diff options
author | Sanjeev Rampal <srampal@cisco.com> | 2017-05-26 14:27:09 -0700 |
---|---|---|
committer | Sanjeev Rampal <srampal@cisco.com> | 2017-05-31 12:08:09 -0700 |
commit | 76d1ee25b7570add1531ba232c46977d7201a122 (patch) | |
tree | b8a8f04ed6a440c115d037e476a17801f1554e14 /roles/contiv_auth_proxy/tasks | |
parent | d175973070a4dce2055678f9309d2f74517d461e (diff) | |
download | openshift-76d1ee25b7570add1531ba232c46977d7201a122.tar.gz openshift-76d1ee25b7570add1531ba232c46977d7201a122.tar.bz2 openshift-76d1ee25b7570add1531ba232c46977d7201a122.tar.xz openshift-76d1ee25b7570add1531ba232c46977d7201a122.zip |
Add support for rhel, aci, vxlan
Diffstat (limited to 'roles/contiv_auth_proxy/tasks')
-rw-r--r-- | roles/contiv_auth_proxy/tasks/cleanup.yml | 10 | ||||
-rw-r--r-- | roles/contiv_auth_proxy/tasks/main.yml | 37 |
2 files changed, 47 insertions, 0 deletions
diff --git a/roles/contiv_auth_proxy/tasks/cleanup.yml b/roles/contiv_auth_proxy/tasks/cleanup.yml new file mode 100644 index 000000000..a29659cc9 --- /dev/null +++ b/roles/contiv_auth_proxy/tasks/cleanup.yml @@ -0,0 +1,10 @@ +--- + +- name: stop auth-proxy container + service: name=auth-proxy state=stopped + +- name: cleanup iptables for auth proxy + shell: iptables -D INPUT -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "{{ auth_proxy_rule_comment }} ({{ item }})" + become: true + with_items: + - "{{ auth_proxy_port }}" diff --git a/roles/contiv_auth_proxy/tasks/main.yml b/roles/contiv_auth_proxy/tasks/main.yml new file mode 100644 index 000000000..74e7bf794 --- /dev/null +++ b/roles/contiv_auth_proxy/tasks/main.yml @@ -0,0 +1,37 @@ +--- +# tasks file for auth_proxy +- name: setup iptables for auth proxy + shell: > + ( iptables -L INPUT | grep "{{ auth_proxy_rule_comment }} ({{ item }})" ) || \ + iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "{{ auth_proxy_rule_comment }} ({{ item }})" + become: true + with_items: + - "{{ auth_proxy_port }}" + +# Load the auth-proxy-image from local tar. Ignore any errors to handle the +# case where the image is not built in +- name: copy auth-proxy image + copy: src={{ auth_proxy_binaries }}/auth-proxy-image.tar dest=/tmp/auth-proxy-image.tar + when: auth_proxy_local_install == True + +- name: load auth-proxy image + shell: docker load -i /tmp/auth-proxy-image.tar + when: auth_proxy_local_install == True + +- name: create cert folder for proxy + file: path=/var/contiv/certs state=directory + +- name: copy shell script for starting auth-proxy + template: src=auth_proxy.j2 dest=/usr/bin/auth_proxy.sh mode=u=rwx,g=rx,o=rx + +- name: copy cert for starting auth-proxy + copy: src=cert.pem dest=/var/contiv/certs/auth_proxy_cert.pem mode=u=rw,g=r,o=r + +- name: copy key for starting auth-proxy + copy: src=key.pem dest=/var/contiv/certs/auth_proxy_key.pem mode=u=rw,g=r,o=r + +- name: copy systemd units for auth-proxy + copy: src=auth-proxy.service dest=/etc/systemd/system/auth-proxy.service + +- name: start auth-proxy container + systemd: name=auth-proxy daemon_reload=yes state=started enabled=yes |