jairojunior/cfme-rh-sso.yml

## cfme-rh-sso.yml
---
- hosts: all
  become: yes
  become_user: root
  vars:
    appliance_file_name: "https_{{ appliance_name }}"

  tasks:

  - name: SAML configuration dir
    file:
      path: /etc/httpd/saml2
      state: directory
      mode: 0755

  - name: Copy remote user configuration
    copy:
      src: /opt/rh/cfme-appliance/TEMPLATE/etc/httpd/conf.d/manageiq-remote-user.conf
      dest: /etc/httpd/conf.d
      remote_src: yes

  - name: Copy external auth configuration
    copy:
      src: /opt/rh/cfme-appliance/TEMPLATE/etc/httpd/conf.d/manageiq-external-auth-saml.conf
      dest: /etc/httpd/conf.d
      remote_src: yes

  - name: Create metadata
    command: "/usr/libexec/mod_auth_mellon/mellon_create_metadata.sh https://{{ appliance_name }} https://{{ appliance_name }}/saml2"
    args:
      creates: "{{ appliance_file_name }}.xml"

  - name: Copy SAML Key
    copy:
      src: "{{ appliance_file_name }}.key"
      dest: /etc/httpd/saml2/miqsp-key.key
      remote_src: yes

  - name: Copy SAML certificate
    copy:
      src: "{{ appliance_file_name }}.cert"
      dest: /etc/httpd/saml2/miqsp-cert.cert
      remote_src: yes

  - name: Copy SAML metadata
    copy:
      src: "{{ appliance_file_name }}.xml"
      dest: /etc/httpd/saml2/miqsp-metadata.xml
      remote_src: yes

  - name: Download RH-SSO Descriptor
    get_url:
      url: "https://{{ rh_sso_server }}/auth/realms/{{ cf_realm }}/protocol/saml/descriptor"
      dest: /etc/httpd/saml2/idp-metadata.xml
      validate_certs: no
      notify:
        - restart apache

  handlers:
    - name: restart apache
      service: name=httpd state=restarted

# ansible-playbook -i 'cfme.domain.com,' cfme-rh-sso.yml -e "appliance_name=cfme.domain.com rh_sso_server=sso.domain.com cf_realm=domain" -u root -k -v
	---
	- hosts: all
	become: yes
	become_user: root
	vars:
	appliance_file_name: "https_{{ appliance_name }}"

	tasks:

	- name: SAML configuration dir
	file:
	path: /etc/httpd/saml2
	state: directory
	mode: 0755

	- name: Copy remote user configuration
	copy:
	src: /opt/rh/cfme-appliance/TEMPLATE/etc/httpd/conf.d/manageiq-remote-user.conf
	dest: /etc/httpd/conf.d
	remote_src: yes

	- name: Copy external auth configuration
	copy:
	src: /opt/rh/cfme-appliance/TEMPLATE/etc/httpd/conf.d/manageiq-external-auth-saml.conf
	dest: /etc/httpd/conf.d
	remote_src: yes

	- name: Create metadata
	command: "/usr/libexec/mod_auth_mellon/mellon_create_metadata.sh https://{{ appliance_name }} https://{{ appliance_name }}/saml2"
	args:
	creates: "{{ appliance_file_name }}.xml"

	- name: Copy SAML Key
	copy:
	src: "{{ appliance_file_name }}.key"
	dest: /etc/httpd/saml2/miqsp-key.key
	remote_src: yes

	- name: Copy SAML certificate
	copy:
	src: "{{ appliance_file_name }}.cert"
	dest: /etc/httpd/saml2/miqsp-cert.cert
	remote_src: yes

	- name: Copy SAML metadata
	copy:
	src: "{{ appliance_file_name }}.xml"
	dest: /etc/httpd/saml2/miqsp-metadata.xml
	remote_src: yes

	- name: Download RH-SSO Descriptor
	get_url:
	url: "https://{{ rh_sso_server }}/auth/realms/{{ cf_realm }}/protocol/saml/descriptor"
	dest: /etc/httpd/saml2/idp-metadata.xml
	validate_certs: no
	notify:
	- restart apache

	handlers:
	- name: restart apache
	service: name=httpd state=restarted

	# ansible-playbook -i 'cfme.domain.com,' cfme-rh-sso.yml -e "appliance_name=cfme.domain.com rh_sso_server=sso.domain.com cf_realm=domain" -u root -k -v