├── set_ldap_user_attr ├── tests │ ├── inventory │ ├── ansible.cfg │ └── test.yml ├── vars │ └── main.yml ├── handlers │ └── main.yml └── tasks │ └── main.yml ├── start_config ├── tests │ ├── hosts_var │ │ └── localhost.yml │ ├── ansible.cfg │ ├── inventory │ └── test.yml ├── tasks │ └── main.yml ├── filter_plugins │ └── exclude.py └── meta │ └── main.yml ├── first_steps ├── tasks │ └── skip_fs.yml ├── defaults │ └── main.yml └── meta │ └── main.yml ├── export_application_logs └── defaults │ └── main.yml ├── base ├── apply_snapshot │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── backup_firmware │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_time │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── delete_snapshots │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── install_update │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── upload_snapshot │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── download_snapshots │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── swap_firmware │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_cluster │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── set_host_records │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── change_admin_password │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── create_snapshot │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── import_personal_certificates │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── load_signer_certificates │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── set_listening_interfaces │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_dhcp │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── export_certificates │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── import_signer_certificates │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── extract_certificates │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── upload_signer_certificates │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── create_ssl_certificate_databases │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── generate_self_signed_certificates │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_advanced_tuning_parameters │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── create_sysaccounts │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── upload_updates │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── install_fixpacks │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_runtime_tunings │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── add_bonding_interfaces │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── add_interfaces │ └── meta │ │ └── main.yml ├── activate_modules │ ├── meta │ │ └── main.yml │ └── defaults │ │ └── main.yml ├── delete_interfaces │ └── meta │ │ └── main.yml ├── get_certificate_databases │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── get_personal_certificates │ └── meta │ │ └── main.yml ├── get_signer_certificates │ └── meta │ │ └── main.yml ├── configure_interfaces │ └── meta │ │ └── main.yml ├── externalize_hvdb │ └── meta │ │ └── main.yml └── first_steps │ ├── defaults │ └── main.yml │ └── meta │ └── main.yml ├── bootstrap_local ├── handlers │ └── main.yml ├── tests │ ├── inventory │ ├── test.yml │ ├── host_vars │ │ └── localhost.yml │ └── ansible.cfg ├── vars │ ├── Linux.yml │ ├── main.yml │ └── Darwin.yml ├── templates │ └── app-metadata └── defaults │ └── main.yml ├── meta └── .galaxy_install_info ├── create_snapshot ├── defaults │ └── main.yml ├── tasks │ └── main.yml └── meta │ └── main.yml ├── aac ├── configure_scim │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── update_advanced_configurations │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── export_runtime_template_root │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── get_mapping_rules │ ├── defaults │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_access_control_attributes │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_access_control_policies │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── disable_all_authentication_policies │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── set_access_policies │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_access_control_policy_resources │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_access_control_policy_attachments │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── create_authentication_policies │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_user_registry │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── set_accesscontrol_policies │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── create_authentication_mechanisms │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── create_api_protection_definitions │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_api_protection_definitions │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── set_accesscontrol_policyattachment │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── create_user_registry_user │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_authentication_policies │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_authentication_mechanisms │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── delete_attribute │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_server_connections │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_mapping_rules │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── create_api_protection_clients │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── update_api_protection_clients │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_api_protection_clients │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_runtime_template_root │ └── meta │ │ └── main.yml ├── get_accesscontrol_configuration │ ├── meta │ │ └── main.yml │ └── defaults │ │ └── main.yml ├── create_obligation │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── create_attribute │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml └── disable_authentication_policies │ └── meta │ └── main.yml ├── add_suffix ├── defaults │ └── main.yml ├── tasks │ └── main.yml └── meta │ └── main.yml ├── add_sysaccount_group ├── defaults │ └── main.yml ├── tasks │ └── main.yml └── meta │ └── main.yml ├── web ├── export_sso_keys │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── set_embedded_ldap_admin_pw │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── upload_jmt_files │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── upload_kerberos_keytab_files │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── create_reverseproxy_instances │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── restart_reverseproxy_instance │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── upload_runtime_components │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── set_runtime_components │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── update_jmt_files │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── import_sso_keys │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── upload_ltpa_files │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── upload_dynurl_files │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── create_sso_keys │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── execute_pdadmin │ ├── tasks │ │ └── main.yml │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_federated_directories │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── import_certificate_mapping_files │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── upload_http_transformation_files │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_runtime_components │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── upload_management_root_files │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── merge_keytabs │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_reverseproxy_junctions │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_management_root │ └── meta │ │ └── main.yml ├── configure_reverseproxy_instances │ ├── meta │ │ └── main.yml │ └── defaults │ │ └── main.yml └── configure_policyserver │ └── meta │ └── main.yml ├── .gitignore ├── sanity_checks ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_cert_replication ├── defaults │ └── main.yml └── tasks │ └── main.yml ├── set_ldap_root_pw ├── defaults │ └── main.yml ├── tasks │ └── main.yml └── meta │ └── main.yml ├── upload_extension ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_runtime_replication ├── defaults │ └── main.yml └── tasks │ └── main.yml ├── create_runtime_template_directories ├── defaults │ └── main.yml └── meta │ └── main.yml ├── import_runtime_template_file ├── defaults │ └── main.yml └── meta │ └── main.yml ├── install_fixpack ├── defaults │ └── main.yml └── meta │ └── main.yml ├── export_cluster_sign ├── defaults │ └── main.yml ├── tasks │ └── main.yml └── meta │ └── main.yml ├── fed ├── configure_instance_federations │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_sts_chain_templates │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── create_federation_partners │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── create_federations │ ├── defaults │ │ └── main.yml │ └── meta │ │ └── main.yml ├── configure_sts_chains │ ├── meta │ │ └── main.yml │ └── defaults │ │ └── main.yml ├── get_federation_partners │ └── meta │ │ └── main.yml ├── set_runtime_certificates │ ├── meta │ │ └── main.yml │ └── defaults │ │ └── main.yml ├── get_federations │ ├── meta │ │ └── main.yml │ └── tasks │ │ └── main.yml └── set_attribute_source │ └── meta │ └── main.yml ├── delete_activation ├── defaults │ └── main.yml ├── meta │ └── main.yml └── tasks │ └── main.yml ├── set_ldap_user_pw ├── defaults │ └── main.yml └── meta │ └── main.yml ├── import_url_mapping ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_role_group ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_role_user ├── defaults │ └── main.yml └── meta │ └── main.yml ├── import_certificate_db ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_admin_pw ├── defaults │ └── main.yml ├── tasks │ └── main.yml └── meta │ └── main.yml ├── config_snmp_monitoring ├── defaults │ └── main.yml ├── tasks │ └── main.yml └── meta │ └── main.yml ├── add_cluster_node ├── defaults │ └── main.yml └── meta │ └── main.yml ├── import_client_cert_mapping ├── defaults │ └── main.yml └── meta │ └── main.yml ├── import_http_transformation ├── defaults │ └── main.yml └── meta │ └── main.yml ├── authenticate_policy_attachments └── defaults │ └── main.yml ├── set_keystore_desc ├── defaults │ └── main.yml └── meta │ └── main.yml ├── upload_mapping_rule ├── defaults │ └── main.yml └── meta │ └── main.yml ├── add_sysaccount_user ├── defaults │ └── main.yml ├── meta │ └── main.yml └── tasks │ └── main.yml ├── load_signer_cert ├── defaults │ └── main.yml └── meta │ └── main.yml ├── update_advanced_configuration ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_host_records ├── defaults │ └── main.yml └── meta │ └── main.yml ├── search_mapping_rule ├── defaults │ └── main.yml ├── tasks │ └── main.yml └── meta │ └── main.yml ├── add_federation ├── defaults │ └── main.yml └── meta │ └── main.yml ├── add_system_alerts_smtp ├── defaults │ └── main.yml └── meta │ └── main.yml ├── delete_mgmt_root_file └── defaults │ └── main.yml ├── set_mgmtazn_role_group ├── defaults │ └── main.yml └── meta │ └── main.yml ├── add_system_alerts_rsyslog ├── defaults │ └── main.yml └── meta │ └── main.yml ├── execute_rp_op ├── defaults │ └── main.yml └── meta │ └── main.yml ├── import_personal_cert ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_mgmtazn_role_feature ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_dsc_config ├── defaults │ └── main.yml └── meta │ └── main.yml ├── create_mgmt_root_dir ├── defaults │ └── main.yml └── meta │ └── main.yml ├── search_attribute_source ├── defaults │ └── main.yml ├── tasks │ └── main.yml └── meta │ └── main.yml ├── add_partner ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_partner ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_federation ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_mapping_rule ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_tcpip_tuning ├── defaults │ └── main.yml └── meta │ └── main.yml ├── gen_report ├── defaults │ └── main.yml ├── tasks │ └── main.yml └── meta │ └── main.yml ├── add_mgmtazn_role ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_access_policy ├── defaults │ └── main.yml └── meta │ └── main.yml ├── config_ntp ├── defaults │ └── main.yml ├── tasks │ └── main.yml └── meta │ └── main.yml ├── delete_junction └── meta │ └── main.yml ├── import_ca_certs ├── defaults │ └── main.yml └── meta │ └── main.yml ├── add_reverseproxy_conf ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_reverseproxy_conf └── defaults │ └── main.yml ├── config_dns ├── defaults │ └── main.yml └── meta │ └── main.yml ├── update_management_ssl_cert └── defaults │ └── main.yml ├── externalize_hvdb_db2 ├── tasks │ └── main.yml └── meta │ └── main.yml ├── set_rsyslog_forwarder_sources ├── defaults │ └── main.yml └── meta │ └── main.yml ├── update_reverseproxy_conf └── defaults │ └── main.yml ├── import_management_root ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_current_point_of_contact ├── defaults │ └── main.yml ├── meta │ └── main.yml └── tasks │ └── main.yml ├── execute_isamcfg └── tasks │ └── main.yml ├── config_fed_dir ├── tasks │ └── main.yml └── meta │ └── main.yml ├── install_license ├── defaults │ └── main.yml └── meta │ └── main.yml ├── upload_ltpa_key ├── defaults │ └── main.yml └── meta │ └── main.yml ├── delete_reverseproxy_conf ├── defaults │ └── main.yml └── meta │ └── main.yml ├── create_mgmt_root_file ├── defaults │ └── main.yml └── meta │ └── main.yml ├── config_policy_attachments ├── defaults │ └── main.yml └── meta │ └── main.yml ├── add_static_route ├── defaults │ └── main.yml └── meta │ └── main.yml ├── delete_ca_certs ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_auth_policy ├── defaults │ └── main.yml └── meta │ └── main.yml ├── get_fixpack ├── tasks │ └── main.yml └── meta │ └── main.yml ├── set_access_control_policy ├── defaults │ └── main.yml └── meta │ └── main.yml ├── add_network_ipv4 ├── defaults │ └── main.yml └── meta │ └── main.yml ├── config_reverseproxy_aac ├── defaults │ └── main.yml └── meta │ └── main.yml ├── get_firmware ├── tasks │ └── main.yml └── meta │ └── main.yml ├── switch_auth ├── tasks │ └── mgmt_authz.yml └── meta │ └── main.yml ├── activate_module ├── defaults │ └── main.yml └── meta │ └── main.yml ├── get_federation ├── tasks │ └── main.yml └── meta │ └── main.yml ├── set_advanced_tuning_parameter ├── defaults │ └── main.yml └── meta │ └── main.yml ├── get_reverseproxies ├── tasks │ └── main.yml └── meta │ └── main.yml ├── set_network_ipv4_dhcp ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_rsyslog_forwarder ├── defaults │ └── main.yml └── meta │ └── main.yml ├── create_keystore └── meta │ └── main.yml ├── execute_pdadmin ├── defaults │ └── main.yml └── meta │ └── main.yml ├── set_cluster_config └── meta │ └── main.yml ├── add_oauth_client └── meta │ └── main.yml ├── archive_logs ├── defaults │ └── main.yml └── meta │ └── main.yml ├── execute_compare └── meta │ └── main.yml ├── set_network_hostname ├── tasks │ └── main.yml └── meta │ └── main.yml ├── set_oauth_client └── meta │ └── main.yml ├── add_module_chain └── meta │ └── main.yml ├── add_oauth_definition └── meta │ └── main.yml ├── set_oauth_definition └── meta │ └── main.yml ├── set_runtime_tuning_parameter ├── defaults │ └── main.yml └── meta │ └── main.yml ├── update_network_ipv4 └── meta │ └── main.yml ├── add_chain_template ├── meta │ └── main.yml └── defaults │ └── main.yml ├── add_junction └── meta │ └── main.yml ├── set_admin_cfg └── meta │ └── main.yml ├── set_junction └── meta │ └── main.yml ├── add_attribute_source └── meta │ └── main.yml ├── add_system_alerts_snmp └── meta │ └── main.yml ├── config_policyserver └── meta │ └── main.yml ├── set_auth_mech └── meta │ └── main.yml ├── config_reverseproxy_federation ├── defaults │ └── main.yml └── meta │ └── main.yml ├── install_firmware └── meta │ └── main.yml ├── update_auth_mech └── meta │ └── main.yml ├── update_management_root ├── defaults │ └── main.yml └── meta │ └── main.yml ├── update_network_interface_vlan ├── meta │ └── main.yml └── defaults │ └── main.yml ├── update_static_route └── meta │ └── main.yml ├── add_runtime_listening_interface └── meta │ └── main.yml ├── set_audit_configuration └── meta │ └── main.yml ├── add_server_connection_ldap └── meta │ └── main.yml ├── config_failover_cookie └── meta │ └── main.yml ├── config_reverseproxy_oauth ├── defaults │ └── main.yml └── meta │ └── main.yml ├── get_junctions └── meta │ └── main.yml ├── update_point_of_contact └── meta │ └── main.yml ├── add_server_connection_ws └── meta │ └── main.yml ├── add_junction_servers └── meta │ └── main.yml ├── create_reverseproxy ├── meta │ └── main.yml └── tasks │ └── main.yml └── get_junction_details └── meta └── main.yml /set_ldap_user_attr/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost -------------------------------------------------------------------------------- /start_config/tests/hosts_var/localhost.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /first_steps/tasks/skip_fs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # do nothing 3 | - meta: noop -------------------------------------------------------------------------------- /start_config/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # do nothing 3 | - meta: noop -------------------------------------------------------------------------------- /start_config/tests/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | roles_path=../../ 3 | -------------------------------------------------------------------------------- /export_application_logs/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | path: "{{ item.path }}" -------------------------------------------------------------------------------- /base/apply_snapshot/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables for applying snaphot -------------------------------------------------------------------------------- /set_ldap_user_attr/tests/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | roles_path= ../../ 3 | -------------------------------------------------------------------------------- /base/backup_firmware/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables for backup of firmware -------------------------------------------------------------------------------- /set_ldap_user_attr/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for set_ldap_user_attr 3 | -------------------------------------------------------------------------------- /start_config/tests/inventory: -------------------------------------------------------------------------------- 1 | [localhost] 2 | localhost ansible_connection=local 3 | -------------------------------------------------------------------------------- /base/configure_time/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables for time configuration 2 | -------------------------------------------------------------------------------- /base/delete_snapshots/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables for snaphot deletion 2 | -------------------------------------------------------------------------------- /base/install_update/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables to install a single update 2 | -------------------------------------------------------------------------------- /base/upload_snapshot/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables for uploading a snaphot 2 | -------------------------------------------------------------------------------- /bootstrap_local/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for isam-local-bootstrap 3 | -------------------------------------------------------------------------------- /bootstrap_local/tests/inventory: -------------------------------------------------------------------------------- 1 | [localhost] 2 | localhost ansible_connection=local 3 | -------------------------------------------------------------------------------- /meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Fri Feb 25 09:00:00 2017', version: v2.2.0} -------------------------------------------------------------------------------- /set_ldap_user_attr/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for set_ldap_user_attr 3 | -------------------------------------------------------------------------------- /base/download_snapshots/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables for downloading snapshots 2 | -------------------------------------------------------------------------------- /base/swap_firmware/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables for swapping of appliance firmware -------------------------------------------------------------------------------- /create_snapshot/defaults/main.yml: -------------------------------------------------------------------------------- 1 | create_snampshot_comment: "Snapshot of appliance by Script" -------------------------------------------------------------------------------- /aac/configure_scim/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for scim configuration 2 | scim_configuration: -------------------------------------------------------------------------------- /add_suffix/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide following value for this role to work 2 | #add_suffix_name: 3 | -------------------------------------------------------------------------------- /add_sysaccount_group/defaults/main.yml: -------------------------------------------------------------------------------- 1 | #Provide a system account group 2 | add_sysaccount_group : null -------------------------------------------------------------------------------- /base/configure_cluster/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # The following need to be provided for role to work 2 | 3 | -------------------------------------------------------------------------------- /web/export_sso_keys/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default values for import sso key files 2 | sso_keys: [] 3 | -------------------------------------------------------------------------------- /web/set_embedded_ldap_admin_pw/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # defaults for setting embedded ldap admin password -------------------------------------------------------------------------------- /web/upload_jmt_files/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for uploading jmt files 2 | jmt_files: [] -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/* 2 | */.idea/* 3 | .DS_Store 4 | */.DS_Store 5 | *.retry 6 | *.pyc 7 | *.bak 8 | .vscode -------------------------------------------------------------------------------- /aac/update_advanced_configurations/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for updating advanced configurations -------------------------------------------------------------------------------- /base/set_host_records/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables for setting host file entries 2 | host_records: [] -------------------------------------------------------------------------------- /sanity_checks/defaults/main.yml: -------------------------------------------------------------------------------- 1 | start_config_comment: 'Execute Snapshot as Backup - before Standard Config' 2 | -------------------------------------------------------------------------------- /aac/export_runtime_template_root/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for export of runtime template root content 2 | -------------------------------------------------------------------------------- /aac/get_mapping_rules/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide name and registered variable name of Mapping Rule to search 2 | 3 | -------------------------------------------------------------------------------- /base/change_admin_password/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables for change of admin password 2 | old_password: admin -------------------------------------------------------------------------------- /set_cert_replication/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default sets replication to True 2 | set_cert_replication_replicating: True -------------------------------------------------------------------------------- /set_ldap_root_pw/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Set the password for the embedded LDAP root user 2 | #set_ldap_root_pw_password: -------------------------------------------------------------------------------- /upload_extension/defaults/main.yml: -------------------------------------------------------------------------------- 1 | upload_extension_filename: "{{ role_path }}/files/{{ extension_filename }}" 2 | -------------------------------------------------------------------------------- /aac/configure_access_control_attributes/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of access control attributes -------------------------------------------------------------------------------- /aac/configure_access_control_policies/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of access control policies -------------------------------------------------------------------------------- /base/create_snapshot/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables for snaphot creation 2 | # Example: 3 | # comment: "Test" 4 | -------------------------------------------------------------------------------- /set_runtime_replication/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default sets replication to True 2 | set_runtime_replication_replicating: True -------------------------------------------------------------------------------- /web/upload_kerberos_keytab_files/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for uploading keytab files 2 | # 3 | keytab_files: [] -------------------------------------------------------------------------------- /aac/disable_all_authentication_policies/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for disabling authentication policies 2 | 3 | -------------------------------------------------------------------------------- /base/import_personal_certificates/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for seamless integration 2 | personal_certificates: [] -------------------------------------------------------------------------------- /base/load_signer_certificates/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for seamless integration 2 | load_signer_certificates: [] -------------------------------------------------------------------------------- /base/set_listening_interfaces/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for setting listening interfaces 2 | listening_interfaces: [] -------------------------------------------------------------------------------- /create_runtime_template_directories/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for uploading mapping rules 2 | runtime_templates: [] -------------------------------------------------------------------------------- /import_runtime_template_file/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for importing runtime template files 2 | runtime_templates: [] -------------------------------------------------------------------------------- /install_fixpack/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide this value for this role to work 2 | #install_fixpack_file: "/tmp/9021_IF1.fixpack" -------------------------------------------------------------------------------- /web/create_reverseproxy_instances/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for creation of reverse proxy instances 2 | instances: [] -------------------------------------------------------------------------------- /web/restart_reverseproxy_instance/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for restarting reverse proxy instance 2 | instance: [] -------------------------------------------------------------------------------- /web/upload_runtime_components/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for uploading runtime components 2 | runtime_components: [] -------------------------------------------------------------------------------- /aac/set_access_policies/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of oidc access policies 2 | access_policies: [] 3 | -------------------------------------------------------------------------------- /base/configure_dhcp/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables to configure dhcp on an interface 2 | configure_dhcp_action: interfaces_ipv4 -------------------------------------------------------------------------------- /base/export_certificates/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for exporting certificates from databases 2 | export_certificates: [] -------------------------------------------------------------------------------- /base/import_signer_certificates/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for importing signer certificates 2 | signer_certificates: [] -------------------------------------------------------------------------------- /export_cluster_sign/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide file name to export to 2 | #export_cluster_sign_filename: "/tmp/primary.signature" -------------------------------------------------------------------------------- /aac/configure_access_control_policy_resources/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of access control policy resources -------------------------------------------------------------------------------- /base/extract_certificates/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for extracting certificates from database 2 | extract_certificates: [] 3 | -------------------------------------------------------------------------------- /base/upload_signer_certificates/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for uploading signer certificates 2 | upload_signer_certificates: [] -------------------------------------------------------------------------------- /fed/configure_instance_federations/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the following values for this role to work 2 | import_personal_certs: [] -------------------------------------------------------------------------------- /aac/configure_access_control_policy_attachments/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of access control policy attachments -------------------------------------------------------------------------------- /aac/create_authentication_policies/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for creation of authentication policies 2 | authentication_policies: [] -------------------------------------------------------------------------------- /fed/configure_sts_chain_templates/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of sts chain templates 2 | sts_chain_templates: [] -------------------------------------------------------------------------------- /web/set_runtime_components/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for setting runtime components 2 | policyserver_runtime: 3 | entries: [] 4 | -------------------------------------------------------------------------------- /web/update_jmt_files/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for updating jmt files 2 | jmt_files: [] 3 | 4 | name: "{{ item.file | basename }}" -------------------------------------------------------------------------------- /aac/configure_user_registry/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for user_registry configuration 2 | user_registry: [] 3 | 4 | id: "{{ item.id }}" -------------------------------------------------------------------------------- /aac/set_accesscontrol_policies/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of authentication policies 2 | accesscontrol_policies: [] 3 | -------------------------------------------------------------------------------- /delete_activation/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide valid module identifiers - they can be wga, mga or federation 2 | # delete_activation_id: 'wga' 3 | -------------------------------------------------------------------------------- /set_ldap_user_pw/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Set the id and password for the embedded LDAP user 2 | #set_ldap_user_pwd_id: 3 | #set_ldap_user_pwd_password: -------------------------------------------------------------------------------- /web/import_sso_keys/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default values for import sso key files 2 | sso_keys: [] 3 | 4 | name: "{{ item.file | basename }}" 5 | -------------------------------------------------------------------------------- /web/upload_ltpa_files/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for uploading ltpa files 2 | ltpa_files: [] 3 | 4 | name: "{{ item.file | basename }}" -------------------------------------------------------------------------------- /base/create_ssl_certificate_databases/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for create ssl certificate database 2 | create_certificate_databases: [] 3 | -------------------------------------------------------------------------------- /import_url_mapping/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the following values for role to succeed 2 | #import_url_mapping_id: 3 | #import_url_mapping_filename: 4 | -------------------------------------------------------------------------------- /web/upload_dynurl_files/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for uploading jmt files 2 | dynurl_files: [] 3 | 4 | name: "{{ item.file | basename }}" -------------------------------------------------------------------------------- /aac/create_authentication_mechanisms/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for creation of authentication mechanisms 2 | authentication_mechanisms: [] 3 | -------------------------------------------------------------------------------- /base/generate_self_signed_certificates/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for generatin self signed certificates 2 | generate_self_signed_certificates: [] -------------------------------------------------------------------------------- /set_role_group/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the following values for this role to work 2 | # Available Group Types: LDAP or Local 3 | set_role_group_type: ldap -------------------------------------------------------------------------------- /set_role_user/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the following values for this role to work 2 | # Available Group Types: LDAP or Local 3 | set_role_group_type: ldap -------------------------------------------------------------------------------- /web/create_sso_keys/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default values for sso key file 2 | # Example: 3 | # sso_keys: 4 | # - ssokey_name: "sso.key" 5 | sso_keys: [] -------------------------------------------------------------------------------- /base/configure_advanced_tuning_parameters/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables for configuration of advanced tuning parameters 2 | advanced_tuning_parameters: [] -------------------------------------------------------------------------------- /import_certificate_db/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the following values for this role to work 2 | #import_certificate_db_kdb: 3 | #import_certificate_db_sth: 4 | -------------------------------------------------------------------------------- /set_admin_pw/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Standard variables password needs to be defined - this is the new password 2 | # old_password needs to have the existing password -------------------------------------------------------------------------------- /web/execute_pdadmin/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: PDadmin 3 | include: pdadmin.yml 4 | when: (pdadmin_commands|length > 0) or (include_pdadmin_commands|length > 0) -------------------------------------------------------------------------------- /config_snmp_monitoring/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Override the following values as needed 2 | config_snmp_monitoring_community: "IBM-ISAM" 3 | config_snmp_monitoring_port: 161 4 | -------------------------------------------------------------------------------- /web/configure_federated_directories/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of federated directories 2 | policyserver_runtime: 3 | federated_directories: [] -------------------------------------------------------------------------------- /add_cluster_node/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide signature file name to import 2 | #add_cluster_node_signature_file: "/tmp/primary.signature" 3 | add_cluster_node_restricted: False -------------------------------------------------------------------------------- /bootstrap_local/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | roles: 4 | - { role: bootstrap_local, BS_vm_hostname: idp.demo.ibm.com, BS_vm_mgmt_ip: 192.168.42.111 } 5 | -------------------------------------------------------------------------------- /import_client_cert_mapping/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide both the following values for this role to work: 2 | # import_client_cert_mapping_filename: 3 | # import_client_cert_mapping_id: -------------------------------------------------------------------------------- /import_http_transformation/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide both the following values for this role to work: 2 | #import_http_transformation_filename: 3 | #import_http_transformation_id: -------------------------------------------------------------------------------- /web/import_certificate_mapping_files/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default values for import certificate mapping files 2 | certificate_mapping_files: [] 3 | 4 | name: "{{ item.file | basename }}" -------------------------------------------------------------------------------- /web/upload_http_transformation_files/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for uploading http transformation files 2 | http_transformations: [] 3 | 4 | name: "{{ item.file | basename }}" -------------------------------------------------------------------------------- /aac/create_api_protection_definitions/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for creation of api protection definitions 2 | api_protection: [] 3 | 4 | name: "{{ item.name | default('none') }}" 5 | -------------------------------------------------------------------------------- /authenticate_policy_attachments/defaults/main.yml: -------------------------------------------------------------------------------- 1 | #authenticate_policy_attachments_username: 2 | #authenticate_policy_attachments_password: 3 | authenticate_policy_attachments_domain: "Default" 4 | -------------------------------------------------------------------------------- /fed/create_federation_partners/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for creation of federation partners 2 | federations: [] 3 | 4 | fed_name: "{{ item.0.name }}" 5 | partner_name: "{{ item.1.name }}" -------------------------------------------------------------------------------- /set_keystore_desc/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # The following argument is required 2 | # set_keystore_desc_keystore: 'keystore_id' 3 | # set_keystore_desc_description: 'Description of sample keystore' 4 | # 5 | -------------------------------------------------------------------------------- /start_config/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | roles: 5 | - { role: start_config, inventory_hostname: 192.168.42.111, username: admin, password: Passw0rd } 6 | -------------------------------------------------------------------------------- /upload_mapping_rule/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the following values for role to succeed 2 | #upload_mapping_rule_name: 3 | #upload_mapping_rule_category: 4 | #upload_mapping_rule_upload_filename: 5 | -------------------------------------------------------------------------------- /aac/configure_api_protection_definitions/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of api protection definitions 2 | api_protection: [] 3 | 4 | name: "{{ item.name | default('none') }}" 5 | -------------------------------------------------------------------------------- /web/configure_runtime_components/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for confiuratino of runtime components 2 | resource_id: "{{ item.resource_id }}" 3 | stanza_id: "{{ item.stanza_id }}" 4 | entry_id: "" -------------------------------------------------------------------------------- /aac/set_accesscontrol_policyattachment/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of authentication policies 2 | accesscontrol_policies: [] 3 | # Default domain 4 | aac_access_control_domain: 'Default' -------------------------------------------------------------------------------- /add_sysaccount_user/defaults/main.yml: -------------------------------------------------------------------------------- 1 | #Provide a system account name, password and collection of group memberships 2 | add_sysaccount_id : null 3 | add_sysaccount_password: null 4 | add_sysaccount_groups: null 5 | -------------------------------------------------------------------------------- /aac/create_user_registry_user/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # defaults for creating an embedded ldap user 2 | # Both of these are required variables 3 | user_registry_user_username: null 4 | user_registry_user_password: null 5 | -------------------------------------------------------------------------------- /load_signer_cert/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the following values for this role to work 2 | #load_signer_cert_kdb_id: "pdsrv" 3 | #load_signer_cert_label: 4 | #load_signer_cert_server: 5 | #load_signer_cert_port: 6 | -------------------------------------------------------------------------------- /update_advanced_configuration/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # At a minimum provide the following 2 | #update_advanced_configuration_key: 3 | #update_advanced_configuration_value: 4 | #update_advanced_configuration_sensitive: 5 | -------------------------------------------------------------------------------- /web/upload_management_root_files/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for uploading management root files 2 | management_root_files: [] 3 | 4 | name: "{{ item.file | basename }}" 5 | inst_name: "{{ item.instance_id }}" -------------------------------------------------------------------------------- /aac/configure_authentication_policies/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of authentication policies 2 | authentication_policies: [] 3 | 4 | # Default variables for filtering 5 | name: "{{ item.name }}" 6 | -------------------------------------------------------------------------------- /set_host_records/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # The following need to be provided for role to work 2 | #set_host_records: 3 | # - addr: "192.168.0.100" 4 | # hostnames: 5 | # - {name: test1.ibm.com} 6 | # - {name: test2.ibm.com} -------------------------------------------------------------------------------- /aac/configure_authentication_mechanisms/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of authentication mechanisms 2 | authentication_mechanisms: [] 3 | 4 | # Default variables for filtering 5 | name: "{{ item.name }}" 6 | -------------------------------------------------------------------------------- /base/create_sysaccounts/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # The following need to be provided for role to work 2 | # Example: 3 | # sysaccounts: 4 | # - id: sec_master 5 | # password: "{{ basicauth_dummy_passwd }}" 6 | sysaccounts: [] 7 | -------------------------------------------------------------------------------- /bootstrap_local/tests/host_vars/localhost.yml: -------------------------------------------------------------------------------- 1 | BS_vm_net_mask: 255.255.255.0 2 | BS_vm_default_gw: 192.168.42.2 3 | BS_vm_path_root: '/Users/mlu/VMs' 4 | BS_appliance_iso: "/Users/mlu/Products/SAM/isam_9.0.2.1_20170116-1957.iso" 5 | -------------------------------------------------------------------------------- /fed/create_federations/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for creation of federations 2 | federations: [] 3 | 4 | # variable to control whether to configure one federation or a specific one 5 | fed_name: "{{ item.name }}" 6 | -------------------------------------------------------------------------------- /search_mapping_rule/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide name and registered variable name of Mapping Rule to search 2 | # search_mapping_rule_name: 3 | # search_mapping_rule_register: 4 | -------------------------------------------------------------------------------- /add_federation/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide all of the following for this role to work 2 | #add_federation_name: 3 | #add_federation_protocol: 4 | #add_federation_role: 5 | #add_federation_configuration: 6 | #add_federation_templateName: -------------------------------------------------------------------------------- /add_system_alerts_smtp/defaults/main.yml: -------------------------------------------------------------------------------- 1 | #Provide a valid SMTP collector server name 2 | add_system_alerts_smtpServer: null 3 | add_system_alerts_smtpPort: 25 4 | add_system_alerts_from_email: null 5 | add_system_alerts_to_email: null 6 | -------------------------------------------------------------------------------- /base/upload_updates/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables for installing multiple fix packs 2 | updates: [] 3 | 4 | # limit the to be installed fix packs at runtime 5 | file: "{{ item.file }}" 6 | filename: "{{ item.file | basename }}" -------------------------------------------------------------------------------- /delete_mgmt_root_file/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide Reverse Proxy instance name 2 | #delete_mgmt_root_file_instance_id: 3 | 4 | # Provide details of directory to be created 5 | #delete_mgmt_root_file_ids: 6 | # - 'management/C/ar' 7 | -------------------------------------------------------------------------------- /set_mgmtazn_role_group/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide a list of groups for this role to work on 2 | 3 | #set_mgmtazn_role_groups: 4 | # - name: "Security Administrator" 5 | # group_name: "administrator-grp" 6 | # type: "local" 7 | -------------------------------------------------------------------------------- /add_system_alerts_rsyslog/defaults/main.yml: -------------------------------------------------------------------------------- 1 | #Provide a valid RSyslog collector server name 2 | add_system_alerts_rsyslog_collector: null 3 | add_system_alerts_rsyslog_collectorPort: 514 4 | add_system_alerts_rsyslog_collectorLeef: True 5 | -------------------------------------------------------------------------------- /base/install_fixpacks/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # default variables for installing multiple fix packs 2 | fix_packs: [] 3 | 4 | # limit the to be installed fix packs at runtime 5 | file: "{{ item.file }}" 6 | filename: "{{ item.file | basename }}" -------------------------------------------------------------------------------- /bootstrap_local/vars/Linux.yml: -------------------------------------------------------------------------------- 1 | BS_vmrun: '/usr/bin/vmrun' 2 | BS_vmrunflags: '-T ws' 3 | BS_vmdiskmgr: '/usr/bin/vmware-vdiskmanager' 4 | BS_mkisofs: '/usr/bin/mkisofs' 5 | BS_mkisoflags: '-J -o' 6 | BS_os: 'Linux' 7 | BS_tmpdir: '/tmp' 8 | -------------------------------------------------------------------------------- /execute_rp_op/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide a list of reverse proxy IDs to process 2 | execute_rp_op_ids: [] 3 | # Provide the operation to run against the reverse proxy (can be start, stop or restart) 4 | execute_rp_op_operation: "restart" 5 | -------------------------------------------------------------------------------- /import_personal_cert/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the following values for this role to work 2 | #import_personal_cert_kdb_id: "pdsrv" 3 | #import_personal_cert_label: 4 | #import_personal_cert_cert: 5 | #import_personal_cert_password: 6 | -------------------------------------------------------------------------------- /bootstrap_local/templates/app-metadata: -------------------------------------------------------------------------------- 1 | network.hostname = "{{ BS_vm_hostname }}" 2 | network.1.1.ipv4.address = "{{ BS_vm_mgmt_ip }}" 3 | network.1.1.ipv4.netmask = "{{ BS_vm_netmask }}" 4 | network.1.1.ipv4.gateway = "{{ BS_vm_default_gw }}" 5 | -------------------------------------------------------------------------------- /set_mgmtazn_role_feature/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide a list of features and access for this role to work on 2 | #set_mgmtazn_role_features: 3 | # - name: "Security Administrator" 4 | # feature_name: "events.page_title" 5 | # access: "r" 6 | -------------------------------------------------------------------------------- /aac/delete_attribute/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for deletion of access control attributes 2 | # you cannot delete pre-defined attributes 3 | accesscontrol_delete_attributes: [] 4 | # 5 | # Example: 6 | # - name: "attributeToDelete" 7 | # 8 | 9 | -------------------------------------------------------------------------------- /set_dsc_config/defaults/main.yml: -------------------------------------------------------------------------------- 1 | set_dsc_config_comment: "Execute snapshot before configuring DSC" 2 | 3 | set_dsc_config_port: null 4 | set_dsc_config_worker_threads: 64 5 | set_dsc_config_max_session_lifetime: 3600 6 | set_dsc_config_client_grace: 600 7 | -------------------------------------------------------------------------------- /aac/configure_server_connections/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of server connections 2 | server_connections: [] 3 | 4 | # Default variables to filter for configuration of specific server connections at runtime 5 | name: "{{ item.name }}" -------------------------------------------------------------------------------- /create_mgmt_root_dir/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide Reverse Proxy instance name 2 | #create_mgmt_root_dir_instance_id: 3 | 4 | # Provide details of directory to be created 5 | #create_mgmt_root_dir_id: 'management/C' 6 | #create_mgmt_root_dir_filename: 'test' 7 | -------------------------------------------------------------------------------- /search_attribute_source/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide name and registered variable name of Attribute Source to search 2 | # search_attribute_source_name: 3 | # search_attribute_source_register: 4 | -------------------------------------------------------------------------------- /add_partner/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide all the following values for this role to work 2 | #add_partner_federation_name: 3 | #add_partner_partner_name: 4 | #add_partner_enabled: 5 | #add_partner_role: 6 | #add_partner_configuration: 7 | #add_partner_templateName: 8 | -------------------------------------------------------------------------------- /set_partner/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide all the following values for this role to work 2 | #set_partner_federation_name: 3 | #set_partner_partner_name: 4 | #set_partner_enabled: 5 | #set_partner_role: 6 | #set_partner_configuration: 7 | #set_partner_templateName: 8 | -------------------------------------------------------------------------------- /web/merge_keytabs/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for krb5 merging 2 | # 3 | # The keytabs need to exist already in ISAM ! 4 | # 5 | #keytab_files_to_merge: 6 | # - id: combined.keytab 7 | # merged_id: 8 | # - keytab1.keytab 9 | # - keytab2.keytab -------------------------------------------------------------------------------- /set_federation/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide all of the following for this role to work 2 | #set_federation_name: 3 | #set_federation_protocol: 4 | #set_federation_role: 5 | #set_federation_configuration: 6 | #set_federation_templateName: 7 | set_federation_new_name: null -------------------------------------------------------------------------------- /base/configure_runtime_tunings/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of runtime tuning parameters 2 | runtime_tuning: [] 3 | 4 | # Default variables to filter for configuration of specific runtime tuning parameters at runtime 5 | option: "{{ item.option }}" -------------------------------------------------------------------------------- /aac/configure_mapping_rules/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of mapping rules 2 | mapping_rules: [] 3 | 4 | # Default variables to filter for configuration of specific mapping rules at runtime 5 | name: "{{ item.name }}" 6 | category: "{{ item.category }}" -------------------------------------------------------------------------------- /aac/create_api_protection_clients/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for creation of api protection clients 2 | api_protection: [] 3 | 4 | # variables to control whether to configure one client at a time or everything from the configurations 5 | client_name: "{{ item.1.name }}" -------------------------------------------------------------------------------- /aac/update_api_protection_clients/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for update of api protection clients 2 | api_protection: [] 3 | 4 | # variables to control whether to configure one client at a time or everything from the configurations 5 | client_name: "{{ item.1.name }}" -------------------------------------------------------------------------------- /bootstrap_local/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # Static constants 4 | # 5 | BS_vm_dest_dir: '{{ BS_vm_path_root }}/{{ BS_vm_hostname }}{{ BS_vm_dir_suffix }}' 6 | BS_vm_vmx: '{{ BS_vm_dest_dir }}/{{ BS_vm_hostname }}.vmx' 7 | BS_vm_vmdk: '{{ BS_vm_dest_dir }}/{{ BS_vm_hostname }}.vmdk' 8 | -------------------------------------------------------------------------------- /set_mapping_rule/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the following values for role to succeed 2 | #set_mapping_rule_name: 3 | #set_mapping_rule_category: 4 | #set_mapping_rule_filename or set_mapping_rule_upload_filename: 5 | #set_mapping_rule_upload_filename or set_mapping_rule_content: 6 | -------------------------------------------------------------------------------- /aac/configure_api_protection_clients/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for add or update of api protection clients 2 | api_protection: [] 3 | 4 | # variables to control whether to configure one client at a time or everything from the configurations 5 | client_name: "{{ item.1.name }}" -------------------------------------------------------------------------------- /set_tcpip_tuning/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # These are the recommended values from IBM Support, please override with caution 2 | set_tcpip_tuning_ip_local_port_range: '\"16384 65535\"' 3 | set_tcpip_tuning_tcp_fin_timeout: "30" 4 | set_tcpip_tuning_tcp_tw_reuse: "1" 5 | set_tcpip_tuning_tcp_tw_recycle: "0" 6 | -------------------------------------------------------------------------------- /base/add_bonding_interfaces/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for bonding_interfaces 3 | # 4 | # Default values for adding an ipv4 address - override as needed 5 | # interfaces: [] 6 | # possible values: [interfaces_ipv4, interfaces_ipv6, interfaces_vlan] 7 | add_interfaces_action: interfaces_vlan -------------------------------------------------------------------------------- /gen_report/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the directory where to create the report, defaults to current directory 2 | gen_report_dir: . 3 | 4 | # Provide the template to use for generating report 5 | # See files sub-directory for a list of valid templates 6 | gen_report_template: report_fix_levels.template -------------------------------------------------------------------------------- /add_mgmtazn_role/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the name of the new management authorization role(s) 2 | # mgmtazn_role_names: 3 | # - Role 1 4 | # - Role 2 5 | 6 | # Comment to be used for creating a snapshot file 7 | add_mgmtazn_role_comment: "Automated Snapshot Before Adding Management Authorization Roles" 8 | -------------------------------------------------------------------------------- /base/configure_cluster/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure cluster 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - cluster 14 | 15 | dependencies: 16 | - start_config -------------------------------------------------------------------------------- /set_access_policy/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Provide the following values for role to succeed 3 | #set_access_policy_name: 4 | #set_access_policy_file or set_access_policy_content: 5 | 6 | # Default values from ibmsecurity python module 7 | set_access_policy_category: "OIDC" 8 | set_access_policy_type: "JavaScript" -------------------------------------------------------------------------------- /web/create_sso_keys/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create a sso key file 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - sso_key 14 | 15 | dependencies: 16 | - start_config -------------------------------------------------------------------------------- /web/execute_pdadmin/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide a list of pdadmin commands to execute 2 | #pdadmin_commands: 3 | # - "acl show default-management" 4 | # - "user list * 10" 5 | 6 | # Use Default domain, override as needed 7 | admin_domain: Default 8 | pdadmin_commands: [] 9 | include_pdadmin_commands: [] 10 | -------------------------------------------------------------------------------- /aac/configure_scim/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure scim 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - scim 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/apply_snapshot/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to apply snapshot 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - apply 14 | - snapshot 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/upload_updates/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to upload updates 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - upload 14 | - updates 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /config_ntp/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # List of NTP servers have to be provided, please comma separate them in a string, e.g. 2 | # config_ntp_ntp_server: pool.ntp.org,us.pool.ntp.org 3 | config_ntp_ntp_servers: pool.ntp.org 4 | # Defaulting to East Coast time - override as necessary 5 | config_ntp_timeZone: "America/New_York" 6 | -------------------------------------------------------------------------------- /base/add_interfaces/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add an address to an interface 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.5 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - networking 14 | 15 | dependencies: 16 | - start_config -------------------------------------------------------------------------------- /base/create_snapshot/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create snapshot 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - snapshot 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/upload_snapshot/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to upload snapshot 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - upload 14 | - snapshot 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /web/configure_reverseproxy_junctions/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of reverse proxy junctions 2 | instances: [] 3 | 4 | 5 | # Configuration entry to control, if not listed junction servers should be deleted on the server 6 | delete_junction_server: false 7 | delete_junctions: false 8 | force: false 9 | -------------------------------------------------------------------------------- /base/activate_modules/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to activate multiple modules in ISAM 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - activation 14 | 15 | dependencies: 16 | - start_config -------------------------------------------------------------------------------- /base/configure_time/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure time settings 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - time 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/delete_snapshots/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to delete snapshots 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - delete 14 | - snapshots 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/install_update/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to install a single update 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - install 14 | - update 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/swap_firmware/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to swap appliance firmware 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - swap 14 | - firmware 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /fed/create_federations/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create federations 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - federation 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /web/export_sso_keys/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to export a sso key files 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - export 14 | - sso_key 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /web/import_sso_keys/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to import a sso key files 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - import 14 | - sso_key 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /web/upload_ltpa_files/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to upload ltpa files 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - upload 14 | - ltpa_files 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/add_bonding_interfaces/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add an address to an interface 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - networking 14 | 15 | dependencies: 16 | - start_config -------------------------------------------------------------------------------- /base/backup_firmware/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to backup appliance firmware 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - backup 14 | - firmware 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/delete_interfaces/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add an address to an interface 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - networking 14 | 15 | dependencies: 16 | - start_config 17 | -------------------------------------------------------------------------------- /base/download_snapshots/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to download snapshots 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - download 14 | - snapshot 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/install_fixpacks/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to install multiple fixpacks 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - install 14 | - fixpack 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/set_host_records/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set host file entries 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - set 14 | - host_file 15 | 16 | dependencies: 17 | - start_config 18 | -------------------------------------------------------------------------------- /fed/configure_sts_chains/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure STS chains 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - sts_chain 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /fed/get_federation_partners/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to get the federation partners 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - federation 14 | 15 | dependencies: 16 | - start_config 17 | -------------------------------------------------------------------------------- /fed/set_runtime_certificates/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to activate multiple modules in ISAM 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - activation 14 | 15 | dependencies: 16 | - start_config -------------------------------------------------------------------------------- /web/upload_dynurl_files/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to upload dynurl files 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - upload 14 | - dynurl_files 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/create_sysaccounts/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create system accounts 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - sysaccounts 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/get_certificate_databases/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to get the certificate databases 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - certificate 14 | 15 | dependencies: 16 | - start_config 17 | -------------------------------------------------------------------------------- /base/get_personal_certificates/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to get the personal certificates 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - certificate 14 | 15 | dependencies: 16 | - start_config 17 | -------------------------------------------------------------------------------- /base/get_signer_certificates/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to get the signer certificates 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - certificate 14 | 15 | dependencies: 16 | - start_config 17 | -------------------------------------------------------------------------------- /delete_junction/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to delete a junction 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - delete 14 | - web 15 | - junctions 16 | 17 | dependencies: 18 | - start_config 19 | -------------------------------------------------------------------------------- /aac/configure_mapping_rules/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure mapping rules 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - update 14 | - mapping_rules 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/generate_self_signed_certificates/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - self_signed_certificates 14 | - generate 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /import_ca_certs/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide a list of CA certs to import using a format like so: 2 | # import_ca_certs_certandlabel: 3 | # - { 'cert': "{{ end_directory }}/cacerts/xyz.cer", 'label': "Verisign CA"} 4 | 5 | # Chances are the CA certs may need to be loaded into pdsrv - but override as needed 6 | import_ca_certs_kdb_id: 'pdsrv' 7 | -------------------------------------------------------------------------------- /web/set_runtime_components/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set runtime components 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - set 14 | - runtime components 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/configure_user_registry/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure user registry 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - user_registry 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /add_reverseproxy_conf/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the name of the reverse proxy to update 2 | #add_reverseproxy_conf_reverseproxy_id: "default" 3 | 4 | # Provide entries in the following format. Create an array for each value to be updated. 5 | #add_reverseproxy_conf_entries: 6 | # - stanza_id: "server" 7 | # entries: [["worker-threads", "300"]] 8 | -------------------------------------------------------------------------------- /base/configure_dhcp/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure dhcp settings for an interface 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - dhcp 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/export_certificates/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to export certificates from databases 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - export 14 | - certificates 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/set_listening_interfaces/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set listening interfaces 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - set 14 | - listening_interfaces 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /fed/get_federations/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that gets all federations in an appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - federation 14 | - get 15 | 16 | dependencies: 17 | - start_config 18 | -------------------------------------------------------------------------------- /set_reverseproxy_conf/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the name of the reverse proxy to update 2 | #set_reverseproxy_conf_reverseproxy_id: "default" 3 | 4 | # Provide entries in the following format. Create an array for each value to be updated. 5 | #set_reverseproxy_conf_entries: 6 | # - stanza_id: "server" 7 | # entries: [["worker-threads", "300"]] 8 | -------------------------------------------------------------------------------- /web/update_jmt_files/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to update Junction Mapping Table (jmt) files 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - update 14 | - jmt_files 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /web/upload_jmt_files/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to upload Junction Mapping Table (jmt) files 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - upload 14 | - jmt_files 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/configure_interfaces/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure addresses to an interface 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.5 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - networking 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/extract_certificates/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to extract certificates from database 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - extract 14 | - certificates 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /config_dns/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Override the values provided here as needed in group_vars or when invoking this role 2 | config_dns_primaryServer : null 3 | config_dns_secondaryServer : null 4 | config_dns_tertiaryServer : null 5 | config_dns_auto : False 6 | config_dns_autoFromInterface : null 7 | config_dns_searchDomains : null 8 | -------------------------------------------------------------------------------- /fed/create_federation_partners/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create federation partners 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - federation_partner 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /web/create_reverseproxy_instances/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create reverse proxy instance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - reverse_proxy 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /web/upload_runtime_components/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to upload runtime components 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - upload 14 | - runtime components 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/configure_access_control_policies/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to confiure access control policies 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - policies 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/configure_server_connections/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure server connections 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - server_connection 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/change_admin_password/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to change password of appliance admin user 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - change 14 | - password 15 | 16 | dependencies: 17 | - start_config 18 | -------------------------------------------------------------------------------- /base/import_signer_certificates/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to import signer certificates 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - import 14 | - signer_certificates 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/upload_signer_certificates/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to upload signer certificates 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - upload 14 | - signer_certificates 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /fed/configure_sts_chain_templates/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure STS chain templates 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - sts_chain_template 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /start_config/filter_plugins/exclude.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from ansible import errors 4 | 5 | def exclude(a, b): 6 | temp = a.copy() 7 | if isinstance(a,dict): 8 | temp.pop(b, None) 9 | return temp 10 | class FilterModule(object): 11 | def filters(self): 12 | return { 13 | 'exclude': exclude 14 | } -------------------------------------------------------------------------------- /web/upload_management_root_files/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to upload management root files 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - upload 14 | - management_root_file 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/create_api_protection_clients/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create api protection clients 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - api_protection_clients 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/create_authentication_policies/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create authentication policies 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - authentication_policy 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/update_api_protection_clients/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to update api protection clients 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - api_protection_clients 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/configure_runtime_tunings/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure runtime tuning parameters 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - runtime_tuning 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/externalize_hvdb/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to externalize HVDB 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - Database 14 | - externalize 15 | - DB2 16 | - Oracle 17 | 18 | dependencies: 19 | - start_config 20 | -------------------------------------------------------------------------------- /update_management_ssl_cert/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the following values for this role to work 2 | # update_management_ssl_cert_cert 3 | # update_management_ssl_cert_pwd 4 | 5 | # roles : 6 | # - role: update_management_ssl_cert 7 | # update_management_ssl_cert_cert : "somekeystore.p12" 8 | # update_management_ssl_cert_pwd : "somekeystorepassword" -------------------------------------------------------------------------------- /web/configure_management_root/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configuration of management root content 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - upload 14 | - management_root 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /web/configure_reverseproxy_instances/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure reverse proxy instances 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - reverse_proxy 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /web/configure_runtime_components/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure runtime components 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - runtime components 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /web/restart_reverseproxy_instance/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to restart reverse proxy instance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - restart 14 | - reverseproxy_instance 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/configure_access_control_attributes/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to confiure access control attributes 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - attributes 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/export_runtime_template_root/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to export runtime template root content 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - export 14 | - runtime_template_root 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/update_advanced_configurations/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to update advanced configurations 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - update 14 | - advanced_configurations 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/load_signer_certificates/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to load a signer certificate into a certificate store 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - load_signer_certificates 14 | 15 | dependencies: 16 | - start_config -------------------------------------------------------------------------------- /bootstrap_local/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for isam-local-bootstrap 3 | BS_vm_cpu_count: 2 4 | BS_vm_ram_size: 4096 5 | BS_vm_hdd_size: 50 6 | BS_vm_nic_count: 3 7 | BS_vm_netmask: 255.255.255.0 8 | BS_vm_default_gw: 192.168.42.2 9 | BS_vm_path_root: '/Users/mlu/VMs' 10 | BS_appliance_iso: "/Users/mlu/Products/SAM/isam_9.0.0.1_20151209-2309.iso" 11 | -------------------------------------------------------------------------------- /web/configure_federated_directories/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure federated directories 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - federated directories 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /web/configure_policyserver/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that configures a Policy Server 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - web 14 | - runtime 15 | - policyserver 16 | 17 | dependencies: 18 | - start_config 19 | -------------------------------------------------------------------------------- /web/execute_pdadmin/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that executes pdadmin commands against Policy Server 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - policy_server 14 | - pdadmin 15 | 16 | dependencies: 17 | - start_config 18 | -------------------------------------------------------------------------------- /web/import_certificate_mapping_files/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to import certificate mapping files 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - import 14 | - certificate_mappings 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /web/upload_http_transformation_files/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to upload HTTP transformation files 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - upload 14 | - http_tranformation 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/configure_api_protection_clients/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add or update api protection clients 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - api_protection_clients 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/create_api_protection_definitions/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create api protection definition 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - api_protection_definition 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/create_authentication_mechanisms/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create authentication mechanisms 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - authentication_mechanism 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/create_ssl_certificate_databases/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create ssl certificate databases 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - ssl_certificate_databases 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /externalize_hvdb_db2/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Import CA certificates for HVDB Database 2 | - include: import_CA.yml 3 | 4 | # Configure external HVDB 5 | - include: config_external_hvdb.yml 6 | 7 | # Configure Advanced Tuning for faster/predictable DB2 failover 8 | - include: config_adv_tune_parms.yml 9 | 10 | # Commit all changes made to date 11 | - meta: flush_handlers 12 | -------------------------------------------------------------------------------- /set_rsyslog_forwarder_sources/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # This is a required value 2 | #set_rsyslog_forwarder_sources_server: 3 | set_rsyslog_forwarder_sources_port : 514 4 | set_rsyslog_forwarder_sources_protocol: 'udp' 5 | # Need the following for this role to work 6 | #set_rsyslog_forwarder_sources 7 | # - name: 8 | # tag: 9 | # facility: 10 | # severity: 11 | -------------------------------------------------------------------------------- /update_reverseproxy_conf/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the name of the reverse proxy to update 2 | #update_reverseproxy_conf_reverseproxy_id: "default" 3 | 4 | # Provide entries in the following format. Create an array for each value to be updated. 5 | #update_reverseproxy_conf_entries: 6 | # - stanza_id: "server" 7 | # entry_id: "worker-threads" 8 | # value_id: "301" 9 | -------------------------------------------------------------------------------- /web/configure_reverseproxy_junctions/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure reverse proxy junctions 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - reverse_proxy_junctions 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/configure_api_protection_definitions/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create api protection definition 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - create 14 | - api_protection_definition 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/configure_authentication_policies/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure authentication policies 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - authentication_policies 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/configure_runtime_template_root/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure runtime template root content 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - runtime_template_root 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/create_user_registry_user/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that creates an embedded ldap user 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.6 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - password 14 | - user_registry 15 | - create 16 | 17 | dependencies: 18 | - start_config 19 | -------------------------------------------------------------------------------- /aac/disable_all_authentication_policies/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to disable all authentication policies 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - disable 14 | - authentication_policies 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/configure_access_control_policy_resources/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to confiure access control policy resources 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - policy_resources 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/configure_authentication_mechanisms/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure authentication mechanisms 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - authentication_mechanisms 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /aac/set_accesscontrol_policies/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure authentication policies 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.5 9 | 10 | galaxy_tags: 11 | - v1.0.0 12 | - isam 13 | - ibm 14 | - configure 15 | - accesscontrol_policies 16 | 17 | dependencies: 18 | - start_config -------------------------------------------------------------------------------- /base/configure_advanced_tuning_parameters/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure advanced tuning parameters 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - advanced_tuning_parameter 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /import_management_root/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide Reverse Proxy instance name 2 | #import_management_root_instance_id: 3 | 4 | # Provide a list of file in management root to be updated 5 | #import_management_root_idandfilename: 6 | # - {id: "management/C/login.html", filename: "/mydir/local/login.html"} 7 | # - {id: "junction-root/favicon.ico", filename: "/mydir/local/favicon.ico"} -------------------------------------------------------------------------------- /aac/configure_access_control_policy_attachments/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to confiure access control policy attachments 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - configure 14 | - policy_attachments 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /base/import_personal_certificates/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to import a personal certificate into a certificate store 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - import 14 | - personal_certificates 15 | 16 | dependencies: 17 | - start_config -------------------------------------------------------------------------------- /set_current_point_of_contact/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the following values for the role to work, policy can be extracted using LMI 2 | #set_current_point_of_contact_name: 3 | 4 | # Default Options for name are: 5 | # Access Manager Credential 6 | # Access Manager Username and extended attributes 7 | # Non-Access Manager Username, Access Manager groups and extended attributes -------------------------------------------------------------------------------- /execute_isamcfg/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Configure AAC - steps may vary if you want different options 2 | # Assumptions: RP created with a known common root 3 | 4 | - include: aac_cert_setup.yml 5 | - include: acl_pops.yml 6 | - include: junction.yml 7 | - include: rp_config_adds.yml 8 | - include: rp_config_updates.yml 9 | 10 | # Commit all changes made until now 11 | - meta: flush_handlers -------------------------------------------------------------------------------- /bootstrap_local/vars/Darwin.yml: -------------------------------------------------------------------------------- 1 | BS_vmrun: '/Applications/VMware\ Fusion.app/Contents/Library/vmrun' 2 | BS_vmrunflags: '-T fusion' 3 | BS_vmdiskmgr: '/Applications/VMware\ Fusion.app/Contents/Library/vmware-vdiskmanager' 4 | BS_vm_dir_suffix: '.vmwarevm' 5 | BS_mkisofs: '/Applications/VMware\ Fusion.app/Contents/Library/mkisofs' 6 | BS_mkisoflags: '-joliet -rock -o' 7 | BS_os: 'OSX' 8 | BS_tmpdir: '/tmp' 9 | -------------------------------------------------------------------------------- /fed/configure_instance_federations/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to import personal certificates to a keystore 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - certificates 14 | - import 15 | - personal_certificates 16 | 17 | dependencies: 18 | - start_config 19 | -------------------------------------------------------------------------------- /web/configure_reverseproxy_instances/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of reverse proxy instances 2 | instances: [] 3 | 4 | # variables to control whether to configure one instance and/or a specific stanza at a time or everything from the configurations 5 | inst_name: "{{ item.0.inst_name }}" 6 | stanza_id: "{{ item.1.stanza_id }}" 7 | method: "{{ item.1.method }}" 8 | entry_name: "" 9 | -------------------------------------------------------------------------------- /aac/get_accesscontrol_configuration/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to get access control policies and stuff 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.5 9 | 10 | galaxy_tags: 11 | - v1.0.0 12 | - isam 13 | - ibm 14 | - configure 15 | - access_control_policies 16 | - aac 17 | 18 | dependencies: 19 | - start_config -------------------------------------------------------------------------------- /web/set_embedded_ldap_admin_pw/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that sets password for embedded ldap admin user 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | 10 | galaxy_tags: 11 | - isam 12 | - ibm 13 | - password 14 | - embedded_ldap 15 | - admin_user 16 | - set 17 | 18 | dependencies: 19 | - start_config 20 | -------------------------------------------------------------------------------- /config_fed_dir/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Create a certificate database for the federated directory CAs and populate with CA 2 | - include: cert_db.yml 3 | # Configure the federated directory into Web Runtime ldap.conf 4 | - include: config_fed_dir.yml 5 | # Setup Basic User Configuration - recommended but optional 6 | - include: config_basic_user.yml 7 | 8 | # Commit Runtime changes 9 | - meta: flush_handlers 10 | -------------------------------------------------------------------------------- /fed/configure_sts_chains/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for configuration of sts chains 2 | sts_chains: [] 3 | 4 | # Default variables to filter at runtime for specific conditions 5 | name: "{{ item.name }}" 6 | chainName: "{{ item.chainName }}" 7 | requestType: "{{ item.requestType }}" 8 | issuer: 9 | address: "{{ item.issuer.address }}" 10 | appliesTo: 11 | address: "{{ item.appliesTo.address }}" -------------------------------------------------------------------------------- /install_license/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Import the product support license for the version of ISAM 2 | # The product support license can be obtained from IBM Security Systems 3 | # License Key Center at https://ibmss.flexnetoperations.com. 4 | 5 | # Comment to be used for creating a snapshot file 6 | install_license_comment: "Automated Snapshot Before Installing Product Support License" 7 | install_license_file: null 8 | -------------------------------------------------------------------------------- /upload_ltpa_key/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the id and filename of the LTPA keys to upload 2 | # ltpa_keys: 3 | # - ltpa_key_id: "LTPA Key 1" 4 | # ltpa_key_keyfile: "ltpa-keyfile-1" 5 | # - ltpa_key_id: "LTPA Key 2" 6 | # ltpa_key_keyfile: "ltpa-keyfile-2" 7 | 8 | # Comment to be used for creating a snapshot file 9 | upload_ltpa_key_comment: "Automated Snapshot Before Uploading LTPA Keys" 10 | -------------------------------------------------------------------------------- /delete_reverseproxy_conf/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the name of the reverse proxy to update 2 | #delete_reverseproxy_conf_reverseproxy_id: "default" 3 | 4 | # Provide entries in the following format. Create an array for each value to be updated. 5 | #delete_reverseproxy_conf_entries: 6 | # - stanza_id: "server" 7 | # entry_id: "worker-threads" 8 | # value_id: "301" 9 | # Note: value_id could be left out for entries. -------------------------------------------------------------------------------- /aac/set_accesscontrol_policyattachment/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure authentication policies 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.5 9 | 10 | galaxy_tags: 11 | - v1.0.0 12 | - isam 13 | - ibm 14 | - configure 15 | - accesscontrol_policies 16 | - accesscontrol_policy_attachments 17 | 18 | dependencies: 19 | - start_config -------------------------------------------------------------------------------- /create_mgmt_root_file/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide Reverse Proxy instance name 2 | #create_mgmt_root_file_instance_id: 3 | 4 | # Provide details of file to be created 5 | #create_mgmt_root_file_id: 'junction-root' 6 | #create_mgmt_root_file_name: 'test.html' 7 | #create_mgmt_root_file_contents: "{{ lookup('file', '/ansible/isam-setup-playbook/inventories/test/group_vars/restricted_nodes/junction-root/test.html') | replace('\n', '') }}" 8 | -------------------------------------------------------------------------------- /first_steps/defaults/main.yml: -------------------------------------------------------------------------------- 1 | lmi_port: 443 2 | username: admin 3 | password: admin 4 | log_level: INFO 5 | force: false 6 | 7 | # LMI FIPS options 8 | FIPS_cfg: { fipsEnabled: true, tlsv10Enabled: false, tlsv11Enabled: true } 9 | fips_restart_wait_time: 1 10 | 11 | lmi_session_timeout: 720 12 | 13 | # Override this setting if you do not want FIPS mode to be turned on 14 | first_steps_fips: True 15 | first_steps_admin_pwd: True -------------------------------------------------------------------------------- /config_policy_attachments/defaults/main.yml: -------------------------------------------------------------------------------- 1 | #config_policy_attachments_server: 2 | #config_policy_attachments_resourceUri: 3 | 4 | # Note: Please input policies with policy names (it will be converted to id's), like so: 5 | # [{'name': '', 'type': 'policy'}, {'name': '', 'type': 'policyset'}] 6 | config_policy_attachments_policies: [] 7 | config_policy_attachments_policyCombiningAlgorithm: null 8 | -------------------------------------------------------------------------------- /add_static_route/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # At a minimum provide the following 2 | # add_static_route_address: 'default' 3 | 4 | # Override the rest as needed 5 | add_static_route_enabled: True 6 | add_static_route_maskOrPrefix: null 7 | add_static_route_gateway: null 8 | add_static_route_label: null 9 | add_static_route_vlanId: null 10 | add_static_route_metric: null 11 | add_static_route_comment: '' 12 | add_static_route_table: null -------------------------------------------------------------------------------- /create_snapshot/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Snapshot of Appliance 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action : ibmsecurity.isam.base.snapshots.create 10 | isamapi: 11 | comment : "{{ create_snapshot_comment }}" 12 | -------------------------------------------------------------------------------- /base/first_steps/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | lmi_port: 443 3 | username: admin 4 | password: admin 5 | log_level: INFO 6 | force: false 7 | 8 | # LMI FIPS options 9 | FIPS_cfg: { fipsEnabled: true, tlsv10Enabled: false, tlsv11Enabled: true } 10 | fips_restart_wait_time: 1 11 | 12 | lmi_session_timeout: 720 13 | 14 | # Override this setting if you do not want FIPS mode to be turned on 15 | first_steps_fips: True 16 | first_steps_admin_pwd: True -------------------------------------------------------------------------------- /first_steps/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that executes first steps on an appliance that has just been built 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.8 9 | 10 | platforms: 11 | - name: EL 12 | versions: 13 | - 8 14 | - 7 15 | - 6 16 | 17 | galaxy_tags: 18 | - isam 19 | - ibm 20 | 21 | dependencies: 22 | - start_config 23 | -------------------------------------------------------------------------------- /delete_ca_certs/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide a list of CA certs IDs to delete using a format like so: 2 | # delete_ca_certs: 3 | # - 'Thawte Primary Root CA' 4 | # - 'VeriSign Class 1 Public Primary Certification Authority' 5 | # - 'DeleteMe CA' 6 | 7 | # The above IDs show as "label" when viewed using the LMI. 8 | 9 | # Chances are the CA certs may need to be loaded into pdsrv - but override as needed 10 | delete_ca_certs_kdb_id: 'pdsrv' 11 | -------------------------------------------------------------------------------- /set_auth_policy/defaults/main.yml: -------------------------------------------------------------------------------- 1 | #set_auth_policy_name: 2 | #set_auth_policy_uri: 3 | # Create a policy using LMI and export the XML file created for use in following parameter 4 | #set_auth_policy_policy_file: 5 | set_auth_policy_description: "" 6 | # This value should not change for the most part 7 | set_auth_policy_dialect: "urn:ibm:security:authentication:policy:1.0:schema" 8 | # New for ISAM v9.0.2.1, set enabled flag for policy 9 | set_auth_policy_enabled: null -------------------------------------------------------------------------------- /get_fixpack/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Get Fixpacks 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.base.fixpack.get 10 | register: ret_obj 11 | 12 | - name: Set variable for use by rest of playbook 13 | set_fact: 14 | fixpack_ret_obj: "{{ ret_obj }}" -------------------------------------------------------------------------------- /set_access_control_policy/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the following values for the role to work, policy can be extracted using LMI 2 | #set_access_control_policy_name: 3 | #set_access_control_policy_policy: 4 | #set_access_control_policy_attributesrequired: 5 | set_access_control_policy_description: "" 6 | set_access_control_policy_dialect: "urn:oasis:names:tc:xacml:2.0:policy:schema:os" 7 | set_access_control_policy_predefined: False 8 | set_access_control_policy_new_name: null 9 | -------------------------------------------------------------------------------- /add_network_ipv4/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # The following need to be provided for role to work 2 | # Example: 3 | # add_network_ipv4_label: "1.2" 4 | # add_network_ipv4_address: "192.168.100.10" 5 | # add_network_ipv4_maskOrPrefix: "255.255.255.0" or "24" 6 | 7 | # Default values for adding an ipv4 address - override as needed 8 | add_network_ipv4_allowManagement: False 9 | add_network_ipv4_enabled: True 10 | add_network_ipv4_overrideSubnetChecking: False 11 | add_network_ipv4_vlanId: null -------------------------------------------------------------------------------- /base/activate_modules/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide valid module identifiers - they can be wga, mga or federation 2 | # activate_module_id: 'wga' 3 | 4 | # Provide the activation code for the version of ISAM 5 | # The activation code can be read from the activation files downloaded from 6 | # IBM Passport Advantage 7 | # activate_module_code: 'xxxx-xxxx-xxxx...' 8 | 9 | # Comment to be used for creating a snapshot file 10 | activate_module_comment: "Automated Snapshot Before Activating" -------------------------------------------------------------------------------- /config_ntp/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Configure NTP 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.base.date_time.set 10 | isamapi: 11 | timeZone : "{{ config_ntp_timeZone }}" 12 | ntpServers : "{{ config_ntp_ntp_servers }}" 13 | notify: Commit Changes 14 | -------------------------------------------------------------------------------- /config_reverseproxy_aac/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Please provide the following variable at the very minimum 2 | #config_reverseproxy_aac_instance_id: 3 | 4 | # The following should be overriden as needed 5 | config_reverseproxy_aac_hostname: "localhost" 6 | config_reverseproxy_aac_port: 443 7 | config_reverseproxy_aac_username: "easuser" 8 | config_reverseproxy_aac_password: "passw0rd" 9 | config_reverseproxy_aac_reuse_certs: False 10 | config_reverseproxy_aac_reuse_acls: False 11 | -------------------------------------------------------------------------------- /fed/set_runtime_certificates/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide valid module identifiers - they can be wga, mga or federation 2 | # activate_module_id: 'wga' 3 | 4 | # Provide the activation code for the version of ISAM 5 | # The activation code can be read from the activation files downloaded from 6 | # IBM Passport Advantage 7 | # activate_module_code: 'xxxx-xxxx-xxxx...' 8 | 9 | # Comment to be used for creating a snapshot file 10 | activate_module_comment: "Automated Snapshot Before Activating" -------------------------------------------------------------------------------- /gen_report/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Generate Report using template {{ gen_report_template }} 2 | template: 3 | src : "{{ role_path }}/files/{{ gen_report_template }}" 4 | dest: "{{ gen_report_dir }}/{{ gen_report_template.partition('.')[0] }}_{{ ansible_date_time.date }}-{{ ansible_date_time.hour }}-{{ ansible_date_time.minute }}-{{ ansible_date_time.second }}.html" 5 | run_once: True 6 | changed_when: False 7 | when: gen_report_template is defined and gen_report_dir is defined 8 | -------------------------------------------------------------------------------- /get_firmware/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Get Firmware Level 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.base.firmware.get 10 | register: ret_obj 11 | 12 | - name: Set variable for use by rest of playbook 13 | set_fact: 14 | firmware_ret_obj: "{{ ret_obj }}" -------------------------------------------------------------------------------- /switch_auth/tasks/mgmt_authz.yml: -------------------------------------------------------------------------------- 1 | - name: Enable Management Authorization (Role Based Access) 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.base.management_authorization.config.set 10 | isamapi: 11 | enforcing: "{{ switch_auth_enable }}" 12 | notify: Commit Changes 13 | -------------------------------------------------------------------------------- /activate_module/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide valid module identifiers - they can be wga, mga or federation 2 | # activate_module_id: 'wga' 3 | 4 | # Provide the activation code for the version of ISAM 5 | # The activation code can be read from the activation files downloaded from 6 | # IBM Passport Advantage 7 | # activate_module_code: 'xxxx-xxxx-xxxx...' 8 | 9 | # Comment to be used for creating a snapshot file 10 | activate_module_comment: "Automated Snapshot Before Activating {{ activate_module_id }}" -------------------------------------------------------------------------------- /base/first_steps/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Use base/first_steps instead 3 | # 4 | galaxy_info: 5 | author: IBM 6 | description: Role that executes first steps on an appliance that has just been built 7 | company: IBM 8 | 9 | license: Apache 10 | 11 | min_ansible_version: 2.7 12 | 13 | platforms: 14 | - name: EL 15 | versions: 16 | - 8 17 | - 7 18 | - 6 19 | 20 | galaxy_tags: 21 | - isam 22 | - ibm 23 | 24 | dependencies: 25 | - start_config 26 | -------------------------------------------------------------------------------- /get_federation/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Get all Federations 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.fed.federations.get_all 10 | register: ret_obj 11 | 12 | - name: Set variable for use by rest of playbook 13 | set_fact: 14 | federation_ret_obj: "{{ ret_obj }}" -------------------------------------------------------------------------------- /set_ldap_user_attr/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for set_ldap_user_attr 3 | # modify ldap 4 | - name: modify user LDAP attributes 5 | ldap_attr: 6 | dn: "{{ item.0.dn }}" 7 | name: "{{ item.1.name }}" 8 | values: "{{ item.1.values }}" 9 | state: "{{ ldap_state }}" 10 | server_uri: "{{ ldap_server_uri }}" 11 | bind_dn: "{{ ldap_bind_dn }}" 12 | bind_pw: "{{ ldap_bind_pw }}" 13 | with_subelements: 14 | - "{{ ldap_user_attributes }}" 15 | - attributes 16 | -------------------------------------------------------------------------------- /add_sysaccount_group/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Create LMI system account group 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.base.sysaccount.groups.create 10 | isamapi: 11 | id : "{{ add_sysaccount_group }}" 12 | when: add_sysaccount_group is defined 13 | notify: Commit Changes 14 | -------------------------------------------------------------------------------- /fed/get_federations/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Get all the federations 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.fed.federations.get_all 10 | register: ret_obj 11 | 12 | - name: Set variable for use by rest of playbook 13 | set_fact: 14 | get_federations_ret_obj: "{{ ret_obj['data'] }}" -------------------------------------------------------------------------------- /set_advanced_tuning_parameter/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the name and value of the advanced tuning parameters 2 | # advanced_tuning_parameters: 3 | # - advanced_tuning_parameter_key: "Key 1" 4 | # advanced_tuning_parameter_value: "Value 1" 5 | # - advanced_tuning_parameter_key: "Key 2" 6 | # advanced_tuning_parameter_value: "Value 2" 7 | 8 | # Comment to be used for creating a snapshot file 9 | set_advanced_tuning_parameter_comment: "Automated Snapshot Before Setting Advanced Tuning Parameters" 10 | -------------------------------------------------------------------------------- /get_reverseproxies/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Get Reverse Proxies 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.web.reverse_proxy.instance.get 10 | register: ret_obj 11 | 12 | - name: Set variable for use by rest of playbook 13 | set_fact: 14 | reverseproxy_ret_obj: "{{ ret_obj }}" -------------------------------------------------------------------------------- /aac/get_mapping_rules/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Get all mapping rules and register the mapping_rules_obj, to use in other roles/playbooks 2 | --- 3 | - name: Get all Mapping Rules 4 | isam: 5 | appliance: "{{ inventory_hostname }}" 6 | username: "{{ username }}" 7 | password: "{{ password }}" 8 | lmi_port: "{{ lmi_port }}" 9 | log: "{{ log_level }}" 10 | force: "{{ force }}" 11 | action: ibmsecurity.isam.aac.mapping_rules.get_all 12 | isamapi: 13 | register: mapping_rules_obj 14 | -------------------------------------------------------------------------------- /aac/create_obligation/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for creation of obligations 2 | authentication_obligations: [] 3 | 4 | # Example 5 | #authentication_obligations: 6 | # - name : "obligation" 7 | # description : "some obligation" 8 | # obligationURI: "urn:ibm:obligation:myobligation" 9 | # These are optional parameters: 10 | # parameters : [] 11 | # type : 'Obligation' 12 | # typeId : '1' 13 | # properties : [] 14 | # new_name : "new_obiligation_name" 15 | -------------------------------------------------------------------------------- /aac/create_attribute/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables for creation of attributes 2 | accesscontrol_attributes: [] 3 | # 4 | # Example: 5 | # - name: "someAttribute" 6 | # predefined:false 7 | # description:"" 8 | # attributeURI: "someAttribute" 9 | # type: 10 | # policy: true 11 | # risk: false 12 | # issuer: "" 13 | # datatype: String 14 | # category: Subject 15 | # matcher: 1 16 | # storageDomain: 17 | # device: false 18 | # session: false 19 | # behavior: false 20 | 21 | -------------------------------------------------------------------------------- /export_cluster_sign/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Export cluster signature from Primary appliance 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.base.cluster.signature.export 10 | isamapi: 11 | filename: "{{ export_cluster_sign_filename }}" 12 | when: export_cluster_sign_filename is defined 13 | -------------------------------------------------------------------------------- /set_network_ipv4_dhcp/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # The following need to be provided for role to work 2 | # Example: 3 | # set_network_ipv4_dhcp_label: "1.2" 4 | 5 | # Default values for updating DHCP - override as needed 6 | set_network_ipv4_dhcp_allowManagement: False 7 | set_network_ipv4_dhcp_enabled: False 8 | set_network_ipv4_dhcp_vlanId: null 9 | set_network_ipv4_dhcp_routeMetric: null 10 | set_network_ipv4_dhcp_providesDefaultRoute: False 11 | 12 | set_network_ipv4_dhcp_comment: 'Execute Snapshot as Backup - before updating DHCP' -------------------------------------------------------------------------------- /set_rsyslog_forwarder/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # This is a required value 2 | #set_rsyslog_forwarder_server: 3 | set_rsyslog_forwarder_port : 514 4 | set_rsyslog_forwarder_protocol: 'udp' 5 | set_rsyslog_forwarder_debug : False 6 | set_rsyslog_forwarder_keyfile : null 7 | set_rsyslog_forwarder_ca_certificate: null 8 | set_rsyslog_forwarder_client_certificate: null 9 | set_rsyslog_forwarder_permitted_peers: null 10 | # The following will be hardcoded - use another role to set sources 11 | #set_rsyslog_forwarder_sources : [] 12 | 13 | -------------------------------------------------------------------------------- /add_suffix/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Add a Suffix to Embedded LDAP - {{ add_suffix_name }} 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.web.embedded_ldap.suffix.add 10 | isamapi: 11 | name: "{{ add_suffix_name }}" 12 | when: add_suffix_name is defined 13 | notify: 14 | - Commit Changes 15 | -------------------------------------------------------------------------------- /get_fixpack/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that gets fixpacks 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - fixpack 26 | - get 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /sanity_checks/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that iexecutes sanity checks on the appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | 26 | dependencies: 27 | - start_config 28 | -------------------------------------------------------------------------------- /set_ldap_root_pw/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Change Embedded LDAP cn=root password 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.web.embedded_ldap.admin.set_pw 10 | isamapi: 11 | password: "{{ set_ldap_root_pw_password }}" 12 | when: set_ldap_root_pw_password is defined 13 | notify: Commit Changes -------------------------------------------------------------------------------- /activate_module/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to activate a module in ISAM 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - activation 26 | 27 | dependencies: 28 | - start_config 29 | -------------------------------------------------------------------------------- /install_license/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IFC 3 | description: Role to import license support in ISAM 4 | company: IFC 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - license 26 | 27 | dependencies: 28 | - start_config 29 | -------------------------------------------------------------------------------- /set_dsc_config/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to Configure DSC 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - dsc 26 | - configuration 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /config_snmp_monitoring/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Configure SNMP Monitoring v1/2C 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.base.snmp_monitoring.set_v1v2 10 | isamapi: 11 | community: "{{ config_snmp_monitoring_community }}" 12 | port : "{{ config_snmp_monitoring_port }}" 13 | notify: Commit Changes 14 | -------------------------------------------------------------------------------- /create_keystore/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create a keystore 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - create 26 | - keystore 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /create_snapshot/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create a snapshot 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - snapshot 26 | - create 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /get_firmware/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that gets firmware level 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - firmware 26 | - get 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /search_attribute_source/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Search for an Attribute Source 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.fed.attribute_source.search 10 | isamapi: 11 | name: "{{ search_attribute_source_name }}" 12 | when: search_attribute_source_name is defined 13 | register: search_attribute_source_register 14 | -------------------------------------------------------------------------------- /search_mapping_rule/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Search for a Mapping Rule 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.aac.mapping_rules.search 10 | isamapi: 11 | name: "{{ search_mapping_rule_name }}" 12 | when: search_mapping_rule_name is defined 13 | register: "{{ search_mapping_rule_register }}" 14 | -------------------------------------------------------------------------------- /set_federation/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that sets a Federation 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - federation 26 | - set 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /add_network_ipv4/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add an ipv4 address to an interface 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - networking 26 | 27 | dependencies: 28 | - start_config 29 | -------------------------------------------------------------------------------- /config_dns/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure DNS for an appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - networking 26 | - dns 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /config_ntp/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure NTP for an appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - networking 26 | - ntp 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /start_config/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that includes Custom Modules and checks for connectivity and uncommited changes 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | 26 | dependencies: [] 27 | -------------------------------------------------------------------------------- /execute_pdadmin/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide a list of pdadmin commands to execute 2 | #execute_pdadmin_commands: 3 | # - "acl show default-management" 4 | # - "user list * 10" 5 | 6 | # Use a command like so to populate commands from a file - "cmd_file" 7 | #execute_pdadmin_commands: "{{ lookup('file', cmd_file) }}" 8 | 9 | # Provide ISAM credentials used to run PDAdmin commands 10 | #execute_pdadmin_isamuser: "sec_master" 11 | #execute_pdadmin_isampwd: "passw0rd" 12 | 13 | # Use Default domain, override as needed 14 | execute_pdadmin_domain: "Default" -------------------------------------------------------------------------------- /set_cluster_config/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to Configure cluster 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - cluster 26 | - configuration 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /set_keystore_desc/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set keystore description 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - keystore 26 | - description 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /upload_mapping_rule/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to upload mapping rule 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - ibm 24 | - upload 25 | - aac 26 | - mappingrule 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /add_federation/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that adds a Federation SAML or OIDC 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - federation 26 | - add 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /set_access_policy/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set access policy 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - set 26 | - aac 27 | - accesspolicy 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_admin_pw/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Change "admin" password 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ old_password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.base.admin.set_pw 10 | isamapi: 11 | oldPassword: "{{ old_password }}" 12 | newPassword: "{{ password }}" 13 | ignore_errors: true 14 | when: old_password is defined 15 | notify: Commit Changes 16 | -------------------------------------------------------------------------------- /set_mapping_rule/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set mapping rule 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - set 26 | - aac 27 | - mappingrule 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_network_ipv4_dhcp/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to update DHCP for an interface 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - networking 26 | - dhcp 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /upload_ltpa_key/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to upload one or more LTPA keys to ISAM 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - ltpa 26 | - upload 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /web/upload_kerberos_keytab_files/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to upload keytab files 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.7 9 | 10 | platforms: 11 | - name: Fedora 12 | versions: 13 | - 30 14 | - 29 15 | - 28 16 | - 27 17 | - name: EL 18 | versions: 19 | - 8 20 | - 7 21 | - 6 22 | 23 | galaxy_tags: 24 | - isam 25 | - ibm 26 | - upload 27 | - keytab 28 | 29 | dependencies: 30 | - start_config -------------------------------------------------------------------------------- /aac/create_obligation/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create obligations 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.7 9 | 10 | platforms: 11 | - name: Fedora 12 | versions: 13 | - 30 14 | - 29 15 | - 28 16 | - 27 17 | - name: EL 18 | versions: 19 | - 8 20 | - 7 21 | - 6 22 | 23 | galaxy_tags: 24 | - isam 25 | - ibm 26 | - create 27 | - authenticationpolicy 28 | 29 | dependencies: 30 | - start_config -------------------------------------------------------------------------------- /aac/set_access_policies/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to upload access policies 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.5 9 | 10 | platforms: 11 | - name: Fedora 12 | versions: 13 | - 30 14 | - 29 15 | - 28 16 | - 27 17 | - name: EL 18 | versions: 19 | - 8 20 | - 7 21 | - 6 22 | 23 | galaxy_tags: 24 | - isam 25 | - ibm 26 | - configure 27 | - accesspolicies 28 | 29 | dependencies: 30 | - start_config -------------------------------------------------------------------------------- /add_oauth_client/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add API Protection Client (for OAuth 2.0) 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - oauth 26 | - add 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /add_suffix/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that adds a Suffix to Embedded LDAP 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - ldap 26 | - suffix 27 | - add 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /archive_logs/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide all of the following for this role to work 2 | 3 | # Use the following flags to control if logs are exported / deleted 4 | archive_logs_export: True 5 | archive_logs_delete: True 6 | 7 | # Default archival will execute for request logs 8 | # Provide the log name prefix all the way until the date/timestamp field 9 | archive_logs_filter: "request.log." 10 | 11 | # Directory to download the log files to 12 | archive_logs_directory: . 13 | 14 | # Provide number of days of logs to keep on appliance 15 | archive_logs_grace_days: 7 -------------------------------------------------------------------------------- /delete_activation/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to Delete an activated module in ISAM 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - activation 26 | - delete 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /delete_activation/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Delete {{ delete_activation_id }} Module - deactivate 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action : ibmsecurity.isam.base.activation.delete 10 | isamapi: 11 | id : "{{ delete_activation_id }}" 12 | when: delete_activation_id is defined 13 | notify: 14 | - Commit Changes 15 | - Reboot Appliance 16 | -------------------------------------------------------------------------------- /delete_ca_certs/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to delete CA certs from a keystore 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - certificates 26 | - import 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /execute_compare/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that compares all aspects of an appliance with a master 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - compare 26 | 27 | dependencies: 28 | - start_config 29 | -------------------------------------------------------------------------------- /get_federation/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that gets all federations in an appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - federation 26 | - get 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /import_ca_certs/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to import CA certs into a keystore 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - certificates 26 | - import 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /set_admin_pw/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that sets password for admin user 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - password 26 | - admin 27 | - set 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_host_records/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set host records in appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - networking 26 | - hostrecords 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /set_network_hostname/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Update Hostname for Appliance to {{ set_network_hostname_hostname }} 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.base.network.hostname.set 10 | isamapi: 11 | hostname: "{{ set_network_hostname_hostname }}" 12 | when: set_network_hostname_hostname is defined 13 | notify: Commit Changes 14 | -------------------------------------------------------------------------------- /set_oauth_client/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set API Protection Client (for OAuth 2.0) 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - oauth 26 | - set 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /upload_extension/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that uploads an Extension 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - extension 26 | - aac 27 | - upload 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /add_module_chain/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add a module chain to ISAM 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - sts 26 | - modulechain 27 | - add 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /add_oauth_definition/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add API Protection Definition (for OAuth 2.0) 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - oauth 26 | - add 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /add_partner/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that adds a Partner to a Federation 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - federation 26 | - partner 27 | - add 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /add_static_route/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that adds a static route 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - networking 26 | - staticroute 27 | - add 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /gen_report/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that generates reports uing the template module 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reports 26 | - generate 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /get_reverseproxies/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that gets reverse proxies from an appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - get 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /import_certificate_db/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IFC 3 | description: Role to import certificates database (kdb). 4 | company: IFC 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - kdb 26 | - certificate 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /import_url_mapping/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to upload url mapping (dynurl) 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - upload 26 | - web 27 | - dynurl 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_current_point_of_contact/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that sets a Point of Contact 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - pointofcontact 26 | - set 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /set_network_hostname/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to update the hostname of an appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - networking 26 | - hostname 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /set_oauth_definition/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set API Protection Definition (for OAuth 2.0) 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - oauth 26 | - set 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /set_partner/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that sets a Partner to a Federation 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - federation 26 | - partner 27 | - set 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_runtime_tuning_parameter/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the name and value of the runtime tuning parameters 2 | # runtime_tuning_parameters: 3 | # - runtime_tuning_parameter_option: "Option 1" 4 | # runtime_tuning_parameter_value: "Value 1" 5 | # - runtime_tuning_parameter_option: "Option 2" 6 | # runtime_tuning_parameter_value: "Value 2" 7 | 8 | # Set Comment to be used for creating a snapshot file, snapshot will be skipped unless comment is provided 9 | #set_runtime_tuning_parameter_comment: "Automated Snapshot Before Setting Runtime Tuning Parameters" 10 | -------------------------------------------------------------------------------- /update_network_ipv4/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to update an ipv4 address on an interface 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - networking 26 | - ipv4 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /aac/create_attribute/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create attribute 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.7 9 | 10 | platforms: 11 | - name: Fedora 12 | versions: 13 | - 30 14 | - 29 15 | - 28 16 | - 27 17 | - name: EL 18 | versions: 19 | - 8 20 | - 7 21 | - 6 22 | 23 | galaxy_tags: 24 | - isam 25 | - ibm 26 | - create 27 | - accesscontrol 28 | - attribute 29 | 30 | dependencies: 31 | - start_config -------------------------------------------------------------------------------- /add_chain_template/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add a chain template to ISAM 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - sts 26 | - chaintemplate 27 | - add 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /add_junction/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add a junction to a reverse proxy 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - junction 27 | - add 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /add_sysaccount_group/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that configures a sysaccount_group 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - web 26 | - runtime 27 | - policyserver 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /add_sysaccount_user/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that configures a sysaccount_user 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - web 26 | - runtime 27 | - policyserver 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /base/get_certificate_databases/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Get the certificate databases 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.base.ssl_certificates.certificate_databases.get_all 10 | register: ret_obj 11 | 12 | - name: set a fact to be used by other components 13 | set_fact: 14 | get_certificate_databases_ret_obj: "{{ ret_obj['data'] }}" 15 | -------------------------------------------------------------------------------- /config_snmp_monitoring/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to configure SNMP Monitoring for an appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - monitoring 26 | - snmp 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /import_client_cert_mapping/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to import Certificate Mapping Rule 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - certificates 26 | - import 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /set_admin_cfg/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that sets Admin Configuration (LMI) 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - lmi 26 | - configuration 27 | - set 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_auth_policy/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that sets a Authentication Policy 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - authentication 26 | - policy 27 | - set 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_junction/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set a junction to a reverse proxy 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - junction 27 | - set 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /add_attribute_source/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add one or more attribute sources to ISAM 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - attributesource 26 | - add 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /add_system_alerts_smtp/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that configures system alerts snmp 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - web 26 | - runtime 27 | - policyserver 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /add_system_alerts_snmp/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that adds system alerts snmp 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - web 26 | - runtime 27 | - policyserver 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /archive_logs/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that archives logs from a reverse proxy 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - log 27 | - archival 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /config_policyserver/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that configures a Policy Server 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - web 26 | - runtime 27 | - policyserver 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /execute_pdadmin/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that executes pdadmin commands against Policy Server 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - policyserver 26 | - pdadmin 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /import_http_transformation/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to import HTTP Transformation Rule 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - httptransformation 26 | - import 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /search_mapping_rule/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that searches for a Mapping Rule (for ID lookup) 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - mappingrule 26 | - search 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /set_advanced_tuning_parameter/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set one or more advanced tuning parameters in ISAM 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - advancedtuning 26 | 27 | dependencies: 28 | - start_config 29 | -------------------------------------------------------------------------------- /set_auth_mech/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that sets an Authentication Mechanism 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - authentication 26 | - mechanism 27 | - set 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_runtime_tuning_parameter/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set one or more runtime tuning parameters in ISAM 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - runtimetuning 26 | 27 | dependencies: 28 | - start_config 29 | -------------------------------------------------------------------------------- /add_system_alerts_rsyslog/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add an System Alert to Remote Syslog Server 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - monitoring 26 | - alerts 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /bootstrap_local/tests/ansible.cfg: -------------------------------------------------------------------------------- 1 | # config file for ansible -- http://ansible.com/ 2 | # ============================================== 3 | 4 | # nearly all parameters can be overridden in ansible-playbook 5 | # or with command line flags. ansible will read ANSIBLE_CONFIG, 6 | # ansible.cfg in the current working directory, .ansible.cfg in 7 | # the home directory or /etc/ansible/ansible.cfg, whichever it 8 | # finds first 9 | 10 | [defaults] 11 | 12 | # some basic default values... 13 | 14 | # additional paths to search for roles in, colon separated 15 | roles_path = ../../ 16 | -------------------------------------------------------------------------------- /externalize_hvdb_db2/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to externalize HVDB to a DB2 Database 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - database 26 | - externalize 27 | - db2 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /install_fixpack/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that will install a fixpack into an appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - fixpack 26 | - upgrade 27 | - install 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_rsyslog_forwarder/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set a Remote Syslog Forwarder 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - remote 26 | - syslog 27 | - forwarder 28 | 29 | dependencies: 30 | - start_config 31 | 32 | -------------------------------------------------------------------------------- /aac/delete_attribute/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to delete an access control attribute 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.7 9 | 10 | platforms: 11 | - name: Fedora 12 | versions: 13 | - 30 14 | - 29 15 | - 28 16 | - 27 17 | - name: EL 18 | versions: 19 | - 8 20 | - 7 21 | - 6 22 | 23 | galaxy_tags: 24 | - isam 25 | - ibm 26 | - delete 27 | - accesscontrol 28 | - attribute 29 | 30 | dependencies: 31 | - start_config -------------------------------------------------------------------------------- /config_reverseproxy_federation/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Please provide the following two variables at the very minimum 2 | #config_reverseproxy_federation_name: 3 | #config_reverseproxy_federation_instance_id: 4 | 5 | # The following shoul be overriden as needed 6 | config_reverseproxy_federation_hostname: "localhost" 7 | config_reverseproxy_federation_port: 443 8 | config_reverseproxy_federation_username: "easuser" 9 | config_reverseproxy_federation_password: "passw0rd" 10 | config_reverseproxy_federation_reuse_certs: True 11 | config_reverseproxy_federation_reuse_acls: True 12 | -------------------------------------------------------------------------------- /execute_rp_op/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to execute operation against reverse proxies in ISAM Appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - operation 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /fed/set_attribute_source/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add one or more attribute sources to ISAM 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.7 9 | 10 | platforms: 11 | - name: Fedora 12 | versions: 13 | - 30 14 | - 29 15 | - 28 16 | - 27 17 | - name: EL 18 | versions: 19 | - 8 20 | - 7 21 | - 6 22 | 23 | galaxy_tags: 24 | - isam 25 | - ibm 26 | - attributesource 27 | - set 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /import_runtime_template_file/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to import runtime template file 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - import 26 | - runtimetemplate 27 | - files 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /install_firmware/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that will install a firmware into and appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - firmware 26 | - upgrade 27 | - install 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_role_group/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set management authorization role group 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - set 26 | - base 27 | - managementauthorization 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_runtime_replication/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Set Web Runtime Replication Status in a cluster 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.web.runtime.replication.set 10 | isamapi: 11 | replicating: "{{ set_runtime_replication_replicating }}" 12 | when: set_runtime_replication_replicating is defined 13 | notify: 14 | - Commit Changes 15 | -------------------------------------------------------------------------------- /set_tcpip_tuning/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set TCP/IP Tunings recommended by IBM Support 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - networking 26 | - tcpip 27 | - tuning 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /update_auth_mech/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to update file in Management Root of Reverse Proxy 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - upload 26 | - aac 27 | - mappingrule 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /update_management_root/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide Reverse Proxy instance name 2 | #update_management_root_instance_id: 3 | 4 | # Provide a list of file in management root to be updated 5 | #update_management_root_idandfilename: 6 | # - {id: "management/C/login.html", filename: "/mydir/local/login.html"} 7 | # - {id: "junction-root/favicon.ico", filename: "/mydir/local/favicon.ico"} 8 | 9 | # Provide a management root zip filename (optional) 10 | #update_management_root_zip_filename: 11 | 12 | # Provide a list of locale to delete (optional) 13 | #update_management_root_locale_exclusion: -------------------------------------------------------------------------------- /update_network_interface_vlan/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to update a network interface vlan (use even if vlans do not exist) 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - networking 26 | 27 | dependencies: 28 | - start_config 29 | -------------------------------------------------------------------------------- /update_static_route/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that updated an existing static route 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - networking 26 | - staticroute 27 | - update 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /web/merge_keytabs/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to merge keytab files for krb5 kerberos 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.7 9 | 10 | platforms: 11 | - name: Fedora 12 | versions: 13 | - 30 14 | - 29 15 | - 28 16 | - 27 17 | - name: EL 18 | versions: 19 | - 8 20 | - 7 21 | - 6 22 | 23 | galaxy_tags: 24 | - isam 25 | - ibm 26 | - upload 27 | - keytab 28 | - krb5 29 | - krb 30 | 31 | dependencies: 32 | - start_config -------------------------------------------------------------------------------- /aac/disable_authentication_policies/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to disable authentication policies 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.5 9 | 10 | platforms: 11 | - name: Fedora 12 | versions: 13 | - 30 14 | - 29 15 | - 28 16 | - 27 17 | - name: EL 18 | versions: 19 | - 8 20 | - 7 21 | - 6 22 | 23 | galaxy_tags: 24 | - isam 25 | - ibm 26 | - disable 27 | - authenticationpolicies 28 | 29 | dependencies: 30 | - start_config -------------------------------------------------------------------------------- /add_runtime_listening_interface/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add one or more runtime listening interfaces in ISAM 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - runtimelisteninginterface 26 | 27 | dependencies: 28 | - start_config 29 | -------------------------------------------------------------------------------- /config_fed_dir/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role Configures federated directory 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - policyserver 26 | - federation 27 | - directory 28 | - config 29 | 30 | dependencies: 31 | - start_config 32 | -------------------------------------------------------------------------------- /search_attribute_source/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that searches for an Attribute Source (for ID lookup) 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - attributesource 26 | - search 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /set_audit_configuration/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set Audit Configuration for the appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - aac 26 | - auditconfiguration 27 | - set 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /update_network_interface_vlan/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # The following need to be provided for role to work 2 | # Example: 3 | # update_network_interface_vlan_label : "1.2" 4 | 5 | # Default values for updating an interface vlan - override as needed 6 | update_network_interface_vlan_name : "{{ update_network_interface_vlan_label }}" 7 | update_network_interface_vlan_comment : "" 8 | update_network_interface_vlan_enabled : True 9 | update_network_interface_vlan_vlanId : null 10 | update_network_interface_vlan_bondedTo : "" 11 | update_network_interface_vlan_bondingMode: null 12 | -------------------------------------------------------------------------------- /add_server_connection_ldap/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add a new LDAP server connection to ISAM 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - serverconnection 26 | - ldap 27 | - add 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /config_failover_cookie/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that creates and configured Reverse Proxy for failover cookies 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - failover 26 | - reverseproxy 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /config_policy_attachments/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that configures a Policy Attachments (CBA policies) 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - policy 26 | - attachments 27 | - cba 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /config_reverseproxy_oauth/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Please provide the following variable at the very minimum 2 | #config_reverseproxy_oauth_instance_id: 3 | 4 | # The following should be overriden as needed 5 | config_reverseproxy_oauth_hostname: "localhost" 6 | config_reverseproxy_oauth_port: 443 7 | config_reverseproxy_oauth_username: "easuser" 8 | config_reverseproxy_oauth_password: "passw0rd" 9 | config_reverseproxy_oauth_reuse_certs: False 10 | config_reverseproxy_oauth_reuse_acls: False 11 | config_reverseproxy_oauth_api: True 12 | config_reverseproxy_oauth_browser: True -------------------------------------------------------------------------------- /config_reverseproxy_oauth/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that configure a reverse proxy for OAuth 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - oauth 27 | - configuration 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /create_runtime_template_directories/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create template file directory 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - create 26 | - directory 27 | - templatefiles 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /get_junctions/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that gets junctions in a reverse proxies from an appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - junctions 27 | - get 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_cert_replication/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Set Certificate Keystore Replication Status in a cluster 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.base.ssl_certificates.replication.set 10 | isamapi: 11 | replicating: "{{ set_cert_replication_replicating }}" 12 | when: set_cert_replication_replicating is defined 13 | notify: 14 | - Commit Changes 15 | -------------------------------------------------------------------------------- /set_current_point_of_contact/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Set Current Point of Contact - {{ set_current_point_of_contact_name }} 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.fed.point_of_contact.set_current 10 | isamapi: 11 | name: "{{ set_current_point_of_contact_name }}" 12 | when: set_current_point_of_contact_name is defined 13 | notify: Commit Changes 14 | -------------------------------------------------------------------------------- /set_ldap_user_pw/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that sets password for embedded ldap user 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - password 26 | - embeddedldap 27 | - user 28 | - set 29 | 30 | dependencies: 31 | - start_config 32 | -------------------------------------------------------------------------------- /update_point_of_contact/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IFC 3 | description: Role that adds or updates an existing Point of Contact configuration 4 | company: IFC 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - pointofcontact 26 | - set 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /add_mgmtazn_role/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add one or more custom management authorization roles in ISAM 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - managementauthorization 26 | - role 27 | 28 | dependencies: 29 | - start_config 30 | -------------------------------------------------------------------------------- /add_server_connection_ws/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add a new Web Service server connection to ISAM 4 | company: IFC 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - serverconnection 26 | - ldap 27 | - add 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /add_sysaccount_user/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Create LMI system account user 2 | isam: 3 | appliance: "{{ inventory_hostname }}" 4 | username: "{{ username }}" 5 | password: "{{ password }}" 6 | lmi_port: "{{ lmi_port }}" 7 | log: "{{ log_level }}" 8 | force: "{{ force }}" 9 | action: ibmsecurity.isam.base.sysaccount.users.create 10 | isamapi: 11 | id : "{{ add_sysaccount_id }}" 12 | password : "{{ add_sysaccount_password }}" 13 | groups : "{{ add_sysaccount_groups }}" 14 | when: add_sysaccount_id is defined 15 | notify: Commit Changes 16 | -------------------------------------------------------------------------------- /export_cluster_sign/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that exports cluster signature from the Primary appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - cluster 26 | - signature 27 | - export 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_ldap_root_pw/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that sets password for embedded ldap root user 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - password 26 | - embeddedldap 27 | - root 28 | - set 29 | 30 | dependencies: 31 | - start_config 32 | -------------------------------------------------------------------------------- /set_role_user/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add a user to a management authorization role group 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - set 26 | - base 27 | - managementauthorization 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /add_chain_template/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Provide the name, description (optional), and chain items for the new chain template 2 | # chain_template_name: Template 1 3 | # chain_template_description: Description for Template 1 4 | # chain_template_items: 5 | # - {"id": "default-username", "mode": "validate", "prefix": "my-ut"} 6 | # - {"id": "default-map", "mode": "map", "prefix": "my-map"} 7 | # - {"id": "default-saml2_0", "mode": "issue", "prefix": "my-saml2_0"} 8 | 9 | # Comment to be used for creating a snapshot file 10 | add_chain_template_comment: "Automated Snapshot Before Adding Chain Template" 11 | -------------------------------------------------------------------------------- /import_personal_cert/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to import a personal certificate to a keystore 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - certificates 26 | - import 27 | - personalcertificates 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /aac/get_accesscontrol_configuration/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # Default variables 2 | access_control_output_dir : "{{ playbook_dir }}/files/{{ inventory_dir | basename }}" 3 | 4 | # prepare export directory; become 5 | access_control_output_become: false 6 | # set group to this group, null to not do anything 7 | access_control_output_export_group: null 8 | # default mode. Should probably set to something a bit more restrictive than this. 9 | access_control_output_export_mode: '0755' 10 | 11 | 12 | # webseal domain 13 | webseal_domain: "Default" 14 | sec_master_id: "sec_master" 15 | sec_master_pwd: "Passw0rd" 16 | 17 | -------------------------------------------------------------------------------- /add_cluster_node/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that adds a node to a cluster by importing signature file 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - cluster 26 | - signature 27 | - import 28 | - node 29 | 30 | dependencies: 31 | - start_config 32 | -------------------------------------------------------------------------------- /add_junction_servers/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add another server to an existing junction on a reverse proxy 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - junction 27 | - add 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_access_control_policy/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that sets Access Control (CBA) Policy 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - access 26 | - control 27 | - policy 28 | - cba 29 | - set 30 | 31 | dependencies: 32 | - start_config 33 | -------------------------------------------------------------------------------- /set_mgmtazn_role_group/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that sets a group in role for Management Auhtorization 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - managementauthorization 26 | - role 27 | - group 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_rsyslog_forwarder_sources/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to set Remote Syslog Forwarder sources 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - remote 26 | - syslog 27 | - forwarder 28 | - sources 29 | 30 | dependencies: 31 | - start_config 32 | 33 | -------------------------------------------------------------------------------- /update_advanced_configuration/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to update Advanced Configuration Settings for AAC 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - aac 26 | - advancedconfiguration 27 | - update 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /aac/get_mapping_rules/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that searches for a Mapping Rule (for ID lookup) and returns mapping_rules_obj 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.7 9 | 10 | platforms: 11 | - name: Fedora 12 | versions: 13 | - 30 14 | - 29 15 | - 28 16 | - 27 17 | - name: EL 18 | versions: 19 | - 8 20 | - 7 21 | - 6 22 | 23 | galaxy_tags: 24 | - isam 25 | - ibm 26 | - mappingrules 27 | - search 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /config_reverseproxy_federation/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that configure a reverse proxy for a federation 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - federation 27 | - configuration 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /create_reverseproxy/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create a reverse proxy instance and setup a common web root (if provided) 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - web 27 | - create 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /get_junction_details/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that gets junction details in a reverse proxies from an appliance 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - junctiondetails 27 | - get 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /load_signer_cert/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to load a CA certificate from a server directly into a keystore 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - certificates 26 | - load 27 | - signercertificates 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /set_ldap_user_attr/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: modify LDAP user attributes 3 | hosts: localhost 4 | connection: local 5 | roles: 6 | - role: set_ldap_user_attr 7 | ldap_bind_dn: "cn=root,secAuthority=default" 8 | ldap_bind_pw: "passw0rd" 9 | ldap_server_uri: "ldaps://192.168.42.101:636/" 10 | ldap_state: "exact" 11 | ldap_user_attributes: 12 | - dn: "uid=testuser,dc=iswga" 13 | attributes: 14 | - { "name": "mail", "values": "testuser@mailinator.com" } 15 | - { "name": "displayName", "values": "Test User" } 16 | -------------------------------------------------------------------------------- /set_mgmtazn_role_feature/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that sets a feature in role for Management Auhtorization 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - managementauthorization 26 | - role 27 | - feature 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /create_mgmt_root_file/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create a file in Management Root of Reverse Proxy 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - managementroot 27 | - file 28 | - create 29 | 30 | dependencies: 31 | - start_config 32 | -------------------------------------------------------------------------------- /delete_reverseproxy_conf/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to delete entry from reverse proxy configuration file 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - web 27 | - configuration 28 | - delete 29 | 30 | dependencies: 31 | - start_config 32 | -------------------------------------------------------------------------------- /update_management_root/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to update file in Management Root of Reverse Proxy 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - managementroot 27 | - file 28 | - update 29 | 30 | dependencies: 31 | - start_config 32 | -------------------------------------------------------------------------------- /config_reverseproxy_aac/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that configure a reverse proxy for AAC (replaces isamcfg) 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - aac 27 | - configuration 28 | - isamcfg 29 | 30 | dependencies: 31 | - start_config 32 | -------------------------------------------------------------------------------- /import_management_root/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to import a file into Management Root of Reverse Proxy 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - managementroot 27 | - file 28 | - import 29 | 30 | dependencies: 31 | - start_config 32 | -------------------------------------------------------------------------------- /switch_auth/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role that switches appliance authentication to use external LDAP 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - managementauthentication 26 | - managementauthorization 27 | - switch 28 | 29 | dependencies: 30 | - start_config 31 | -------------------------------------------------------------------------------- /add_reverseproxy_conf/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to add to reverse proxy configuration file with given stanza/entries 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - web 27 | - configuration 28 | - add 29 | 30 | dependencies: 31 | - start_config 32 | -------------------------------------------------------------------------------- /create_mgmt_root_dir/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: IBM 3 | description: Role to create a directory in Management Root of Reverse Proxy 4 | company: IBM 5 | 6 | license: Apache 7 | 8 | min_ansible_version: 2.2 9 | platforms: 10 | - name: Fedora 11 | versions: 12 | - 30 13 | - 29 14 | - 28 15 | - 27 16 | - name: EL 17 | versions: 18 | - 8 19 | - 7 20 | - 6 21 | 22 | galaxy_tags: 23 | - isam 24 | - ibm 25 | - reverseproxy 26 | - managementroot 27 | - directory 28 | - create 29 | 30 | dependencies: 31 | - start_config 32 | -------------------------------------------------------------------------------- /create_reverseproxy/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # The following fact is allow start_config notifier to restart reverse proxy in question 2 | - name: Set the reverse proxy instance name for handler to work 3 | set_fact: 4 | start_config_reverseproxy_id: "{{ create_reverseproxy_inst_name }}" 5 | 6 | # Create a reverse proxy instance 7 | - include: create_instance.yml 8 | 9 | # Configure common web root if provided 10 | - include: setup_common_root.yml 11 | 12 | # Commit changes and restart reverse proxy - changes need to take effect for next steps 13 | # Espcially if common web root is required to be setup 14 | - meta: flush_handlers 15 | --------------------------------------------------------------------------------