Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Playbook to configure CFME login with RH-SSO
---
- hosts: all
become: yes
become_user: root
vars:
appliance_file_name: "https_{{ appliance_name }}"
tasks:
- name: SAML configuration dir
file:
path: /etc/httpd/saml2
state: directory
mode: 0755
- name: Copy remote user configuration
copy:
src: /opt/rh/cfme-appliance/TEMPLATE/etc/httpd/conf.d/manageiq-remote-user.conf
dest: /etc/httpd/conf.d
remote_src: yes
- name: Copy external auth configuration
copy:
src: /opt/rh/cfme-appliance/TEMPLATE/etc/httpd/conf.d/manageiq-external-auth-saml.conf
dest: /etc/httpd/conf.d
remote_src: yes
- name: Create metadata
command: "/usr/libexec/mod_auth_mellon/mellon_create_metadata.sh https://{{ appliance_name }} https://{{ appliance_name }}/saml2"
args:
creates: "{{ appliance_file_name }}.xml"
- name: Copy SAML Key
copy:
src: "{{ appliance_file_name }}.key"
dest: /etc/httpd/saml2/miqsp-key.key
remote_src: yes
- name: Copy SAML certificate
copy:
src: "{{ appliance_file_name }}.cert"
dest: /etc/httpd/saml2/miqsp-cert.cert
remote_src: yes
- name: Copy SAML metadata
copy:
src: "{{ appliance_file_name }}.xml"
dest: /etc/httpd/saml2/miqsp-metadata.xml
remote_src: yes
- name: Download RH-SSO Descriptor
get_url:
url: "https://{{ rh_sso_server }}/auth/realms/{{ cf_realm }}/protocol/saml/descriptor"
dest: /etc/httpd/saml2/idp-metadata.xml
validate_certs: no
notify:
- restart apache
handlers:
- name: restart apache
service: name=httpd state=restarted
# ansible-playbook -i 'cfme.domain.com,' cfme-rh-sso.yml -e "appliance_name=cfme.domain.com rh_sso_server=sso.domain.com cf_realm=domain" -u root -k -v
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment