You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2020/06/20 18:51:11 UTC
[airavata] branch master updated: Ansible: fixes to Letsencrypt
cert generation for keycloak role
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/master by this push:
new cf3898d Ansible: fixes to Letsencrypt cert generation for keycloak role
cf3898d is described below
commit cf3898d4859a143a6b4dde5679580af43520b89f
Author: Marcus Christie <ma...@iu.edu>
AuthorDate: Sat Jun 20 14:44:39 2020 -0400
Ansible: fixes to Letsencrypt cert generation for keycloak role
---
.../ansible/inventories/scigap/production/group_vars/all/vars.yml | 3 +++
dev-tools/ansible/roles/keycloak/tasks/main.yml | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
index 2cd74c2..833690a 100644
--- a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
@@ -135,6 +135,9 @@ keycloak_master_account_username: "AiravataAdmin"
keycloak_master_account_password: "{{ vault_keycloak_master_account_password }}"
keycloak_vhost_servername: "iam.scigap.org"
+# Letsencrypt
+letsencrypt_email: "circ-iu-group@iu.edu"
+
# Helix
helix_version: 0.7.1
helix_url: http://www-us.apache.org/dist//helix/{{helix_version}}/binaries/helix-core-{{helix_version}}-pkg.tar
diff --git a/dev-tools/ansible/roles/keycloak/tasks/main.yml b/dev-tools/ansible/roles/keycloak/tasks/main.yml
index 44a5506..45f3df6 100644
--- a/dev-tools/ansible/roles/keycloak/tasks/main.yml
+++ b/dev-tools/ansible/roles/keycloak/tasks/main.yml
@@ -53,7 +53,7 @@
become: yes
- name: generate certificate if it doesn't exist
- command: certbot --apache -d {{ keycloak_vhost_servername }} certonly
+ command: certbot --apache --non-interactive --agree-tos --email "{{ letsencrypt_email }}" -d {{ keycloak_vhost_servername }} certonly
become: yes
when: not stat_ssl_cert_result.stat.exists