fix/shibboleth_entity_id #10
|
@ -74,6 +74,7 @@ hydra_dispatcher_available_locales:
|
||||||
hydra_dispatcher_sentry_dsn:
|
hydra_dispatcher_sentry_dsn:
|
||||||
hydra_dispatcher_sentry_environment:
|
hydra_dispatcher_sentry_environment:
|
||||||
hydra_dispatcher_mounts: []
|
hydra_dispatcher_mounts: []
|
||||||
|
hydra_dispatcher_disable_app_auto_select: true
|
||||||
|
|
||||||
# Hydra Passwordless configuration
|
# Hydra Passwordless configuration
|
||||||
|
|
||||||
|
|
|
@ -54,15 +54,6 @@
|
||||||
ansible.builtin.include_tasks: hydra-database.yml
|
ansible.builtin.include_tasks: hydra-database.yml
|
||||||
when: not hydra_use_external_database
|
when: not hydra_use_external_database
|
||||||
|
|
||||||
- name: Configure HAProxy
|
|
||||||
template:
|
|
||||||
src: haproxy.cfg.j2
|
|
||||||
dest: /etc/haproxy/haproxy.cfg
|
|
||||||
validate: "haproxy -c -f %s"
|
|
||||||
notify:
|
|
||||||
- Restart HAProxy
|
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create hydra-clients
|
- name: Create hydra-clients
|
||||||
template:
|
template:
|
||||||
src: hydra-client.json.j2
|
src: hydra-client.json.j2
|
||||||
|
@ -121,4 +112,13 @@
|
||||||
|
|
||||||
- name: Stop OIDC Test app if disabled
|
- name: Stop OIDC Test app if disabled
|
||||||
ansible.builtin.include_tasks: stop-oidc-test.yml
|
ansible.builtin.include_tasks: stop-oidc-test.yml
|
||||||
when: not enable_oidc_test_app
|
when: not enable_oidc_test_app
|
||||||
|
|
||||||
|
- name: Configure HAProxy
|
||||||
|
template:
|
||||||
|
src: haproxy.cfg.j2
|
||||||
|
dest: /etc/haproxy/haproxy.cfg
|
||||||
|
validate: "haproxy -c -f %s"
|
||||||
|
notify:
|
||||||
|
- Restart HAProxy
|
||||||
|
become: true
|
|
@ -20,6 +20,7 @@ PODMAN_ARGS="\
|
||||||
-e 'TRUSTED_PROXIES=127.0.0.1,10.0.2.0/24' \
|
-e 'TRUSTED_PROXIES=127.0.0.1,10.0.2.0/24' \
|
||||||
-e 'SENTRY_DSN={{ hydra_dispatcher_sentry_dsn }}' \
|
-e 'SENTRY_DSN={{ hydra_dispatcher_sentry_dsn }}' \
|
||||||
-e 'SENTRY_ENVIRONMENT={{ hydra_dispatcher_sentry_environment }}' \
|
-e 'SENTRY_ENVIRONMENT={{ hydra_dispatcher_sentry_environment }}' \
|
||||||
|
-e 'DISABLE_APP_AUTO_SELECT={{ hydra_dispatcher_disable_app_auto_select }}' \
|
||||||
-v /etc/hydra-dispatcher/conf.d:/var/www/config/hydra \
|
-v /etc/hydra-dispatcher/conf.d:/var/www/config/hydra \
|
||||||
{% for item in hydra_dispatcher_mounts %}
|
{% for item in hydra_dispatcher_mounts %}
|
||||||
-v {{ item.host }}:{{ item.container }} \
|
-v {{ item.host }}:{{ item.container }} \
|
||||||
|
|
|
@ -4,7 +4,7 @@ PODMAN_ARGS="\
|
||||||
--network=slirp4netns:allow_host_loopback=true \
|
--network=slirp4netns:allow_host_loopback=true \
|
||||||
--replace --name 'cadoles-pod-shibboleth-sp-v3' \
|
--replace --name 'cadoles-pod-shibboleth-sp-v3' \
|
||||||
--tz=local \
|
--tz=local \
|
||||||
-e 'SP_ENTITY_ID=http://{{ ansible_fqdn }}{{ haproxy_hydra_saml_base_path }}' \
|
-e 'SP_ENTITY_ID={{ haproxy_public_base_url }}{{ haproxy_hydra_saml_base_path }}' \
|
||||||
-e 'SP_LOG_LEVEL={{ hydra_saml_sp_log_level }}' \
|
-e 'SP_LOG_LEVEL={{ hydra_saml_sp_log_level }}' \
|
||||||
-e 'IDP_ENTITY_ID={{ hydra_saml_idp_entity_id }}' \
|
-e 'IDP_ENTITY_ID={{ hydra_saml_idp_entity_id }}' \
|
||||||
-e 'IDP_METADATA_URL={{ hydra_saml_idp_metadata_url }}' \
|
-e 'IDP_METADATA_URL={{ hydra_saml_idp_metadata_url }}' \
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
global
|
global
|
||||||
log /dev/log local0
|
log /dev/log local0 err
|
||||||
log /dev/log local1 notice
|
log /dev/log local1 err
|
||||||
chroot /var/lib/haproxy
|
chroot /var/lib/haproxy
|
||||||
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
|
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
|
||||||
stats timeout 30s
|
stats timeout 30s
|
||||||
|
@ -141,4 +141,4 @@ backend oidc_test
|
||||||
http-request set-header X-Forwarded-Prefix {{ haproxy_oidc_test_base_path }}
|
http-request set-header X-Forwarded-Prefix {{ haproxy_oidc_test_base_path }}
|
||||||
|
|
||||||
server oidc-test 127.0.0.1:8080 check
|
server oidc-test 127.0.0.1:8080 check
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
Loading…
Reference in New Issue