fws
/
ansible-roles
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
625 Commits
1 Branch
0 Tags
7.5 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 9d86a90d52
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9d86a90d52'
${ noResults }
ansible-roles/roles/openxpki/tasks/conf.yml

118 lines
3.5 KiB
Raw Blame History

---
- name: Deploy JS config
template: src=localconfig.js.j2 dest={{ pki_root_dir }}/web/htdocs/localconfig.js
tags: pki
- name: Check if notification is a link or a dir
stat: path={{ pki_root_dir }}/etc/notification
register: pki_notif_config
tags: pki
- name: Remove notification dir from the config
file: path={{ pki_root_dir }}/etc/notification state=absent
when:
- pki_notif_config.stat.isdir is defined
- pki_notif_config.stat.isdir
tags: pki
- name: Copy default configuration
synchronize:
src: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/"
dest: "{{ pki_root_dir }}/etc/"
compress: False
rsync_opts:
- '--exclude=config.d/realm/democa'
delegate_to: "{{ inventory_hostname }}"
when: pki_install_mode != 'none' # or pki_patches.changed
tags: pki
- name: Create realm config directories
file: path={{ pki_root_dir }}/etc/config.d/realm/{{ item.name }} state=directory
with_items: "{{ pki_realms }}"
register: pki_new_realms
tags: pki
- name: Populate realm config
synchronize:
src: "{{ pki_root_dir }}/etc/config.d/realm.tpl/"
dest: "{{ pki_root_dir }}/etc/config.d/realm/{{ item.item.name }}/"
compress: False
delete: True
delegate_to: "{{ inventory_hostname }}"
when: item.changed or pki_install_mode != 'none'
with_items: "{{ pki_new_realms.results }}"
tags: pki
- name: Create per realm links to the scep script handler
file: src=scep.fcgi dest={{ pki_root_dir }}/web/cgi-bin/scep_{{ item.name }}.fcgi state=link
when: item.scep.enabled
with_items: "{{ pki_realms }}"
tags: pki
- name: Remove scep for realms who has disabled it
file: path={{ pki_root_dir }}/web/cgi-bin/scep_{{ item.name }}.fcgi state=absent
when: not item.scep.enabled
with_items: "{{ pki_realms }}"
tags: pki
- name: Deploy system configuration
template: src={{ item }}.j2 dest={{ pki_root_dir }}/etc/{{ item }}
with_items:
- config.d/system/crypto.yaml
- config.d/system/database.yaml
- config.d/system/realms.yaml
- config.d/system/server.yaml
- config.d/system/watchdog.yaml
- notification/email/_footer.txt
- notification/email/_footer.html
notify: restart openxpki
tags: pki
- name: Deploy realm configuration
template: src=config.d/realm/{{ item.1 }}.j2 dest={{ pki_root_dir }}/etc/config.d/realm/{{ item.0.name }}/{{ item.1 }}
with_nested:
- "{{ pki_realms }}"
- - crypto.yaml
- nice.yaml
- notification/smtp.yaml
- publishing.yaml
- profile/default.yaml
- profile/signer.yaml
- profile/tls_client.yaml
- profile/tls_server.yaml
- profile/user_auth_enc.yaml
- auth/stack.yaml
- auth/handler.yaml
- workflow/global/validator/password_quality.yaml
- scep/scep-server.yaml
notify: restart openxpki
tags: pki
- name: Deploy per realm scep configuration
template: src=scep/default.conf.j2 dest={{ pki_root_dir }}/etc/scep/{{ item.name }}.conf
with_items: "{{ pki_realms }}"
notify: restart openxpki fcgi
tags: pki
- name: Deploy general configuration
template: src={{ item }}.j2 dest={{ pki_root_dir }}/etc/{{ item }}
with_items:
- log.conf
- openssl.cnf
- scep/log.conf
tags: pki
- name: Deploy webui configuration
template: src={{ item }}.j2 dest={{ pki_root_dir }}/etc/{{ item }}
with_items:
- webui/default.conf
- webui/log.conf
notify: restart openxpki fcgi
tags: pki
- name: Deploy httpd config
template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/10-openxpki.conf
notify: reload httpd
tags: pki