Ipsilon: fix files location

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2020-10-07 14:53:45 +02:00 · 2020-10-07 14:53:45 +02:00 · 1a1f7d79e4
commit 1a1f7d79e4
parent fa6eaf9f42
4 changed files with 32 additions and 23 deletions
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@ -141,7 +141,7 @@
         --saml2=yes
         --info-sssd=yes
         --form=yes
-    creates: /etc/ipsilon/ipsilon.conf
+    creates: /etc/ipsilon/root/ipsilon.conf
  tags:
  - ipsilon

@ -153,7 +153,7 @@
 ## - name: copy ipsilon configuration
 ##   template:
 ##     src: "ipsilon.conf"
-##     dest: "/etc/ipsilon/ipsilon.conf"
+##     dest: "/etc/ipsilon/root/ipsilon.conf"
 ##     owner: ipsilon
 ##     group: ipsilon
 ##     mode: 0600
@ -166,7 +166,7 @@
 ## - name: copy ipsilon admin configuration
 ##   template:
 ##     src: "configuration.conf"
-##     dest: "/etc/ipsilon/configuration.conf"
+##     dest: "/etc/ipsilon/root/configuration.conf"
 ##     owner: ipsilon
 ##     group: ipsilon
 ##     mode: 0600
@ -179,7 +179,7 @@
 - name: copy ipsilon OIDC client config
  copy:
    src: "{{ private }}/files/ipsilon/openidc.{{env}}.static"
-    dest: /etc/ipsilon/openidc.static.cfg
+    dest: /etc/ipsilon/root/openidc.static.cfg
    owner: ipsilon
    group: ipsilon
    mode: 0600
@ -192,14 +192,14 @@
 ## - name: copy ipsilon httpd config
 ##   template:
 ##     src: "httpd.conf.{{ env }}.j2"
-##     dest: /etc/httpd/conf.d/ipsilon.conf
+##     dest: /etc/ipsilon/root/idp.conf
 ##   tags:
 ##   - ipsilon

 # - name: Create Ipsilon config symlink
 #   file:
 #     dest: /var/lib/ipsilon/ipsilon.conf
-#     src: /etc/ipsilon/ipsilon.conf
+#     src: /etc/ipsilon/root/ipsilon.conf
 #     state: link
 #   tags:
 #   - ipsilon
@ -207,7 +207,7 @@
 #   - reload apache

 # - name: create wellknown directory
-#   file: path=/etc/ipsilon/wellknown state=directory
+#   file: path=/etc/ipsilon/root/wellknown state=directory
 #         owner=ipsilon group=ipsilon mode=0755
 #   tags:
 #   - ipsilon
@ -215,28 +215,28 @@
 #   - reload apache

 # - name: copy persona private key
-#   copy: src={{ private }}/files/ipsilon/persona.key dest=/etc/ipsilon/persona.key
+#   copy: src={{ private }}/files/ipsilon/persona.key dest=/etc/ipsilon/root/persona.key
 #         owner=ipsilon group=ipsilon mode=0600
 #   when: env != "staging"
 #   tags:
 #   - ipsilon
 # 
 # - name: copy persona public key
-#   copy: src=browserid dest=/etc/ipsilon/wellknown/browserid
+#   copy: src=browserid dest=/etc/ipsilon/root/wellknown/browserid
 #         owner=ipsilon group=ipsilon mode=0644
 #   when: env != "staging"
 #   tags:
 #   - ipsilon
 # 
 # - name: copy persona STG private key
-#   copy: src={{ private }}/files/ipsilon/persona.stg.key dest=/etc/ipsilon/persona.stg.key
+#   copy: src={{ private }}/files/ipsilon/persona.stg.key dest=/etc/ipsilon/root/persona.stg.key
 #         owner=ipsilon group=ipsilon mode=0600
 #   when: env == "staging"
 #   tags:
 #   - ipsilon
 # 
 # - name: copy persona STG public key
-#   copy: src=browserid.stg dest=/etc/ipsilon/wellknown/browserid
+#   copy: src=browserid.stg dest=/etc/ipsilon/root/wellknown/browserid
 #         owner=ipsilon group=ipsilon mode=0644
 #   when: env == "staging"
 #   tags:
@ -245,7 +245,7 @@
 - name: copy OIDC private key
  copy:
    src: "{{ private }}/files/ipsilon/openidc{{ env_suffix }}.key"
-    dest: /etc/ipsilon/openidc.key
+    dest: /etc/ipsilon/root/openidc.key
    owner: ipsilon
    group: ipsilon
    mode: 0600
@ -254,7 +254,7 @@
  - ipsilon

 # - name: copy OIDC STG private key
-#   copy: src={{ private }}/files/ipsilon/openidc.stg.key dest=/etc/ipsilon/openidc.stg.key
+#   copy: src={{ private }}/files/ipsilon/openidc.stg.key dest=/etc/ipsilon/root/openidc.stg.key
 #         owner=ipsilon group=ipsilon mode=0600
 #   when: env == "staging"
 #   tags:
@ -262,7 +262,7 @@

 - name: create SAML2 dir
  file:
-    path: /etc/ipsilon/saml2
+    path: /etc/ipsilon/root/saml2
    state: directory
    mode: 0700
    owner: ipsilon
@ -274,7 +274,7 @@
 - name: copy SAML2 private key
  copy:
    src: "{{ private }}/files/saml2/{{ env }}/keys/idp.key"
-    dest: /etc/ipsilon/saml2/idp.key
+    dest: /etc/ipsilon/root/saml2/idp.key
    owner: ipsilon
    group: ipsilon
    mode: 0600
@ -284,7 +284,7 @@
 - name: copy SAML2 public key
  copy:
    src: "{{ private }}/files/saml2/{{ env }}/keys/idp.crt"
-    dest: /etc/ipsilon/saml2/idp.crt
+    dest: /etc/ipsilon/root/saml2/idp.crt
    owner: ipsilon
    group: ipsilon
    mode: 0644
--- a/roles/ipsilon/templates/configuration.conf
+++ b/roles/ipsilon/templates/configuration.conf
@ -39,9 +39,14 @@ openidc subject salt={{ ipsilon_stg_openidc_subject_salt }}
 openidc subject salt={{ ipsilon_openidc_subject_salt }}
 {% endif %}
 openidc endpoint url=https://id{{env_suffix}}.fedoraproject.org/openidc/
+{% if env == 'staging' %}
+openidc idp key file=/etc/ipsilon/root/openidc.key
+openidc static database url=configfile:///etc/ipsilon/root/openidc.static.cfg
+{% else %}
 openidc idp key file=/etc/ipsilon/openidc.key
-openidc database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }}
 openidc static database url=configfile:///etc/ipsilon/openidc.static.cfg
+{% endif %}
+openidc database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }}
 openidc documentation url=https://fedoraproject.org/wiki/Infrastructure/Authentication
 openidc policy url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
 openidc tos url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
@ -65,11 +70,12 @@ openid database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{
 openid untrusted roots=
 openid enabled extensions=Fedora Teams,Attribute Exchange,CLAs,Simple Registration,API

-saml2 idp storage path=/etc/ipsilon/saml2
 saml2 idp metadata file=metadata.xml
 {% if env == 'staging' %}
+saml2 idp storage path=/etc/ipsilon/root/saml2
 saml2 idp nameid salt={{ ipsilon_stg_saml2_nameid_salt }}
 {% else %}
+saml2 idp storage path=/etc/ipsilon/saml2
 saml2 idp nameid salt={{ ipsilon_saml2_nameid_salt }}
 {% endif %}
 saml2 idp certificate file=idp.crt
--- a/roles/ipsilon/templates/httpd.conf.staging.j2
+++ b/roles/ipsilon/templates/httpd.conf.staging.j2
@ -1,8 +1,10 @@
 #RewriteEngine on
 #RewriteRule /.well-known/openid-configuration /openidc/.well-known/openid-configuration [PT]
-Redirect /.well-known/webfinger /webfinger
+#Alias /ui /usr/share/ipsilon/themes/Fedora
+Alias /ui /usr/share/ipsilon/ui
 Alias /.well-known /var/lib/ipsilon/idp/public/well-known
 Alias /cache /var/cache/ipsilon
+Redirect /.well-known/webfinger /webfinger

 # This is for mapping $username.id.fp.o -> id.fp.o/id/$username
 RewriteEngine on
@ -18,8 +20,6 @@ RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* /openid/id/$1/ [PT]
 {% endif %}


-Alias /ui /usr/share/ipsilon/themes/Fedora
-#Alias /ui /usr/share/ipsilon/ui
 WSGIScriptAlias / /usr/libexec/ipsilon
 WSGIDaemonProcess ipsilon user=ipsilon group=ipsilon home=/var/lib/ipsilon display-name=ipsilon processes=2 threads=2 maximum-requests=1000
 # This header is required to be passed for OIDC client_secret_basic
@ -45,8 +45,7 @@ WSGISocketPrefix run/wsgi
    Require all granted
 </Directory>

-#<Directory /etc/ipsilon/wellknown>
-<Directory /var/lib/ipsilon/idp/public/well-known>
+<Directory /var/lib/ipsilon/root/public/well-known>
    Require all granted
 </Directory>

--- a/roles/ipsilon/templates/ipsilon.conf
+++ b/roles/ipsilon/templates/ipsilon.conf
@ -6,7 +6,11 @@ template_dir = "/usr/share/ipsilon/templates"

 log.screen = True
 base.dir = "/usr/share/ipsilon"
+{% if env == 'staging' %}
+admin.config.db = "configfile:///etc/ipsilon/root/configuration.conf"
+{% else %}
 admin.config.db = "configfile:///etc/ipsilon/configuration.conf"
+{% endif %}
 user.prefs.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_prefs_name }}"
 transactions.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_transactions_name }}"