provision.yml

---
- hosts: all
  gather_facts: no
  tasks:
  - name: Read vars from secrets file
    include_vars: "{{ secrets_file }}"
    tags:
      - always

- hosts: loadbalancer:php-apps:java-apps:storage
  gather_facts: no
  sudo: true
  roles:
    - common
    - tls
  handlers:
    - include: roles/httpd/handlers/main.yml
    - include: roles/nginx/handlers/main.yml

- hosts: loadbalancer
  gather_facts: true
  sudo: true
  roles:
    - { role: haproxy, tags: ['lb'] }
    - { role: nginx,   tags: ['lb'] }

- hosts: php-apps:java-apps
  gather_facts: no
  sudo: true
  roles:
    - httpd
  handlers:
    - include: roles/httpd/handlers/main.yml
    - include: roles/nginx/handlers/main.yml

- hosts: storage
  gather_facts: no
  sudo: true
  roles:
    - { role: mysql, tags: ['mysql'] }
    - { role: ldap,  tags: ['ldap' ] }

- hosts: php-apps
  gather_facts: no
  sudo: true
  gather_facts: no
  vars:
    env_lang: php
  roles:
    - php
    - static
    - { role: openconext-common, tags: ['eb5','sr'] }
    - { role: engineblock5,       tags: ['eb5'     ] }
    - { role: janus,             tags: ['sr'     ] }
  handlers:
    - include: roles/httpd/handlers/main.yml
    - include: roles/nginx/handlers/main.yml

- hosts: java-apps
  gather_facts: true
  sudo: true
  vars:
    env_lang: java
  roles:
    - tomcat
    - java
    - { role: shibboleth,       tags: ['shib'   ] }
    - { role: mujina-idp,       tags: ['mujina' ] }
    - { role: mujina-sp,        tags: ['mujina' ] }
    - { role: grouper,          tags: ['grouper'] }
    - { role: teams,            tags: ['teams'  ] }
    - { role: authz-server,     tags: ['oauth', 'authz-server'    ] }
    - { role: authz-admin,      tags: ['oauth', 'authz-admin'     ] }
    - { role: voot,             tags: ['oauth', 'voot'            ] }
    - { role: authz-playground, tags: ['oauth', 'authz-playground'] }
    - { role: pdp,              tags: ['pdp'] }
    - { role: oidc,             tags: ['oidc'] }
  handlers:
    - include: roles/httpd/handlers/main.yml
    - include: roles/nginx/handlers/main.yml