Merge pull request #837 from edx/cg/shib_templates

Update to shibboleth role and allow changing the template directory

Merge pull request #837 from edx/cg/shib_templates
Update to shibboleth role and allow changing the template directory
8d48895a · Carson Gee · 9410e126 · 5dceafed · 8d48895a · 8d48895a
Commit 8d48895a authored Mar 13, 2014 by Carson Gee
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 20 deletions

playbooks/roles/shibboleth/defaults/main.yml
+3 -0

playbooks/roles/shibboleth/meta/main.yml
+3 -0

playbooks/roles/shibboleth/tasks/main.yml
+8 -20

No files found.
--- a/playbooks/roles/shibboleth/defaults/main.yml
+++ b/playbooks/roles/shibboleth/defaults/main.yml
@@ -8,3 +8,6 @@ shib:
    YOU NEED TO GENERATE A REAL KEY HERE USING OPENSSL
  sp_pem: |
    THE CORRESPONDING CERTIFICATE PEM GOES HERE
+shib_template_dir: '.'
+shib_metadata_backup_url: "https://idp.stanford.edu/Stanford-metadata.xml"
+shib_download_metadata: true
--- a/playbooks/roles/shibboleth/meta/main.yml
+++ b/playbooks/roles/shibboleth/meta/main.yml
+---
+dependencies:
+  - apache
--- a/playbooks/roles/shibboleth/tasks/main.yml
+++ b/playbooks/roles/shibboleth/tasks/main.yml
@@ -10,21 +10,18 @@
    - libapache2-mod-shib2
    - opensaml2-tools
  notify: restart shibd
-  tags:
-    - shib
-    - install

 - name: Creates /etc/shibboleth/metadata directory
  file: path=/etc/shibboleth/metadata state=directory mode=2774 group=_shibd owner=_shibd
-  tags:
-    - shib
-    - install

 - name: Downloads metadata into metadata directory as backup
-  get_url: url=https://idp.stanford.edu/Stanford-metadata.xml dest=/etc/shibboleth/metadata/idp-metadata.xml mode=0640 group=_shibd owner=_shibd
-  tags:
-    - shib
-    - install
+  get_url: >
+    url={{ shib_metadata_backup_url }}
+    dest=/etc/shibboleth/metadata/idp-metadata.xml
+    mode=0640
+    group=_shibd
+    owner=_shibd
+  when: shib_download_metadata

 - name: writes out key and pem file
  template: src=sp.{{item}}.j2 dest=/etc/shibboleth/sp.{{item}}  group=_shibd owner=_shibd mode=0600
@@ -32,24 +29,15 @@
    - key
    - pem
  notify: restart shibd
-  tags:
-    - shib
-    - install

 - name: writes out configuration files
-  template: src={{item}}.j2 dest=/etc/shibboleth/{{item}}  group=_shibd owner=_shibd mode=0644
+  template: src={{ shib_template_dir }}/{{item}}.j2 dest=/etc/shibboleth/{{item}}  group=_shibd owner=_shibd mode=0644
  with_items:
    - attribute-map.xml
    - shibboleth2.xml
  notify: restart shibd
-  tags:
-    - shib
-    - install

 - name: enables shib
  command: a2enmod shib2
  notify: restart shibd
-  tags:
-    - shib
-    - install