ipsilon: move over definitely to openshift

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-09 16:02:46 +02:00 · 2019-05-09 16:02:46 +02:00 · 433270afac
commit 433270afac
parent c2731b0ca0
2 changed files with 3 additions and 16 deletions
--- a/roles/ipsilon/templates/configuration.conf
+++ b/roles/ipsilon/templates/configuration.conf
@ -34,11 +34,7 @@ openidc subject salt={{ ipsilon_stg_openidc_subject_salt }}
 openidc subject salt={{ ipsilon_openidc_subject_salt }}
 {% endif %}
 openidc endpoint url=https://id{{env_suffix}}.fedoraproject.org/openidc/
 {% if inventory_hostname.startswith('os-') %}
 openidc idp key file=/etc/ipsilon/openidc.key
 {% else %}
 openidc idp key file=/etc/ipsilon/openidc{{env_suffix}}.key
 {% endif %}
 openidc database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }}
 openidc static database url=configfile:///etc/ipsilon/openidc.static.cfg
 openidc documentation url=https://fedoraproject.org/wiki/Infrastructure/Authentication
@ -59,19 +55,15 @@ openid database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{
 openid untrusted roots=
 openid enabled extensions=Fedora Teams,Attribute Exchange,CLAs,Simple Registration,API
-saml2 idp storage path=/etc/ipsilon/saml2
+saml2 idp storage path=/etc/ipsilon
 {% if inventory_hostname.startswith('os-') %}
 saml2 idp metadata file=/httpdir/metadata.xml
 {% else %}
 saml2 idp metadata file=metadata.xml
 {% endif %}
 {% if env == 'staging' %}
 saml2 idp nameid salt={{ ipsilon_stg_saml2_nameid_salt }}
 {% else %}
 saml2 idp nameid salt={{ ipsilon_saml2_nameid_salt }}
 {% endif %}
-saml2 idp certificate file=idp.crt
+saml2 idp certificate file=saml2_idp.crt
-saml2 idp key file=idp.key
+saml2 idp key file=saml2_idp.key
 saml2 allow self registration=False
 saml2 default nameid=transient
 saml2 default email domain=fedoraproject.org
--- a/roles/ipsilon/templates/ipsilon-httpd.conf.j2
+++ b/roles/ipsilon/templates/ipsilon-httpd.conf.j2
@ -18,16 +18,11 @@ RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* /openid/id/$1/ [PT]
 Alias /ui /usr/share/ipsilon/ui
 WSGIScriptAlias / /usr/libexec/ipsilon
 WSGIPassAuthorization On
 {% if inventory_hostname.startswith('os-') %}
 WSGIDaemonProcess ipsilon home=/var/lib/ipsilon processes=2 threads=2 maximum-requests=1000
 WSGIApplicationGroup %{GLOBAL}
 WSGISocketPrefix /httpdir/run/wsgi
 WSGIRestrictStdout Off
 WSGIRestrictSignal Off
 {% else %}
 WSGIDaemonProcess ipsilon user=ipsilon group=ipsilon home=/var/lib/ipsilon processes=2 threads=2 maximum-requests=1000
 WSGIImportScript /usr/libexec/ipsilon process-group=ipsilon application-group=ipsilon
 {% endif %}
 <Location />