From 3c60e3566837a00e075af66bb92e1037a27feefb Mon Sep 17 00:00:00 2001 From: "Ketelsen, Sven" Date: Tue, 17 Aug 2021 16:07:49 +0000 Subject: [PATCH] SMARCH-81: feat: added webdav as shared service --- create-database-cluster.yml | 9 + create-database-container.yml | 1 + create-realm.yml | 1 + create-server.yml | 1 + create-service.yml | 1 + docker/dregsy/config.yaml | 6 +- group_vars/all/plain.yml | 1 + group_vars/all/vault.yml | 168 +++++++++--------- group_vars/connect/plain.yml | 12 +- group_vars/stage_dev/plain.yml | 6 + group_vars/webdav/plain.yml | 11 ++ roles/connect-realm/tasks/main.yml | 5 + roles/keycloak/tasks/_authenticate.yml | 2 - roles/keycloak/tasks/_configure_client.yml | 1 - roles/keycloak/tasks/_configure_realm.yml | 6 - roles/keycloak/tasks/_create_realm_admin.yml | 142 +++++++++++++++ roles/keycloak/tasks/_create_realm_users.yml | 5 +- .../keycloak-become-realm-admin-user.json.j2 | 7 + .../templates/keycloak-realm-create.json.j2 | 4 +- roles/prometheus/tasks/main.yml | 20 ++- roles/webdav-postgres/defaults/main.yml | 6 + roles/webdav-postgres/handlers/main.yml | 1 + roles/webdav-postgres/meta/main.yml | 1 + roles/webdav-postgres/tasks/main.yml | 35 ++++ roles/webdav-postgres/vars/main.yml | 1 + roles/webdav/defaults/main.yaml | 4 + roles/webdav/handlers/main.yml | 1 + roles/webdav/meta/main.yml | 1 + roles/webdav/tasks/main.yaml | 85 +++++++++ roles/webdav/vars/main.yml | 60 +++++++ smardigo.yml | 2 + stage-dev | 4 + .../config/prometheus/prometheus.yml.j2 | 42 ++++- 33 files changed, 538 insertions(+), 114 deletions(-) create mode 100644 group_vars/webdav/plain.yml create mode 100644 roles/keycloak/tasks/_create_realm_admin.yml create mode 100644 roles/keycloak/templates/keycloak-become-realm-admin-user.json.j2 create mode 100644 roles/webdav-postgres/defaults/main.yml create mode 100644 roles/webdav-postgres/handlers/main.yml create mode 100644 roles/webdav-postgres/meta/main.yml create mode 100644 roles/webdav-postgres/tasks/main.yml create mode 100644 roles/webdav-postgres/vars/main.yml create mode 100644 roles/webdav/defaults/main.yaml create mode 100644 roles/webdav/handlers/main.yml create mode 100644 roles/webdav/meta/main.yml create mode 100644 roles/webdav/tasks/main.yaml create mode 100644 roles/webdav/vars/main.yml diff --git a/create-database-cluster.yml b/create-database-cluster.yml index 52d7e5c..cbd53a0 100644 --- a/create-database-cluster.yml +++ b/create-database-cluster.yml @@ -80,7 +80,11 @@ - debug roles: + - role: webdav-postgres + when: "'webdav' in group_names" + - role: connect-postgres + when: "'connect' in group_names" ############################################################# # Sending smardigo management message to process @@ -103,5 +107,10 @@ Content-Type: "application/json" Smardigo-User-Token: "{{ smardigo_management_token }}" status_code: [200] + delegate_to: 127.0.0.1 retries: 5 delay: 5 + when: + - scope_id is defined + - process_instance_id is defined + - smardigo_management_action is defined diff --git a/create-database-container.yml b/create-database-container.yml index 10951aa..b3eb54e 100644 --- a/create-database-container.yml +++ b/create-database-container.yml @@ -101,5 +101,6 @@ Content-Type: "application/json" Smardigo-User-Token: "{{ smardigo_management_token }}" status_code: [200] + delegate_to: 127.0.0.1 retries: 5 delay: 5 diff --git a/create-realm.yml b/create-realm.yml index f826dab..6ed2c67 100644 --- a/create-realm.yml +++ b/create-realm.yml @@ -106,3 +106,4 @@ status_code: [200] retries: 5 delay: 5 + delegate_to: 127.0.0.1 diff --git a/create-server.yml b/create-server.yml index 4fd44dc..cfd145f 100644 --- a/create-server.yml +++ b/create-server.yml @@ -173,3 +173,4 @@ status_code: [200] retries: 5 delay: 5 + delegate_to: 127.0.0.1 diff --git a/create-service.yml b/create-service.yml index 00c94fa..de522a8 100644 --- a/create-service.yml +++ b/create-service.yml @@ -89,3 +89,4 @@ status_code: [200] retries: 5 delay: 5 + delegate_to: 127.0.0.1 diff --git a/docker/dregsy/config.yaml b/docker/dregsy/config.yaml index b92aac1..a2edb5b 100644 --- a/docker/dregsy/config.yaml +++ b/docker/dregsy/config.yaml @@ -49,7 +49,7 @@ tasks: auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg== target: registry: dev-docker-registry-01.smardigo.digital - auth: eyJ1c2VybmFtZSI6ImRvY2tlci1hZG1pbiIsInBhc3N3b3JkIjoieVlUZFdjUTFLTVRlbGw4RU5UeURWOWRlZFFRZlVOIn0K + auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K # 'mappings' is a list of 'from':'to' pairs that define mappings of image # paths in the source registry to paths in the destination; 'from' is @@ -89,7 +89,7 @@ tasks: auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg== target: registry: dev-docker-registry-01.smardigo.digital - auth: eyJ1c2VybmFtZSI6ImRvY2tlci1hZG1pbiIsInBhc3N3b3JkIjoieVlUZFdjUTFLTVRlbGw4RU5UeURWOWRlZFFRZlVOIn0K + auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K mappings: - from: smardigo/sensw-app to: sensw/sensw-app @@ -112,7 +112,7 @@ tasks: auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg== target: registry: dev-docker-registry-01.smardigo.digital - auth: eyJ1c2VybmFtZSI6ImRvY2tlci1hZG1pbiIsInBhc3N3b3JkIjoieVlUZFdjUTFLTVRlbGw4RU5UeURWOWRlZFFRZlVOIn0K + auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K mappings: - from: smardigo/ssp-connect-app to: ssp/ssp-connect-app diff --git a/group_vars/all/plain.yml b/group_vars/all/plain.yml index bdeba00..ef0f07c 100644 --- a/group_vars/all/plain.yml +++ b/group_vars/all/plain.yml @@ -82,6 +82,7 @@ management_port: "8081" service_port_cadvisor: "8080" service_port_elasticsearch: "9200" service_port_iam: "8082" +service_port_webdav: "8080" service_port_keycloak: "8080" service_port_kibana: "5601" service_port_logstash: "5044" diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 16f16bf..faf1262 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,85 +1,85 @@ $ANSIBLE_VAULT;1.1;AES256 -32396563623961633038643633316466663939653264373037343730653639663938343630346562 -6230363031386138656435346433656535303531613761630a663435613837343536316133323038 -65653162656237623039633464666462376436383562303366323464373961386533343832333862 -6366353533313863640a313331343431393530313264633930346332666265393530653739643933 -32353866373066383335623863663534396564333534646161313162663330363532633834346136 -36646636663738373635623630623637376430636464326265386239313037666536636664623030 -66303238306236666333326232303162343037626466396235343364613931663264633738303734 -35636535663436633062616362313766333564653566303062653065633131393939363565643465 -31663962363337636164373131353431396138366563633430656330613339633632303837383133 -31386430393037643465333136653536303438626337653163616662323234326532626132313334 -65386433376162613663303537353334383637363634306266646331636138666436356138363635 -35643136646261653433343437326534343166393662353263366666623764366366356331306564 -65626336333563646237376139636438306362616131333534316635393532343061346132333338 -37646331393833303937313564316236353636663631313639616132396563316133363863346330 -30353239303431376639663766613131376238353033313536303431363830356437663831623964 -65656334373736646438323530653234343931626234393661323339393661333863363535653365 -36333932656266393235303238656237323065366132303463666431623462633838393561303132 -34346633336561663831633033633236623333383965393065653136306431366438643633646434 -31326535333131336239666431613833363834616630383231353264613337303034303265653732 -62343336626630376633336466663734636166626137323464633732386236386437636533356233 -66333666303032326132306535376366653233663761653830306163666137643764333635343763 -32346635373731333737326230323233623434323236303566383363303966383036373531313634 -66396339633865326138386535343932653639393962663634313964636332666130366464323666 -62303462303139346262313333396431326637663736363430323363643535363763326239616235 -35303066363461383534323835663635363665356236356438383731306632633330343332356562 -66333034623237383331643135666336306133646433643164373330383638653134356161663563 -38323137633165306634313863353934663030636231653239616261363732393563316634343265 -61653430376131653962616461383563343837313930613464313966353338323833316461323461 -39393237663762343238396534333565393938363835346238643732376161326235303330616663 -37646463333962353930386130303036653834383166623065383530323435333163323330623262 -65316432393661346365373263336333396164643763663438646366393863396632633932376337 -34366264306636356464663734613963646264393364626330633936623364366231643233343263 -64633631633365333364303836633334616534623339336532356431616339663939303037386532 -61343162393337346430353035343136336333363734653538613163626166356131363237313561 -66326338366561323633373137313263323138313037623130383166346266396339373863386636 -32646430663431636363323737653934306337666263656137636632373239363762373038613761 -64613133383635393534356432653636633961613939363938646630633966363339336266386638 -65326231663631633636633439653931656562336361333836623836653030306363336665616166 -39303835636366323562343966326464616239386330346237626261376364613638633835613762 -35333336323430666464303838663330326163343132653036353030303034356561353138633665 -30363931316337303166316363323632376236663861636439633231333263383263373034366538 -30313534613530653635663237383265363164663264363538386235323337393963396236393739 -61343764633737356531646130623136376434366337316264366132346664306561323432623261 -65373632333362313436346633303233623536343738623336336363343638393533636238626530 -32373737623733633639326166656536663332383063386430653334616436663730383037326233 -66656536303063613866393637373839353462386537306236363234613539346438383366333061 -61656138356562666136353665613130626661353562316239303735643966333866663031383834 -63616331656263333034353232656638343438646537393635663836313361333062663634613263 -31656139346565303139386531353935643462373531316363613537363164633437663738363439 -66613530323137393538616366373262353130323930313363656536393265623839333036316135 -34656263616231316439396333386438313533323664653433323463373638653635336130366635 -30633564383439333939633165633235366466396664386532386535303561316538396237616339 -32616137626634373263303165346664646365663866643663383834626337353362353433306232 -32323838313039363633336565663135396262376339396633663364393839346661376534303538 -61636530666631363037323130343862336266613633626631633931633038626363343334646462 -66366263306364656365303263643161666535353534366637373061633866376239303131613564 -37303539396536346635633564383136363666613138336134333561386261616136633534616531 -37303031396633396237316134393963393636666530656635303364383263346561656134643639 -39386132376438396532353361383263646336396662643662326561373339356665663364356535 -30373031333663653665366635616634613262663536643631646637326235613030346161313963 -34656239323130353238616263306361396335303139636237383938343364623331666136333639 -33663962303731396133383431363230303934653937303536396366343161626462393263616666 -63383134383666313133313337303931326366653134643561613234616362313431633639653663 -39613063353738643661613066373730353766626233363033636237366463656361343038663538 -37343866666639303063383561396664386266343736663266373433333535653134613362303664 -61666663373864626266363363376338313036326535663632383030316239313466306433333934 -32663934363765346161333465326662386562356538393339626534393262336639333261666330 -36356564346536366166626536663831653731643730313765343830316565396135646164326337 -66316236343966623234613862366630383734616232386135623265636464333661663636373739 -62636532313365363734323938333230633031356334386264333663623237326565656666343536 -30643535383434663137633135616363613935353638646561323062366430393064383030656431 -34376137333164613263343937343939616366383038306135303231393766373963653434623038 -30663134626330366231343565383330363666353466656233346531633936376265373965613633 -65326638363537323534616537323932316635663233383536613239366232626661346233336435 -64633336616463376561306130353763303763643432316437366562323837373161656531356465 -65393766333336366263353934623432626261343633343761326535353233383166336263656137 -36353132626430616663336566663865356139366238613130326337363735623861363835633735 -33363263666361343066643438376638663232383435303966643737623530663339616534343565 -31303162386663356432303336356466383866356138313537626262653336306563663161383863 -32376439633137313137346636646635623132653632656634623936643833633835316563666438 -35643637633861346361633533333131646364613935626132336331316633326435366433613762 -66666134366433623036633666303733313535663030386439386138623365396166646434643932 -39333665656363316265636530316430646364643565643238653537393930633130323935326463 -35653065656131613836 +63376530643934386637626662623631623061333563363962653837326362373064633163653434 +3932613032336365623637393233383964643462643164330a336534316564343535633534623432 +38323037333363363331353765303866656435393138383164346234343062643031366539343039 +3138383136373332650a386162623764306433626264363464616532636464393561643638656263 +38303432303330623763386138663438353236393135373933623266643965396634633932323963 +39343537306563646163396466303935346263363562303038393430326233393931383838646435 +63306436376130353830613131343734613537653037353631353934346633623534326261616334 +30653837356363633530306233396536373038333563376565353962626631333262356233636361 +63616538633530626264343036373062336165636531303133373363393836343331626365646336 +37303565643662343339343737323834353235366366303630643565636362326336326132383363 +66653337633837333937383664653931363165363438656634356233656637656233356639343764 +36613833323537656662616338343637653834653639376662393362393530663964366438326362 +35393136393638333165356336643536326365393766643638333437663833323239353063303435 +34363037346437643037623066666133386531366636363763303235666634373361313434656461 +66396130613035323464356461306130383138656437613832353930636231373562313534356233 +62616439393230333363646139373061316432663435653031303533306163626164633964393461 +63643064643361316236346634376634313132656633613839336435336136316638333461303537 +62613265386562383735623362626137303532386337333836376336323339343630613037396337 +36646539333462626538356531333834353132636537623531366132306161326338333033393266 +64323534353339656163626435643565353638333661656434646138616230303233386463393437 +36333536633832656430353937616461376631396236383738666364666135386533323263623032 +33653636363966333334316161656465366365316664323437626235646636373630666266383739 +30636132353461346461366239663466393766353063373130303761376230316534393462393838 +65383835333632613839343734656532346363393066373237616162623865633036383535633565 +39353339356232613366323166636465356461326531313638653438366362356333373764396561 +34376432393633376431376465643963383934386361616462613132663564366530306635313532 +36653061343037393237376366373435323232333831626566366264633633663661386465353331 +33313838356233366531306364353061383735383836393139343233313632373938643834316239 +32326235616362653032643237333464306261353433653565346532366564623166636361306237 +36636262653862396430323739616163623034626136626562643663666337663134643564653339 +38343333643237313064616666336137663562616164633166376630616564623866656366633633 +39316663306131376434303034646133626661396366343763373337613633363732643364323238 +37653935633564643336646163346136336133393861373535396437323737363837326132336433 +34343137343234373631313535623439326334626466323866373838623465366531396137336665 +36623334376434643236653539383961626664363732656137306163616366383734306564386335 +61323864616339616463666430383931633233393063633362356565653063356537626630323639 +63323132333163323664646337303834386134353564376433363433383137366333393363623565 +62356230333831666665653061393332323539656531336264643866383063366565653966323939 +61313133623630376633346464643435326665396139666261333531383362333035346439323134 +30653666353431313461656235333035326431623261343565326361313835393935666436643738 +61316639633733323865363232373963366461393533383262623462303438393364653764303039 +32326239616262306430326535623037356634333265353566316364316137653736613331333564 +35353133333837626531343330663366653634353131383966303636613935356661643532616136 +39653139383064343937643939656438353763643466373239363064633036356461663533373835 +31323061663532626338373064313637663461306630633336343434303738396566393638346438 +37373362363233303133623130353637333737663762636466616233643335626165623664333539 +31643639386261656136663036643732396465333036376163376162393063303063396530396238 +37366562366361393932323962336436613964646662396466383730393035663862353437333136 +33333161666632613934366163363737333636343263373434376362353035653465393037636139 +64633931333164393233643163623735353636666337646239363463303164383638326264666566 +66656463646630313534356266616232383732336361393437333766303064616636366366336362 +37353939386335636637316139656337646561353936643839323134326531313763336238326362 +37343363646333303434316366383634386535616132663661363930393733333539396164353636 +36333832376331643739373936666661363364356230613438303137383766353839326436363765 +32623466313066306261666237396365656437613331613337613862336237663630323033323039 +30646563363337386138643537396333356130646163313134633362346635646333353836383839 +33313665346564376236663938343464656636363362666362363564613964323966316261393663 +64393161303861316433353865373962646665623831323463383838633731323536326631666164 +61323666323435326132316330313165623666393835346634323264393632353765313835353138 +38666362376661343366653133656362663633633261646633396239666635313866626332316161 +62303236366264303735646136653130613361353830333966346264623430633166386337353333 +31656232316135616538323966356138313531343963333732373363356561383838623065313831 +32316534303763383735643833363635363765346432643437323237376639373131363866313634 +65333434333664313163613561623734383632383536386264343639386633646131393037306634 +38333935396639383339383564336139303838653636366338623162396162623739666663633631 +64326265373334323365646330353439643961616339363436643236366639393530346330633966 +37393166623865643031366637666430326537383763623561666233353337653335656366333335 +66363561633730663361313236633033303239333130346464373735316131653966663864633836 +30356532303933306431353632646330656338383765613031656639666365613763663538326262 +63393834343433633732666630376530613163393166316135373638393236343734663436326435 +37663461333865303865366533366663623432383035643938653061343033373264326439393231 +65666266666436353762636465393561666437636132326633383264613332333730333632626331 +62623763366466626230623931646539303338343637353761326662643765376437656631333630 +30636139356261353365386338643261303134313430633666393331636238323639626334383032 +36326666383737346164666630643739623238323761653565306636633262646462666564663336 +38346635343836636361646564633263396663343861626535306235376364646633633662323835 +63653162336637646565373133656431393531636132346231396366613561343734353231386236 +64646639393532323231643930343438663762383963636566306434323664336231313438646163 +32633932323639393839343865396633636365396132336665633965363630306264303537373838 +35373439383334303963666230643463653839613766363737336339646662313334306432306338 +63386162303133323739633531626133386664326437626439353533303834636336363239316432 +30633961653463366131636636376431663164313838653761623334396136343935326566363364 +37333536356365393764363232336661313666393565363865386432353936663439323965363063 +66366537323562653861 diff --git a/group_vars/connect/plain.yml b/group_vars/connect/plain.yml index 185dbae..4a5640a 100644 --- a/group_vars/connect/plain.yml +++ b/group_vars/connect/plain.yml @@ -8,9 +8,9 @@ hetzner_server_type: cx21 hetzner_server_labels: "stage={{ stage }} service={{ service }}" connect_client_id: "{{ cluster_name }}" -connect_client_admin_username: "wordpress-admin" -connect_client_admin_password: "wordpress-admin" +connect_client_admin_username: "connect-admin" +connect_client_admin_password: "connect-admin" current_realm_users: [ { "username": "{{ connect_client_admin_username }}", @@ -18,6 +18,9 @@ current_realm_users: [ } ] +connect_realm_admin_username: "connect-realm-admin" +connect_realm_admin_password: "connect-realm-admin" + current_realm_clients: [ { clientId: "{{ connect_client_id }}", @@ -45,8 +48,7 @@ connect_elastic_host: "dev-elastic-stack-01-elastic" connect_elastic_username: "{{ elastic_admin_username }}" connect_elastic_password: "{{ elastic_admin_password }}" connect_elastic_ca: "file:/usr/share/smardigo/ca.crt" -connect_elastic_prefix: "{{ stage }}-{{ tenant_id }}" -connect_elastic_message_index: "{{ cluster_name }}-message" +connect_elastic_prefix: "{{ stage }}-{{ tenant_id }}-{{ cluster_name }}" connect_iam_module: external smardigo_iam_client_enabled: 'true' @@ -66,3 +68,5 @@ connect_jwt_secret: 908ae14462d049d3be84964ef379c7c6 #connect_csrf_token_name: "< see vault >" #connect_csrf_token_value: "< see vault >" + +connect_mail_properties_simulation: false diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml index e6ec831..bae4126 100644 --- a/group_vars/stage_dev/plain.yml +++ b/group_vars/stage_dev/plain.yml @@ -174,6 +174,12 @@ iam_extra_hosts: [ ip: "{{ shared_service_mail_ip }}", } ] +webdav_extra_hosts: [ + { + hostname: "{{ shared_service_pg_master_hostname }}", + ip: "{{ shared_service_pg_master_ip }}", + }, +] pgadmin_extra_hosts: [ { hostname: "{{ shared_service_pg_master_hostname }}", diff --git a/group_vars/webdav/plain.yml b/group_vars/webdav/plain.yml new file mode 100644 index 0000000..0621ca7 --- /dev/null +++ b/group_vars/webdav/plain.yml @@ -0,0 +1,11 @@ +--- + +hetzner_server_type: cpx11 +hetzner_server_labels: "stage={{ stage }} service=webdav" + +webdav_jwt_secret: "5646aee6dadc4c19b15f4b65f1e6549f" + +webdav_postgres_host: "{{ shared_service_pg_master_hostname }}" +webdav_postgres_database_name: "{{ stage }}_webdav" +webdav_postgres_admin_username: "{{ webdav_postgres_database_name }}" +webdav_postgres_admin_password: "webdav-postgres-admin" diff --git a/roles/connect-realm/tasks/main.yml b/roles/connect-realm/tasks/main.yml index dbfb687..152d3d6 100644 --- a/roles/connect-realm/tasks/main.yml +++ b/roles/connect-realm/tasks/main.yml @@ -31,6 +31,11 @@ name: keycloak tasks_from: _create_realm_users +- name: "Create realm admin" + include_role: + name: keycloak + tasks_from: _create_realm_admin + - name: "Send mattermost messsge" uri: url: "{{ mattermost_hook_smardigo }}" diff --git a/roles/keycloak/tasks/_authenticate.yml b/roles/keycloak/tasks/_authenticate.yml index 9baac9c..4b17cd4 100644 --- a/roles/keycloak/tasks/_authenticate.yml +++ b/roles/keycloak/tasks/_authenticate.yml @@ -14,11 +14,9 @@ - name: "Saving access_token as variable (fact)" set_fact: access_token: "{{ keycloak_authentication.json.access_token }}" - delegate_to: 127.0.0.1 - name: "Printing access_token for keycloak server" debug: msg: "{{ access_token }}" - delegate_to: 127.0.0.1 when: - debug \ No newline at end of file diff --git a/roles/keycloak/tasks/_configure_client.yml b/roles/keycloak/tasks/_configure_client.yml index 5c560d7..1c0b1d0 100644 --- a/roles/keycloak/tasks/_configure_client.yml +++ b/roles/keycloak/tasks/_configure_client.yml @@ -5,7 +5,6 @@ msg: "{{ lookup('template','keycloak-realm-create-client.json.j2') }}" when: - debug - delegate_to: 127.0.0.1 - name: Create client {{ client_id }} for realm {{ realm_name }} uri: diff --git a/roles/keycloak/tasks/_configure_realm.yml b/roles/keycloak/tasks/_configure_realm.yml index 8c82d13..e64c5cd 100644 --- a/roles/keycloak/tasks/_configure_realm.yml +++ b/roles/keycloak/tasks/_configure_realm.yml @@ -13,19 +13,16 @@ - name: Save realms as variable (fact) set_fact: realms_json: "{{ realms.json }}" - delegate_to: 127.0.0.1 - name: Read realm ids set_fact: realm_ids: "{{ realms_json | json_query(jmesquery) }}" vars: jmesquery: '[*].id' - delegate_to: 127.0.0.1 - name: "Printing realm ids" debug: msg: "{{ realm_ids }}" - delegate_to: 127.0.0.1 when: - debug @@ -54,19 +51,16 @@ - name: Save clients from realm as variable (fact) set_fact: realm_clients_json: "{{ realm_clients.json }}" - delegate_to: 127.0.0.1 - name: "Save client ids from realm {{ current_realm_name }}" set_fact: realm_client_ids: "{{ realm_clients_json | json_query(jmesquery) }}" vars: jmesquery: '[*].{id: id, clientId: clientId}' - delegate_to: 127.0.0.1 - name: "Printing client ids from realm {{ current_realm_name }}" debug: msg: "{{ realm_client_ids }}" - delegate_to: 127.0.0.1 when: - debug diff --git a/roles/keycloak/tasks/_create_realm_admin.yml b/roles/keycloak/tasks/_create_realm_admin.yml new file mode 100644 index 0000000..5bd1d52 --- /dev/null +++ b/roles/keycloak/tasks/_create_realm_admin.yml @@ -0,0 +1,142 @@ +--- +- name: "Reading users of realm {{ current_realm_name }}" + uri: + url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users" + method: GET + headers: + Authorization: "Bearer {{ access_token}} " + status_code: [200] + register: realm_users + delegate_to: 127.0.0.1 + +- name: "Printing realm users" + debug: + msg: "{{ realm_users }}" + when: + - debug + +- name: "Saving users of realm {{ current_realm_name }} as variable (fact)" + set_fact: + realm_users_json: "{{ realm_users.json }}" + +- name: "Reading user ids of realm {{ current_realm_name }}" + set_fact: + realm_user_usernames: "{{ realm_users_json | json_query(jmesquery) }}" + vars: + jmesquery: '[*].username' + +- name: "Printing usernames of realm {{ current_realm_name }}" + debug: + msg: "{{ realm_user_usernames }}" + when: + - debug + +- name: "Creating users for realm {{ current_realm_name }}" + uri: + url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users" + method: POST + body_format: json + body: "{{ lookup('template','keycloak-realm-create-user.json.j2') }}" + headers: + Content-Type: "application/json" + Authorization: "Bearer {{ access_token }}" + status_code: [201] + with_items: [ + { + "username": "{{ connect_realm_admin_username }}", + "password": "{{ connect_realm_admin_password }}", + } + ] + when: current_realm_user.username not in realm_user_usernames + changed_when: True + loop_control: + loop_var: current_realm_user + delegate_to: 127.0.0.1 + +- name: "Reading users of realm {{ current_realm_name }}" + uri: + url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users" + method: GET + headers: + Authorization: "Bearer {{ access_token}} " + status_code: [200] + register: realm_users + delegate_to: 127.0.0.1 + +- name: "Saving users of realm {{ current_realm_name }} as variable (fact)" + set_fact: + realm_users_json: "{{ realm_users.json }}" + +- name: "Reading realm admin user id" + set_fact: + realm_admin_user_id: "{{ realm_users_json | json_query(jmesquery) | first | default('None') }}" + vars: + jmesquery: "[?username==`{{ connect_realm_admin_username }}`].id" + +- name: "Printing realm admin user id" + debug: + msg: "{{ realm_admin_user_id }}" + when: + - debug + +- name: "Reading realm clients" + uri: + url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients" + method: GET + headers: + Authorization: "Bearer {{ access_token}} " + status_code: [200] + register: realm_clients + delegate_to: 127.0.0.1 + +- name: "Saving clients of realm {{ current_realm_name }} as variable (fact)" + set_fact: + realm_clients_json: "{{ realm_clients.json }}" + +- name: "Reading realm management client id" + set_fact: + realm_management_client_id: "{{ realm_clients_json | json_query(jmesquery) | first | default('None') }}" + vars: + jmesquery: "[?clientId=='realm-management'].id" + +- name: "Printing realm management client id" + debug: + msg: "{{ realm_management_client_id }}" + when: + - debug + +- name: "Reading available role mappings for realm management client" + uri: + url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}/available" + method: GET + headers: + Authorization: "Bearer {{ access_token}} " + status_code: [200] + register: realm_admin_user_client_available_roles_response + delegate_to: 127.0.0.1 + +- name: "Reading realm admin role id for management client" + set_fact: + realm_admin_role_id: "{{ realm_admin_user_client_available_roles_response.json | json_query(jmesquery) | first | default('None') }}" + vars: + jmesquery: "[?name=='realm-admin'].id" + +- name: "Printing realm admin role id for management client" + debug: + msg: "{{ realm_admin_role_id }}" + when: + - debug + +- name: "Adding realm admin role to user {{ realm_admin_user_id }}" + uri: + url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}" + method: POST + body_format: json + body: "{{ lookup('template','keycloak-become-realm-admin-user.json.j2') }}" + headers: + Content-Type: "application/json" + Authorization: "Bearer {{ access_token }}" + status_code: [204] + changed_when: True + when: realm_admin_role_id != 'None' + delegate_to: 127.0.0.1 diff --git a/roles/keycloak/tasks/_create_realm_users.yml b/roles/keycloak/tasks/_create_realm_users.yml index bd408e1..f1256b6 100644 --- a/roles/keycloak/tasks/_create_realm_users.yml +++ b/roles/keycloak/tasks/_create_realm_users.yml @@ -13,26 +13,22 @@ - name: "Printing realm users" debug: msg: "{{ realm_users }}" - delegate_to: 127.0.0.1 when: - debug - name: "Saving users of realm {{ current_realm_name }} as variable (fact)" set_fact: realm_users_json: "{{ realm_users.json }}" - delegate_to: 127.0.0.1 - name: "Reading user ids of realm {{ current_realm_name }}" set_fact: realm_user_usernames: "{{ realm_users_json | json_query(jmesquery) }}" vars: jmesquery: '[*].username' - delegate_to: 127.0.0.1 - name: "Printing usernames of realm {{ current_realm_name }}" debug: msg: "{{ realm_user_usernames }}" - delegate_to: 127.0.0.1 when: - debug @@ -48,6 +44,7 @@ status_code: [201] with_items: "{{ current_realm_users }}" when: current_realm_user.username not in realm_user_usernames + changed_when: True loop_control: loop_var: current_realm_user delegate_to: 127.0.0.1 diff --git a/roles/keycloak/templates/keycloak-become-realm-admin-user.json.j2 b/roles/keycloak/templates/keycloak-become-realm-admin-user.json.j2 new file mode 100644 index 0000000..fb818dc --- /dev/null +++ b/roles/keycloak/templates/keycloak-become-realm-admin-user.json.j2 @@ -0,0 +1,7 @@ +[ + { + "id": "{{ realm_admin_role_id }}", + "name": "realm-admin", + "containerId": "{{ realm_management_client_id }}" + } +] diff --git a/roles/keycloak/templates/keycloak-realm-create.json.j2 b/roles/keycloak/templates/keycloak-realm-create.json.j2 index 8cdc826..bce452a 100644 --- a/roles/keycloak/templates/keycloak-realm-create.json.j2 +++ b/roles/keycloak/templates/keycloak-realm-create.json.j2 @@ -95,8 +95,8 @@ "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, "smtpServer": { - "host": "{{ mail_hostname }}", - "from": "{{ service_name }}@{{ mail_hostname }}" + "host": "{{ shared_service_mail_hostname }}", + "from": "{{ service_name }}@{{ shared_service_mail_hostname }}" }, "loginTheme": "smardigo-theme", "accountTheme": "smardigo-theme", diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index cf99267..a0ee26d 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -81,25 +81,33 @@ name: "all", label_selector: "stage={{ stage }}", }, + { + name: "mail", + label_selector: "stage={{ stage }},service=mail", + }, { name: "harbor", label_selector: "stage={{ stage }},service=harbor", }, { - name: "connect", - label_selector: "stage={{ stage }},service=connect", + name: "postgres", + label_selector: "stage={{ stage }},service=postgres", }, { name: "elastic", label_selector: "stage={{ stage }},service=elastic", }, { - name: "mail", - label_selector: "stage={{ stage }},service=mail", + name: "connect", + label_selector: "stage={{ stage }},service=connect", }, { - name: "postgres", - label_selector: "stage={{ stage }},service=postgres", + name: "iam", + label_selector: "stage={{ stage }},service=iam", + }, + { + name: "webdav", + label_selector: "stage={{ stage }},service=webdav", } ] loop_control: diff --git a/roles/webdav-postgres/defaults/main.yml b/roles/webdav-postgres/defaults/main.yml new file mode 100644 index 0000000..9678106 --- /dev/null +++ b/roles/webdav-postgres/defaults/main.yml @@ -0,0 +1,6 @@ +--- + +postgres_acls: + - name: "{{ webdav_postgres_database_name }}" + password: "{{ webdav_postgres_admin_password }}" + trusted_cidr_entry: "{{ shared_service_network }}" diff --git a/roles/webdav-postgres/handlers/main.yml b/roles/webdav-postgres/handlers/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/webdav-postgres/handlers/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/webdav-postgres/meta/main.yml b/roles/webdav-postgres/meta/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/webdav-postgres/meta/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/webdav-postgres/tasks/main.yml b/roles/webdav-postgres/tasks/main.yml new file mode 100644 index 0000000..2a50475 --- /dev/null +++ b/roles/webdav-postgres/tasks/main.yml @@ -0,0 +1,35 @@ +--- + +### tags: +### update_deployment + +- name: "Send mattermost message" + uri: + url: "{{ mattermost_hook_smardigo }}" + method: POST + body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}" + body_format: json + headers: + Content-Type: "application/json" + delegate_to: 127.0.0.1 + become: false + when: + - send_status_messages + +- name: "Setup postgres for {{ service_name }}" + include_role: + name: postgres + tasks_from: _postgres-acls + +- name: "Send mattermost messsge" + uri: + url: "{{ mattermost_hook_smardigo }}" + method: POST + body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}" + body_format: json + headers: + Content-Type: "application/json" + delegate_to: 127.0.0.1 + become: false + when: + - send_status_messages diff --git a/roles/webdav-postgres/vars/main.yml b/roles/webdav-postgres/vars/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/webdav-postgres/vars/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/webdav/defaults/main.yaml b/roles/webdav/defaults/main.yaml new file mode 100644 index 0000000..cec4ef5 --- /dev/null +++ b/roles/webdav/defaults/main.yaml @@ -0,0 +1,4 @@ +--- + +webdav_image_name: "dev-docker-registry-01.smardigo.digital/smardigo/smardigo-webdav-app" +webdav_image_version: "8.2.2" diff --git a/roles/webdav/handlers/main.yml b/roles/webdav/handlers/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/webdav/handlers/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/webdav/meta/main.yml b/roles/webdav/meta/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/webdav/meta/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/webdav/tasks/main.yaml b/roles/webdav/tasks/main.yaml new file mode 100644 index 0000000..d8fd35a --- /dev/null +++ b/roles/webdav/tasks/main.yaml @@ -0,0 +1,85 @@ +--- + +- name: "Send mattermost messsge" + uri: + url: "{{ mattermost_hook_smardigo }}" + method: POST + body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}" + body_format: json + headers: + Content-Type: "application/json" + delegate_to: 127.0.0.1 + become: false + when: + - send_status_messages + +- name: "Check if webdav/docker-compose.yml exists" + stat: + path: '{{ service_base_path }}/webdav/docker-compose.yml' + register: check_docker_compose_file + +- name: "Stop webdav" + shell: docker-compose down + args: + chdir: '{{ service_base_path }}/webdav' + when: check_docker_compose_file.stat.exists + ignore_errors: yes + +- name: "Deploy docker templates for webdav" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "_docker" + current_base_path: "{{ service_base_path }}" + current_destination: "webdav" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + current_docker: "{{ webdav_docker }}" + +- name: "Deploy service templates for webdav" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "webdav" + current_base_path: "{{ service_base_path }}" + current_destination: "webdav" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + +- name: "Deploy certificate templates for webdav" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "elastic-certs/certs" + current_base_path: "{{ service_base_path }}" + current_destination: "webdav/certs" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + +- name: "Update webdav" + shell: docker-compose pull + args: + chdir: '{{ service_base_path }}/webdav' + tags: + - update_deployment + +- name: "Start webdav" + shell: docker-compose up -d + args: + chdir: '{{ service_base_path }}/webdav' + +- name: "Send mattermost messsge" + uri: + url: "{{ mattermost_hook_smardigo }}" + method: POST + body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}" + body_format: json + headers: + Content-Type: "application/json" + delegate_to: 127.0.0.1 + become: false + when: + - send_status_messages diff --git a/roles/webdav/vars/main.yml b/roles/webdav/vars/main.yml new file mode 100644 index 0000000..8c5b46c --- /dev/null +++ b/roles/webdav/vars/main.yml @@ -0,0 +1,60 @@ +--- + +webdav_id: "{{ service_name }}-webdav" + +webdav_labels: [ + '"traefik.enable=true"', + '"traefik.http.routers.{{ webdav_id }}.service={{ webdav_id }}"', + '"traefik.http.routers.{{ webdav_id }}.rule=Host(`{{ stage_server_url_host }}`)"', + '"traefik.http.routers.{{ webdav_id }}.entrypoints=websecure"', + '"traefik.http.routers.{{ webdav_id }}.tls=true"', + '"traefik.http.routers.{{ webdav_id }}.tls.certresolver=letsencrypt"', + '"traefik.http.services.{{ webdav_id }}.loadbalancer.server.port={{ service_port_webdav }}"', + + '"traefik.http.routers.{{ webdav_id }}-admin.service={{ webdav_id }}-admin"', + '"traefik.http.routers.{{ webdav_id }}-admin.rule=Host(`{{ stage_server_url_host }}`)"', + '"traefik.http.routers.{{ webdav_id }}-admin.entrypoints=admin-service"', + '"traefik.http.routers.{{ webdav_id }}-admin.tls=true"', + '"traefik.http.routers.{{ webdav_id }}-admin.tls.certresolver=letsencrypt"', + '"traefik.http.routers.{{ webdav_id }}-admin.middlewares={{ webdav_id }}-admin-cors"', + '"traefik.http.middlewares.{{ webdav_id }}-admin-cors.headers.accesscontrolallowmethods=GET,OPTIONS"', + '"traefik.http.middlewares.{{ webdav_id }}-admin-cors.headers.accesscontrolalloworigin=*"', + '"traefik.http.middlewares.{{ webdav_id }}-admin-cors.headers.accesscontrolallowheaders=SMA_USER"', + '"traefik.http.services.{{ webdav_id }}-admin.loadbalancer.server.port={{ management_port }}"', + + '"traefik.http.routers.{{ webdav_id }}-monitor.service={{ service_name }}-node-exporter"', + '"traefik.http.routers.{{ webdav_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"', + '"traefik.http.routers.{{ webdav_id }}-monitor.entrypoints=monitoring-system"', + '"traefik.http.routers.{{ webdav_id }}-monitor.tls=true"', + '"traefik.http.routers.{{ webdav_id }}-monitor.tls.certresolver=letsencrypt"', +] + +webdav_docker: { + networks: [ + { + name: front-tier, + external: true, + }, + ], + services: [ + { + name: "{{ webdav_id }}", + image_name: "{{ webdav_image_name }}", + image_version: "{{ webdav_image_version }}", + labels: "{{ webdav_labels + ( webdav_labels_additional | default([])) }}", + restart: "{{ webdav_service_restart | default('always') }}", + user: root, + environment: [ + "SPRING_PROFILES_INCLUDE: \"postgres\"", + "DATASOURCE_URL: \"jdbc:postgresql://{{ webdav_postgres_host }}:{{ service_port_postgres }}/{{ webdav_postgres_database_name }}\"", + "DATASOURCE_USERNAME: \"{{ webdav_postgres_admin_username }}\"", + "DATASOURCE_PASSWORD: \"{{ webdav_postgres_admin_password }}\"", + "SMA_JWT_SECRET: \"{{ webdav_jwt_secret }}\"" + ], + networks: [ + '"front-tier"', + ], + extra_hosts: "{{ webdav_extra_hosts | default([]) }}", + }, + ], +} diff --git a/smardigo.yml b/smardigo.yml index 4a5ee57..40c0e9a 100644 --- a/smardigo.yml +++ b/smardigo.yml @@ -73,5 +73,7 @@ - role: iam when: "'iam' in group_names" + - role: webdav + when: "'webdav' in group_names" - role: connect when: "'connect' in group_names" diff --git a/stage-dev b/stage-dev index 0f01096..7115b81 100644 --- a/stage-dev +++ b/stage-dev @@ -29,6 +29,9 @@ dev-postgres-02 [prometheus] dev-prometheus-01 +[webdav] +dev-webdav-01 + [stage_dev:children] awx connect @@ -39,6 +42,7 @@ keycloak postfix postgres prometheus +webdav [all:children] stage_dev diff --git a/templates/prometheus/config/prometheus/prometheus.yml.j2 b/templates/prometheus/config/prometheus/prometheus.yml.j2 index 3925018..fa24019 100644 --- a/templates/prometheus/config/prometheus/prometheus.yml.j2 +++ b/templates/prometheus/config/prometheus/prometheus.yml.j2 @@ -49,7 +49,7 @@ scrape_configs: metrics_path: '/metrics' static_configs: - targets: [ -{% for host in server_group_all | default([]) %} +{% for host in server_group_all | difference(['dev-awx-02']) | default([]) %} '{{ host }}.{{ domain }}:{{ monitor_port_service }}', {% endfor %} ] @@ -150,6 +150,44 @@ scrape_configs: target_label: instance replacement: $1 + - job_name: 'iam' + scheme: {{ http_s }} + metrics_path: '/management/prometheus' + static_configs: + - targets: [ +{% for host in server_group_iam | default([]) %} + '{{ host }}.{{ domain }}:{{ monitor_port_service }}', +{% endfor %} + ] + labels: + env: {{ stage }} + project: smardigo + application: iam + relabel_configs: + - source_labels: [__address__] + regex: (.*):.* + target_label: instance + replacement: $1 + + - job_name: 'webdav' + scheme: {{ http_s }} + metrics_path: '/management/prometheus' + static_configs: + - targets: [ +{% for host in server_group_webdav | default([]) %} + '{{ host }}.{{ domain }}:{{ monitor_port_service }}', +{% endfor %} + ] + labels: + env: {{ stage }} + project: smardigo + application: webdav + relabel_configs: + - source_labels: [__address__] + regex: (.*):.* + target_label: instance + replacement: $1 + ############################################## ### Servers #### ############################################## @@ -159,7 +197,7 @@ scrape_configs: metrics_path: '/metrics' static_configs: - targets: [ -{% for host in server_group_all | default([]) %} +{% for host in server_group_all | difference(['dev-awx-02']) | default([]) %} '{{ host }}.{{ domain }}:{{ monitor_port_system }}', {% endfor %} ]