forked from IBM-Security/isam-ansible-playbook-sample
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathisamcfg_firsttime_for_v905.yml
146 lines (142 loc) · 5.34 KB
/
isamcfg_firsttime_for_v905.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
---
- name: Execute isamcfg First Time for v9.0.5 all-in-one Appliances
hosts: all
connection: local
roles:
- role: start_config
start_config_skip_pending_check: False
start_config_skip_snapshot: True
# - role: delete_signer_cert
# delete_signer_cert_kdb_id : "pdsrv"
# delete_signer_cert_cert_id: "localhost-CA-Certificate"
- role: execute_cli
execute_cli_command: "isam/aac/config"
execute_cli_input :
# Select/deselect the capabilities you would like to configure by typing its number. Press enter to continue:
# [ X ] 1. Context-based Authorization
# [ X ] 2. Authentication Service
# [ X ] 3. API Protection
- "\n"
# Enter your choice:
# Press 1 for Next, 2 for Previous, 3 to Repeat, C to Cancel:
- "1"
# Advanced Access Control Local Management Interface hostname:
- "{{inventory_hostname}}"
# Advanced Access Control Local Management Interface port [443]:
- "{{lmi_port}}"
# Advanced Access Control administrator user ID [admin]:
- "{{username}}"
# Advanced Access Control administrator password:
- "{{password}}"
# SSL certificate data valid (y/n):
- "y"
# Press 1 for Next, 2 for Previous, 3 to Repeat, C to Cancel:
- "1"
# Security Access Manager Appliance Local Management Interface hostname:
- "{{inventory_hostname}}"
# Security Access Manager Appliance Local Management Interface port [443]:
- "{{lmi_port}}"
# Security Access Manager Appliance administrator user ID [admin]:
- "{{username}}"
# Security Access Manager Appliance administrator password:
- "{{password}}"
# SSL certificate data valid (y/n):
- "y"
# Instance to configure:
# 1. default
# 2. Cancel
# Enter your choice [1]:
- "1"
# Press 1 for Next, 2 for Previous, 3 to Repeat, C to Cancel:
- "1"
# Security Access Manager administrator user ID [sec_master]:
- "{{sec_master_id}}"
# Security Access Manager administrator password:
- "{{sec_master_pwd}}"
# Security Access Manager Domain Name [Default]:
- "Default"
# Press 1 for Next, 2 for Previous, 3 to Repeat, C to Cancel:
- "1"
# Advanced Access Control runtime listening interface hostname:
- "localhost"
# Advanced Access Control runtime listening interface port:
- "443"
# Select the method for authentication between WebSEAL and the Advanced Access Control runtime listening interface:
# 1. Certificate authentication
# 2. User-id/password authentication
# Enter your choice [1]:
- "2"
# Advanced Access Control runtime listening interface user ID:
- "{{aac_userid}}"
# Advanced Access Control runtime listening interface password:
- "{{aac_password}}"
# SSL certificate data valid (y/n):
- "y"
# Automatically add CA certificate to the key database (y/n):
- "y"
#--> The CA certificate already exists in the key database. Replace the CA certificate? (y/n):
- "y"
# Press 1 for Next, 2 for Previous, 3 to Repeat, C to Cancel:
- "1"
#--> A POP named rba-pop already exists.
# Do you wish to replace the POP, or reuse it? If you replace the
# POP, any special configuration options associated with the POP
# will be lost.
# 1. Reuse
# 2. Replace
# 3. Cancel
# Enter your choice [1]:
- "1"
# Press 1 for Next, 2 for Previous, 3 to Repeat, C to Cancel:
- "1"
# The following files are available on the Security Access Manager Appliance. Choose one for the '400 Bad Request' response page.
# 1. oauth_template_rsp_400_bad_request.html
# 2. oauth_template_rsp_401_unauthorized.html
# 3. oauth_template_rsp_502_bad_gateway.html
# Enter your choice [1]:
- "1"
# The following files are available on the Security Access Manager Appliance. Choose one for the '401 Unauthorized' response page.
# 1. oauth_template_rsp_400_bad_request.html
# 2. oauth_template_rsp_401_unauthorized.html
# 3. oauth_template_rsp_502_bad_gateway.html
# Enter your choice [2]:
- "2"
# The following files are available on the Security Access Manager Appliance. Choose one for the '502 Bad Gateway' response page.
# 1. oauth_template_rsp_400_bad_request.html
# 2. oauth_template_rsp_401_unauthorized.html
# 3. oauth_template_rsp_502_bad_gateway.html
# Enter your choice [3]:
- "3"
#--> A POP named oauth-pop already exists.
# Do you wish to replace the POP, or reuse it? If you replace the
# POP, any special configuration options associated with the POP
# will be lost.
# 1. Reuse
# 2. Replace
# 3. Cancel
# Enter your choice [1]:
- "1"
# Press 1 for Next, 2 for Previous, 3 to Repeat, C to Cancel:
- "1"
# The junction /mga contains endpoints that require Authorization HTTP header to be forwarded to the backend server.
# Do you want to enable this feature? [y|n]?
- "y"
#--> A junction already exists at /mga.
# Do you wish to replace the junction, or reuse it? If you replace the
# junction, any special configuration options associated with the junction
# will be lost.
# 1. Reuse
# 2. Replace
# 3. Cancel
# Enter your choice [1]
- "1"
# Press 1 for Next, 2 for Previous, 3 to Repeat, C to Cancel:
- "1"
# Press 1 for Next, 2 for Previous, 3 to Repeat, C to Cancel:
- "1"
- role: commit
tags: ["commit"]
tasks:
- debug: msg="Trigger Reverse Proxy restarts"
changed_when: True
notify: Restart Reverse Proxy