gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

DEV-173: bugfix: oidc configuration for connect/wordpress

Browse Source
master
Sven Ketelsen 4 years ago
parent 649c28b6be
commit 259da9685f
7 changed files with 25 additions and 16 deletions
Show Stats Download Patch File Download Diff File

5
group_vars/all/plain.yml
Unescape Escape View File

@ -100,6 +100,11 @@ monitor_port_harbor: "9085"
admin_port_traefik: "9080" admin_port_traefik: "9080"
connect_id: "{{ inventory_hostname }}-connect"
connect_base_url: "{{ connect_id }}.{{ domain }}"
wordpress_id: "{{ inventory_hostname }}-wordpress"
wordpress_base_url: "{{ wordpress_id }}.{{ domain }}"
#reverse_proxy_admin_username: "< see vault >" #reverse_proxy_admin_username: "< see vault >"
#reverse_proxy_admin_password: "< see vault >" #reverse_proxy_admin_password: "< see vault >"

7
group_vars/connect/plain.yml
Unescape Escape View File

@ -8,9 +8,6 @@ connect_image_version: "8.3.0"
# unique id for a service, will be used for service access management as well (e.g. keycloak realm) # unique id for a service, will be used for service access management as well (e.g. keycloak realm)
connect_client_id: "{{ cluster_name }}" connect_client_id: "{{ cluster_name }}"
connect_id: "{{ inventory_hostname }}-connect"
connect_base_url: "{{ connect_id }}.{{ domain }}"
connect_postgres_host: "{{ shared_service_pg_master_hostname }}" connect_postgres_host: "{{ shared_service_pg_master_hostname }}"
connect_postgres_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_connect" connect_postgres_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_connect"
connect_postgres_username: "{{ connect_postgres_database }}" connect_postgres_username: "{{ connect_postgres_database }}"
@ -28,9 +25,9 @@ smardigo_iam_client_enabled: "true"
smardigo_iam_client_server_url: "{{ http_s }}://{{ shared_service_iam_hostname }}/" smardigo_iam_client_server_url: "{{ http_s }}://{{ shared_service_iam_hostname }}/"
connect_auth_module: "oidc" connect_auth_module: "oidc"
connect_oidc_client_id: "{{ connect_client_id }}" connect_oidc_client_id: "{{ cluster_name }}"
connect_oidc_client_secret: "{{ cluster_name }}" connect_oidc_client_secret: "{{ cluster_name }}"
connect_oidc_registration_id: "{{ connect_client_id }}" connect_oidc_registration_id: "{{ cluster_name }}"
connect_oidc_issuer_uri: "https://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}" connect_oidc_issuer_uri: "https://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}"
connect_password_change_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}/account/password" connect_password_change_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}/account/password"

9
group_vars/connect_wordpress/plain.yml
Unescape Escape View File

@ -5,5 +5,10 @@ connect_wordpress_maria_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }
connect_wordpress_maria_username: "{{ connect_wordpress_maria_database }}" connect_wordpress_maria_username: "{{ connect_wordpress_maria_database }}"
connect_wordpress_maria_password: "connect-wordpress-maria-admin" connect_wordpress_maria_password: "connect-wordpress-maria-admin"
smardigo_auth_token_name: "idc" connect_wordpress_oidc_issuer: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}"
smardigo_auth_token_value: "idc" connect_wordpress_oidc_provider_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}"
connect_wordpress_oidc_client_id: "{{ cluster_name }}"
connect_wordpress_oidc_client_secret: "{{ cluster_name }}"
smardigo_auth_token_name: ""
smardigo_auth_token_value: ""

3
host_vars/dev-management-smardigo-01.yml
Unescape Escape View File

@ -6,5 +6,6 @@ connect_elastic_prefix: "dev_management_smardigo_connect"
connect_postgres_database: "dev_management_smardigo_connect" connect_postgres_database: "dev_management_smardigo_connect"
current_realm_name: "smardigo" current_realm_name: "smardigo"
connect_client_id: "management-smardigo" cluster_name: "management-smardigo"
connect_oidc_client_secret: "f1f852b4-2e75-889a-2453-3c55d53ce405" connect_oidc_client_secret: "f1f852b4-2e75-889a-2453-3c55d53ce405"
spring_profiles_include: "prod,postgres,elastic,swagger"

5
roles/connect-realm/defaults/main.yml
Unescape Escape View File

@ -3,6 +3,7 @@
# configuration for the connect realm # configuration for the connect realm
connect_realm_admin_username: "connect-realm-admin" connect_realm_admin_username: "connect-realm-admin"
connect_realm_admin_password: "connect-realm-admin" connect_realm_admin_password: "connect-realm-admin"
connect_client_admin_username: "connect-admin" connect_client_admin_username: "connect-admin"
connect_client_admin_password: "connect-admin" connect_client_admin_password: "connect-admin"
@ -15,11 +16,13 @@ current_realm_clients: [
redirect_uris: ' redirect_uris: '
[ [
"{{ http_s }}://{{ connect_base_url }}/*", "{{ http_s }}://{{ connect_base_url }}/*",
"{{ http_s }}://{{ wordpress_base_url }}/*",
]', ]',
secret: '{{ cluster_name }}', secret: '{{ cluster_name }}',
web_origins: ' web_origins: '
[ [
"{{ http_s }}://{{ connect_base_url }}/*", "{{ http_s }}://{{ connect_base_url }}",
"{{ http_s }}://{{ wordpress_base_url }}",
]', ]',
} }
] ]

1
roles/connect-wordpress/defaults/main.yml
Unescape Escape View File

@ -1,3 +1,4 @@
--- ---
wordpress_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/wordpress" wordpress_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/wordpress"
wordpress_image_version: '1.3.0' wordpress_image_version: '1.3.0'

11
roles/connect-wordpress/vars/main.yml
Unescape Escape View File

@ -1,8 +1,5 @@
--- ---
wordpress_id: "{{ inventory_hostname }}-wordpress"
wordpress_base_url: "{{ inventory_hostname }}-wordpress.{{ domain }}"
wordpress_labels: [ wordpress_labels: [
'"traefik.enable=true"', '"traefik.enable=true"',
'"traefik.http.routers.{{ wordpress_id }}.service={{ wordpress_id }}"', '"traefik.http.routers.{{ wordpress_id }}.service={{ wordpress_id }}"',
@ -53,10 +50,10 @@ wordpress_docker: {
"CLIENT_SECRET: \"{{ wordpress_oidc_client_secret | default('none') }}\"", "CLIENT_SECRET: \"{{ wordpress_oidc_client_secret | default('none') }}\"",
"CLIENT_USERNAME: \"{{ wordpress_buergerportal_username | default('none') }}\"", "CLIENT_USERNAME: \"{{ wordpress_buergerportal_username | default('none') }}\"",
"CLIENT_PASSWORD: \"{{ wordpress_buergerportal_password | default('none') }}\"", "CLIENT_PASSWORD: \"{{ wordpress_buergerportal_password | default('none') }}\"",
"SK_NRW_ISSUER: \"{{ sk_nrw_issuer | default('none') }}\"", "SK_NRW_ISSUER: \"{{ connect_wordpress_oidc_issuer }}\"",
"SK_NRW_PROVIDER_URL: \"{{ sk_nrw_provider_url | default('none') }}\"", "SK_NRW_PROVIDER_URL: \"{{ connect_wordpress_oidc_provider_url }}\"",
"SK_NRW_CLIENT_ID: \"{{ sk_nrw_client_id | default('none') }}\"", "SK_NRW_CLIENT_ID: \"{{ connect_wordpress_oidc_client_id }}\"",
"SK_NRW_CLIENT_SECRET: \"{{ sk_nrw_client_secret | default('none') }}\"", "SK_NRW_CLIENT_SECRET: \"{{ connect_wordpress_oidc_client_secret }}\"",
"SMARDIGO_AUTH_TOKEN_NAME: \"{{ smardigo_auth_token_name }}\"", "SMARDIGO_AUTH_TOKEN_NAME: \"{{ smardigo_auth_token_name }}\"",
"SMARDIGO_AUTH_TOKEN_VALUE: \"{{ smardigo_auth_token_value }}\"", "SMARDIGO_AUTH_TOKEN_VALUE: \"{{ smardigo_auth_token_value }}\"",
], ],

Write Preview
Loading…
Cancel
Save