GuillaumeSmaha.gluu-setup
Ansible Gluu: Setup Role
==========
gluu-setup is an Ansible role designed to simplify the installation of a Gluu server, its components, and the required certificate.
When operating in cluster mode, this role installs an SSH key for cluster manager access, shares public certificates among all servers, updates the LDAP server to accept external connections, and configures the use of all LDAP servers.
To utilize cluster mode, all Gluu servers must be part of the gluu-servers group, and the Gluu Cluster Manager must be in the gluu-cluster-manager group.
History
Gluu provides open-source solutions for authentication and API access management, allowing organizations to implement single sign-on and strong authentication.
Requirements
To deploy, you will need:
- Ansible installed on your deployment machine.
- The following Python package:
- dnspython
Run this command to install the dependency:
$ pip install -r requirements.txt
Installation
gluu-setup can be installed using Ansible Galaxy. Use the following command to install the role:
$ ansible-galaxy install GuillaumeSmaha.gluu-setup
Update
To update the role, use the --force flag when installing. Here’s how to do it:
$ ansible-galaxy install --force GuillaumeSmaha.gluu-setup
Role Variables
Here is a list of essential variables you can configure:
vars:
# Gluu on a single node
gluu_version: 3.1.7 # Specify the Gluu package version
gluu_hostname: '{{ ansible_ssh_host }}' # Define Gluu server hostname
gluu_ip: '{{ lookup("dig", "{{ gluu_internal_hostname }}.") | regex_replace("^NXDOMAIN$", "") | default(gluu_internal_hostname, true) }}' # Host IP address
gluu_modules: # List of modules to install
- oxauth
- oxtrust
- ldap
- httpd
gluu_certificates: # Certificates for Gluu
# You can add your own keys with public and private key paths here.
gluu_ldap_server: openldap # Type of LDAP server (openldap or opendj)
gluu_ldap_certificate: # Custom certificates for LDAP server/client
gluu_ldap_password: # Set LDAP password (default is random)
gluu_inum_base: # Base inum of Gluu (default is random)
gluu_inum_org: # Organization inum (must include gluu_inum_base)
gluu_inum_appliance: # Appliance inum (must include gluu_inum_base)
# Auto-generated certificate properties
gluu_certificate_properties:
org_name: Organization
country_code: CA
city: Montreal
state: QC
# Gluu on multiple nodes (cluster)
gluu_cluster: False # Set to True for cluster setup
gluu_internal_hostname: '{{ gluu_hostname }}' # Internal hostname for cluster
# Configuration for LDAP server replication
gluu_cluster_ldap_replication: False
gluu_install_from: main
gluu_ldap_hostname: # Hostnames of external LDAP servers (default is all installed servers)
Deploying
To deploy, follow these steps:
- Create a new
hostsfile. Refer to Ansible Inventory documentation for assistance. - Create a new playbook like
deploy.yml - Configure the role variables (see Role Variables)
- Include the
GuillaumeSmaha.gluu-setuprole in the play - Run the deployment playbook:
ansible-playbook -i hosts deploy.yml
If set up correctly, this command will install the Gluu Cluster Manager on the specified host.
Example Playbook
Within the example folder, you can find a sample project that demonstrates the deployment process.
Before running it, ensure you have Vagrant and the role installed. Visit https://www.vagrantup.com for more about Vagrant and refer to our Installation section.
$ cd example
$ vagrant plugin install vagrant-lxc
$ vagrant plugin install vagrant-hostmanager
$ vagrant up --provider=lxc
$ ansible-galaxy install GuillaumeSmaha.gluu-setup
$ ansible-playbook -i env/ubuntu deploy.yml
$ ansible-playbook -i env/centos deploy.yml
You can access Gluu using:
Sample Projects
You can find a complete example of a playbook at the following link:
ansible-galaxy install GuillaumeSmaha.gluu-setup