generated from EGI-Federation/repository-template
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
944d9c9
commit 5f77676
Showing
6 changed files
with
111 additions
and
89 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,97 +1,10 @@ | ||
| --- | ||
| - hosts: all | ||
| gather_facts: no | ||
| tasks: | ||
| - name: Wait for ssh | ||
| # give it some time as the VM may take a while to start | ||
| wait_for_connection: | ||
| delay: 30 | ||
| timeout: 600 | ||
|
|
||
| - hosts: all | ||
| become: yes | ||
| gather_facts: yes | ||
| roles: | ||
| - role: "grycap.motley_cue" | ||
| ssh_oidc_other_vos_name: cloud.egi.eu | ||
| ssh_oidc_other_vos_role: auditor | ||
|
|
||
| - hosts: all | ||
| become: yes | ||
| gather_facts: yes | ||
| tasks: | ||
| - name: Disable default site in nginx | ||
| ansible.builtin.file: | ||
| path: /etc/nginx/sites-enabled/default | ||
| state: absent | ||
|
|
||
| - name: Move motley-cue to a different port (nginx) | ||
| ansible.builtin.lineinfile: | ||
| path: /etc/nginx/sites-available/nginx.motley_cue | ||
| regexp: ".*listen 8080;$" | ||
| line: " listen 8181;" | ||
|
|
||
| - name: No IPv6 for motley-cue (nginx) | ||
| ansible.builtin.lineinfile: | ||
| path: /etc/nginx/sites-available/nginx.motley_cue | ||
| search_string: "listen [::]:8080;" | ||
| state: absent | ||
|
|
||
| - name: Move motley-cue to a different port (pam-ssh-oidc) | ||
| ansible.builtin.lineinfile: | ||
| path: /etc/pam.d/pam-ssh-oidc-config.ini | ||
| regexp: "^verify_endpoint = http://localhost:8080/verify_user$" | ||
| line: "verify_endpoint = http://localhost:8181/verify_user" | ||
|
|
||
| - name: Restart nginx | ||
| ansible.builtin.service: | ||
| name: nginx | ||
| state: restarted | ||
| enabled: yes | ||
|
|
||
| - name: Restart motley-cue | ||
| ansible.builtin.service: | ||
| name: motley-cue | ||
| state: restarted | ||
| enabled: yes | ||
|
|
||
| - name: Checkout repo at VM | ||
| ansible.builtin.git: | ||
| repo: "https://github.com/EGI-Federation/fedcloud-dashboard.git" | ||
| version: "{{ git_ref }}" | ||
| dest: /fedcloud-dashboard | ||
|
|
||
| - name: env file | ||
| ansible.builtin.copy: | ||
| content: | | ||
| DASHBOARD_HOSTNAME=dashboard.cloud.egi.eu | ||
| dest: /fedcloud-dashboard/.env | ||
|
|
||
| - name: service file | ||
| ansible.builtin.copy: | ||
| content: | | ||
| # | ||
| # This manages the cloudkeeper OS backend | ||
| # | ||
| [Unit] | ||
| Description=Dashboard | ||
| After=docker.service | ||
| Requires=docker.service | ||
| [Service] | ||
| Type=oneshot | ||
| RemainAfterExit=true | ||
| WorkingDirectory=/fedcloud-dashboard | ||
| ExecStartPre=/usr/bin/docker pull python:3.10 | ||
| ExecStart=/usr/bin/docker-compose up -d --force-recreate --build --remove-orphans | ||
| ExecStop=/usr/bin/docker-compose down | ||
| [Install] | ||
| WantedBy=multi-user.target | ||
| dest: /etc/systemd/system/dashboard.service | ||
|
|
||
| - name: Run, baby run | ||
| ansible.builtin.systemd: | ||
| name: dashboard.service | ||
| enabled: yes | ||
| state: restarted | ||
| daemon_reload: yes | ||
| - role: "fedcloud-dashboard" | ||
| fedcloud_dashboard_dns: dashboard.test.fedcloud.eu |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| fedcloud_dashboard_dns: dashboard.cloud.egi.eu |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| - name: Restart motley-cue | ||
| ansible.builtin.service: | ||
| name: motley-cue | ||
| state: restarted | ||
| enabled: yes | ||
|
|
||
| - name: Restart nginx | ||
| ansible.builtin.service: | ||
| name: nginx | ||
| state: restarted | ||
| enabled: yes | ||
|
|
||
| - name: Run, baby run | ||
| ansible.builtin.systemd: | ||
| name: dashboard.service | ||
| enabled: yes | ||
| state: restarted | ||
| daemon_reload: yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
|
|
||
| - name: Checkout repo at VM | ||
| ansible.builtin.git: | ||
| repo: "https://github.com/EGI-Federation/fedcloud-dashboard.git" | ||
| #version: "{{ git_ref }}" | ||
| version: motley-https | ||
| dest: /fedcloud-dashboard | ||
|
|
||
| - name: env file | ||
| ansible.builtin.copy: | ||
| content: | | ||
| DASHBOARD_HOSTNAME={{ fedcloud_dashboard_dns }} | ||
| dest: /fedcloud-dashboard/.env | ||
|
|
||
| - name: service file | ||
| ansible.builtin.copy: | ||
| content: | | ||
| # | ||
| # This manages the cloudkeeper OS backend | ||
| # | ||
| [Unit] | ||
| Description=Dashboard | ||
| After=docker.service | ||
| Requires=docker.service | ||
| [Service] | ||
| Type=oneshot | ||
| RemainAfterExit=true | ||
| WorkingDirectory=/fedcloud-dashboard | ||
| ExecStartPre=/usr/bin/docker pull python:3.10 | ||
| ExecStart=/usr/bin/docker-compose up -d --force-recreate --build --remove-orphans | ||
| ExecStop=/usr/bin/docker-compose down | ||
| [Install] | ||
| WantedBy=multi-user.target | ||
| dest: /etc/systemd/system/dashboard.service | ||
|
|
||
| - name: Run, baby run | ||
| ansible.builtin.systemd: | ||
| name: dashboard.service | ||
| enabled: yes | ||
| state: restarted | ||
| daemon_reload: yes | ||
|
|
||
| - name: Wait until the letsencrypt cert is available | ||
| ansible.builtin.wait_for: | ||
| path: /fedcloud-dashboard/letsencrypt/acme.json | ||
| search_regex: certificate | ||
|
|
||
| - name: Disable default site in nginx | ||
| ansible.builtin.file: | ||
| path: /etc/nginx/sites-enabled/default | ||
| state: absent | ||
| notify: Restart nginx | ||
|
|
||
| - name: Move motley-cue to a different port (nginx) | ||
| ansible.builtin.template: | ||
| src: nginx.motley_cue.j2 | ||
| dest: /etc/nginx/sites-available/nginx.motley_cue | ||
| notify: Restart nginx | ||
|
|
||
| - name: Move motley-cue to a different port (pam-ssh-oidc) | ||
| ansible.builtin.template: | ||
| src: pam-ssh-oidc-config.ini.j2 | ||
| dest: /etc/pam.d/pam-ssh-oidc-config.ini | ||
| notify: Restart motley-cue |
20 changes: 20 additions & 0 deletions
20
deployment/roles/fedcloud-dashboard/templates/nginx.motley_cue.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| server { | ||
| # # if you uncomment this block, make sure you remove the two directives above | ||
| # # also consider uncommenting the server block above for port 80 redirects to 443 | ||
| # # alternatively, you could use port 8443 instead of 443, as this port is also | ||
| # # checked by default by the mccli client software. | ||
| listen 8443 ssl; | ||
| ssl_certificate /fedcloud-dashboard/letsencrypt/certs/certs/{{ fedcloud_dashboard_dns }}.crt; | ||
| ssl_certificate_key /fedcloud-dashboard/letsencrypt/certs/private/{{ fedcloud_dashboard_dns }}.key; | ||
|
|
||
| server_name _; | ||
| location / { | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| proxy_set_header Host $http_host; | ||
| # we don't want nginx trying to do something clever with | ||
| # redirects, we set the Host: header above already. | ||
| proxy_redirect off; | ||
| proxy_pass http://unix:/run/motley_cue/motley-cue.sock; | ||
| } | ||
| } |
5 changes: 5 additions & 0 deletions
5
deployment/roles/fedcloud-dashboard/templates/pam-ssh-oidc-config.ini.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| [user_verification] | ||
| ; if local is set to false then user verification is based upon verify_endpoint. | ||
| ; This could be the motley-cue endpoint | ||
| local = false | ||
| verify_endpoint = https://{{ fedcloud_dashboard_dns }}:8443/verify_user |