proxy that provides authentication with Google, Github or other provider"
+NAME=`basename $0`
+DAEMON={{ oauth2_dir }}/current/oauth2_proxy
+DAEMON_ARGS="-config={{ oauth2_config_path }} {{ oauth2_config_cmdline_args }}"
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/oauth2-proxy
+USER={{ oauth2_user }}
+GROUP=$USER
+
+STDOUT_LOG="/var/log/oauth2-proxy/$NAME.log"
+STDERR_LOG="/var/log/oauth2-proxy/$NAME.error.log"
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+VERBOSE=true
+
+get_pid() {
+    cat "$PIDFILE"
+}
+
+is_running() {
+    [ -f "$PIDFILE" ] && ps `get_pid` > /dev/null 2>&1
+}
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+    # Return
+    #   0 if daemon has been started
+    #   1 if daemon was already running
+    #   2 if daemon could not be started
+    start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+        || return 1
+
+    start-stop-daemon --make-pidfile --pidfile $PIDFILE --chuid $USER:$GROUP \
+        --background --no-close --exec $DAEMON --start -- $DAEMON_ARGS \
+        >> $STDOUT_LOG 2>> $STDERR_LOG
+
+    sleep 2
+    if ! is_running; then
+        return 2
+    fi
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+    # Return
+    #   0 if daemon has been stopped
+    #   1 if daemon was already stopped
+    #   2 if daemon could not be stopped
+    #   other if a failure occurred
+    start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+    RETVAL="$?"
+    [ "$RETVAL" = 2 ] && return 2
+    # Wait for children to finish too if this is a daemon that forks
+    # and if the daemon is only ever run from this initscript.
+    # If the above conditions are not satisfied then add some other code
+    # that waits for the process to drop all resources that could be
+    # needed by services started subsequently.  A last resort is to
+    # sleep for some time.
+    start-stop-daemon --stop --quiet --oknodo --retry=0/1/KILL/5 --exec $DAEMON
+    [ "$?" = 2 ] && return 2
+    # Many daemons don't delete their pidfiles when they exit.
+    rm -f $PIDFILE
+    return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+    #
+    # If the daemon can reload its configuration without
+    # restarting (for example, when it is sent a SIGHUP),
+    # then implement that here.
+    #
+    start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+    return 0
+}
+
+case "$1" in
+  start)
+    [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+    do_start
+    case "$?" in
+        0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+        2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+    esac
+    ;;
+  stop)
+    [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+    do_stop
+    case "$?" in
+        0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+        2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+    esac
+    ;;
+  status)
+    status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+    ;;
+  restart|force-reload)
+    #
+    # If the "reload" option is implemented then remove the
+    # 'force-reload' alias
+    #
+    log_daemon_msg "Restarting $DESC" "$NAME"
+    do_stop
+    case "$?" in
+      0|1)
+        do_start
+        case "$?" in
+            0) log_end_msg 0 ;;
+            1) log_end_msg 1 ;; # Old process is still running
+            *) log_end_msg 1 ;; # Failed to start
+        esac
+        ;;
+      *)
+        # Failed to stop
+        log_end_msg 1
+        ;;
+    esac
+    ;;
+  *)
+    echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+    exit 3
+    ;;
+esac
+
+: