SMARCH-81: feat: added webdav as shared service

create-database-cluster.yml

@@ -80,7 +80,11 @@
        - debug
 
   roles:
+    - role: webdav-postgres
+      when: "'webdav' in group_names"
+
     - role: connect-postgres
+      when: "'connect' in group_names"
 
 #############################################################
 # Sending smardigo management message to process
@@ -103,5 +107,10 @@
           Content-Type: "application/json"
           Smardigo-User-Token: "{{ smardigo_management_token }}"
         status_code: [200]
+      delegate_to: 127.0.0.1
       retries: 5
       delay: 5
+      when:
+        - scope_id is defined
+        - process_instance_id is defined
+        - smardigo_management_action is defined

create-database-container.yml

@@ -101,5 +101,6 @@
           Content-Type: "application/json"
           Smardigo-User-Token: "{{ smardigo_management_token }}"
         status_code: [200]
+      delegate_to: 127.0.0.1
       retries: 5
       delay: 5

create-realm.yml

@@ -106,3 +106,4 @@
         status_code: [200]
       retries: 5
       delay: 5
+      delegate_to: 127.0.0.1

create-server.yml

@@ -173,3 +173,4 @@
         status_code: [200]
       retries: 5
       delay: 5
+      delegate_to: 127.0.0.1

create-service.yml

@@ -89,3 +89,4 @@
         status_code: [200]
       retries: 5
       delay: 5
+      delegate_to: 127.0.0.1

docker/dregsy/config.yaml

@@ -49,7 +49,7 @@ tasks:
       auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg==
     target:
       registry: dev-docker-registry-01.smardigo.digital
-      auth: eyJ1c2VybmFtZSI6ImRvY2tlci1hZG1pbiIsInBhc3N3b3JkIjoieVlUZFdjUTFLTVRlbGw4RU5UeURWOWRlZFFRZlVOIn0K
+      auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K
 
     # 'mappings' is a list of 'from':'to' pairs that define mappings of image
     # paths in the source registry to paths in the destination; 'from' is
@@ -89,7 +89,7 @@ tasks:
       auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg==
     target:
       registry: dev-docker-registry-01.smardigo.digital
-      auth: eyJ1c2VybmFtZSI6ImRvY2tlci1hZG1pbiIsInBhc3N3b3JkIjoieVlUZFdjUTFLTVRlbGw4RU5UeURWOWRlZFFRZlVOIn0K
+      auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K
     mappings:
       - from: smardigo/sensw-app
         to: sensw/sensw-app
@@ -112,7 +112,7 @@ tasks:
       auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg==
     target:
       registry: dev-docker-registry-01.smardigo.digital
-      auth: eyJ1c2VybmFtZSI6ImRvY2tlci1hZG1pbiIsInBhc3N3b3JkIjoieVlUZFdjUTFLTVRlbGw4RU5UeURWOWRlZFFRZlVOIn0K
+      auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K
     mappings:
       - from: smardigo/ssp-connect-app
         to: ssp/ssp-connect-app

group_vars/all/plain.yml

@@ -82,6 +82,7 @@ management_port: "8081"
 service_port_cadvisor: "8080"
 service_port_elasticsearch: "9200"
 service_port_iam: "8082"
+service_port_webdav: "8080"
 service_port_keycloak: "8080"
 service_port_kibana: "5601"
 service_port_logstash: "5044"

group_vars/all/vault.yml

@@ -1,85 +1,85 @@
 $ANSIBLE_VAULT;1.1;AES256
-32396563623961633038643633316466663939653264373037343730653639663938343630346562
-6230363031386138656435346433656535303531613761630a663435613837343536316133323038
-65653162656237623039633464666462376436383562303366323464373961386533343832333862
-6366353533313863640a313331343431393530313264633930346332666265393530653739643933
-32353866373066383335623863663534396564333534646161313162663330363532633834346136
-36646636663738373635623630623637376430636464326265386239313037666536636664623030
-66303238306236666333326232303162343037626466396235343364613931663264633738303734
-35636535663436633062616362313766333564653566303062653065633131393939363565643465
-31663962363337636164373131353431396138366563633430656330613339633632303837383133
-31386430393037643465333136653536303438626337653163616662323234326532626132313334
-65386433376162613663303537353334383637363634306266646331636138666436356138363635
-35643136646261653433343437326534343166393662353263366666623764366366356331306564
-65626336333563646237376139636438306362616131333534316635393532343061346132333338
-37646331393833303937313564316236353636663631313639616132396563316133363863346330
-30353239303431376639663766613131376238353033313536303431363830356437663831623964
-65656334373736646438323530653234343931626234393661323339393661333863363535653365
-36333932656266393235303238656237323065366132303463666431623462633838393561303132
-34346633336561663831633033633236623333383965393065653136306431366438643633646434
-31326535333131336239666431613833363834616630383231353264613337303034303265653732
-62343336626630376633336466663734636166626137323464633732386236386437636533356233
-66333666303032326132306535376366653233663761653830306163666137643764333635343763
-32346635373731333737326230323233623434323236303566383363303966383036373531313634
-66396339633865326138386535343932653639393962663634313964636332666130366464323666
-62303462303139346262313333396431326637663736363430323363643535363763326239616235
-35303066363461383534323835663635363665356236356438383731306632633330343332356562
-66333034623237383331643135666336306133646433643164373330383638653134356161663563
-38323137633165306634313863353934663030636231653239616261363732393563316634343265
-61653430376131653962616461383563343837313930613464313966353338323833316461323461
-39393237663762343238396534333565393938363835346238643732376161326235303330616663
-37646463333962353930386130303036653834383166623065383530323435333163323330623262
-65316432393661346365373263336333396164643763663438646366393863396632633932376337
-34366264306636356464663734613963646264393364626330633936623364366231643233343263
-64633631633365333364303836633334616534623339336532356431616339663939303037386532
-61343162393337346430353035343136336333363734653538613163626166356131363237313561
-66326338366561323633373137313263323138313037623130383166346266396339373863386636
-32646430663431636363323737653934306337666263656137636632373239363762373038613761
-64613133383635393534356432653636633961613939363938646630633966363339336266386638
-65326231663631633636633439653931656562336361333836623836653030306363336665616166
-39303835636366323562343966326464616239386330346237626261376364613638633835613762
-35333336323430666464303838663330326163343132653036353030303034356561353138633665
-30363931316337303166316363323632376236663861636439633231333263383263373034366538
-30313534613530653635663237383265363164663264363538386235323337393963396236393739
-61343764633737356531646130623136376434366337316264366132346664306561323432623261
-65373632333362313436346633303233623536343738623336336363343638393533636238626530
-32373737623733633639326166656536663332383063386430653334616436663730383037326233
-66656536303063613866393637373839353462386537306236363234613539346438383366333061
-61656138356562666136353665613130626661353562316239303735643966333866663031383834
-63616331656263333034353232656638343438646537393635663836313361333062663634613263
-31656139346565303139386531353935643462373531316363613537363164633437663738363439
-66613530323137393538616366373262353130323930313363656536393265623839333036316135
-34656263616231316439396333386438313533323664653433323463373638653635336130366635
-30633564383439333939633165633235366466396664386532386535303561316538396237616339
-32616137626634373263303165346664646365663866643663383834626337353362353433306232
-32323838313039363633336565663135396262376339396633663364393839346661376534303538
-61636530666631363037323130343862336266613633626631633931633038626363343334646462
-66366263306364656365303263643161666535353534366637373061633866376239303131613564
-37303539396536346635633564383136363666613138336134333561386261616136633534616531
-37303031396633396237316134393963393636666530656635303364383263346561656134643639
-39386132376438396532353361383263646336396662643662326561373339356665663364356535
-30373031333663653665366635616634613262663536643631646637326235613030346161313963
-34656239323130353238616263306361396335303139636237383938343364623331666136333639
-33663962303731396133383431363230303934653937303536396366343161626462393263616666
-63383134383666313133313337303931326366653134643561613234616362313431633639653663
-39613063353738643661613066373730353766626233363033636237366463656361343038663538
-37343866666639303063383561396664386266343736663266373433333535653134613362303664
-61666663373864626266363363376338313036326535663632383030316239313466306433333934
-32663934363765346161333465326662386562356538393339626534393262336639333261666330
-36356564346536366166626536663831653731643730313765343830316565396135646164326337
-66316236343966623234613862366630383734616232386135623265636464333661663636373739
-62636532313365363734323938333230633031356334386264333663623237326565656666343536
-30643535383434663137633135616363613935353638646561323062366430393064383030656431
-34376137333164613263343937343939616366383038306135303231393766373963653434623038
-30663134626330366231343565383330363666353466656233346531633936376265373965613633
-65326638363537323534616537323932316635663233383536613239366232626661346233336435
-64633336616463376561306130353763303763643432316437366562323837373161656531356465
-65393766333336366263353934623432626261343633343761326535353233383166336263656137
-36353132626430616663336566663865356139366238613130326337363735623861363835633735
-33363263666361343066643438376638663232383435303966643737623530663339616534343565
-31303162386663356432303336356466383866356138313537626262653336306563663161383863
-32376439633137313137346636646635623132653632656634623936643833633835316563666438
-35643637633861346361633533333131646364613935626132336331316633326435366433613762
-66666134366433623036633666303733313535663030386439386138623365396166646434643932
-39333665656363316265636530316430646364643565643238653537393930633130323935326463
-35653065656131613836
+63376530643934386637626662623631623061333563363962653837326362373064633163653434
+3932613032336365623637393233383964643462643164330a336534316564343535633534623432
+38323037333363363331353765303866656435393138383164346234343062643031366539343039
+3138383136373332650a386162623764306433626264363464616532636464393561643638656263
+38303432303330623763386138663438353236393135373933623266643965396634633932323963
+39343537306563646163396466303935346263363562303038393430326233393931383838646435
+63306436376130353830613131343734613537653037353631353934346633623534326261616334
+30653837356363633530306233396536373038333563376565353962626631333262356233636361
+63616538633530626264343036373062336165636531303133373363393836343331626365646336
+37303565643662343339343737323834353235366366303630643565636362326336326132383363
+66653337633837333937383664653931363165363438656634356233656637656233356639343764
+36613833323537656662616338343637653834653639376662393362393530663964366438326362
+35393136393638333165356336643536326365393766643638333437663833323239353063303435
+34363037346437643037623066666133386531366636363763303235666634373361313434656461
+66396130613035323464356461306130383138656437613832353930636231373562313534356233
+62616439393230333363646139373061316432663435653031303533306163626164633964393461
+63643064643361316236346634376634313132656633613839336435336136316638333461303537
+62613265386562383735623362626137303532386337333836376336323339343630613037396337
+36646539333462626538356531333834353132636537623531366132306161326338333033393266
+64323534353339656163626435643565353638333661656434646138616230303233386463393437
+36333536633832656430353937616461376631396236383738666364666135386533323263623032
+33653636363966333334316161656465366365316664323437626235646636373630666266383739
+30636132353461346461366239663466393766353063373130303761376230316534393462393838
+65383835333632613839343734656532346363393066373237616162623865633036383535633565
+39353339356232613366323166636465356461326531313638653438366362356333373764396561
+34376432393633376431376465643963383934386361616462613132663564366530306635313532
+36653061343037393237376366373435323232333831626566366264633633663661386465353331
+33313838356233366531306364353061383735383836393139343233313632373938643834316239
+32326235616362653032643237333464306261353433653565346532366564623166636361306237
+36636262653862396430323739616163623034626136626562643663666337663134643564653339
+38343333643237313064616666336137663562616164633166376630616564623866656366633633
+39316663306131376434303034646133626661396366343763373337613633363732643364323238
+37653935633564643336646163346136336133393861373535396437323737363837326132336433
+34343137343234373631313535623439326334626466323866373838623465366531396137336665
+36623334376434643236653539383961626664363732656137306163616366383734306564386335
+61323864616339616463666430383931633233393063633362356565653063356537626630323639
+63323132333163323664646337303834386134353564376433363433383137366333393363623565
+62356230333831666665653061393332323539656531336264643866383063366565653966323939
+61313133623630376633346464643435326665396139666261333531383362333035346439323134
+30653666353431313461656235333035326431623261343565326361313835393935666436643738
+61316639633733323865363232373963366461393533383262623462303438393364653764303039
+32326239616262306430326535623037356634333265353566316364316137653736613331333564
+35353133333837626531343330663366653634353131383966303636613935356661643532616136
+39653139383064343937643939656438353763643466373239363064633036356461663533373835
+31323061663532626338373064313637663461306630633336343434303738396566393638346438
+37373362363233303133623130353637333737663762636466616233643335626165623664333539
+31643639386261656136663036643732396465333036376163376162393063303063396530396238
+37366562366361393932323962336436613964646662396466383730393035663862353437333136
+33333161666632613934366163363737333636343263373434376362353035653465393037636139
+64633931333164393233643163623735353636666337646239363463303164383638326264666566
+66656463646630313534356266616232383732336361393437333766303064616636366366336362
+37353939386335636637316139656337646561353936643839323134326531313763336238326362
+37343363646333303434316366383634386535616132663661363930393733333539396164353636
+36333832376331643739373936666661363364356230613438303137383766353839326436363765
+32623466313066306261666237396365656437613331613337613862336237663630323033323039
+30646563363337386138643537396333356130646163313134633362346635646333353836383839
+33313665346564376236663938343464656636363362666362363564613964323966316261393663
+64393161303861316433353865373962646665623831323463383838633731323536326631666164
+61323666323435326132316330313165623666393835346634323264393632353765313835353138
+38666362376661343366653133656362663633633261646633396239666635313866626332316161
+62303236366264303735646136653130613361353830333966346264623430633166386337353333
+31656232316135616538323966356138313531343963333732373363356561383838623065313831
+32316534303763383735643833363635363765346432643437323237376639373131363866313634
+65333434333664313163613561623734383632383536386264343639386633646131393037306634
+38333935396639383339383564336139303838653636366338623162396162623739666663633631
+64326265373334323365646330353439643961616339363436643236366639393530346330633966
+37393166623865643031366637666430326537383763623561666233353337653335656366333335
+66363561633730663361313236633033303239333130346464373735316131653966663864633836
+30356532303933306431353632646330656338383765613031656639666365613763663538326262
+63393834343433633732666630376530613163393166316135373638393236343734663436326435
+37663461333865303865366533366663623432383035643938653061343033373264326439393231
+65666266666436353762636465393561666437636132326633383264613332333730333632626331
+62623763366466626230623931646539303338343637353761326662643765376437656631333630
+30636139356261353365386338643261303134313430633666393331636238323639626334383032
+36326666383737346164666630643739623238323761653565306636633262646462666564663336
+38346635343836636361646564633263396663343861626535306235376364646633633662323835
+63653162336637646565373133656431393531636132346231396366613561343734353231386236
+64646639393532323231643930343438663762383963636566306434323664336231313438646163
+32633932323639393839343865396633636365396132336665633965363630306264303537373838
+35373439383334303963666230643463653839613766363737336339646662313334306432306338
+63386162303133323739633531626133386664326437626439353533303834636336363239316432
+30633961653463366131636636376431663164313838653761623334396136343935326566363364
+37333536356365393764363232336661313666393565363865386432353936663439323965363063
+66366537323562653861

group_vars/connect/plain.yml

@@ -8,9 +8,9 @@ hetzner_server_type: cx21
 hetzner_server_labels: "stage={{ stage }} service={{ service }}"
 
 connect_client_id: "{{ cluster_name }}"
-connect_client_admin_username: "wordpress-admin"
-connect_client_admin_password: "wordpress-admin"
 
+connect_client_admin_username: "connect-admin"
+connect_client_admin_password: "connect-admin"
 current_realm_users: [
   {
     "username": "{{ connect_client_admin_username }}",
@@ -18,6 +18,9 @@ current_realm_users: [
   }
 ]
 
+connect_realm_admin_username: "connect-realm-admin"
+connect_realm_admin_password: "connect-realm-admin"
+
 current_realm_clients: [
   {
     clientId: "{{ connect_client_id }}",
@@ -45,8 +48,7 @@ connect_elastic_host: "dev-elastic-stack-01-elastic"
 connect_elastic_username: "{{ elastic_admin_username }}"
 connect_elastic_password: "{{ elastic_admin_password }}"
 connect_elastic_ca: "file:/usr/share/smardigo/ca.crt"
-connect_elastic_prefix: "{{ stage }}-{{ tenant_id }}"
-connect_elastic_message_index: "{{ cluster_name }}-message"
+connect_elastic_prefix: "{{ stage }}-{{ tenant_id }}-{{ cluster_name }}"
 
 connect_iam_module: external
 smardigo_iam_client_enabled: 'true'
@@ -66,3 +68,5 @@ connect_jwt_secret: 908ae14462d049d3be84964ef379c7c6
 
 #connect_csrf_token_name: "< see vault >"
 #connect_csrf_token_value: "< see vault >"
+
+connect_mail_properties_simulation: false

group_vars/stage_dev/plain.yml

@@ -174,6 +174,12 @@ iam_extra_hosts: [
     ip: "{{ shared_service_mail_ip }}",
   }
 ]
+webdav_extra_hosts: [
+  {
+    hostname: "{{ shared_service_pg_master_hostname }}",
+    ip: "{{ shared_service_pg_master_ip }}",
+  },
+]
 pgadmin_extra_hosts: [
   {
     hostname: "{{ shared_service_pg_master_hostname }}",

group_vars/webdav/plain.yml

@@ -0,0 +1,11 @@
+---
+
+hetzner_server_type: cpx11
+hetzner_server_labels: "stage={{ stage }} service=webdav"
+
+webdav_jwt_secret: "5646aee6dadc4c19b15f4b65f1e6549f"
+
+webdav_postgres_host: "{{ shared_service_pg_master_hostname }}"
+webdav_postgres_database_name: "{{ stage }}_webdav"
+webdav_postgres_admin_username: "{{ webdav_postgres_database_name }}"
+webdav_postgres_admin_password: "webdav-postgres-admin"

roles/connect-realm/tasks/main.yml

@@ -31,6 +31,11 @@
     name: keycloak
     tasks_from: _create_realm_users
 
+- name: "Create realm admin"
+  include_role:
+    name: keycloak
+    tasks_from: _create_realm_admin
+
 - name: "Send mattermost messsge"
   uri:
     url: "{{ mattermost_hook_smardigo }}"

roles/keycloak/tasks/_authenticate.yml

@@ -14,11 +14,9 @@
 - name: "Saving access_token as variable (fact)"
   set_fact: 
     access_token: "{{ keycloak_authentication.json.access_token }}"
-  delegate_to: 127.0.0.1
 
 - name: "Printing access_token for keycloak server"
   debug:
     msg: "{{ access_token }}"
-  delegate_to: 127.0.0.1
   when:
    - debug

roles/keycloak/tasks/_configure_client.yml

@@ -5,7 +5,6 @@
     msg: "{{ lookup('template','keycloak-realm-create-client.json.j2') }}"
   when:
    - debug
-  delegate_to: 127.0.0.1
 
 - name: Create client {{ client_id }} for realm {{ realm_name }}
   uri:

roles/keycloak/tasks/_configure_realm.yml

@@ -13,19 +13,16 @@
 - name: Save realms as variable (fact)
   set_fact: 
     realms_json: "{{ realms.json }}"
-  delegate_to: 127.0.0.1
 
 - name: Read realm ids
   set_fact:  
     realm_ids: "{{ realms_json | json_query(jmesquery) }}"
   vars:
     jmesquery: '[*].id'
-  delegate_to: 127.0.0.1
 
 - name: "Printing realm ids"
   debug:
     msg: "{{ realm_ids }}"
-  delegate_to: 127.0.0.1
   when:
    - debug
 
@@ -54,19 +51,16 @@
 - name: Save clients from realm as variable (fact)
   set_fact: 
     realm_clients_json: "{{ realm_clients.json }}"
-  delegate_to: 127.0.0.1
 
 - name: "Save client ids from realm {{ current_realm_name }}"
   set_fact:  
     realm_client_ids: "{{ realm_clients_json | json_query(jmesquery) }}"
   vars:
     jmesquery: '[*].{id: id, clientId: clientId}'
-  delegate_to: 127.0.0.1
 
 - name: "Printing client ids from realm {{ current_realm_name }}"
   debug:
     msg: "{{ realm_client_ids }}"
-  delegate_to: 127.0.0.1
   when:
    - debug
 

roles/keycloak/tasks/_create_realm_admin.yml

@@ -0,0 +1,142 @@
+---
+- name: "Reading users of realm {{ current_realm_name }}"
+  uri:
+    url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users"
+    method: GET
+    headers:
+      Authorization: "Bearer {{ access_token}} "
+    status_code: [200]
+  register: realm_users
+  delegate_to: 127.0.0.1
+
+- name: "Printing realm users"
+  debug:
+    msg: "{{ realm_users }}"
+  when:
+   - debug
+
+- name: "Saving users of realm {{ current_realm_name }} as variable (fact)"
+  set_fact: 
+    realm_users_json: "{{ realm_users.json }}"
+
+- name: "Reading user ids of realm {{ current_realm_name }}"
+  set_fact:  
+    realm_user_usernames:  "{{ realm_users_json | json_query(jmesquery) }}"
+  vars:
+    jmesquery: '[*].username'
+
+- name: "Printing usernames of realm {{ current_realm_name }}"
+  debug:
+    msg: "{{ realm_user_usernames }}"
+  when:
+   - debug
+
+- name: "Creating users for realm {{ current_realm_name }}"
+  uri:
+    url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users"
+    method: POST
+    body_format: json
+    body: "{{ lookup('template','keycloak-realm-create-user.json.j2') }}"
+    headers:
+      Content-Type: "application/json"
+      Authorization: "Bearer {{ access_token }}"
+    status_code: [201]
+  with_items: [
+    {
+      "username": "{{ connect_realm_admin_username }}",
+      "password": "{{ connect_realm_admin_password }}",
+    }
+  ]
+  when: current_realm_user.username not in realm_user_usernames
+  changed_when: True
+  loop_control:
+    loop_var: current_realm_user
+  delegate_to: 127.0.0.1
+  
+- name: "Reading users of realm {{ current_realm_name }}"
+  uri:
+    url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users"
+    method: GET
+    headers:
+      Authorization: "Bearer {{ access_token}} "
+    status_code: [200]
+  register: realm_users
+  delegate_to: 127.0.0.1
+
+- name: "Saving users of realm {{ current_realm_name }} as variable (fact)"
+  set_fact: 
+    realm_users_json: "{{ realm_users.json }}"
+
+- name: "Reading realm admin user id"
+  set_fact:  
+    realm_admin_user_id:  "{{ realm_users_json | json_query(jmesquery) | first | default('None') }}"
+  vars:
+    jmesquery: "[?username==`{{ connect_realm_admin_username }}`].id"
+
+- name: "Printing realm admin user id"
+  debug:
+    msg: "{{ realm_admin_user_id }}"
+  when:
+   - debug
+
+- name: "Reading realm clients"
+  uri:
+    url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients"
+    method: GET
+    headers:
+      Authorization: "Bearer {{ access_token}} "
+    status_code: [200]
+  register: realm_clients
+  delegate_to: 127.0.0.1
+
+- name: "Saving clients of realm {{ current_realm_name }} as variable (fact)"
+  set_fact: 
+    realm_clients_json: "{{ realm_clients.json }}"
+
+- name: "Reading realm management client id"
+  set_fact:  
+     realm_management_client_id:  "{{ realm_clients_json | json_query(jmesquery) | first | default('None') }}"
+  vars:
+    jmesquery: "[?clientId=='realm-management'].id"
+
+- name: "Printing realm management client id"
+  debug:
+    msg: "{{ realm_management_client_id }}"
+  when:
+   - debug
+
+- name: "Reading available role mappings for realm management client"
+  uri:
+    url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}/available"
+    method: GET
+    headers:
+      Authorization: "Bearer {{ access_token}} "
+    status_code: [200]
+  register: realm_admin_user_client_available_roles_response
+  delegate_to: 127.0.0.1
+
+- name: "Reading realm admin role id for management client"
+  set_fact:  
+     realm_admin_role_id:  "{{ realm_admin_user_client_available_roles_response.json | json_query(jmesquery) | first | default('None') }}"
+  vars:
+    jmesquery: "[?name=='realm-admin'].id"
+
+- name: "Printing realm admin role id for management client"
+  debug:
+    msg: "{{ realm_admin_role_id }}"
+  when:
+   - debug
+
+- name: "Adding realm admin role to user {{ realm_admin_user_id }}"
+  uri:
+    url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}"
+    method: POST
+    body_format: json
+    body: "{{ lookup('template','keycloak-become-realm-admin-user.json.j2') }}"
+    headers:
+      Content-Type: "application/json"
+      Authorization: "Bearer {{ access_token }}"
+    status_code: [204]
+  changed_when: True
+  when: realm_admin_role_id != 'None'
+  delegate_to: 127.0.0.1

roles/keycloak/tasks/_create_realm_users.yml

@@ -13,26 +13,22 @@
 - name: "Printing realm users"
   debug:
     msg: "{{ realm_users }}"
-  delegate_to: 127.0.0.1
   when:
    - debug
 
 - name: "Saving users of realm {{ current_realm_name }} as variable (fact)"
   set_fact: 
     realm_users_json: "{{ realm_users.json }}"
-  delegate_to: 127.0.0.1
 
 - name: "Reading user ids of realm {{ current_realm_name }}"
   set_fact:  
     realm_user_usernames:  "{{ realm_users_json | json_query(jmesquery) }}"
   vars:
     jmesquery: '[*].username'
-  delegate_to: 127.0.0.1
 
 - name: "Printing usernames of realm {{ current_realm_name }}"
   debug:
     msg: "{{ realm_user_usernames }}"
-  delegate_to: 127.0.0.1
   when:
    - debug
 
@@ -48,6 +44,7 @@
     status_code: [201]
   with_items: "{{ current_realm_users }}"
   when: current_realm_user.username not in realm_user_usernames
+  changed_when: True
   loop_control:
     loop_var: current_realm_user
   delegate_to: 127.0.0.1

roles/keycloak/templates/keycloak-become-realm-admin-user.json.j2

@@ -0,0 +1,7 @@
+[
+  {
+    "id": "{{ realm_admin_role_id }}",
+    "name": "realm-admin",
+    "containerId": "{{ realm_management_client_id }}"
+  }
+]

roles/keycloak/templates/keycloak-realm-create.json.j2

@@ -95,8 +95,8 @@
     "strictTransportSecurity": "max-age=31536000; includeSubDomains"
   },
   "smtpServer": {
-    "host": "{{ mail_hostname }}",
-    "from": "{{ service_name }}@{{ mail_hostname }}"
+    "host": "{{ shared_service_mail_hostname }}",
+    "from": "{{ service_name }}@{{ shared_service_mail_hostname }}"
   },
   "loginTheme": "smardigo-theme",
   "accountTheme": "smardigo-theme",

roles/prometheus/tasks/main.yml

@@ -81,25 +81,33 @@
       name: "all",
       label_selector: "stage={{ stage }}",
     },
+    {
+      name: "mail",
+      label_selector: "stage={{ stage }},service=mail",
+    },
     {
       name: "harbor",
       label_selector: "stage={{ stage }},service=harbor",
     },
     {
-      name: "connect",
-      label_selector: "stage={{ stage }},service=connect",
+      name: "postgres",
+      label_selector: "stage={{ stage }},service=postgres",
     },
     {
       name: "elastic",
       label_selector: "stage={{ stage }},service=elastic",
     },
     {
-      name: "mail",
-      label_selector: "stage={{ stage }},service=mail",
+      name: "connect",
+      label_selector: "stage={{ stage }},service=connect",
     },
     {
-      name: "postgres",
-      label_selector: "stage={{ stage }},service=postgres",
+      name: "iam",
+      label_selector: "stage={{ stage }},service=iam",
+    },
+    {
+      name: "webdav",
+      label_selector: "stage={{ stage }},service=webdav",
     }
   ]
   loop_control:

roles/webdav-postgres/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+
+postgres_acls:
+  - name: "{{ webdav_postgres_database_name }}"
+    password: "{{ webdav_postgres_admin_password }}"
+    trusted_cidr_entry: "{{ shared_service_network }}"

roles/webdav-postgres/handlers/main.yml

@@ -0,0 +1 @@
+---

roles/webdav-postgres/meta/main.yml

@@ -0,0 +1 @@
+---

roles/webdav-postgres/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+
+### tags:
+###   update_deployment
+
+- name: "Send mattermost message"
+  uri:
+    url: "{{ mattermost_hook_smardigo }}"
+    method: POST
+    body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}"
+    body_format: json
+    headers:
+      Content-Type: "application/json"
+  delegate_to: 127.0.0.1
+  become: false
+  when:
+    - send_status_messages
+
+- name: "Setup postgres for {{ service_name }}"
+  include_role:
+    name: postgres
+    tasks_from: _postgres-acls
+
+- name: "Send mattermost messsge"
+  uri:
+    url: "{{ mattermost_hook_smardigo }}"
+    method: POST
+    body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}"
+    body_format: json
+    headers:
+      Content-Type: "application/json"
+  delegate_to: 127.0.0.1
+  become: false
+  when:
+    - send_status_messages

roles/webdav-postgres/vars/main.yml

@@ -0,0 +1 @@
+---

roles/webdav/defaults/main.yaml

@@ -0,0 +1,4 @@
+---
+
+webdav_image_name: "dev-docker-registry-01.smardigo.digital/smardigo/smardigo-webdav-app"
+webdav_image_version: "8.2.2"

roles/webdav/handlers/main.yml

@@ -0,0 +1 @@
+---

roles/webdav/meta/main.yml

@@ -0,0 +1 @@
+---

roles/webdav/tasks/main.yaml

@@ -0,0 +1,85 @@
+---
+
+- name: "Send mattermost messsge"
+  uri:
+    url: "{{ mattermost_hook_smardigo }}"
+    method: POST
+    body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}"
+    body_format: json
+    headers:
+      Content-Type: "application/json"
+  delegate_to: 127.0.0.1
+  become: false
+  when:
+    - send_status_messages
+
+- name: "Check if webdav/docker-compose.yml exists"
+  stat:
+    path: '{{ service_base_path }}/webdav/docker-compose.yml'
+  register: check_docker_compose_file
+
+- name: "Stop webdav"
+  shell: docker-compose down
+  args:
+    chdir: '{{ service_base_path }}/webdav'
+  when: check_docker_compose_file.stat.exists
+  ignore_errors: yes
+
+- name: "Deploy docker templates for webdav"
+  include_role:
+    name: _deploy
+    tasks_from: templates
+  vars:
+    current_config: "_docker"
+    current_base_path: "{{ service_base_path }}"
+    current_destination: "webdav"
+    current_owner: "{{ docker_owner }}"
+    current_group: "{{ docker_group }}"
+    current_docker: "{{ webdav_docker }}"
+
+- name: "Deploy service templates for webdav"
+  include_role:
+    name: _deploy
+    tasks_from: templates
+  vars:
+    current_config: "webdav"
+    current_base_path: "{{ service_base_path }}"
+    current_destination: "webdav"
+    current_owner: "{{ docker_owner }}"
+    current_group: "{{ docker_group }}"
+
+- name: "Deploy certificate templates for webdav"
+  include_role:
+    name: _deploy
+    tasks_from: templates
+  vars:
+    current_config: "elastic-certs/certs"
+    current_base_path: "{{ service_base_path }}"
+    current_destination: "webdav/certs"
+    current_owner: "{{ docker_owner }}"
+    current_group: "{{ docker_group }}"
+
+- name: "Update webdav"
+  shell: docker-compose pull
+  args:
+    chdir: '{{ service_base_path }}/webdav'
+  tags:
+    - update_deployment
+
+- name: "Start webdav"
+  shell: docker-compose up -d
+  args:
+    chdir: '{{ service_base_path }}/webdav'
+
+- name: "Send mattermost messsge"
+  uri:
+    url: "{{ mattermost_hook_smardigo }}"
+    method: POST
+    body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}"
+    body_format: json
+    headers:
+      Content-Type: "application/json"
+  delegate_to: 127.0.0.1
+  become: false
+  when:
+    - send_status_messages

roles/webdav/vars/main.yml

@@ -0,0 +1,60 @@
+---
+
+webdav_id: "{{ service_name }}-webdav"
+
+webdav_labels: [
+  '"traefik.enable=true"',
+  '"traefik.http.routers.{{ webdav_id }}.service={{ webdav_id }}"',
+  '"traefik.http.routers.{{ webdav_id }}.rule=Host(`{{ stage_server_url_host }}`)"',
+  '"traefik.http.routers.{{ webdav_id }}.entrypoints=websecure"',
+  '"traefik.http.routers.{{ webdav_id }}.tls=true"',
+  '"traefik.http.routers.{{ webdav_id }}.tls.certresolver=letsencrypt"',
+  '"traefik.http.services.{{ webdav_id }}.loadbalancer.server.port={{ service_port_webdav }}"',
+
+  '"traefik.http.routers.{{ webdav_id }}-admin.service={{ webdav_id }}-admin"',
+  '"traefik.http.routers.{{ webdav_id }}-admin.rule=Host(`{{ stage_server_url_host }}`)"',
+  '"traefik.http.routers.{{ webdav_id }}-admin.entrypoints=admin-service"',
+  '"traefik.http.routers.{{ webdav_id }}-admin.tls=true"',
+  '"traefik.http.routers.{{ webdav_id }}-admin.tls.certresolver=letsencrypt"',
+  '"traefik.http.routers.{{ webdav_id }}-admin.middlewares={{ webdav_id }}-admin-cors"',
+  '"traefik.http.middlewares.{{ webdav_id }}-admin-cors.headers.accesscontrolallowmethods=GET,OPTIONS"',
+  '"traefik.http.middlewares.{{ webdav_id }}-admin-cors.headers.accesscontrolalloworigin=*"',
+  '"traefik.http.middlewares.{{ webdav_id }}-admin-cors.headers.accesscontrolallowheaders=SMA_USER"',
+  '"traefik.http.services.{{ webdav_id }}-admin.loadbalancer.server.port={{ management_port }}"',
+
+  '"traefik.http.routers.{{ webdav_id }}-monitor.service={{ service_name }}-node-exporter"',
+  '"traefik.http.routers.{{ webdav_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"',
+  '"traefik.http.routers.{{ webdav_id }}-monitor.entrypoints=monitoring-system"',
+  '"traefik.http.routers.{{ webdav_id }}-monitor.tls=true"',
+  '"traefik.http.routers.{{ webdav_id }}-monitor.tls.certresolver=letsencrypt"',
+]
+
+webdav_docker: {
+  networks: [
+    {
+      name: front-tier,
+      external: true,
+    },
+  ],
+  services: [
+    {
+      name: "{{ webdav_id }}",
+      image_name: "{{ webdav_image_name }}",
+      image_version: "{{ webdav_image_version }}",
+      labels: "{{ webdav_labels + ( webdav_labels_additional | default([])) }}",
+      restart: "{{ webdav_service_restart | default('always') }}",
+      user: root,
+      environment: [
+        "SPRING_PROFILES_INCLUDE: \"postgres\"",
+        "DATASOURCE_URL: \"jdbc:postgresql://{{ webdav_postgres_host }}:{{ service_port_postgres }}/{{ webdav_postgres_database_name }}\"",
+        "DATASOURCE_USERNAME: \"{{ webdav_postgres_admin_username }}\"",
+        "DATASOURCE_PASSWORD: \"{{ webdav_postgres_admin_password }}\"",
+        "SMA_JWT_SECRET: \"{{ webdav_jwt_secret }}\""
+      ],
+      networks: [
+        '"front-tier"',
+      ],
+      extra_hosts: "{{ webdav_extra_hosts | default([]) }}",
+    },
+  ],
+}

smardigo.yml

@@ -73,5 +73,7 @@
 
     - role: iam
       when: "'iam' in group_names"
+    - role: webdav
+      when: "'webdav' in group_names"
     - role: connect
       when: "'connect' in group_names"

stage-dev

@@ -29,6 +29,9 @@ dev-postgres-02
 [prometheus]
 dev-prometheus-01
 
+[webdav]
+dev-webdav-01
+
 [stage_dev:children]
 awx
 connect
@@ -39,6 +42,7 @@ keycloak
 postfix
 postgres
 prometheus
+webdav
 
 [all:children]
 stage_dev

templates/prometheus/config/prometheus/prometheus.yml.j2

@@ -49,7 +49,7 @@ scrape_configs:
     metrics_path: '/metrics'
     static_configs:
       - targets: [
-{% for host in server_group_all | default([]) %}
+{% for host in server_group_all | difference(['dev-awx-02']) | default([]) %}
           '{{ host }}.{{ domain }}:{{ monitor_port_service }}',
 {% endfor %}
         ]
@@ -150,6 +150,44 @@ scrape_configs:
         target_label:  instance
         replacement:   $1
 
+  - job_name: 'iam'
+    scheme: {{ http_s }}
+    metrics_path: '/management/prometheus'
+    static_configs:
+      - targets: [
+{% for host in server_group_iam | default([]) %}
+          '{{ host }}.{{ domain }}:{{ monitor_port_service }}',
+{% endfor %}
+        ]
+        labels:
+          env: {{ stage }}
+          project: smardigo
+          application: iam
+    relabel_configs:
+      - source_labels: [__address__]
+        regex:         (.*):.*
+        target_label:  instance
+        replacement:   $1
+
+  - job_name: 'webdav'
+    scheme: {{ http_s }}
+    metrics_path: '/management/prometheus'
+    static_configs:
+      - targets: [
+{% for host in server_group_webdav | default([]) %}
+          '{{ host }}.{{ domain }}:{{ monitor_port_service }}',
+{% endfor %}
+        ]
+        labels:
+          env: {{ stage }}
+          project: smardigo
+          application: webdav
+    relabel_configs:
+      - source_labels: [__address__]
+        regex:         (.*):.*
+        target_label:  instance
+        replacement:   $1
+
 ##############################################
 ###                Servers                ####
 ##############################################
@@ -159,7 +197,7 @@ scrape_configs:
     metrics_path: '/metrics'
     static_configs:
       - targets: [
-{% for host in server_group_all | default([]) %}
+{% for host in server_group_all | difference(['dev-awx-02']) | default([]) %}
           '{{ host }}.{{ domain }}:{{ monitor_port_system }}',
 {% endfor %}
         ]