You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
144 lines
3.9 KiB
144 lines
3.9 KiB
---
|
|
|
|
- name: Install common packages
|
|
yum:
|
|
name:
|
|
- lemonldap-ng-conf
|
|
- perl-Cache-Cache
|
|
- lemonldap-ng-fastcgi-server
|
|
tags: web
|
|
|
|
- name: Install Lemonldap::NG handler
|
|
yum: name=lemonldap-ng-handler
|
|
when: llng_handler == True
|
|
tags: web
|
|
|
|
- name: Install Lemonldap::NG portal
|
|
yum:
|
|
name:
|
|
- python-passlib
|
|
- lemonldap-ng-portal
|
|
- lemonldap-ng-doc
|
|
- lasso
|
|
- lasso-perl
|
|
- perl-Authen-Captcha
|
|
when: llng_portal == True
|
|
tags: web
|
|
|
|
- name: Install Lemonldap::NG manager
|
|
yum:
|
|
name:
|
|
- lemonldap-ng-manager
|
|
- lemonldap-ng-doc
|
|
- lemonldap-ng-fr-doc
|
|
when: llng_manager == True
|
|
tags: web
|
|
|
|
- name: Create directories
|
|
file: name={{ item }} state=directory group=apache mode=770
|
|
with_items:
|
|
- /var/cache/lemonldap-ng
|
|
tags: web
|
|
|
|
- include_tasks: "{{ llng_server }}.yml"
|
|
tags: web
|
|
|
|
- name: Deploy manager's nginx configuration
|
|
template: src=nginx_manager.conf.j2 dest=/etc/nginx/ansible_conf.d/23-llng_manager.conf
|
|
when: llng_manager == True and llng_server == 'nginx'
|
|
notify: reload nginx
|
|
|
|
- import_tasks: mysql.yml
|
|
when: llng_conf_backend == 'mysql'
|
|
tags: web
|
|
|
|
- name: Deploy Lemonldap::NG main configuration
|
|
template: src=lemonldap-ng.ini.j2 dest=/etc/lemonldap-ng/lemonldap-ng.ini group=apache mode=640
|
|
notify: restart {{ (llng_server == 'nginx') | ternary('llng-fastcgi-server','httpd') }}
|
|
tags: web
|
|
|
|
- name: Deploy Lemonldap::NG migration configuration
|
|
template: src=lemonldap-ng-file.ini.j2 dest=/etc/lemonldap-ng/lemonldap-ng-file.ini group=apache mode=640
|
|
tags: web
|
|
|
|
- name: Copy applications logo
|
|
copy: src=logos/ dest=/usr/share/lemonldap-ng/portal/htdocs/static/common/apps/
|
|
when: llng_portal == True
|
|
tags: web
|
|
|
|
- name: Remove old custom logo dir
|
|
file: path=/usr/share/lemonldap-ng/portal-skins/ state=absent
|
|
tags: web
|
|
|
|
- name: Create htpasswd file for API endpoints
|
|
htpasswd:
|
|
path: /etc/lemonldap-ng/api.htpasswd
|
|
name: "{{ llng_api_user }}"
|
|
password: "{{ llng_api_pass }}"
|
|
owner: root
|
|
group: "{{ (llng_server == 'nginx') | ternary('nginx','apache') }}"
|
|
mode: 0640
|
|
when:
|
|
- llng_api_pass is defined
|
|
- llng_portal == True
|
|
tags: web
|
|
|
|
- name: Add a cron task to renew OIDC keys
|
|
cron:
|
|
name: lemonldap_rotate_oidc
|
|
special_time: weekly
|
|
user: apache
|
|
job: '/usr/share/lemonldap-ng/bin/rotateOidcKeys'
|
|
cron_file: lemonldap_rotate_oidc
|
|
state: "{{ (llng_portal and llng_server != 'nginx') | ternary('present','absent') }}"
|
|
tags: web
|
|
|
|
# provided cron job has a syntaxe error
|
|
- name: Override purgeCentralCache cron job
|
|
copy:
|
|
content: |
|
|
#
|
|
# Regular cron jobs for LemonLDAP::NG
|
|
#
|
|
10 * * * * apache [ -x /usr/libexec/lemonldap-ng/bin/purgeCentralCache ] && /usr/libexec/lemonldap-ng/bin/purgeCentralCache
|
|
dest: /etc/cron.d/lemonldap-ng-portal
|
|
when: llng_portal == True
|
|
tags: web
|
|
|
|
- name: Deploy custom llng-fastcgi-server unit
|
|
template: src=llng-fastcgi-server.service.j2 dest=/etc/systemd/system/llng-fastcgi-server.service
|
|
notify: restart llng-fastcgi-server
|
|
register: llng_fastcgi_unit
|
|
tags: web
|
|
|
|
- name: Reload systemd
|
|
systemd: daemon_reload=True
|
|
when: llng_fastcgi_unit.changed
|
|
tags: web
|
|
|
|
- name: Handle Fast CGI server
|
|
service:
|
|
name: llng-fastcgi-server
|
|
state: "{{ (llng_server == 'nginx') | ternary('started','stopped') }}"
|
|
enabled: "{{ (llng_server == 'nginx') | ternary(True,False) }}"
|
|
tags: web
|
|
|
|
- name: Set correct SELinux context for Lemonldap::NG files
|
|
sefcontext:
|
|
target: "{{ item.target }}"
|
|
setype: "{{ item.type }}"
|
|
state: present
|
|
loop:
|
|
- target: "/var/lib/lemonldap-ng(/.*)?"
|
|
type: httpd_var_lib_t
|
|
- target: "/var/cache/lemonldap-ng(/.*)?"
|
|
type: httpd_cache_t
|
|
when: ansible_selinux.status == 'enabled'
|
|
tags: web
|
|
|
|
- name: Restore SELinux context
|
|
command: restorecon -R /var/lib/lemonldap-ng /var/cache/lemonldap-ng
|
|
changed_when: False
|
|
when: ansible_selinux.status == 'enabled'
|
|
tags: web
|
|
|
|
|