diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index 268eef2d2260aa0eac27bcce55b06dec8160b40f..e55632c920e1d9ea8dcac523b1c208cee74bcee6 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -5,24 +5,24 @@ tld: srv.mdx.incubator.geant.org proxies: et2: hostname: srv1 - altname: 'server-md2.et2.com' + alias: 'server-md2.et2.com' mdproxy: test: signer: 'http://localhost:5001' - altname: 'test-md.et2.com' + realm_alias: 'test-md.et2.com' edugain: signer: 'http://srv2-signer.srv.mdx.incubator.geant.org' - altname: 'edugain-md.et2.com' + realm_alias: 'edugain-md.et2.com' mdxcdn: hostname: srv2 - altname: 'server-md2.et2.com' + alias: 'server-md2.et2.com' mdproxy: test: signer: 'http://srv1-signer.srv.mdx.incubator.geant.org' - altname: 'test-md.foobar.com' + realm_alias: 'test-md.foobar.com' edugain: signer: 'http://localhost:5001' @@ -32,15 +32,15 @@ proxies: mdproxy: test: signer: 'http://srv1-signer.srv.mdx.incubator.geant.org' - altname: 'test-md.barfoo.com' + realm_alias: 'test-md.barfoo.com' edugain: signer: 'http://srv2-signer.srv.mdx.incubator.geant.org' alternative-mdx: hostname: srv4 - altname: 'server-md.example.com' + alias: 'server-md.example.com' mdproxy: edugain: signer: 'http://srv2-signer.srv.mdx.incubator.geant.org' - altname: 'edugain-md.blabla.com' + realm_alias: 'edugain-md.blabla.com' diff --git a/inventory/group_vars/mdsigner.yml.example b/inventory/group_vars/mdsigner.yml.example index f947e83f66565248a8bd5cf67272c3827a48fa93..874e5469ad14c08b40c3267c9146d8543689dc0a 100644 --- a/inventory/group_vars/mdsigner.yml.example +++ b/inventory/group_vars/mdsigner.yml.example @@ -5,6 +5,7 @@ signers_tld: srv.mdx.incubator.geant.org signers: et2: hostname: srv1 + alias: mdx.et2.hu mdsigner: test: name: hsm_signer @@ -12,6 +13,7 @@ signers: mdxcdn: hostname: srv2 + alias: mdx.cdn.nl mdsigner: edugain: name: hsm_signer @@ -19,6 +21,7 @@ signers: alternative-mdx: hostname: srv3 + alias: mdx.alternative.nl mdsigner: test: name: normal_signer diff --git a/roles/apache/templates/md.conf.j2 b/roles/apache/templates/md.conf.j2 index 8039cba75e498755ac448fd5db8dc7e8fa8b2d6a..452e998f930e070f35abdc79c494e2c63e2b64ca 100644 --- a/roles/apache/templates/md.conf.j2 +++ b/roles/apache/templates/md.conf.j2 @@ -1,19 +1,24 @@ {% if signers is defined and signers[inventory_hostname].get('mdsigner') %} +# Signer configuration <VirtualHost *:80> ServerName {{ signers[inventory_hostname]['hostname'] }}-signer.{{ signers_tld }} -{% if signers[inventory_hostname].get('altname') %} - ServerAlias {{ signers[inventory_hostname]['altname'] }} +{% if signers[inventory_hostname].get('alias') %} + ServerAlias {{ signers[inventory_hostname]['alias'] }} {% endif %} DocumentRoot /var/www/html AllowEncodedSlashes NoDecode ProxyPass "/" "http://127.0.0.1:5001/" nocanon ProxyPassReverse "/" "http://127.0.0.1:5001/" </VirtualHost> -{% endif %} +{% endif %} {% if proxies is defined and proxies[inventory_hostname].get('mdproxy') %} +# Global proxy configuration <VirtualHost *:80> ServerName {{ proxies[inventory_hostname]['hostname'] }}-proxy.{{ tld }} +{% if proxies[inventory_hostname].get('alias') %} + ServerAlias {{ proxies[inventory_hostname]['alias'] }} +{% endif %} DocumentRoot /var/www/html AllowEncodedSlashes NoDecode ProxyPass "/" "http://127.0.0.1:5002/" nocanon @@ -21,11 +26,12 @@ </VirtualHost> {% set mdproxy = proxies[inventory_hostname]['mdproxy'] %} +# Realm specific proxy configuration {% for realm, values in mdproxy.items() %} <VirtualHost *:80> ServerName proxy-{{ realm }}.{{ tld }} -{% if values.get('altname') %} - ServerAlias {{ values['altname'] }} +{% if values.get('realm_alias') %} + ServerAlias {{ values['realm_alias'] }} {% endif %} DocumentRoot /var/www/html AllowEncodedSlashes NoDecode diff --git a/roles/geodns/tasks/main.yml b/roles/geodns/tasks/main.yml index a92b0590e5f711d89fb50c9a201632c2251f8bbc..1f26cc9b2aa5fe85e6f9678e90ae4f4e74664bce 100644 --- a/roles/geodns/tasks/main.yml +++ b/roles/geodns/tasks/main.yml @@ -4,6 +4,7 @@ state: present name: - netcat-openbsd + - ansible - name: Check if go binary exists stat: diff --git a/roles/local/tasks/main.yml b/roles/local/tasks/main.yml index 09096d6a4591b6a5eaabb944b822ab39b8dc7e02..928fc5362772738345de8157e25503052164b147 100644 --- a/roles/local/tasks/main.yml +++ b/roles/local/tasks/main.yml @@ -1,9 +1,4 @@ --- -- name: Install packages - apt: - state: present - name: - - ansible - name: Clone MDX-SAAS-config repository ansible.builtin.git: diff --git a/roles/mdproxy/templates/mdproxy.yaml.j2 b/roles/mdproxy/templates/mdproxy.yaml.j2 index a9f19fadd314c84d743247e3895c5d6f97c62fe8..d17d486393001171542f60d8eb7abcd0f799a104 100644 --- a/roles/mdproxy/templates/mdproxy.yaml.j2 +++ b/roles/mdproxy/templates/mdproxy.yaml.j2 @@ -3,7 +3,4 @@ {% for realm, values in mdproxies.items() %} {{ realm }}: signer: {{ values['signer'] }} -{% if values.get('altname') %} - altname: {{ values['altname'] }} -{% endif %} {% endfor %}