blob: 74e7bf79475a9dd66cf0b7c856352731d9902e1c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
---
# tasks file for auth_proxy
- name: setup iptables for auth proxy
shell: >
( iptables -L INPUT | grep "{{ auth_proxy_rule_comment }} ({{ item }})" ) || \
iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "{{ auth_proxy_rule_comment }} ({{ item }})"
become: true
with_items:
- "{{ auth_proxy_port }}"
# Load the auth-proxy-image from local tar. Ignore any errors to handle the
# case where the image is not built in
- name: copy auth-proxy image
copy: src={{ auth_proxy_binaries }}/auth-proxy-image.tar dest=/tmp/auth-proxy-image.tar
when: auth_proxy_local_install == True
- name: load auth-proxy image
shell: docker load -i /tmp/auth-proxy-image.tar
when: auth_proxy_local_install == True
- name: create cert folder for proxy
file: path=/var/contiv/certs state=directory
- name: copy shell script for starting auth-proxy
template: src=auth_proxy.j2 dest=/usr/bin/auth_proxy.sh mode=u=rwx,g=rx,o=rx
- name: copy cert for starting auth-proxy
copy: src=cert.pem dest=/var/contiv/certs/auth_proxy_cert.pem mode=u=rw,g=r,o=r
- name: copy key for starting auth-proxy
copy: src=key.pem dest=/var/contiv/certs/auth_proxy_key.pem mode=u=rw,g=r,o=r
- name: copy systemd units for auth-proxy
copy: src=auth-proxy.service dest=/etc/systemd/system/auth-proxy.service
- name: start auth-proxy container
systemd: name=auth-proxy daemon_reload=yes state=started enabled=yes
|
