Fix localhost ansible setup

9 months ago · 67f55d76a0
parent 2db1ba3c05
commit 67f55d76a0
5 changed files with 25 additions and 7 deletions
--- a/deployment/host_vars/localhost.yml
+++ b/deployment/host_vars/localhost.yml
@ -24,7 +24,7 @@ oidc_urls:
    host: hydra.cacert.localhost
    port: 4445
  hydra_public:
-    address: localhost
+    address: 127.0.0.1
    host: auth.cacert.localhost
    port: 4444
  idp:
--- a/deployment/roles/hydra_server/tasks/main.yml
+++ b/deployment/roles/hydra_server/tasks/main.yml
@ -71,7 +71,7 @@
      ansible.builtin.command:
        cmd: "mkcert -cert-file {{ hydra_cert_temp_dir.path }}/hydra.pem -key-file {{ hydra_cert_temp_dir.path }}/hydra.key.pem {{ oidc_urls.hydra_admin.host }} {{ oidc_urls.hydra_public.host }}"
      environment:
-        CAROOT: "{{ mkcert_caroot | default(omit) }}"
+        CAROOT: "{{ mkcert_caroot | default('') }}"

    - name: Move Hydra certificate and key to target
      ansible.builtin.copy:
@ -107,3 +107,9 @@
    group: root
    mode: "0640"
  notify: hydra_systemd_reload
+
+- name: Ensure service is started
+  ansible.builtin.systemd:
+    state: started
+    name: hydra
+    enabled: true
--- a/deployment/roles/oidc_demo_application/tasks/main.yml
+++ b/deployment/roles/oidc_demo_application/tasks/main.yml
@ -73,7 +73,7 @@
      ansible.builtin.command:
        cmd: "mkcert -cert-file {{ demoapp_cert_temp_dir.path }}/demoapp.pem -key-file {{ demoapp_cert_temp_dir.path }}/demoapp.key.pem {{ oidc_urls.demoapp.host }}"
      environment:
-        CAROOT: "{{ mkcert_caroot | default(omit) }}"
+        CAROOT: "{{ mkcert_caroot | default('') }}"

    - name: Move demo application certificate and key to target
      ansible.builtin.copy:
@ -163,5 +163,11 @@
    dest: /etc/systemd/system/cacert-demoapp.service
    owner: root
    group: root
-    mode: "0640"
+    mode: "0644"
  notify: demoapp_systemd_reload
+
+- name: Ensure service is started
+  ansible.builtin.systemd:
+    state: started
+    name: cacert-demoapp
+    enabled: true
--- a/deployment/roles/oidc_idp/tasks/main.yml
+++ b/deployment/roles/oidc_idp/tasks/main.yml
@ -51,7 +51,7 @@
      ansible.builtin.command:
        cmd: "mkcert -cert-file {{ idp_cert_temp_dir.path }}/idp.pem -key-file {{ idp_cert_temp_dir.path }}/idp.key.pem {{ oidc_urls.idp.host }}"
      environment:
-        CAROOT: "{{ mkcert_caroot | default(omit) }}"
+        CAROOT: "{{ mkcert_caroot | default('') }}"

    - name: Move IDP certificate and key to target
      ansible.builtin.copy:
@ -120,5 +120,11 @@
    dest: /etc/systemd/system/cacert-idp.service
    owner: root
    group: root
-    mode: "0640"
+    mode: "0644"
  notify: idp_systemd_reload
+
+- name: Ensure service is started
+  ansible.builtin.systemd:
+    state: started
+    name: cacert-idp
+    enabled: true
--- a/deployment/roles/prepare_devtools/tasks/main.yml
+++ b/deployment/roles/prepare_devtools/tasks/main.yml
@ -19,7 +19,7 @@
      ansible.builtin.command:
        cmd: "mkcert -install"
      environment:
-        CAROOT: "{{ mkcert_caroot | default(omit) }}"
+        CAROOT: "{{ mkcert_caroot | default('') }}"
      changed_when: false

  become: false