okd/roles/contiv_auth_proxy/tasks/main.yml

---
# tasks file for auth_proxy
- name: setup iptables for auth proxy
  shell: >
      ( iptables -L INPUT | grep "{{ auth_proxy_rule_comment }} ({{ item }})" ) || \
      iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "{{ auth_proxy_rule_comment }} ({{ item }})"
  become: true
  with_items:
    - "{{ auth_proxy_port }}"

# Load the auth-proxy-image from local tar. Ignore any errors to handle the
# case where the image is not built in
- name: copy auth-proxy image
  copy: src={{ auth_proxy_binaries }}/auth-proxy-image.tar dest=/tmp/auth-proxy-image.tar
  when: auth_proxy_local_install == True

- name: load auth-proxy image
  shell: docker load -i /tmp/auth-proxy-image.tar
  when: auth_proxy_local_install == True

- name: create cert folder for proxy
  file: path=/var/contiv/certs state=directory

- name: copy shell script for starting auth-proxy
  template: src=auth_proxy.j2 dest=/usr/bin/auth_proxy.sh mode=u=rwx,g=rx,o=rx

- name: copy cert for starting auth-proxy
  copy: src=cert.pem dest=/var/contiv/certs/auth_proxy_cert.pem mode=u=rw,g=r,o=r

- name: copy key for starting auth-proxy
  copy: src=key.pem dest=/var/contiv/certs/auth_proxy_key.pem mode=u=rw,g=r,o=r

- name: copy systemd units for auth-proxy
  copy: src=auth-proxy.service dest=/etc/systemd/system/auth-proxy.service

- name: start auth-proxy container
  systemd: name=auth-proxy daemon_reload=yes state=started enabled=yes