From 46c41d2d776a5eed87f52eb0ac81e8c2b870df62 Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Tue, 17 Dec 2024 22:00:21 +0000 Subject: [PATCH] ipsilon: Add OIDC key --- roles/ipsilon/tasks/main.yml | 9 +++++++++ roles/ipsilon/templates/ipsilon-container.service.j2 | 1 + roles/ipsilon/templates/ipsilon-container.sysconfig.j2 | 3 +++ 3 files changed, 13 insertions(+) diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml index deadb3d..b02b9df 100644 --- a/roles/ipsilon/tasks/main.yml +++ b/roles/ipsilon/tasks/main.yml @@ -27,6 +27,15 @@ group: ipsilon remote_src: true +- name: Copy OIDC key + ansible.builtin.copy: + dest: "{{ tls_private }}/openidc.key" + src: "{{ ansible_private }}/files/ipsilon/openidc.key" + mode: "0640" + owner: root + group: ipsilon + notify: Restart ipsilon-container + - name: Get container source ansible.builtin.git: dest: /usr/local/src/docker-ipsilon diff --git a/roles/ipsilon/templates/ipsilon-container.service.j2 b/roles/ipsilon/templates/ipsilon-container.service.j2 index 0560343..74bc2b0 100644 --- a/roles/ipsilon/templates/ipsilon-container.service.j2 +++ b/roles/ipsilon/templates/ipsilon-container.service.j2 @@ -13,6 +13,7 @@ ExecStart=/usr/bin/podman run \ --volume={{ tls_certs }}/ca.crt:/etc/ssl/certs/ca.crt:ro \ --volume={{ tls_certs }}/{{ inventory_hostname }}.crt:/etc/ssl/certs/{{ inventory_hostname }}.crt:ro \ --volume={{ tls_private }}/ipsilon.key:/etc/ssl/private/{{ inventory_hostname }}.key:ro \ + --volume={{ tls_private }}/openidc.key:/etc/ipsilon/openidc.key:ro \ ipsilon:latest ExecStop=/usr/bin/podman stop --ignore ipsilon ExecStopPost=/usr/bin/podman rm -f --ignore ipsilon diff --git a/roles/ipsilon/templates/ipsilon-container.sysconfig.j2 b/roles/ipsilon/templates/ipsilon-container.sysconfig.j2 index 1f76bc0..7a4ba72 100644 --- a/roles/ipsilon/templates/ipsilon-container.sysconfig.j2 +++ b/roles/ipsilon/templates/ipsilon-container.sysconfig.j2 @@ -5,3 +5,6 @@ IPSILON_DB_HOST="sqldb02.home.foo.sh" IPSILON_DB_CA="/etc/ssl/certs/ca.crt" IPSILON_DB_KEY="/etc/ssl/private/{{ inventory_hostname }}.key" IPSILON_DB_CERT="/etc/ssl/certs/{{ inventory_hostname}}.crt" +IPSILON_HOSTNAME="idp.foo.sh" +IPSILON_OPENIDC_KEYID="{{ ipsilon_openidc_keyid }}" +IPSILON_OPENIDC_SALT="{{ ipsilon_openidc_salt }}"