Merge pull request 'fix/shibboleth_entity_id' (#10) from fix/shibboleth_entity_id into master

Reviewed-on: #10
This commit is contained in:
vfebvre 2023-03-02 15:33:50 +01:00
commit ea6c9925c9
5 changed files with 16 additions and 14 deletions

View File

@ -74,6 +74,7 @@ hydra_dispatcher_available_locales:
hydra_dispatcher_sentry_dsn: hydra_dispatcher_sentry_dsn:
hydra_dispatcher_sentry_environment: hydra_dispatcher_sentry_environment:
hydra_dispatcher_mounts: [] hydra_dispatcher_mounts: []
hydra_dispatcher_disable_app_auto_select: true
# Hydra Passwordless configuration # Hydra Passwordless configuration

View File

@ -54,15 +54,6 @@
ansible.builtin.include_tasks: hydra-database.yml ansible.builtin.include_tasks: hydra-database.yml
when: not hydra_use_external_database when: not hydra_use_external_database
- name: Configure HAProxy
template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
validate: "haproxy -c -f %s"
notify:
- Restart HAProxy
become: true
- name: Create hydra-clients - name: Create hydra-clients
template: template:
src: hydra-client.json.j2 src: hydra-client.json.j2
@ -122,3 +113,12 @@
- name: Stop OIDC Test app if disabled - name: Stop OIDC Test app if disabled
ansible.builtin.include_tasks: stop-oidc-test.yml ansible.builtin.include_tasks: stop-oidc-test.yml
when: not enable_oidc_test_app when: not enable_oidc_test_app
- name: Configure HAProxy
template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
validate: "haproxy -c -f %s"
notify:
- Restart HAProxy
become: true

View File

@ -20,6 +20,7 @@ PODMAN_ARGS="\
-e 'TRUSTED_PROXIES=127.0.0.1,10.0.2.0/24' \ -e 'TRUSTED_PROXIES=127.0.0.1,10.0.2.0/24' \
-e 'SENTRY_DSN={{ hydra_dispatcher_sentry_dsn }}' \ -e 'SENTRY_DSN={{ hydra_dispatcher_sentry_dsn }}' \
-e 'SENTRY_ENVIRONMENT={{ hydra_dispatcher_sentry_environment }}' \ -e 'SENTRY_ENVIRONMENT={{ hydra_dispatcher_sentry_environment }}' \
-e 'DISABLE_APP_AUTO_SELECT={{ hydra_dispatcher_disable_app_auto_select }}' \
-v /etc/hydra-dispatcher/conf.d:/var/www/config/hydra \ -v /etc/hydra-dispatcher/conf.d:/var/www/config/hydra \
{% for item in hydra_dispatcher_mounts %} {% for item in hydra_dispatcher_mounts %}
-v {{ item.host }}:{{ item.container }} \ -v {{ item.host }}:{{ item.container }} \

View File

@ -4,7 +4,7 @@ PODMAN_ARGS="\
--network=slirp4netns:allow_host_loopback=true \ --network=slirp4netns:allow_host_loopback=true \
--replace --name 'cadoles-pod-shibboleth-sp-v3' \ --replace --name 'cadoles-pod-shibboleth-sp-v3' \
--tz=local \ --tz=local \
-e 'SP_ENTITY_ID=http://{{ ansible_fqdn }}{{ haproxy_hydra_saml_base_path }}' \ -e 'SP_ENTITY_ID={{ haproxy_public_base_url }}{{ haproxy_hydra_saml_base_path }}' \
-e 'SP_LOG_LEVEL={{ hydra_saml_sp_log_level }}' \ -e 'SP_LOG_LEVEL={{ hydra_saml_sp_log_level }}' \
-e 'IDP_ENTITY_ID={{ hydra_saml_idp_entity_id }}' \ -e 'IDP_ENTITY_ID={{ hydra_saml_idp_entity_id }}' \
-e 'IDP_METADATA_URL={{ hydra_saml_idp_metadata_url }}' \ -e 'IDP_METADATA_URL={{ hydra_saml_idp_metadata_url }}' \

View File

@ -1,7 +1,7 @@
# {{ ansible_managed }} # {{ ansible_managed }}
global global
log /dev/log local0 log /dev/log local0 err
log /dev/log local1 notice log /dev/log local1 err
chroot /var/lib/haproxy chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s stats timeout 30s