Skip to content

Commit

Permalink
Merge branch 'main' into feature/no_more_vm
Browse files Browse the repository at this point in the history
  • Loading branch information
quartje authored Dec 16, 2024
2 parents f83e2e5 + 6c163b2 commit f518cee
Show file tree
Hide file tree
Showing 71 changed files with 818 additions and 928 deletions.
7 changes: 7 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
10 changes: 7 additions & 3 deletions environments/template/group_vars/template.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ attribute_aggregation_gui_version: "3.0.6"
attribute_aggregation_server_version: "3.0.6"
oidc_playground_client_version: "3.0.0"
oidc_playground_server_version: "3.0.0"
engine_version: "6.9.1"
engine_version: "6.15.0"
manage_gui_version: "7.3.3-SNAPSHOT"
manage_server_version: "7.3.3-SNAPSHOT"
lifecycle_version: "0.1.1"
Expand All @@ -35,7 +35,7 @@ pdp_gui_version: "4.0.2"
profile_version: "3.1.4"
teams_gui_version: "9.1.3"
teams_server_version: "9.1.3"
voot_version: "5.0.0"
voot_version: "6.2.0"
myconext_server_version: "6.0.2"
myconext_gui_version: "6.0.2"
account_gui_version: "6.0.2"
Expand Down Expand Up @@ -419,6 +419,10 @@ myconext:
feature_show_connections: false
feature_id_verify: true
feature_remote_creation_api: true
feature_mail_institution_mail_usage: true
feature_mail_inactivity_mails: true
feature_nudge_app_mail: true
feature_send_js_exceptions: true
feature_deny_disposable_email_providers: true
feature_create_eduid_institution_enabled: true
feature_create_eduid_institution_landing: true
Expand Down Expand Up @@ -596,7 +600,7 @@ haproxy_applications:
- name: engine_api
vhost_name: engine-api.{{ base_domain }}
ha_method: "GET"
ha_url: "/"
ha_url: "/health"
port: "{{ loadbalancing.engine_api.port }}"
servers: "{{php_servers}}"
restricted: yes
Expand Down
10 changes: 7 additions & 3 deletions environments/vm/group_vars/vm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ attribute_aggregation_gui_version: "3.0.6"
attribute_aggregation_server_version: "3.0.6"
oidc_playground_client_version: "3.0.0"
oidc_playground_server_version: "3.0.0"
engine_version: "6.9.1"
engine_version: "6.15.0"
manage_gui_version: "7.3.3-SNAPSHOT"
manage_server_version: "7.3.3-SNAPSHOT"
lifecycle_version: "0.1.1"
Expand All @@ -36,7 +36,7 @@ pdp_gui_version: "4.0.2"
profile_version: "3.1.4"
teams_gui_version: "9.1.3"
teams_server_version: "9.1.3"
voot_version: "5.0.0"
voot_version: "6.2.0"
myconext_server_version: "6.0.2"
myconext_gui_version: "6.0.2"
account_gui_version: "6.0.2"
Expand Down Expand Up @@ -310,6 +310,10 @@ myconext:
feature_warning_educational_email_domain: false
feature_id_verify: true
feature_remote_creation_api: true
feature_mail_institution_mail_usage: true
feature_mail_inactivity_mails: true
feature_nudge_app_mail: true
feature_send_js_exceptions: true
feature_deny_disposable_email_providers: true
feature_create_eduid_institution_enabled: true
feature_create_eduid_institution_landing: true
Expand Down Expand Up @@ -498,7 +502,7 @@ haproxy_applications:
- name: engine_api
vhost_name: engine-api.{{ base_domain }}
ha_method: "GET"
ha_url: "/"
ha_url: "/health"
port: "{{ loadbalancing.engine_api.port }}"
servers: "{{php_servers}}"

Expand Down
40 changes: 16 additions & 24 deletions provision.yml
Original file line number Diff line number Diff line change
Expand Up @@ -82,29 +82,6 @@
- role: mongo
tags: ['core', 'mongo']

- hosts: app_php
gather_facts: no
become: true
roles:
- role: php
tags: ['core', 'app_php', 'php']
- role: static
when:
- inventory_hostname not in groups['lifecycle']
tags: ['app_php', 'static']
- role: metadata
when:
- inventory_hostname not in groups['lifecycle']
tags: ['app_php', 'static']
- role: openconext-common
tags: ['core', 'app_php', 'eb', 'profile']
- role: engineblock
when:
- inventory_hostname not in groups['lifecycle']
tags: ['core', 'app_php', 'eb']
handlers:
- import_tasks: roles/httpd/handlers/main.yml

- hosts: app_java
gather_facts: true
become: true
Expand Down Expand Up @@ -164,10 +141,14 @@
- { role: stepupra , tags: ['stepupra' , 'stepup'] }
- { role: stepupgateway , tags: ['stepupgateway' , 'stepup'] }

- hosts: docker
- hosts: docker_apps1,docker_apps2
become: true
roles:
- { role: docker, tags: ['docker' ] }

- hosts: docker_apps1
become: true
roles:
- { role: invite, tags: ['invite' ] }
- { role: dashboard, tags: ["dashboard"] }
- { role: teams, tags: ["teams"] }
Expand All @@ -185,6 +166,17 @@
- { role: lifecycle, tags: ["lifecycle"] }
- { role: stepuptiqr, tags: ['stepuptiqr' , 'stepup'] }

- hosts: docker_apps2
become: true
roles:
- { role: engineblock, tags: ["eb"] }

- hosts: docker_mariadb
become: true
roles:
- { role: mariadbdocker, tags: ['mariadbdocker']}
- { role: mongodbdocker, tags: ['mongodbdocker']}

- hosts: localhost
become: false
tasks:
Expand Down
2 changes: 2 additions & 0 deletions roles/attribute-aggregation/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,5 @@ aa_manage_provision_oidcrp_description_en: "OAuth client to access VOOT for grou
aa_manage_provision_oidcrp_grants: "client_credentials"
aa_manage_provision_oidcrp_allowed_resource_servers: '{"name": "{{ voot.oidcng_checkToken_clientId }}"}'
aa_spring_flyway_enabled: true
aa_docker_networks:
- name: loadbalancer
10 changes: 8 additions & 2 deletions roles/attribute-aggregation/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,21 @@
- apachelink.conf
notify: restart attribute-aggregationserver

- name: Add the MariaDB docker network to the list of networks when MariaDB runs in Docker
ansible.builtin.set_fact:
aa_docker_networks:
- name: loadbalancer
- name: openconext_mariadb
when: mariadb_in_docker | default(false) | bool

- name: Create and start the server container
community.docker.docker_container:
name: aaserver
image: ghcr.io/openconext/openconext-attribute-aggregation/aa-server:{{ attribute_aggregation_server_version }}
pull: true
restart_policy: "always"
state: started
networks:
- name: "loadbalancer"
networks: "{{ aa_docker_networks }}"
mounts:
- source: /opt/openconext/attribute-aggregation/serverapplication.yml
target: /application.yml
Expand Down
2 changes: 2 additions & 0 deletions roles/diyidp/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,5 @@ diyidp_remotesp:
- name: "{{ instance_name }} SP metadata"
metadataurl: "https://engine.{{ base_domain }}/authentication/sp/metadata"
acslocation: "https://engine.{{ base_domain }}/authentication/sp/consume-assertion"
diyidp_docker_networks:
- name: "loadbalancer"
10 changes: 8 additions & 2 deletions roles/diyidp/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -67,15 +67,21 @@
mode: "0644"
notify: restart diyidp

- name: Add the mariadb docker network to the list of networks when MariaDB runs in Docker
ansible.builtin.set_fact:
diyidp_docker_networks:
- name: loadbalancer
- name: openconext_mariadb
when: mariadb_in_docker | default(false) | bool

- name: Create the container
community.docker.docker_container:
name: diyidp
image: cirrusid/simplesamlphp:v2.2.2
pull: true
restart_policy: "always"
state: started
networks:
- name: "loadbalancer"
networks: "{{ diyidp_docker_networks }}"
labels:
traefik.http.routers.diyidp.rule: "Host(`{{ diyidp_domain }}`)"
traefik.http.routers.diyidp.tls: "true"
Expand Down
4 changes: 2 additions & 2 deletions roles/diyidp/templates/config-override.php.j2
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@
$config['certdir'] = 'config/cert/';
$config['metadatadir'] = 'config/metadata/';
$config['auth.adminpassword'] = '{{ diyidp.admin_password }}';
$config['baseurlpath'] = 'https://diyidp.{{ base_domain }}/';
$config['theme.use'] = '{{ diyidp.theme |default("default") }}';
$config['baseurlpath'] = 'https://{{ diyidp_domain }}/';
$config['theme.use'] = '{{ diyidp_theme |default("default") }}';
2 changes: 1 addition & 1 deletion roles/diyidp/templates/saml20-idp-hosted.php.j2
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* See: https://rnd.feide.no/content/idp-hosted-metadata-reference
*/

$metadata['https://diyidp.{{ base_domain}}'] = array(
$metadata['https://{{ diyidp_domain}}'] = array(
/*
* The hostname of the server (VHOST) that will use this SAML entity.
*
Expand Down
31 changes: 6 additions & 25 deletions roles/engineblock/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
#---
## Version of EngineBlock that is installable by this role
engine_version: ''
engine_version: ""
# Be aware that if you enable this option that NPM, Node.js and Composer are installed
#engine_branch: "develop"
# Feature toggles
engine_feature_encrypted_assertions: 1
engine_feature_encrypted_assertions_require_outer_signature: 1
Expand All @@ -13,7 +11,6 @@ engine_feature_enable_sso_session_cookie: 0
engine_feature_enable_consent: 1
engine_feature_stepup_override_entityid: 0
engine_feature_idp_initiated_flow: 1

engine_api_feature_metadata_push: 1
engine_api_feature_consent_listing: 1
engine_api_feature_consent_remove: 0
Expand Down Expand Up @@ -44,7 +41,7 @@ engine_domain: engine.{{ base_domain }}
engine_debug: false

engine_theme: "skeune"
#engine_theme: openconext
# engine_theme: openconext

engine_profile_baseurl: "https://profile.{{ base_domain }}"

Expand Down Expand Up @@ -92,17 +89,6 @@ engine_stepup_gateway_sfo_public_key_file: "{{ engine_keys.default.publicFile }}
## The minimum priority of messages that will be logged
engine_logging_passthru_level: NOTICE

#engine_initial_sql: ''

engineblock_symfony_cache_path: "/tmp/engineblock/cache"
engineblock_symfony_log_path: "{{ engine_current_release_symlink }}/var/logs"

engine_fpm_user: engine
engine_fpm_port: 801
engine_fpm_memory: 128M
# When using vagrant for provisioning, it's not possible to put something in the inventory dir
engine_crt_not_in_inventory: false

# The memory limit used for the metadata push
engine_metadata_push_memory_limit: 256M

Expand All @@ -118,13 +104,8 @@ eb_tos_url: "https://example.org"

engine_site_notice_show: false

# Backwards compatibility with older secrets files
engineblock_private_keys:
default: "{{ engineblock_private_key }}"

# Webdriver test settings
engineblock_selenium_version: 2.53.1
engineblock_selenium_install_dir: /opt
engineblock_log_attributes: []

# Composer
composer_path: /usr/local/bin/composer
engine_php_memory: 256M
engine_docker_networks:
- name: loadbalancer
10 changes: 6 additions & 4 deletions roles/engineblock/handlers/main.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
---
- name: restart php72-fpm
service:
name: php72-php-fpm
state: restarted
- name: restart engine
community.docker.docker_container:
name: engine
state: started
restart: true
when: ebcontainer is success and ebcontainer is not change
43 changes: 0 additions & 43 deletions roles/engineblock/tasks/build.yml

This file was deleted.

46 changes: 0 additions & 46 deletions roles/engineblock/tasks/develop.yml

This file was deleted.

Loading

0 comments on commit f518cee

Please sign in to comment.