DEV-666 added iam configuration for mpmexec

3 years ago · 101f3e9005
parent 2a3c384550
commit 101f3e9005
5 changed files with 56 additions and 32 deletions
--- a/host_vars/ext-bdev-mpmexec-02/plain.yml
+++ b/host_vars/ext-bdev-mpmexec-02/plain.yml
@ -10,3 +10,6 @@ keycloak_external_domain: "ext-bdev-mpmexec-keycloak"
 traefik_dns_01_challenge: false
 sma_jwt_secret: "{{ sma_jwt_secret_vault }}"
 connect_email_username: "{{ connect_email_username_vault }}"
 connect_email_password: "{{ connect_email_password_vault }}"
--- a/host_vars/ext-bdev-mpmexec-02/vault.yml
+++ b/host_vars/ext-bdev-mpmexec-02/vault.yml
@ -1,22 +1,27 @@
 $ANSIBLE_VAULT;1.1;AES256
-62396561376535633331366135626166313361653939363663623337353163353932303265656338
+31623731653564323539633934643263373538376137396231336534656138623931336531383565
-6133636136653233363037323831636662653238356132610a356535373932336439376132353139
+6131373964386665663538636563326136343535626632370a613639356538363135366138333062
-39343134613366623462313361326230316338613235306539306330313861393137386137353035
+37636466353362633839313837616266666565656438663833323461326231313064366132316637
-3430643161656532310a363565656236306238306661663864396265343162333136313130333764
+3732613365653332360a303436303733393863313763313263383534653064306231333239366464
-32643366626630323466386330656232316261373130363035306633616566333638633234636634
+30613663313334336635653830363235623433366539396263373165656261656134343239343233
-31373866616363306663313165346532646464313065326637656630363335663663663164626366
+35656635356530313535373030653663353438636538623236373864616663316130323332313432
-31623133343637346338633162366136363661333339623761313132336437393836663564636137
+63616564336131346336646561653138623832363762306537653065376566633133376130636165
-39346133643439376230346439356232616363613839346664353761306535386331333766313334
+38383430626464643632326435613139643439333030303635643765373133653766393965313666
-37613030376339653130386264383831643539323866333666663338336366343266666231653761
+31323930636637376334383763326264346562666135333061333164373035643366666436313664
-36316633356537363662656138626135343636666635613264663339393632643362343463643537
+38356261316462363733356562323463303238343839326134343330616638336566343438653965
-62383931356630303863323039326664353235613635353164383530333066316430353638663263
+30653032383436636434643763613162656136633366613837326462636162656463393066353835
-36353733393337626565373435306134353764363230656662653538626133303332633034323633
+38333230336134636465373931383366626630343864643735616535303533363739393366343833
-38653238646562636265393862666432306235663862356238393539376563626438313335613933
+34663430396363393735343164333866643166326636343035653435363539633561373837633535
-64343636623938356433306265346233643161623131356238386162353466333330343930376265
+61326634396663396134366136636435316238323063386331653934393664383338333137323466
-36323537633566363364623164343938396165396265633763313434386438356533656430313931
+64653761663636313062643036626632626436303637633538613330366464623564346131343638
-62313836326130343261346435383137653431356335383633326162646566333964643132383065
+34313836326362643162343137323563363762666666646532336138353862343936383165613463
-63343030663938646531346638303433623435323662616333613861626133356531356135343334
+61663036626137366666613361373262366564643335323666306633353836313134326435323538
-65393663306364346432636133376335343432363664343263363439363434643266356634393132
+66316332303335363638323065663265366562363934613332303065356630633433666365363934
-37396565343430306534363238313561643032383062303833353732303739373030336362363234
+66636465383761333861353664663161316633396235653263373261386632373065316435643635
-65373366636662313330613163326265333933356139663439666634393937356133623235663265
+37633438643936363239616431353438323165663866333833356663356339323133666266353435
-3436
+37383938396430386136383964343064396663366262383332373533303637376634353938333337
 33316537376232613631366637386230316438323032343031326562326665383464623662393432
 31656139323962653164346639316439623836393031343831373131363163663966626337396661
 38363461393731303337366138346361303361313462366237626565663232623463343930303064
 32313535643965303535393538396632376363393437343932316136383439643339306234643136
 3264396433623638313265366239363530386433653535376539
--- a/roles/connect_compact/defaults/main.yml
+++ b/roles/connect_compact/defaults/main.yml
@ -14,6 +14,5 @@ keycloak_postgres_username: "keycloak_postgres"
 keycloak_postgres_password: "{{ keycloak_postgres_password_vault }}"
 keycloak_image_name: "{{ shared_service_harbor_hostname }}/smardigo/keycloak"
 elasticsearch_id: "{{ inventory_hostname }}-elastic"
 elasticsearch_username: "elastic"
 elasticsearch_password: "{{ elasticsearch_password_vault }}"
--- a/templates/connect-compact/config/elasticsearch/elasticsearch.yml.j2
+++ b/templates/connect-compact/config/elasticsearch/elasticsearch.yml.j2
@ -1,6 +1,6 @@
 ---
-cluster.name: "{{ elasticsearch_id }}"
+cluster.name: "{{ connect_id }}-elastic"
 network.host: 0.0.0.0
 discovery.type: single-node
--- a/templates/connect-compact/docker-compose.yml.j2
+++ b/templates/connect-compact/docker-compose.yml.j2
@ -8,7 +8,7 @@ networks:
 volumes:
  {{ connect_id }}-postgres-data: {}
-  {{ elasticsearch_id }}-data: {}
+  {{ connect_id }}-elastic-data: {}
 services:
  {{ connect_id }}:
@ -47,8 +47,8 @@ services:
      MAIL_PROTOCOL: "smtp"
      MAIL_HOST: "smtp.web.de"
      MAIL_PORT: "587"
-      MAIL_USER: "smardigo.email@web.de"
+      MAIL_USER: "{{ connect_email_username }}"
-      MAIL_PASSWORD: "MUqzILYtspSYGmw0k34F"
+      MAIL_PASSWORD: "{{ connect_email_password }}"
      MAIL_PROPERTIES_SIMULATION: "false"
      MAIL_PROPERTIES_BASE_URL: "https://{{ connect_id }}.{{ domain }}"
      MAIL_PROPERTIES_BASE_URL_EXTERN: "https://{{ connect_id }}.{{ domain }}"
@ -66,11 +66,12 @@ services:
      PASSWORD_CHANGE_URL: "https://{{ keycloak_external_domain }}.{{ domain }}/auth/realms/connect/account/password"
      USER_MANAGEMENT_URL: "https://{{ keycloak_external_domain }}.{{ domain }}/auth/admin/connect/console"
-      IAM_MODULE: "embedded"
+      IAM_MODULE: "external"
-      IAM_CLIENT_ENABLED: "false"
+      IAM_CLIENT_ENABLED: "true"
      EXTERNAL_IAM_SERVER_URL: "http://{{ connect_id }}-iam:8080"
      PROCESS_SEARCH_MODULE: "embedded"
-      ELASTIC_HOST: "{{ elasticsearch_id }}"
+      ELASTIC_HOST: "{{ connect_id }}-elastic"
      ELASTIC_PREFIX: "{{ connect_id }}"
      ELASTIC_USERNAME: "{{ elasticsearch_username }}"
      ELASTIC_PASSWORD:  "{{ elasticsearch_password }}"
@ -121,15 +122,31 @@ services:
      - "{{ connect_id }}-postgres-data:/var/lib/postgresql/data"
    networks:
      - "back-tier"
-  {{ elasticsearch_id }}:
+  {{ connect_id }}-elastic:
    image: "docker.elastic.co/elasticsearch/elasticsearch:7.16.3"
-    container_name: "{{ elasticsearch_id }}"
+    container_name: "{{ connect_id }}-elastic"
    restart: always
    environment:
      ES_JAVA_OPTS: "-Xmx2G -Xms2G"
      ELASTIC_PASSWORD: "{{ elasticsearch_password }}"
    volumes:
      - "./config/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro"
-      - "{{ elasticsearch_id }}-data:/usr/share/elasticsearch/data"
+      - "{{ connect_id }}-elastic-data:/usr/share/elasticsearch/data"
    networks:
      - "back-tier"
  {{ connect_id }}-iam:
    image: "{{ iam_image_name }}:{{ iam_version }}"
    container_name: "{{ connect_id }}-iam"
    restart: always
    environment:
      SERVER_ERROR_INCLUDE_MESSAGE: "always"
      IAM_KEYCLOAK_AUTH_SERVER_URL: "https://{{ keycloak_external_domain }}.{{ domain }}/auth"
      IAM_KEYCLOAK_ADMIN_USER: "{{ keycloak_admin_username }}"
      IAM_KEYCLOAK_ADMIN_PASSWORD: "{{ keycloak_admin_password }}"
      IAM_JWT_CONFIG_READ_TIMEOUT: 3000
      IAM_CACHE_TENANTS_TTL: "3600"
      IAM_CACHE_ROLES_TTL: "60"
      IAM_CACHE_USERS_TTL: "60"
      IAM_CACHE_JWKS_TTL: "3600"
    networks:
      - "back-tier"