nicolas
/
Ansible-Playbooks
mirror of https://github.com/nmasse-itix/Ansible-Playbooks.git
1
0
Fork 0
Code Issues Releases Wiki Activity
All my Ansible Playbooks
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
112 KiB
 
 
 
 
 
 
Tree: 8d54f58aef
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8d54f58aef'
${ noResults }
Ansible-Playbooks/OneAccess-Ansible-Playbook/roles/siteminder-policy-server/tasks/main.yml

247 lines
11 KiB
Raw Blame History

---
- name: This module only works on CentOS 6
assert:
that:
- "ansible_os_family == 'RedHat'"
- name: Create the 'smuser' user
user: name={{ sm_user }} comment="CA SiteMinder User" shell=/bin/ksh
tags: user
- name: Set SSH key for smuser
authorized_key: user={{ sm_user }} key="{{ ansible_ssh_public_key }}" manage_dir=yes
tags: user
- name: Set the required .profile for smuser
template: src=profile dest=/home/{{ sm_user }}/.profile
sudo_user: "{{ sm_user }}"
tags: user
- name: Copy the SiteMinder Policy Server files to sources_dir
unarchive: creates={{ sources_dir }}/ps-12.52-sp01-linux src=GEN08170134E-PolicyServerLinux.zip dest={{ sources_dir }}
- name: Copy the unattended installation response file
template: src=ca-ps-installer.properties dest={{ sources_dir }}/ca-ps-installer.properties
- name: Create the installation dir
file: path={{ sm_home }} owner={{ sm_user }} state=directory
- name: Install SiteMinder (warning, no check !)
command: creates={{ sm_home }}/siteminder {{ sources_dir }}/ps-12.52-sp01-linux/ca-ps-12.52-sp01-linux.bin -f {{ sources_dir }}/ca-ps-installer.properties -i silent
sudo_user: "{{ sm_user }}"
ignore_errors: yes
- name: Copy smreg
command: install {{ sources_dir }}/ps-12.52-sp01-linux/smreg {{ sm_home }}/siteminder/bin/smreg -m 755 -o {{ sm_user }}
- name: Create the SiteMinderPS DSA
command: creates={{ dx_home }}/dxserver/config/knowledge/SiteMinderPS.dxc /bin/sh -l -c "dxnewdsa SiteMinderPS {{ sm_policy_store_port }} 'ou=PS,o=SiteMinder'"
sudo_user: "{{ dx_user }}"
- name: Flag the SiteMinderPS DSA as "autostart"
file: path={{ dx_home }}/dxserver/config/autostart/SiteMinderPS state=touch
sudo_user: "{{ dx_user }}"
- name: Copy netegrity.dxc to the right place
command: creates={{ dx_home }}/dxserver/config/schema/netegrity.dxc install -m 644 -o {{ dx_user }} -g {{ dx_group }} {{ sm_home }}/siteminder/eTrust/netegrity.dxc {{ dx_home }}/dxserver/config/schema/netegrity.dxc
- name: Copy etrust.dxc to the right place
command: creates={{ dx_home }}/dxserver/config/schema/etrust.dxc install -m 644 -o {{ dx_user }} -g {{ dx_group }} {{ sm_home }}/siteminder/xps/db/etrust.dxc {{ dx_home }}/dxserver/config/schema/etrust.dxc
- name: Create the smdsa.dxg (custom schema)
template: dest={{ dx_home }}/dxserver/config/schema/smdsa.dxg src=smdsa.dxg owner={{ sm_user }} mode=0644
tags: config
- name: Enable the custom schema
lineinfile: dest={{ dx_home }}/dxserver/config/servers/SiteMinderPS.dxi state=present regexp='^source "../schema/[a-z]+.dxg";' line='source "../schema/smdsa.dxg";'
tags: config
- name: Set config 'ignore-name-bindings'
lineinfile: dest={{ dx_home }}/dxserver/config/servers/SiteMinderPS.dxi state=present insertafter="EOF" line='set ignore-name-bindings = true;'
tags: config
- name: Create the smdsa.dxc (custom limits)
template: dest={{ dx_home }}/dxserver/config/limits/smdsa.dxc src=smdsa.dxc owner={{ dx_user }} mode=0644
tags: config
- name: Bind SiteMinderPS DSA on 127.0.0.1 only
lineinfile: dest="{{ dx_home }}/dxserver/config/knowledge/SiteMinderPS.dxc" line=' bind-address = "127.0.0.1"' insertafter="^\s*address\s*=" regexp='^\s*bind-address\s*='
sudo_user: "{{ dx_user }}"
tags: config
- name: Bind SiteMinderPS DSA on 127.0.0.1 only
lineinfile: dest="{{ dx_home }}/dxserver/config/knowledge/SiteMinderPS.dxc" line=' address = tcp "127.0.0.1" port \1' regexp='^\s*address\s*=\s*tcp\s*"[^"]*"\s*port\s*([0-9]+)' backrefs=yes
sudo_user: "{{ dx_user }}"
tags: config
- name: Enable the custom limits
lineinfile: dest={{ dx_home }}/dxserver/config/servers/SiteMinderPS.dxi state=present regexp='^source "../limits/[a-z]+.dxc";' line='source "../limits/smdsa.dxc";'
tags: config
- name: Copy the initial DSA to the sources dir
template: src=sm-ps.ldif dest={{ sources_dir }}/sm-ps.ldif
- name: Stop the SiteMinderPS DSA
command: /bin/sh -l -c "dxserver stop SiteMinderPS"
sudo_user: "{{ dx_user }}"
- name: Load the LDIF into the SiteMinderPS datastore
command: /bin/sh -l -c "dxloaddb SiteMinderPS {{ sources_dir }}/sm-ps.ldif"
sudo_user: "{{ dx_user }}"
- name: Start the SiteMinderPS DSA
command: /bin/sh -l -c "dxserver start SiteMinderPS"
sudo_user: "{{ dx_user }}"
- name: Register the SiteMinder Policy Store
command: /bin/ksh -l -c "smldapsetup reg -hlocalhost -p{{ sm_policy_store_port }} -dcn=DXAdmin,ou=PS,o=SiteMinder -wpassword -rou=PS,o=SiteMinder -v"
sudo_user: "{{ sm_user }}"
- name: Set the SiteMinder admin password
command: /bin/ksh -l -c "smreg -su {{ sm_admin_password }}"
sudo_user: "{{ sm_user }}"
- name: Run XPSDDInstall
command: chdir={{ sm_home }}/siteminder/xps/dd /bin/ksh -l -c "XPSDDInstall SmMaster.xdd"
sudo_user: "{{ sm_user }}"
- name: Run XPSImport
command: chdir={{ sm_home }}/siteminder/db /bin/ksh -l -c "XPSImport smpolicy.xml -npass"
sudo_user: "{{ sm_user }}"
- name: Disable the Healh Monitor
lineinfile: dest={{ sm_home }}/siteminder/config/siteminder.conf state=present regexp='^MONITOR_ENABLED=[a-zA-Z]+' line='MONITOR_ENABLED=no'
sudo_user: "{{ sm_user }}"
tags: config
- name: Make a copy of the SiteMinder registry
command: creates={{ sm_home }}/siteminder/registry/sm.registry.initial cp {{ sm_home }}/siteminder/registry/sm.registry {{ sm_home }}/siteminder/registry/sm.registry.initial
sudo_user: "{{ sm_user }}"
- name: Upload the patch file
copy: src=sm.registry.patch dest={{ sources_dir }}/sm.registry.patch
- name: Patch the SiteMinder registry
command: patch {{ sm_home }}/siteminder/registry/sm.registry {{ sources_dir }}/sm.registry.patch
sudo_user: "{{ sm_user }}"
- name: Create the SiteMinderSS DSA
command: creates={{ dx_home }}/dxserver/config/knowledge/SiteMinderSS.dxc /bin/sh -l -c "dxnewdsa SiteMinderSS {{ sm_session_store_port }} 'ou=SS,o=SiteMinder'"
sudo_user: "{{ dx_user }}"
when: sm_session_store_port is defined
tags: session-store
- name: Flag the SiteMinderSS DSA as "autostart"
file: path={{ dx_home }}/dxserver/config/autostart/SiteMinderSS state=touch
sudo_user: "{{ dx_user }}"
when: sm_session_store_port is defined
tags: session-store
- name: Enable the custom schema
lineinfile: dest={{ dx_home }}/dxserver/config/servers/SiteMinderSS.dxi state=present regexp='^source "../schema/[a-z]+.dxg";' line='source "../schema/smdsa.dxg";'
sudo_user: "{{ dx_user }}"
when: sm_session_store_port is defined
tags:
- config
- session-store
- name: Set config 'ignore-name-bindings'
lineinfile: dest={{ dx_home }}/dxserver/config/servers/SiteMinderSS.dxi state=present insertafter="EOF" line='set ignore-name-bindings = true;'
sudo_user: "{{ dx_user }}"
when: sm_session_store_port is defined
tags:
- config
- session-store
- name: Bind SiteMinderSS DSA on 127.0.0.1 only
lineinfile: dest="{{ dx_home }}/dxserver/config/knowledge/SiteMinderSS.dxc" line=' bind-address = "127.0.0.1"' insertafter="^\s*address\s*=" regexp='^\s*bind-address\s*='
sudo_user: "{{ dx_user }}"
when: sm_session_store_port is defined
tags:
- config
- session-store
- name: Bind SiteMinderSS DSA on 127.0.0.1 only
lineinfile: dest="{{ dx_home }}/dxserver/config/knowledge/SiteMinderSS.dxc" line=' address = tcp "127.0.0.1" port \1' regexp='^\s*address\s*=\s*tcp\s*"[^"]*"\s*port\s*([0-9]+)' backrefs=yes
sudo_user: "{{ dx_user }}"
when: sm_session_store_port is defined
tags:
- config
- session-store
- name: Set "cache-index-all-except = smVariableValue,smsessionblob"
lineinfile: dest="{{ dx_home }}/dxserver/config/servers/SiteMinderSS.dxi" line='set cache-index-all-except = smVariableValue,smsessionblob;' regexp='^\s*set\s+cache-index-all-except\s*=\s*' insertbefore=EOF
sudo_user: "{{ dx_user }}"
when: sm_session_store_port is defined
tags:
- config
- session-store
- name: Set "lookup-cache = true"
lineinfile: dest="{{ dx_home }}/dxserver/config/servers/SiteMinderSS.dxi" line='set lookup-cache = true;' regexp='^\s*set\s+lookup-cache\s*=\s*' insertbefore=EOF
sudo_user: "{{ dx_user }}"
when: sm_session_store_port is defined
tags:
- config
- session-store
- name: Set "disable-transaction-log-flush = true"
lineinfile: dest="{{ dx_home }}/dxserver/config/servers/SiteMinderSS.dxi" line='set disable-transaction-log-flush = true;' regexp='^\s*set\s+disable-transaction-log-flush\s*=\s*' insertbefore=EOF
sudo_user: "{{ dx_user }}"
when: sm_session_store_port is defined
tags:
- config
- session-store
- name: Set "disable-transaction-log = true"
lineinfile: dest="{{ dx_home }}/dxserver/config/servers/SiteMinderSS.dxi" line='set disable-transaction-log = true;' regexp='^\s*set\s+disable-transaction-log\s*=\s*' insertbefore=EOF
sudo_user: "{{ dx_user }}"
when: sm_session_store_port is defined
tags:
- config
- session-store
- name: Enable the custom limits
lineinfile: dest={{ dx_home }}/dxserver/config/servers/SiteMinderSS.dxi state=present regexp='^source "../limits/[a-z]+.dxc";' line='source "../limits/smdsa.dxc";'
when: sm_session_store_port is defined
tags:
- config
- session-store
- name: Copy the initial DSA to the sources dir
template: src=sm-ss.ldif dest={{ sources_dir }}/sm-ss.ldif
when: sm_session_store_port is defined
tags: session-store
- name: Stop the SiteMinderPS DSA
command: /bin/sh -l -c "dxserver stop SiteMinderSS"
sudo_user: "{{ dx_user }}"
when: sm_session_store_port is defined
tags: session-store
- name: Load the LDIF into the SiteMinderSS datastore
command: /bin/sh -l -c "dxloaddb SiteMinderSS {{ sources_dir }}/sm-ss.ldif"
sudo_user: "{{ dx_user }}"
when: sm_session_store_port is defined
tags: session-store
- name: Start the SiteMinderSS DSA
command: /bin/sh -l -c "dxserver start SiteMinderSS"
sudo_user: "{{ dx_user }}"
when: sm_session_store_port is defined
tags: session-store
- name: Upload the patch file to register the Session Store
template: src=sm-ss.registry.patch dest={{ sources_dir }}/sm-ss.registry.patch
when: sm_session_store_port is defined
tags: session-store
- name: Patch the SiteMinder registry to register the Session Store
command: patch {{ sm_home }}/siteminder/registry/sm.registry {{ sources_dir }}/sm-ss.registry.patch
sudo_user: "{{ sm_user }}"
when: sm_session_store_port is defined
tags: session-store
- name: Start the SiteMinder Policy Server
command: /bin/ksh -l -c "start-ps"
sudo_user: "{{ sm_user }}"