You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airavata.apache.org by ma...@apache.org on 2020/06/20 18:51:11 UTC

[airavata] branch master updated: Ansible: fixes to Letsencrypt cert generation for keycloak role

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git


The following commit(s) were added to refs/heads/master by this push:
     new cf3898d  Ansible: fixes to Letsencrypt cert generation for keycloak role
cf3898d is described below

commit cf3898d4859a143a6b4dde5679580af43520b89f
Author: Marcus Christie <ma...@iu.edu>
AuthorDate: Sat Jun 20 14:44:39 2020 -0400

    Ansible: fixes to Letsencrypt cert generation for keycloak role
---
 .../ansible/inventories/scigap/production/group_vars/all/vars.yml      | 3 +++
 dev-tools/ansible/roles/keycloak/tasks/main.yml                        | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
index 2cd74c2..833690a 100644
--- a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
@@ -135,6 +135,9 @@ keycloak_master_account_username: "AiravataAdmin"
 keycloak_master_account_password: "{{ vault_keycloak_master_account_password }}"
 keycloak_vhost_servername: "iam.scigap.org"
 
+# Letsencrypt
+letsencrypt_email: "circ-iu-group@iu.edu"
+
 # Helix
 helix_version: 0.7.1
 helix_url: http://www-us.apache.org/dist//helix/{{helix_version}}/binaries/helix-core-{{helix_version}}-pkg.tar
diff --git a/dev-tools/ansible/roles/keycloak/tasks/main.yml b/dev-tools/ansible/roles/keycloak/tasks/main.yml
index 44a5506..45f3df6 100644
--- a/dev-tools/ansible/roles/keycloak/tasks/main.yml
+++ b/dev-tools/ansible/roles/keycloak/tasks/main.yml
@@ -53,7 +53,7 @@
   become: yes
 
 - name: generate certificate if it doesn't exist
-  command: certbot --apache -d {{ keycloak_vhost_servername }} certonly
+  command: certbot --apache --non-interactive --agree-tos --email "{{ letsencrypt_email }}" -d {{ keycloak_vhost_servername }} certonly
   become: yes
   when: not stat_ssl_cert_result.stat.exists