Google Git
Sign in
edge/private-cloud-ansible-playbooks/apigee-opdk-setup-edge-sso-config/9f11c6d5268344c8c91cea06c3d207bce4b66522^!/.
commit
9f11c6d5268344c8c91cea06c3d207bce4b66522
[log]
author
Carlos Frias <friasc@google.com>
Tue Apr 10 12:53:06 2018 -0400
committer
Carlos Frias <friasc@google.com>
Tue Apr 10 12:53:06 2018 -0400
tree
183629f484acf15908d4461a053b647a267e3e87
parent
dbd7f71e91d48d2a91b8c3f189affb47cc5118bf [diff]
Updated template and tasks.

diff --git a/defaults/main.yml b/defaults/main.yml
index 8e5fa5a..24fe3d4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml

@@ -1,2 +1,5 @@
 ---
-# defaults file for apigee-opdk-setup-edge-sso
\ No newline at end of file
+# defaults file for apigee-opdk-setup-edge-sso
+
+edge_sso_installation_config_file: edge-sso-installer-config.conf
+

diff --git a/tasks/main.yml b/tasks/main.yml
index f199554..6bc0216 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml

@@ -1,2 +1,30 @@
 ---
-# tasks file for apigee-opdk-setup-edge-sso
\ No newline at end of file
+# tasks file for apigee-opdk-setup-edge-sso
+
+- name: Touch file
+  become: yes
+  file:
+    state: touch
+    path: "{{ opdk_installer_path }}/{{ edge_sso_installation_config_file }}"
+
+- name: Construct the Edge SSO Installation config file file
+  become: yes
+  template:
+    src: '{{ edge_sso_installation_config_file }}.j2'
+    dest: "{{ opdk_installer_path }}/{{ edge_sso_installation_config_file }}"
+    force: yes
+    owner: '{{ opdk_user_name }}'
+    group: '{{ opdk_group_name }}'
+    mode: 0655
+  when: manual_edge_sso_installation_config_file is not defined or not manual_edge_sso_installation_config_file
+
+- name: Copy the provided Edge SSO Installation config file
+  become: yes
+  copy:
+    src: "{{ manual_edge_sso_installation_config_file }}"
+    dest: "{{ opdk_installer_path }}/{{ edge_sso_installation_config_file }}"
+    owner: '{{ opdk_user_name }}'
+    group: '{{ opdk_group_name }}'
+    mode: 0655
+  when: manual_edge_sso_installation_config_file is defined and manual_edge_sso_installation_config_file
+

diff --git a/templates/edge-sso-installer-config.conf.j2 b/templates/edge-sso-installer-config.conf.j2
new file mode 100644
index 0000000..dad3fcf
--- /dev/null
+++ b/templates/edge-sso-installer-config.conf.j2

@@ -0,0 +1,75 @@
+IP1={{ local_mgmt_ip }}
+IP2={{ public_address }}
+
+## Management Server configuration.
+MSIP=$IP1
+MGMT_PORT={{ ms_ext_mgmt_port }}
+# Edge sys admin username and password as set when you installed Edge.
+ADMIN_EMAIL={{ opdk_user_email }}
+APIGEE_ADMINPW={{ opdk_user_pass }}
+# Set the protocol for the Edge management API. Default is http.
+# Set to https if you enabled TLS on the management API.
+MS_SCHEME={{ edge_sso_ms_scheme | default('http') }}
+
+## Postgres configuration.
+PG_HOST=$IP1
+PG_PORT=5432
+# Postgres username and password as set when you installed Edge.
+PG_USER={{ pg_user }}
+PG_PWD={{ pg_pass }}
+
+# apigee-sso configuration.
+SSO_PROFILE={{ edge_sso_profile | default("saml") }}
+# Externally accessible IP or DNS name of apigee-sso.
+SSO_PUBLIC_URL_HOSTNAME=$IP2
+# Default port is 9099. If changing, set both properties to the same value.
+SSO_PUBLIC_URL_PORT={{ edge_sso_public_url_port | default(9099) }}
+SSO_TOMCAT_PORT={{ edge_sso_tomcat_port | default(9099) }}
+# Set Tomcat TLS mode to DEFAULT to use HTTP access to apigee-sso.
+SSO_TOMCAT_PROFILE={{ edge_sso_tomcat_profile | default('DEFAULT') }}
+SSO_PUBLIC_URL_SCHEME={{ edge_sso_public_url_scheme | default(http) }}
+
+# SSO admin user name. The default is ssoadmin.
+SSO_ADMIN_NAME={{ edge_sso_admin_name | default('ssoadmin') }}
+# SSO admin password using uppercase, lowercase, number, and special chars.
+SSO_ADMIN_SECRET={{ edge_sso_admin_secret | default(opdk_user_pass) }}
+
+# Path to signing key and secret from "Create the TLS keys and certificates" above.
+SSO_JWT_SIGNINIG_KEY_FILEPATH={{ edge_sso_jwt_signing_key_filepath | default('/opt/apigee/customer/application/apigee-sso/jwt-keys/privkey.pem') }}
+SSO_JWT_VERIFICATION_KEY_FILEPATH={{  edge_sso_jwt_verification_key_filepath | default('/opt/apigee/customer/application/apigee-sso/jwt-keys/pubkey.pem') }}
+
+# Name of SAML IDP. For example, okta or adfs.
+SSO_SAML_IDP_NAME={{ edge_sso_saml_ipd_name | default('okta') }}
+# Text displayed to user when they attempt to access Edge UI.
+SSO_SAML_IDP_LOGIN_TEXT={{ edge_sso_saml_ipd_login_text | default("Please log in to your IDP") }}
+
+# The metadata URL from your IDP.
+# If you have a metadata file, and not a URL,
+# see "Specifying a metadata file instead of a URL" below.
+SSO_SAML_IDP_METADATA_URL={{ edge_sso_saml_idp_metadata_url }}
+
+# Specifies to skip TLS validation for the URL specified
+# by SSO_SAML_IDP_METADATA_URL. Necessary if URL uses a self-signed cert.
+# Default value is "n".
+SSO_SAML_IDPMETAURL_SKIPSSLVALIDATION={{ edge_sso_saml_idpmetaurl_skipsslvalidation | default('n') }}
+
+# SAML service provider key and cert from "Create the TLS keys and certificates" above.
+SSO_SAML_SERVICE_PROVIDER_KEY={{ edge_sso_saml_service_provider_key | default('/opt/apigee/customer/application/apigee-sso/saml/server.key') }}
+SSO_SAML_SERVICE_PROVIDER_CERTIFICATE={{  edge_sso_saml_service_provider_certificate | default('/opt/apigee/customer/application/apigee-sso/saml/selfsigned.crt') }}
+# The passphrase used when you created the SAML cert and key.
+# The section "Create the TLS keys and certificates" above removes the passphrase,
+# but this property is available if you require a passphrase.
+# SSO_SAML_SERVICE_PROVIDER_PASSWORD={{ edge_sso_saml_service_provider_password | default('samlSP123') }}
+
+# Must configure an SMTP server so Edge SSO can send emails to users.
+SMTPMAILFROM="{{ opdk_smtp_mail_from }} <{{  opdk_user_email }}>"
+
+SKIP_SMTP={{ opdk_smtp_skip }}
+{% if opdk_smtp_skip | trim == 'y' %}
+    SMTPHOST={{ opdk_smtp_host }}
+    SMTPPORT={{ opdk_smtp_port }}
+    SMTPUSER={{ opdk_smtp_user }}
+    SMTPPASSWORD='{{ opdk_smtp_password }}'
+    SMTPSSL={{ opdk_smtp_ssl }}
+{% endif %}
+