Fix localhost ansible setup

This commit is contained in:
Jan Dittberner 2023-08-09 12:44:36 +02:00
parent 2db1ba3c05
commit 67f55d76a0
5 changed files with 25 additions and 7 deletions

View file

@ -24,7 +24,7 @@ oidc_urls:
host: hydra.cacert.localhost
port: 4445
hydra_public:
address: localhost
address: 127.0.0.1
host: auth.cacert.localhost
port: 4444
idp:

View file

@ -71,7 +71,7 @@
ansible.builtin.command:
cmd: "mkcert -cert-file {{ hydra_cert_temp_dir.path }}/hydra.pem -key-file {{ hydra_cert_temp_dir.path }}/hydra.key.pem {{ oidc_urls.hydra_admin.host }} {{ oidc_urls.hydra_public.host }}"
environment:
CAROOT: "{{ mkcert_caroot | default(omit) }}"
CAROOT: "{{ mkcert_caroot | default('') }}"
- name: Move Hydra certificate and key to target
ansible.builtin.copy:
@ -107,3 +107,9 @@
group: root
mode: "0640"
notify: hydra_systemd_reload
- name: Ensure service is started
ansible.builtin.systemd:
state: started
name: hydra
enabled: true

View file

@ -73,7 +73,7 @@
ansible.builtin.command:
cmd: "mkcert -cert-file {{ demoapp_cert_temp_dir.path }}/demoapp.pem -key-file {{ demoapp_cert_temp_dir.path }}/demoapp.key.pem {{ oidc_urls.demoapp.host }}"
environment:
CAROOT: "{{ mkcert_caroot | default(omit) }}"
CAROOT: "{{ mkcert_caroot | default('') }}"
- name: Move demo application certificate and key to target
ansible.builtin.copy:
@ -163,5 +163,11 @@
dest: /etc/systemd/system/cacert-demoapp.service
owner: root
group: root
mode: "0640"
mode: "0644"
notify: demoapp_systemd_reload
- name: Ensure service is started
ansible.builtin.systemd:
state: started
name: cacert-demoapp
enabled: true

View file

@ -51,7 +51,7 @@
ansible.builtin.command:
cmd: "mkcert -cert-file {{ idp_cert_temp_dir.path }}/idp.pem -key-file {{ idp_cert_temp_dir.path }}/idp.key.pem {{ oidc_urls.idp.host }}"
environment:
CAROOT: "{{ mkcert_caroot | default(omit) }}"
CAROOT: "{{ mkcert_caroot | default('') }}"
- name: Move IDP certificate and key to target
ansible.builtin.copy:
@ -120,5 +120,11 @@
dest: /etc/systemd/system/cacert-idp.service
owner: root
group: root
mode: "0640"
mode: "0644"
notify: idp_systemd_reload
- name: Ensure service is started
ansible.builtin.systemd:
state: started
name: cacert-idp
enabled: true

View file

@ -19,7 +19,7 @@
ansible.builtin.command:
cmd: "mkcert -install"
environment:
CAROOT: "{{ mkcert_caroot | default(omit) }}"
CAROOT: "{{ mkcert_caroot | default('') }}"
changed_when: false
become: false