Skip to content

I4788 ezproxy test shibuser #6366

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
kayiwa wants to merge 31 commits into
base: main
Choose a base branch
from
Draft

I4788 ezproxy test shibuser #6366

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
35c7cf5
separate out the ezproxy install
kayiwa Jul 24, 2025
fb2e53e
create the shibuser config file
kayiwa Jul 24, 2025
8893f92
add user.txt template
kayiwa Jul 24, 2025
9284c9a
improve config.txt file
kayiwa Jul 24, 2025
dab0347
removing systemd tasks and service.j2 file
VickieKarasic Jul 29, 2025
0b916b6
add a TLS directory
kayiwa Jul 29, 2025
143cd56
change the host name
kayiwa Jul 29, 2025
3e681db
create geoip files
VickieKarasic Jul 30, 2025
35fc99a
give ezproxy sudoers persmissions to run ezproxy
VickieKarasic Oct 30, 2025
32f8706
module installation require root privs
kayiwa Nov 3, 2025
2b72e7f
add a systemd unit file
kayiwa Nov 3, 2025
716a87f
the register step is needed
kayiwa Nov 3, 2025
9465217
the systemd unit file needs to be enabled
kayiwa Nov 4, 2025
85c75bb
upgrayyed ruby version
kayiwa Nov 4, 2025
5de2607
enable the ezproxy user to open port 80
kayiwa Nov 6, 2025
c6501a6
editing the systemd file
VickieKarasic Nov 5, 2025
a33899e
changes to match the file that works on the original VM
VickieKarasic Nov 12, 2025
60f4566
commenting this out since it was not on the original working VM
VickieKarasic Nov 12, 2025
869d2d9
new vms differ in where allowusers is saved
kayiwa Nov 14, 2025
7866211
wrong path
kayiwa Nov 14, 2025
422510c
use new systemd image
kayiwa Nov 15, 2025
e23a1fb
we shouldn't start SAML on launch
kayiwa Nov 18, 2025
6a57238
use the soap URI to get the attributes
kayiwa Nov 20, 2025
4b1f1e2
we run as root
kayiwa Nov 20, 2025
0439800
open http(s) ports to the world
kayiwa Nov 21, 2025
72ef8ed
we do not need these rules in CI
kayiwa Nov 21, 2025
50e7e26
re-order tasks to make permissions easier to see
kayiwa Nov 21, 2025
3d13cf2
consistent permissions, eliminate permissions tug-of-war which makes …
kayiwa Nov 21, 2025
1a834e6
allow checkmk access
kayiwa Nov 21, 2025
3cc77dc
loosening permissions on directories
VickieKarasic Nov 24, 2025
3d7cf2b
permission need to match
kayiwa Nov 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
upgrayyed ruby version 
enable ezproxy to start on boot

Co-authored-by: Vickie Karasic <[email protected]>
  • Loading branch information
@kayiwa @VickieKarasic
kayiwa and VickieKarasic committed Nov 25, 2025
commit 85c75bb5ee29e7a03378593cc99e6afb9ba55882
7 changes: 4 additions & 3 deletions group_vars/ezproxy/testing.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
---
install_ruby_from_source: true
desired_ruby_version: "3.1.0"
ruby_version_override: "ruby-3.1.0"
# these can go to common when we merge testing
desired_ruby_version: "3.4.4"
ruby_version_override: "ruby-3.4.4"
domain_name: "ezproxy-test"
domain_place_name: "ezproxy-test"
generic_app_user: ezproxy
Expand All @@ -11,4 +12,4 @@ ezproxy_public_host: ezproxy-test.princeton.edu
# being passed to the campus IDP for Shibbleth/SAML integration.
# See pul-it-handbook: https://github.com/pulibrary/pul-it-handbook/blob/main/services/ezproxy.md
cert_value: "3"
sudo_options: "ALL=(ALL) NOPASSWD: /usr/sbin/service ezproxy *"
sudo_options: "ALL=(ALL) NOPASSWD: /usr/sbin/service ezproxy *"
32 changes: 6 additions & 26 deletions roles/ezproxy/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,9 @@
- name: Ezproxy | install missing file replacements
ansible.builtin.command: /var/local/ezproxy/ezproxy -m
become: true
become_user: "root"
become_user: "{{ deploy_user }}"
register: proxy_results
changed_when: false
failed_when: "proxy_results.rc != 1"
when:
- running_on_server
Expand Down Expand Up @@ -237,30 +238,9 @@
owner: root
group: root

- name: Ezproxy | create systemd unit
ansible.builtin.template:
src: ezproxy.service.j2
dest: /lib/systemd/system/ezproxy.service
owner: root
group: root
mode: a+x
when:
- running_on_server

- name: Ezproxy | make sure directory is owned by {{ deploy_user }}
ansible.builtin.file:
path: /var/local/ezproxy
state: directory
owner: "{{ deploy_user }}"
group: "{{ deploy_user }}"
recurse: true

- name: Ezproxy | Restart ezproxy daemon-reload to pick up config changes
ansible.builtin.systemd_service:
state: restarted
daemon_reload: true
- name: Ezproxy | start ezproxy
ansible.builtin.service:
name: ezproxy
enabled: true
when:
- running_on_server
state: restarted
when: running_on_server