Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
MUNI-KYPO-CRP
devops
kypo-crp-deployment
Commits
9f188f08
Verified
Commit
9f188f08
authored
Jun 04, 2021
by
Tomáš Sapák
Browse files
Refactor code to be compatible with local-oidc-issuer 2.1.0
parent
cc05bc39
Changes
7
Hide whitespace changes
Inline
Side-by-side
extra-vars.yml
View file @
9f188f08
...
...
@@ -58,6 +58,7 @@ kypo_crp_os_console_type: spice-html5
#
#kypo_crp_oidc_local_provider_url: '{{ kypo_crp_url }}:8443/csirtmu-dummy-issuer-server/'
#kypo_crp_oidc_local_provider_ldap_root_password:
#kypo_crp_oidc_local_provider_postgres_password:
#kypo_crp_oidc_providers: '{{ [kypo_crp_oidc_local_provider] }}'
#-------------------------------------------------------------------------------
...
...
local-demo-extra-vars.yml
View file @
9f188f08
...
...
@@ -44,6 +44,8 @@ kypo_crp_oidc_local_provider_url: '{{ kypo_crp_url }}:8443/csirtmu-dummy-issuer-
kypo_crp_oidc_local_provider_ldap_root_password
:
password
kypo_crp_oidc_local_provider_postgres_password
:
password
# The list of OIDC providers and their specification.
kypo_crp_oidc_providers
:
'
{{
[kypo_crp_oidc_local_provider]
}}'
#kypo_crp_oidc_providers:
...
...
provisioning-oidc/roles/kypo-crp-local-oidc/defaults/main.yml
View file @
9f188f08
...
...
@@ -2,10 +2,9 @@
kypo_crp_oidc_local_provider_compose_template
:
docker-compose-oidc
kypo_crp_oidc_local_provider_container_name
:
local-oidc-issuer
kypo_crp_oidc_local_provider_context_path
:
'
/csirtmu-dummy-issuer-server/'
kypo_crp_oidc_local_provider_url
:
'
{{
kypo_crp_url
}}:8443{{
kypo_crp_oidc_local_provider_context_path
}}'
kypo_crp_oidc_local_provider_internal_url
:
'
http://{{
kypo_crp_oidc_
l
oc
al_provid
er
_
container_name
}}:8080{{
kypo_crp_oidc_local_provider_context_path
}}'
kypo_crp_oidc_local_provider_internal_url
:
'
http://{{
kypo_crp_oidc_
d
oc
ker_services.oidc_issu
er
.
container_name
}}:8080{{
kypo_crp_oidc_local_provider_context_path
}}'
kypo_crp_oidc_local_provider_client_clientName
:
KYPO-Client
kypo_crp_oidc_local_provider_client_grantTypes
:
...
...
@@ -40,18 +39,33 @@ kypo_crp_oidc_local_provider_resource_client_allowIntrospection: True
kypo_crp_oidc_local_provider_ldap_root_password
:
password
kypo_crp_oidc_local_provider_postgres_password
:
password
kypo_crp_required_vars
:
-
kypo_crp_host
-
kypo_crp_cert
-
kypo_crp_cert_key
-
kypo_crp_oidc_local_provider_ldap_root_password
-
kypo_crp_oidc_local_provider_postgres_password
kypo_crp_docker_services
:
kypo_crp_oidc_docker_services
:
oidc_postgres
:
container_name
:
kypo-oidc-postgres
restart_policy
:
unless-stopped
image
:
postgres
image_tag
:
'
11'
oidc_opendj
:
container_name
:
kypo-opendj
restart_policy
:
unless-stopped
image
:
registry.gitlab.ics.muni.cz:443/muni-kypo-crp/kypo-crp-artifact-repository/kypo-opendj
image_tag
:
v2.1.0
oidc_issuer
:
container_name
:
local-oidc-issuer
restart_policy
:
unless-stopped
image
:
registry.gitlab.ics.muni.cz:443/muni-kypo-crp/kypo-crp-artifact-repository/kypo-local-oidc-issuer
image_tag
:
v2.
0
.0
image_tag
:
v2.
1
.0
oidc_nginx
:
container_name
:
kypo-oidc-nginx
restart_policy
:
unless-stopped
image
:
nginx
image_tag
:
latest
...
...
provisioning-oidc/roles/kypo-crp-local-oidc/tasks/docker_pull.yml
View file @
9f188f08
...
...
@@ -5,4 +5,4 @@
name
:
'
{{
item.value.image
}}'
tag
:
'
{{
item.value.image_tag
}}'
source
:
pull
loop
:
'
{{
kypo_crp_docker_services
|
dict2items
}}'
loop
:
'
{{
kypo_crp_
oidc_
docker_services
|
dict2items
}}'
provisioning-oidc/roles/kypo-crp-local-oidc/tasks/register-resources.yml
View file @
9f188f08
...
...
@@ -23,6 +23,10 @@
bind_pw
:
"
{{
kypo_crp_oidc_local_provider_ldap_root_password
}}"
server_uri
:
ldaps://localhost:1636
validate_certs
:
False
register
:
ldap_entry
until
:
ldap_entry is not failed
retries
:
30
delay
:
5
-
name
:
Ensure users
community.general.ldap_entry
:
...
...
provisioning-oidc/roles/kypo-crp-local-oidc/templates/csirtmu.oidc.issuer.properties
View file @
9f188f08
...
...
@@ -6,9 +6,15 @@ csirtmu.oidc.dummy.issuer.contextPath=csirtmu-dummy-issuer-server
#
# LDAP config
#
csirtmu.oidc.dummy.ldap.server
=
ldap://
localhost
:1389/dc=springframework,dc=org
csirtmu.oidc.dummy.ldap.url
=
ldap://
localhost
:1389
csirtmu.oidc.dummy.ldap.server
=
ldap://
{{ kypo_crp_oidc_docker_services.oidc_opendj.container_name }}
:1389/dc=springframework,dc=org
csirtmu.oidc.dummy.ldap.url
=
ldap://
{{ kypo_crp_oidc_docker_services.oidc_opendj.container_name }}
:1389
csirtmu.oidc.dummy.ldap.base
=
dc=springframework,dc=org
csirtmu.oidc.dummy.ldap.userDn
=
cn=Directory Manager
csirtmu.oidc.dummy.ldap.password
=
{{ kypo_crp_oidc_local_provider_ldap_root_password }}
csirtmu.oidc.dummy.ldap.admins
=
kypo-admin
#
# Postgres config
#
csirtmu.oidc.dummy.psql.url
=
jdbc:postgresql://{{ kypo_crp_oidc_docker_services.oidc_postgres.container_name }}:5432/postgres
csirtmu.oidc.dummy.psql.username
=
postgres
csirtmu.oidc.dummy.psql.password
=
{{ kypo_crp_oidc_local_provider_postgres_password }}
provisioning-oidc/roles/kypo-crp-local-oidc/templates/docker-compose-oidc.yml
View file @
9f188f08
version
:
'
3.7'
services
:
oidc-
issuer
:
image
:
{{
kypo_crp_docker_services.oidc_
issuer
.image + "
:
"
+
kypo_crp_docker_services.oidc_
issuer
.image_tag
}}
container_name:
{{
kypo_crp_oidc_
l
oc
al_provider_
container_name
}}
restart:
{{
kypo_crp_docker_services.oidc_
issuer
.restart_policy
}}
oidc-
opendj
:
image
:
{{
kypo_crp_
oidc_
docker_services.oidc_
opendj
.image + "
:
"
+
kypo_crp_
oidc_
docker_services.oidc_
opendj
.image_tag
}}
container_name:
{{
kypo_crp_oidc_
d
oc
ker_services.oidc_opendj.
container_name
}}
restart:
{{
kypo_crp_
oidc_
docker_services.oidc_
opendj
.restart_policy
}}
environment:
-
ADD_BASE_ENTRY=--addBaseEntry
-
PORT=1389
-
LDAPS_PORT=1636
-
BASE_DN=dc=springframework,dc=org
-
ROOT_USER_DN=cn=Directory
Manager
-
ROOT_PASSWORD={{
kypo_crp_oidc_local_provider_ldap_root_password
}}
-
OPENDJ_SSL_OPTIONS=--generateSelfSignedCertificate
-
OPENDJ_USER=root
ports:
-
127.0.0.1:1636:1636
volumes:
-
ldap_data_oidc:/opt/opendj/data
oidc-postgres:
image:
{{
kypo_crp_oidc_docker_services.oidc_postgres.image
+
"
:
"
+
kypo_crp_oidc_docker_services.oidc_postgres.image_tag
}}
container_name:
{{
kypo_crp_oidc_docker_services.oidc_postgres.container_name
}}
restart:
{{
kypo_crp_oidc_docker_services.oidc_postgres.restart_policy
}}
environment:
-
POSTGRES_PASSWORD={{
kypo_crp_oidc_local_provider_postgres_password
}}
volumes:
-
db_data_oidc:/var/lib/postgresql
healthcheck:
test:
["
CMD-SHELL"
,
"
pg_isready
-U
postgres"
]
interval
:
10s
timeout
:
5s
retries
:
5
oidc-issuer
:
image
:
{{
kypo_crp_oidc_docker_services.oidc_issuer.image + "
:
"
+
kypo_crp_oidc_docker_services.oidc_issuer.image_tag
}}
container_name:
{{
kypo_crp_oidc_docker_services.oidc_issuer.container_name
}}
restart:
{{
kypo_crp_oidc_docker_services.oidc_issuer.restart_policy
}}
environment:
-
POSTGRES_CONTAINER_NAME={{
kypo_crp_oidc_docker_services.oidc_postgres.container_name
}}
-
POSTGRES_PASSWORD={{
kypo_crp_oidc_local_provider_postgres_password
}}
-
OPENDJ_CONTAINER_NAME={{
kypo_crp_oidc_docker_services.oidc_opendj.container_name
}}
volumes:
-
./configuration/oidc-issuer/csirtmu.oidc.issuer.properties:/app/etc/csirtmu-dummy-issuer.properties
-
./configuration/oidc-issuer/oidc-config:/opt/oidc-config
-
db_data_oidc:/var/lib/postgresql
-
ldap_data_oidc:/opt/opendj/data
ports:
-
127.0.0.1:1636:1636
oidc-nginx:
image:
{{
kypo_crp_docker_services.oidc_nginx.image
+
"
:
"
+
kypo_crp_docker_services.oidc_nginx.image_tag
}}
container_name:
kypo
-oidc-nginx
restart:
{{
kypo_crp_docker_services.oidc_nginx.restart_policy
}}
image:
{{
kypo_crp_
oidc_
docker_services.oidc_nginx.image
+
"
:
"
+
kypo_crp_
oidc_
docker_services.oidc_nginx.image_tag
}}
container_name:
{{
kypo
_crp_oidc_docker_services.oidc_nginx.container_name
}}
restart:
{{
kypo_crp_
oidc_
docker_services.oidc_nginx.restart_policy
}}
volumes:
-
./configuration/oidc-issuer/nginx.conf:/etc/nginx/conf.d/default.conf
-
./runtime-data/{{
kypo_crp_cert_name
}}:/etc/nginx/{{
kypo_crp_cert_name
}}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment