gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

DEV-666 added iam configuration for mpmexec

Browse Source
qa
Sven Ketelsen 3 years ago
parent 42d8398349
commit 16bee429de
8 changed files with 129 additions and 129 deletions
Show Stats Download Patch File Download Diff File

48
group_vars/stage_ext/vault.yml
Unescape Escape View File

@ -1,24 +1,26 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
30316130326434323533613836303239636361376431353133363233333566313135346232663534 32643537336235663630363934636436626161383032653030366535666136643739643964663034
6335633261323064386630363336316635636537333238650a323738333831383963363031313338 3531386635303335613435306634383732326330306662310a656639336337656438343531306166
34643139323365643561313637623463653238316138656437346632656532356330323335366464 32383530396439626539343963353162306163343465333166303632353336666565333133386537
6436363531346137390a343633373630626439376163623331613139386363303461323136636336 6464636561653435630a623132373762653335636639343262616239646664653637323461373262
30343636646366303737663364363364636266643731666634643134306430356338653239663037 34376431646538623466353931626336356364626530616633316339343061636230316333366638
64633135393937663834626134383736643139393634386465303437366563346261316534306139 65353765373735383530623232343835626663353738363530633430303131356261323736376464
39636431313532613464623137336334333836376465623035353166363631383733313163353838 32373538636534666334343763633231353862636531303331623039376135663838376362383738
32666539323465666238616331346561363938616130343934613935306533393930626532303832 36393838303336376162653064366264363963623834623435373036393562363237313066623536
65323762343936353834343039363332656661613139363831613366346262623732623439613366 61316666336133363166643031316430366361343361353332613862663334653562383763316433
65633435313336316433363339303739303531316364366164306230393230333038616465306163 36353737613962366561323362343661393233653130623864386534323762303062633765353133
31336231643238343964393535333936613238323339356539346464363639623665643663306363 39333030346636653764663861303135666138373135343735663439613536373761323363313830
63373334303235626139663331613432623539313531313937336437613763643161376462623366 63636433663432653063353730323233666461303634666330623432346430323139373431363838
35653166373934663935323933343733363264366630656162353164313938356431323730393130 33653735356634326131653533663039363265386365336634346333626265643966366434363532
63616361323264333561373062306662613033653661306364313832373336333534326136656631 38306165343666363264646538303263303439323962623962306433346162363639653934303866
30303364623636386432343165646535646663353436633463376534346336623632396434306134 64343363623631353834373562353666643661666362613763356462396331343938363131633539
61373432346434663764643435386639613562656632383962326139303233613335663637376438 32633866326232346666386533613839613564303262333266303036346663313031643333613434
63633833393363323237616631623236653539313532663133633737373831666435363066656631 34343535393533303734636332333265616135343134613236363462643834343665363965363934
30323766663535393735323264623330336662663039373934636531643537373333366138373864 33643237396237313331356235306363353465633734353431303964306665366431666635616231
38623139306534303730353037373032623533313939366561653261366565313466663637653335 63383138393735383162373062373037656139393762356562376465386466656465666463346438
33633836353966363864663961363962353061666334633165356166333731633966366239653333 64363333383431613536306561623932393739303330636438633138363839313339393138633235
62303438613235383638383637303263623834666336393636393237313031383666336262666334 38313064393864353739313566646439373365383165643734643462313563333330333766343838
63346439633032653338336533396532326634646236346536303862383531303430636136343235 33303232373664666239363466623032363765326231366637373330376265653132306633616132
316337613734663564373334333963633361 61343331653866623337353233386137613764333238353966653632636236373639663433353562
65343364333733366131303039653535336431626134303665396538643361303565396330316330
6339

52
host_vars/ext-bdev-mpmexec-02/vault.yml
Unescape Escape View File

@ -1,27 +1,27 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
31623731653564323539633934643263373538376137396231336534656138623931336531383565 34303331663434306466313361366436663531366466313339343465636536633163343439663530
6131373964386665663538636563326136343535626632370a613639356538363135366138333062 6438313066353537623764666466383432326561363737330a616262613530323234643164313136
37636466353362633839313837616266666565656438663833323461326231313064366132316637 32306636393432326465643763366563613162396630643364656363633064653465316539393639
3732613365653332360a303436303733393863313763313263383534653064306231333239366464 3431396664613332630a336639316632613365303262623462333532633365623237343039643463
30613663313334336635653830363235623433366539396263373165656261656134343239343233 37313832343231343833623138363131383337346363626335613264323439393534353136383132
35656635356530313535373030653663353438636538623236373864616663316130323332313432 64353964363464373237306462316633616436636632613738346339373566343133336262336538
63616564336131346336646561653138623832363762306537653065376566633133376130636165 39316562333930653565303730323931383438353631653033353734373930616338306534636235
38383430626464643632326435613139643439333030303635643765373133653766393965313666 36393035313931313430396661623436373334633237636338663236653132613732363164623138
31323930636637376334383763326264346562666135333061333164373035643366666436313664 32393464306638303231656637323932613361663137656162626665393761393236336130633036
38356261316462363733356562323463303238343839326134343330616638336566343438653965 61623134333239613966663366346437383030313031656637616462613338323561336430613330
30653032383436636434643763613162656136633366613837326462636162656463393066353835 61653339316531643466623537643763656538333866353739326264313637326266393031396563
38333230336134636465373931383366626630343864643735616535303533363739393366343833 64303734663339393562396562366430366438356639376431613363666635646565336133333732
34663430396363393735343164333866643166326636343035653435363539633561373837633535 36636138613664376438306634663861353338633431373530656462643732363039363638613832
61326634396663396134366136636435316238323063386331653934393664383338333137323466 61303235313235303035653737656438396665323437323064346365653031353162346337346137
64653761663636313062643036626632626436303637633538613330366464623564346131343638 34623231323537643361346161356538616166336139366333663035316666303733363334633164
34313836326362643162343137323563363762666666646532336138353862343936383165613463 39343038313930373835633932323334633465376135373162633437666235333061343031343437
61663036626137366666613361373262366564643335323666306633353836313134326435323538 39633136376131633861613031363432356165386538356263646538303230346162343461623532
66316332303335363638323065663265366562363934613332303065356630633433666365363934 32653031623939666539666235656635326262373863323462363539353565356232306565386631
66636465383761333861353664663161316633396235653263373261386632373065316435643635 37643631346263376162366532643662313435386235303631633438383466306638376134643963
37633438643936363239616431353438323165663866333833356663356339323133666266353435 32306132323939326530343533376639356133336239366439396564323130626662383932353838
37383938396430386136383964343064396663366262383332373533303637376634353938333337 33313830383933353935343234623765333961336363666630653661613461363935363032303236
33316537376232613631366637386230316438323032343031326562326665383464623662393432 39323436643537663135336134303561346436666530343662383334616566353063613137393237
31656139323962653164346639316439623836393031343831373131363163663966626337396661 33656564396665353865366237626135613137646534383465333836666531343736333136383065
38363461393731303337366138346361303361313462366237626565663232623463343930303064 38663065623865656637333539336262353962326430623563353833626233653833636165666533
32313535643965303535393538396632376363393437343932316136383439643339306234643136 37306563353838323563346236356138643233316530663064333933336131643433343834313561
3264396433623638313265366239363530386433653535376539 3738363261386563373133633466376565353331363132373735

41
roles/connect_compact/defaults/main.yml
Unescape Escape View File

@ -7,6 +7,11 @@ connect_postgres_username: "connect-postgres-username"
connect_postgres_password: "{{ connect_postgres_password_vault }}" connect_postgres_password: "{{ connect_postgres_password_vault }}"
connect_image_name: "{{ shared_service_harbor_hostname }}/smardigo/connect-whitelabel-app" connect_image_name: "{{ shared_service_harbor_hostname }}/smardigo/connect-whitelabel-app"
iam_image_name: "{{ shared_service_harbor_hostname }}/smardigo/iam-app"
elasticsearch_username: "elastic"
elasticsearch_password: "{{ elasticsearch_password_vault }}"
keycloak_id: "{{ inventory_hostname }}-keycloak" keycloak_id: "{{ inventory_hostname }}-keycloak"
keycloak_admin_username: "keycloak-admin" keycloak_admin_username: "keycloak-admin"
keycloak_admin_password: "{{ keycloak_admin_password_vault }}" keycloak_admin_password: "{{ keycloak_admin_password_vault }}"
@ -14,5 +19,37 @@ keycloak_postgres_username: "keycloak_postgres"
keycloak_postgres_password: "{{ keycloak_postgres_password_vault }}" keycloak_postgres_password: "{{ keycloak_postgres_password_vault }}"
keycloak_image_name: "{{ shared_service_harbor_hostname }}/smardigo/keycloak" keycloak_image_name: "{{ shared_service_harbor_hostname }}/smardigo/keycloak"
elasticsearch_username: "elastic" shared_service_mail_hostname: "not_available"
elasticsearch_password: "{{ elasticsearch_password_vault }}"
current_realm_name: connect
connect_client_id: "{{ connect_id }}"
current_realm_clients: [
{
name: '{{ connect_client_id }}',
clientId: "{{ connect_client_id }}",
admin_url: '',
root_url: '',
redirect_uris: [
"{{ http_s }}://{{ connect_base_url }}/*",
"{{ http_s }}://{{ connect_external_domain }}.{{ domain }}/*",
],
secret: '{{ connect_client_id }}',
web_origins: [
"{{ http_s }}://{{ connect_base_url }}",
"{{ http_s }}://{{ connect_external_domain }}.{{ domain }}",
]
},{
name: 'mpm',
clientId: "mpm",
admin_url: '',
root_url: '',
redirect_uris: [
"{{ http_s }}://{{ connect_base_url }}/*",
],
secret: '9d9ca019-8245-4b72-b8eb-8020535eba8e',
web_origins: [
"{{ http_s }}://{{ connect_base_url }}",
]
},
]

26
roles/connect_compact/tasks/main.yml
Unescape Escape View File

@ -15,17 +15,21 @@
record_name: "{{ connect_external_domain }}" record_name: "{{ connect_external_domain }}"
when: connect_external_domain is defined when: connect_external_domain is defined
- name: "Setup realm for {{ connect_id }}"
include_role:
name: keycloak
tasks_from: _configure_realm
apply:
tags:
- configure_realm
tags:
- configure_realm
- name: "Check if {{ connect_id }}/docker-compose.yml exists" - name: "Check if {{ connect_id }}/docker-compose.yml exists"
stat: stat:
path: '{{ service_base_path }}/{{ connect_id }}/docker-compose.yml' path: '{{ service_base_path }}/{{ connect_id }}/docker-compose.yml'
register: check_docker_compose_file_connect register: check_docker_compose_file_connect
- name: "Stop {{ connect_id }}"
community.docker.docker_compose:
project_src: '{{ service_base_path }}/{{ connect_id }}'
state: absent
when: check_docker_compose_file_connect.stat.exists
- name: "Deploy docker templates for {{ connect_id }}" - name: "Deploy docker templates for {{ connect_id }}"
include_role: include_role:
name: sma_deploy name: sma_deploy
@ -37,8 +41,14 @@
current_owner: "{{ docker_owner }}" current_owner: "{{ docker_owner }}"
current_group: "{{ docker_group }}" current_group: "{{ docker_group }}"
- name: "Stop {{ connect_id }}"
community.docker.docker_compose:
project_src: '{{ service_base_path }}/{{ connect_id }}'
state: absent
when: check_docker_compose_file_connect.stat.exists
- name: "Restart {{ connect_id }}" - name: "Restart {{ connect_id }}"
community.docker.docker_compose: community.docker.docker_compose:
project_src: '{{ service_base_path }}/{{ connect_id }}' project_src: '{{ service_base_path }}/{{ connect_id }}'
restarted: yes state: present
build: no pull: no

23
roles/keycloak_compact/defaults/main.yml
Unescape Escape View File

@ -7,25 +7,4 @@ keycloak_postgres_username: "keycloak_postgres"
keycloak_postgres_password: "{{ keycloak_postgres_password_vault }}" keycloak_postgres_password: "{{ keycloak_postgres_password_vault }}"
keycloak_image_name: "{{ shared_service_harbor_hostname }}/smardigo/keycloak" keycloak_image_name: "{{ shared_service_harbor_hostname }}/smardigo/keycloak"
shared_service_mail_hostname: "not_available" service_port_keycloak_external: 8110
connect_client_id: connect
current_realm_name: connect
current_realm_clients: [
{
name: '{{ connect_client_id }}',
clientId: "{{ connect_client_id }}",
admin_url: '',
root_url: '',
redirect_uris: [
"{{ http_s }}://{{ connect_base_url }}/*",
"{{ http_s }}://{{ connect_external_domain }}.{{ domain }}/*"
],
secret: '{{ connect_client_id }}',
web_origins: [
"{{ http_s }}://{{ connect_base_url }}",
"{{ http_s }}://{{ connect_external_domain }}.{{ domain }}"
]
}
]

49
roles/keycloak_compact/tasks/main.yml
Unescape Escape View File

@ -23,12 +23,6 @@
path: '{{ service_base_path }}/{{ keycloak_id }}/docker-compose.yml' path: '{{ service_base_path }}/{{ keycloak_id }}/docker-compose.yml'
register: check_docker_compose_file register: check_docker_compose_file
- name: "Stop {{ keycloak_id }}"
community.docker.docker_compose:
project_src: '{{ service_base_path }}/{{ keycloak_id }}'
state: absent
when: check_docker_compose_file.stat.exists
- name: "Deploy docker templates for {{ keycloak_id }}" - name: "Deploy docker templates for {{ keycloak_id }}"
include_role: include_role:
name: sma_deploy name: sma_deploy
@ -40,46 +34,23 @@
current_owner: "{{ docker_owner }}" current_owner: "{{ docker_owner }}"
current_group: "{{ docker_group }}" current_group: "{{ docker_group }}"
# TODO DEV-XXX check why docker-compose up works and the comnuity role not... -> postgres/keycloak - name: "Stop {{ keycloak_id }}"
- name: "Start {{ keycloak_id }}" # noqa command-instead-of-shell no-changed-when community.docker.docker_compose:
shell: docker-compose up -d project_src: '{{ service_base_path }}/{{ keycloak_id }}'
args: state: absent
chdir: '{{ service_base_path }}/{{ keycloak_id }}' when: check_docker_compose_file.stat.exists
#- name: "Restart {{ keycloak_id }}" - name: "Start {{ keycloak_id }}"
# community.docker.docker_compose: community.docker.docker_compose:
# project_src: '{{ service_base_path }}/{{ keycloak_id }}' project_src: '{{ service_base_path }}/{{ keycloak_id }}'
# restarted: yes state: present
# build: no
- name: "Setting local keycloak url" - name: "Setting local keycloak url"
set_fact: set_fact:
keycloak_server_url: "http://localhost:{{ service_port_keycloak_external }}" keycloak_server_url: "http://localhost:{{ service_port_keycloak_external }}"
tags:
- configure_realm
- name: "Wait for <localhost:{{ service_port_keycloak_external }}>" - name: "Wait for <localhost:{{ service_port_keycloak_external }}>"
wait_for: wait_for:
host: "localhost" host: "localhost"
port: '{{ service_port_keycloak_external }}' port: '{{ service_port_keycloak_external }}'
delay: 60 delay: 30
- name: "Setup realm for {{ inventory_hostname }}"
include_role:
name: keycloak
tasks_from: _authenticate
apply:
tags:
- configure_realm
tags:
- configure_realm
- name: "Setup realm for {{ inventory_hostname }}"
include_role:
name: keycloak
tasks_from: _configure_realm
apply:
tags:
- configure_realm
tags:
- configure_realm

4
templates/connect-compact/config/application-linked-applications.yml.j2
Unescape Escape View File

@ -2,10 +2,10 @@ smardigo:
linked-applications: linked-applications:
- -
name: Password Change name: Password Change
url: https://{{ keycloak_external_domain }}.{{ domain }}/auth/realms/connect/account/password url: https://{{ keycloak_external_domain }}.{{ domain }}/auth/realms/{{ current_realm_name }}/account/password
- -
name: User Management name: User Management
url: https://{{ keycloak_external_domain }}.{{ domain }}/auth/admin/connect/console url: https://{{ keycloak_external_domain }}.{{ domain }}/auth/admin/{{ current_realm_name }}/console
- -
name: MPM Process Mining name: MPM Process Mining
url: https://mehrwerk-demo.eu.qlikcloud.com url: https://mehrwerk-demo.eu.qlikcloud.com

15
templates/connect-compact/docker-compose.yml.j2
Unescape Escape View File

@ -36,7 +36,7 @@ services:
environment: environment:
NAME: "MPM eXecution 2.0" NAME: "MPM eXecution 2.0"
TENANT_ID: "connect" TENANT_ID: "{{ connect_id }}"
ADMIN_LOGIN: "{{ connect_admin_username }}" ADMIN_LOGIN: "{{ connect_admin_username }}"
ADMIN_PASSWORD: "{{ connect_admin_password }}" ADMIN_PASSWORD: "{{ connect_admin_password }}"
@ -59,12 +59,12 @@ services:
MAIL_PROPERTIES_SMTP_STARTTLS_REQUIRED: "true" MAIL_PROPERTIES_SMTP_STARTTLS_REQUIRED: "true"
AUTH_MODULE: "oidc" AUTH_MODULE: "oidc"
OIDC_CLIENT_ID: "connect" OIDC_CLIENT_ID: "{{ connect_id }}"
OIDC_CLIENT_SECRET: "connect" OIDC_CLIENT_SECRET: "{{ connect_id }}"
OIDC_REGISTRATION_ID: "connect" OIDC_REGISTRATION_ID: "{{ connect_id }}"
OIDC_ISSUER_URI: "https://{{ keycloak_external_domain }}.{{ domain }}/auth/realms/connect" OIDC_ISSUER_URI: "https://{{ keycloak_external_domain }}.{{ domain }}/auth/realms/{{ current_realm_name }}"
PASSWORD_CHANGE_URL: "https://{{ keycloak_external_domain }}.{{ domain }}/auth/realms/connect/account/password" PASSWORD_CHANGE_URL: "https://{{ keycloak_external_domain }}.{{ domain }}/auth/realms/{{ current_realm_name }}/account/password"
USER_MANAGEMENT_URL: "https://{{ keycloak_external_domain }}.{{ domain }}/auth/admin/connect/console" USER_MANAGEMENT_URL: "https://{{ keycloak_external_domain }}.{{ domain }}/auth/admin/{{ current_realm_name }}/console"
IAM_MODULE: "external" IAM_MODULE: "external"
IAM_CLIENT_ENABLED: "true" IAM_CLIENT_ENABLED: "true"
@ -88,6 +88,7 @@ services:
SMA_CORS_ALLOWED_HEADERS: "*" SMA_CORS_ALLOWED_HEADERS: "*"
SMA_CORS_PATH_PATTERN: "/**" SMA_CORS_PATH_PATTERN: "/**"
SMA_LANGUAGE_CODE: "en" SMA_LANGUAGE_CODE: "en"
SMA_JWT_ENABLED: "True" SMA_JWT_ENABLED: "True"
SMA_JWT_SECRET: "{{ sma_jwt_secret }}" SMA_JWT_SECRET: "{{ sma_jwt_secret }}"

Write Preview
Loading…
Cancel
Save