roles/pdc/frontend/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86


- name: setup the PDC copr repo
  copy: >
    src="sochotni-pdc-test-epel-7.repo"
    dest="/etc/yum.repos.d/sochotni-pdc-test-epel-7.repo"
    owner=root
    group=root
    mode=0644
  tags:
  - pdc

- name: setup the patternfly copr repo
  copy: >
    src="patternfly-patternfly1-epel-7.repo"
    dest="/etc/yum.repos.d/patternfly-patternfly1-epel-7.repo"
    owner=root
    group=root
    mode=0644
  tags:
  - pdc

- name: lastly, add a copr repo for extra deps of PDC.
  copy: >
    src="ralph-pdc-deps-epel-7.repo"
    dest="/etc/yum.repos.d/ralph-pdc-deps-epel-7.repo"
    owner=root
    group=root
    mode=0644
  tags:
  - pdc

- name: install needed packages
  yum: pkg={{ item }} state=present
  with_items:
  - patternfly1
  - python-pdc
  - xmlsec1
  - mod_auth_mellon
  tags: pdc

- name: Copy over settings_local.py
  template: src=settings_local.py
            dest=/usr/lib/python2.7/site-packages/pdc/settings_local.py
            mode=0600 owner=apache group=apache
  notify: reload httpd
  tags: pdc

- name: Copy over httpd config
  template: src=pdc.conf dest=/etc/httpd/conf.d/pdc.conf
  notify: reload httpd
  tags: pdc

- name: ensure selinux lets httpd do the stuff we need.
  seboolean: name={{ item }} persistent=yes state=yes
  with_items:
  - httpd_can_network_connect_db
  - httpd_can_sendmail
  # XXX - Someday for fedmsg
  #- httpd_can_network_connect
  tags:
  - pdc
  - selinux

- name: create /etc/httpd/saml2
  file: state=directory
        path=/etc/httpd/saml2
        owner=apache group=apache mode=0775
  tags: pdc

- name: Install saml2 idp file (which describes our ipsilon instances).
  copy: src="{{ private }}/files/saml2/idp-{{env}}.xml"
        dest="/etc/httpd/saml2/idp-metadata.xml"
        owner="apache" group="apache" mode=0600
  notify: reload httpd
  tags: pdc

- name: Install domain-specific saml2 certs and metadata
  copy: src="{{ private }}/files/saml2/{{ pdc_domain }}/{{ item }}"
        dest="/etc/httpd/saml2/{{ item }}"
        owner="apache" group="apache" mode=0600
  with_items:
    - certificate.pem
    - certificate.key
    - metadata.xml
  notify: reload httpd
  tags: pdc