A collection of playbooks for setting up a proxy-based Authentication & Authorisation Infrastracture (AAI) for Research and Collaboration.

Currently, the master playbook (site.yml) supports setting up the following components:

• IdP/SP proxy based on one or more instances of SimpleSAMLphp (see authservers.yml playook)
• cluster of memcached servers for caching user sessions in a distributed way to enable load-balancing and fail-over (see cacheservers.yml playbook)
• reverse proxy based on nginx to support HTTP request load balancing among multiple SimpleSAMLphp web front-ends that use the back-end matrix of memcached servers (see webproxyservers.yml playbook)

On the managed nodes, you need a way to communicate, normally ssh, which by default uses sftp. If this is not available you can switch to scp in ansible.cfg. You will also need the following packages:

• python (version 2.4 or later)
• python-simplejson (only if you are running less than Python 2.5)
• sudo (unless the default ansible become_method is overriden)

On the control machine, you need a recent version of Ansible. We recommend installing Ansible via “pip”, which is the Python package manager (though other options are also available):

pip install ansible==1.9.6

• Set the hostnames/IP addresses of managed nodes in inventories/ENV/inventory, for each target environment, e.g. testing, staging, production, etc.
• DO change the default SimpleSAMLphp admin password in inventories/ENV/group_vars/authservers
• Modify variables in inventories/ENV/group_vars/authservers to generate the metadata of the IdP/SP proxy

Assuming root access to the target machines, simple run the following command to execute the master playbook using the inventory file at the default location (see ansible.cfg):

ansible-playbook -v site.yml