A collection of playbooks for setting up a proxy-based Authentication & Authorisation Infrastracture (AAI) for Research and Collaboration.
Currently, the master playbook (site.yml) supports setting up the following components:
- IdP/SP proxy based on one or more instances of SimpleSAMLphp (see
authservers.ymlplayook) - cluster of memcached servers for caching user sessions in a distributed way to enable load-balancing and fail-over (see
cacheservers.ymlplaybook) - reverse proxy based on nginx to support HTTP request load balancing among multiple SimpleSAMLphp web front-ends that use the back-end matrix of memcached servers (see
webproxyservers.ymlplaybook)
On the managed nodes, you need a way to communicate, normally ssh, which by default uses sftp. If this is not available you can switch to scp in ansible.cfg. You will also need the following packages:
python(version 2.4 or later)python-simplejson(only if you are running less than Python 2.5)sudo(unless the default ansiblebecome_methodis overriden)
On the control machine, you need a recent version of Ansible and some necessary Python libraries. We recommend installing Ansible via “pip”, which is the Python package manager (though other options are also available). You can easily install all the prerequisites with the following two commands:
pip install -r requirements.txt
ansible-galaxy install ipr-cnrs.nftables
ansible-galaxy install arillso.logrotate
ansible-galaxy install infopen.openjdk-jdk
🍺
Tested Ansible version: 2.10.7
- Set the hostnames/IP addresses of managed nodes in
inventories/ENV/hosts.ini, for each target environment, e.g.testing,staging,production, etc. - Modify variables in
inventories/ENV/group_vars/<HOST_GROUP>
Assuming root access to the target machines, simple run the following command to execute the playbook using the specified inventory file:
ansible-playbook -v -i inventories/ENV/hosts.ini keycloakservers.ymlLicensed under the Apache 2.0 license, for details see LICENSE.