gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

SMARCH-46: smardigo self service portal (wip)

Browse Source
master
Sven Ketelsen 5 years ago
parent 68c5ef2e9a
commit ea45d111d9
16 changed files with 226 additions and 183 deletions
Show Stats Download Patch File Download Diff File

12
docker/dregsy/config.yaml
Unescape Escape View File

@ -25,7 +25,7 @@ lister:
# list of sync tasks # list of sync tasks
tasks: tasks:
- name: connect-whitelabel-app # required - name: smardigo # required
# interval in seconds at which the task should be run; when omitted, # interval in seconds at which the task should be run; when omitted,
# the task is only run once at start-up # the task is only run once at start-up
@ -49,7 +49,7 @@ tasks:
auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg== auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg==
target: target:
registry: dev-docker-registry-01.smardigo.digital registry: dev-docker-registry-01.smardigo.digital
auth: eyJ1c2VybmFtZSI6ImRvY2tlci1hZG1pbiIsInBhc3N3b3JkIjoieVlUZFdjUTFLTVRlbGw4RU5UeURWOWRlZFFRZlVOOFIifQo= auth: eyJ1c2VybmFtZSI6ImRvY2tlci1hZG1pbiIsInBhc3N3b3JkIjoieVlUZFdjUTFLTVRlbGw4RU5UeURWOWRlZFFRZlVOIn0K
# 'mappings' is a list of 'from':'to' pairs that define mappings of image # 'mappings' is a list of 'from':'to' pairs that define mappings of image
# paths in the source registry to paths in the destination; 'from' is # paths in the source registry to paths in the destination; 'from' is
@ -64,3 +64,11 @@ tasks:
to: smardigo/connect-whitelabel-app to: smardigo/connect-whitelabel-app
tags: tags:
- 'regex: ^(latest)|(([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+))$' - 'regex: ^(latest)|(([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+))$'
- from: smardigo/iam-app
to: smardigo/iam-app
tags:
- 'regex: ^(latest)|(([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+))$'
- from: smardigo/caddy
to: smardigo/caddy
tags:
- 'regex: ^(latest)|(([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+))$'

2
group_vars/all/plain.yml
Unescape Escape View File

@ -107,6 +107,8 @@ hetzner_ssh_keys:
#reverse_proxy_admin_password: "< see vault >" #reverse_proxy_admin_password: "< see vault >"
#mattermost_hook_smardigo: "< see vault >" #mattermost_hook_smardigo: "< see vault >"
#teams_hook_smardigo: "< see vault >"
#hetzner_authentication_token: "< see vault >" #hetzner_authentication_token: "< see vault >"
#digitalocean_authentication_token: "< see vault >" #digitalocean_authentication_token: "< see vault >"

112
group_vars/all/vault.yml
Unescape Escape View File

@ -1,51 +1,63 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
34633465613364373734643738376434323433343232643832666466316130393530656561613535 37343961396162613432633164313634356664303235373937373235323338383735373836323636
3831303063333037663562313465313238646638613538660a626463313530653536366133343664 6661373233623733303261383366303933373565383164310a393664666533356230303064356230
33393566366134323736626165306436363231346239643837363032393066636163346563626333 61613238333837636362306233316464383839626336373438623861643764656433343338313162
6565626333343033370a323666313165393639306439333639313732646539613430333238316632 3461623661313838640a643662353363303965383765363535613133393636373365393931323936
33383832623631303265376135333538383732663234383334663636306236616366656136383830 34393063646536373365373533316339333139623666656430303163666433636461633964383662
36336633396430666333663339306235663233396435633431343335666233646231363364326434 30396463636534366139373233373161356334323538373164386464323839613438663564346362
65623836633133383761366533353339623139356363326538646566326237356332623839386362 35316533633662663637366263306164313861323330643064343536326637616538383862363634
31356139396532646233666563663133393662373237326639383066643832373162366564386230 30623636393266386138633032313839663530333736623034383738306464363366303033366337
32333464383738663639656237663936313132323531623864623737376662326234366265383561 37306466643939336330666136333835623239323931633537626235656239383637653865643232
61356538663432336635613664616363326662343639356432383165663561333032313466333630 65653831386337613762663739613538646637653061613063356631363634633038386663613437
65633766623032616632613962623737656163303238626264393264386638303637373136366237 35323965666237343334336366323266643363393862326232303566663861613536653734333432
31343730373637303937356331663665333332333235643936396466633839623062663338316333 30303465616134366430383565613164396135363130366439653737383463313861656661373061
34313635316661373030346633643934353430333431303063643363646664393566613231663135 36643931323737626462336664666232363930643639356365613636656262366163393033383035
36656238333163323338653033333163343063363161313765666561613133626437623338326337 65623865343861636330633235363162313961366130366436646361316531623861356531323231
37623438613330363966376636613035356138373139383966323333396161356661663161306564 38353539393662313637353636663730303761653433366431326336363338653837346164386538
37373763316461656632303236333236356464376234666164643734623633386230356133363463 66663936653634616264626137313864623561613561373463663138333461313434373266316664
37643066643636626133616461633434326231333134616431333239336539346239663635396630 39623063323361376639316134623535383730373838313838643938333430346362623962396537
38366336333865373033393830613365313366613064643130656435633161346237623030373435 66343861626665363730633037626364646639666538393235386639633639633234316334383666
31623630376233366463353961633162656137343866373431333165383363653434663836626437 34656132333563383532333538376163316233636236373235376336643863626435613930343531
64353535313632353062653833633863373666356537306133323833343465323238376331346264 63373237383138623636326631343935323863383762643564366238626362646434653761316539
39613665633032653935646532643466383237316263383130323966393031373866323234363937 37393435336539306163353531396461316230643065653932353264616635343234633165656431
33353836656538373964656235353662303132303861623938353939353135323936306236366330 62333433366435306538613561643963663666313432663038656330303438373035666238303239
30303963313863316632656538633433656631656236343732616537623034393930653939326563 64343964383435396630393030646265663061623532356534666331626331386437346565353238
39373736306137656363366536633234666239333038393364383239393238646366653466643231 36636233393465626636336637303733623130633765643237373266653231396266396633623634
33613131613637363365373265653037353964663537653234366361356431656364616432303038 66663232343666353965663666656530376265653837643739363462363631336633323537353666
39393865376137613161303638356466653632396464323336343263323536306235333030303866 33376534633134623230663238623764633637313030376663646230366639646639376235323938
30623933316335346264613465323832383531366666383939663738333531656138623565306462 63333430393966326537316363303134323363653633323563313239363331636433316236346234
37313465376263643966666330646466663239306665363434626431613562633433346530623232 39653565623438653233643834313330633130383263383334313962653761326363303432643365
63363434393263643232633337643138633931626533653366353135326130643230633464393534 36383734326565343231333031346461366535643566333761386533613539353536386630373865
36643935663561326132653565353331306238353665323765663961636461323066346564376561 63623966613665646166396265663137613739356538306238383639373536386532616566326161
35326661643066616136646662616635336262336133346232326264306261333663316135336537 62393435343731333333666635336139316261666135353164643964383136343136303665616639
33633663313363396130346431336636396636636262386566316165616463363235643336316461 64346262663965323735396232636338333664303338663465623864336263653636343566643330
64643866343538656364393436353838366639613135636137333636393562313461373033663932 63353931623437336665663034353838633535656636653336643731333664663139633939623234
66313834356334336234326563666630313562663534636464303165346436666666626532653838 33663664313162386330626635313131663134656664616262303862313536306335396365623332
38393465643539326530643134356231353635363963633935353633313736623537323335353462 62336637666438306264313731396438323732363832393038633062626137373464303363613766
38396230643032306165633333366436303134356362383062383735623031646565613163663432 61626334643036386230313162313835336163393332623762323534336330393265356531626132
39616163303934333534393265666133636365393361386532646166666334363331333861613639 33386464663561633133383430303461623862663864356538363263646333316463646364396333
34633736336431613934343138313132663238663563373338653039383134303339636164396163 35343137383265633165663334373664613030303432396431383063636235646165383366353563
32326230373733306662306232363539323463393134356362376333616338336164396333323866 34393666336138346631373932633639386232343936383634363736313534343035303066613061
38336333376337626266393733626161633238306630623831396132616162393361313731313337 39636234616530653566376538363565643362356338316331636335386230366639333230366637
62373439653266366239656230323766653366326161613761353334303036376662316135353933 36303766383438383334353939316164623830383464336138376636343666626635366336376439
36316532373361303039333734313862656636316563656636613339613531653864306263626265 34343666363035306632323464353835316365383462363239306430363933393731386636653839
30656265363063303165303936623131316663643236363866396162653530373463366537616266 64303035363234646263643361303530633833653035666666616563333739663036396430626462
65346532373130646361613431636636633335383565306234363631643366376630643030393535 38653730303130376136383161633339633739623736353631373032656437373066366264366339
33643963373332626661353661626364356233363464366637623862316133356566656236633534 36643235656665306165613737363334346436333135313634353136306665653230653363653434
30646438336537393764333831303135383634616165666533306662393466303230303738376266 66303335326562316234316261353638373064316534326265656331643739613332613631333462
32366237643061613264333964613534613831636232396365393833373639306561353131333638 32623931323566333035383537343261663536623237623838653465343866666530656562373636
61353837363431336634366432386533386437313364386662643236633931653337303466393833 31616432393033626538623663373431323462383439646439303839386635373934653164326534
65646365663437396262343065363135346264363164376334343365626462386261393462343236 34393962346230633335346233623663643662643631643438363139633964636666363039343839
3830303437326237373533636335613632333133643232326262 64386431323564343363396663366465623261616337396165363030313231616666353931306164
30656435653938303530363937323939336331653662316539626662626231336439333839623430
30376133353030643061323466326137336334306131353331306330303935666536346138613766
30633534636533333463356537376639623535336532396538383433326432383931393562383664
35613631343064326238333834353466336539393735313461336366633339333033363133383234
64393632356637653434313566363337663961393263386434653234653265353261646461333630
62303865323839356561316433363161313932636633653961343365646266303733663964333363
39616436396563366132643737343165626533613535383239333365623939643862666163363365
63636362656437646439323935383836326333353937316638393461393038306638306434613264
62373037616565333366646231656130623237306235626238393837303939316532633934623036
30346137306137323566306362613631663432383737303635663137353631373536386563393337
30613762626164393132343964383433363437353738666635356639333332623361663631323638
6137366437383364303766666631313336613732333038633335

3
host_vars/dev-elastic-stack-01.yml
Unescape Escape View File

@ -6,4 +6,7 @@ hetzner_server_type: cx31
smardigo_plattform_users: smardigo_plattform_users:
- 'elastic' - 'elastic'
- 'peter.heise'
- 'sven.ketelsen' - 'sven.ketelsen'
- 'vanphuong.ma'
- 'daniel.dz'

3
host_vars/dev-elastic-stack-02.yml
Unescape Escape View File

@ -6,4 +6,7 @@ hetzner_server_type: cx31
smardigo_plattform_users: smardigo_plattform_users:
- 'elastic' - 'elastic'
- 'peter.heise'
- 'sven.ketelsen' - 'sven.ketelsen'
- 'vanphuong.ma'
- 'daniel.dz'

3
host_vars/dev-elastic-stack-03.yml
Unescape Escape View File

@ -6,4 +6,7 @@ hetzner_server_type: cx31
smardigo_plattform_users: smardigo_plattform_users:
- 'elastic' - 'elastic'
- 'peter.heise'
- 'sven.ketelsen' - 'sven.ketelsen'
- 'vanphuong.ma'
- 'daniel.dz'

171
host_vars/dev-keycloak-01.yml
Unescape Escape View File

@ -5,12 +5,51 @@ hetzner_server_labels: "stage={{ stage }} service=keycloak"
keycloak: { keycloak: {
realms: [ realms: [
{ {
name: 'management-smardigo', name: 'docker',
display_name: 'management-smardigo', display_name: 'docker',
users: [
{
"username": "docker-admin",
"password": "docker-admin",
"email": "sven.ketelsen@arxes-tolina.de"
}
],
groups: [
{
"name": "admin",
},
{
"name": "sensw",
},
{
"name": "smardigo",
},
],
clients: [
{
clientId: 'dev-docker-registry-01',
name: 'dev-docker-registry-01',
admin_url: '',
root_url: '',
redirect_uris: '
[
"https://dev-docker-registry-01.smardigo.digital/*"
]',
secret: 'f1f852b4-2e75-448a-9596-3c77d53ce405',
web_origins: '
[
"https://dev-docker-registry-01.smardigo.digital",
]',
}
]
},
{
name: 'smardigo',
display_name: 'smardigo',
users: [ users: [
{ {
"username": "management-admin", "username": "connect-admin",
"password": "management-admin", "password": "connect-admin",
} }
], ],
clients: [ clients: [
@ -89,131 +128,7 @@ keycloak: {
"https://dev-connect-03.smardigo.digital", "https://dev-connect-03.smardigo.digital",
]', ]',
}, },
{
clientId: 'connect-04',
name: 'connect-04',
admin_url: '',
root_url: '',
redirect_uris: '
[
"https://dev-connect-04.smardigo.digital/*",
"http://dev-connect-04.smardigo.digital/*",
]',
secret: '9e234965-1041-4653-8a0e-db964c04bc26',
web_origins: '
[
"https://dev-connect-04.smardigo.digital",
]',
},
{
clientId: 'connect-05',
name: 'connect-05',
admin_url: '',
root_url: '',
redirect_uris: '
[
"https://dev-connect-05.smardigo.digital/*",
"http://dev-connect-05.smardigo.digital/*",
]',
secret: '9e234965-1041-4653-8a0e-db964c04bc26',
web_origins: '
[
"https://dev-connect-05.smardigo.digital",
]',
},
{
clientId: 'connect-06',
name: 'connect-06',
admin_url: '',
root_url: '',
redirect_uris: '
[
"https://dev-connect-06.smardigo.digital/*",
"http://dev-connect-06.smardigo.digital/*",
]',
secret: '9e234965-1041-4653-8a0e-db964c04bc26',
web_origins: '
[
"https://dev-connect-06.smardigo.digital",
]',
},
{
clientId: 'connect-07',
name: 'connect-07',
admin_url: '',
root_url: '',
redirect_uris: '
[
"https://dev-connect-07.smardigo.digital/*",
"http://dev-connect-07.smardigo.digital/*",
]',
secret: '9e234965-1041-4653-8a0e-db964c04bc26',
web_origins: '
[
"https://dev-connect-07.smardigo.digital",
]',
},
{
clientId: 'connect-08',
name: 'connect-08',
admin_url: '',
root_url: '',
redirect_uris: '
[
"https://dev-connect-08.smardigo.digital/*",
"http://dev-connect-08.smardigo.digital/*",
]',
secret: '9e234965-1041-4653-8a0e-db964c04bc26',
web_origins: '
[
"https://dev-connect-08.smardigo.digital",
]',
},
{
clientId: 'connect-09',
name: 'connect-09',
admin_url: '',
root_url: '',
redirect_uris: '
[
"https://dev-connect-09.smardigo.digital/*",
"http://dev-connect-09.smardigo.digital/*",
]',
secret: '9e234965-1041-4653-8a0e-db964c04bc26',
web_origins: '
[
"https://dev-connect-09.smardigo.digital",
]',
}
] ]
}, },
{
name: 'smardigo-02',
display_name: 'smardigo-02',
users: [
{
"username": "docker-admin",
"password": "docker-admin",
"email": "sven.ketelsen@arxes-tolina.de"
}
],
clients: [
{
clientId: 'dev-docker-registry-01',
name: 'dev-docker-registry-01',
admin_url: '',
root_url: '',
redirect_uris: '
[
"https://dev-docker-registry-01.smardigo.digital/*"
]',
secret: 'f1f852b4-2e75-448a-9596-3c77d53ce405',
web_origins: '
[
"https://dev-docker-registry-01.smardigo.digital",
]',
}
]
}
] ]
} }

17
host_vars/dev-management-smardigo-01.yml
Unescape Escape View File

@ -0,0 +1,17 @@
---
hetzner_server_labels: "stage={{ stage }} service=connect"
hetzner_server_type: cpx21
connect_auth_module: oidc
connect_oidc_client_id: management-smardigo
connect_oidc_client_secret: f1f852b4-2e75-889a-2453-3c55d53ce405
connect_oidc_registration_id: management-smardigo
connect_oidc_issuer_uri: https://{{ keycloak_hostname }}/auth/realms/smardigo
connect_password_change_url: https://{{ keycloak_hostname }}/auth/realms/smardigo/account/password
connect_iam_user_management_url: https://{{ keycloak_hostname }}/auth/admin/smardigo/console
spring_profiles_include_suffix: ",hetzner"
ribbon_display_on_active_profiles: "hetzner"

2
roles/common/configs/docker/config.json.j2
Unescape Escape View File

@ -1,7 +1,7 @@
{ {
"auths": { "auths": {
"dev-docker-registry-01.smardigo.digital": { "dev-docker-registry-01.smardigo.digital": {
"auth": "ZG9ja2VyLWFkbWluOnlZVGRXY1ExS01UZWxsOEVOVHlEVjlkZWRRUWZVTjhS" "auth": "ZG9ja2VyLWFkbWluOnlZVGRXY1ExS01UZWxsOEVOVHlEVjlkZWRRUWZVTg=="
} }
}, },
"HttpHeaders": { "HttpHeaders": {

1
roles/common/tasks/main.yml
Unescape Escape View File

@ -103,6 +103,7 @@
loop: '{{ smardigo_plattform_users }}' loop: '{{ smardigo_plattform_users }}'
tags: tags:
- users - users
- config
- name: "Install common dependencies" - name: "Install common dependencies"
apt: apt:

2
roles/connect/defaults/main.yml
Unescape Escape View File

@ -2,7 +2,7 @@
connect_image_name: "{{ docker_registry }}/smardigo/connect-whitelabel-app" connect_image_name: "{{ docker_registry }}/smardigo/connect-whitelabel-app"
connect_version: '8.2.0-SNAPSHOT' connect_version: 'latest'
connect_admin_username: "connect-admin" connect_admin_username: "connect-admin"
connect_admin_password: "connect-admin" connect_admin_password: "connect-admin"

3
roles/hcloud/templates/firewall-docker.json.j2
Unescape Escape View File

@ -10,7 +10,8 @@
"source_ips": [ "source_ips": [
"116.203.130.110/32", "116.203.130.110/32",
"157.90.236.71/32", "157.90.236.71/32",
"162.55.54.246/32" "162.55.54.246/32",
"159.69.46.214/32"
], ],
"destination_ips": [ "destination_ips": [
] ]

61
roles/keycloak/tasks/create_realm_groups.yml
Unescape Escape View File

@ -0,0 +1,61 @@
---
- name: Read groups of realm {{ current_realm_name }}
uri:
url: http://localhost:{{ service_port_keycloak_external }}/auth/admin/realms/{{ current_realm_name }}/groups
method: GET
headers:
Authorization: "Bearer {{ access_token}} "
status_code: [200]
register: realm_groups
tags:
- create_groups
- update_realms
- name: Print realm groups
debug:
msg: "{{ realm_groups }}"
tags:
- create_groups
- update_realms
- name: Save realm groups as variable (fact)
set_fact:
realm_groups_json: "{{ realm_groups.json }}"
tags:
- create_groups
- update_realms
- name: Read realm group names
set_fact:
realm_groupnames: "{{ realm_groups_json | json_query(jmesquery) }}"
vars:
jmesquery: '[*].name'
tags:
- create_groups
- update_realms
- name: Print realm groupnames
debug:
msg: "{{ realm_groupnames }}"
tags:
- create_groups
- update_realms
- name: "Create groups for realm {{ current_realm_name }}"
uri:
url: http://localhost:{{ service_port_keycloak_external }}/auth/admin/realms/{{ current_realm_name }}/groups
method: POST
body_format: json
body: "{{ lookup('template','keycloak-realm-create-group.json.j2') }}"
headers:
Content-Type: "application/json"
Authorization: "Bearer {{ access_token }}"
status_code: [201]
with_items: "{{ current_realm_groups }}"
when: current_realm_group.name not in realm_groupnames
loop_control:
loop_var: current_realm_group
tags:
- create_groups
- update_realms

13
roles/keycloak/tasks/main.yml
Unescape Escape View File

@ -2,6 +2,7 @@
### tags: ### tags:
### create_users ### create_users
### create_groups
### update_realms ### update_realms
### update_deployment ### update_deployment
@ -111,6 +112,7 @@
register: keycloak_authentication register: keycloak_authentication
tags: tags:
- create_users - create_users
- create_groups
- update_realms - update_realms
- name: "Create user storage provider in master realm" - name: "Create user storage provider in master realm"
@ -157,6 +159,17 @@
- create_users - create_users
- update_realms - update_realms
- name: "Create realm groups"
include_tasks: create_realm_groups.yml
vars:
current_realm_name: "{{ item.name }}"
current_realm_groups: "{{ item.groups | default([]) }}"
access_token: "{{ keycloak_authentication.json.access_token }}"
with_items: "{{ keycloak.realms }}"
tags:
- create_groups
- update_realms
- name: "Send mattermost messsge" - name: "Send mattermost messsge"
uri: uri:
url: "{{ mattermost_hook_smardigo }}" url: "{{ mattermost_hook_smardigo }}"

3
roles/keycloak/templates/keycloak-realm-create-group.json.j2
Unescape Escape View File

@ -0,0 +1,3 @@
{
"name": "{{ current_realm_group.name }}"
}

1
stage-dev
Unescape Escape View File

@ -1,5 +1,6 @@
[connect] [connect]
# <stage>-<tenant>-<name>-<node> # <stage>-<tenant>-<name>-<node>
dev-management-smardigo-01
dev-connect-01 dev-connect-01
dev-connect-02 dev-connect-02
dev-connect-03 dev-connect-03

Write Preview
Loading…
Cancel
Save