diff --git a/host_vars/webserver b/host_vars/webserver index a663b255e7a6720f6a310b9f432c5669897dfc8a..0728fb45f81acc06b0a53aed559954069e07b5ca 100644 --- a/host_vars/webserver +++ b/host_vars/webserver @@ -35,13 +35,13 @@ webserver_domains: - "autodiscover.warpzone.ms" - "autoconfig.warpzone.ms" - "gitlab.warpzone.ms" - - "infra.warpzone.ms" - "jabber.warpzone.ms" - "matrix.warpzone.ms" - "mailserver.warpzone.ms" - "muc.jabber.warpzone.ms" - "proxy.jabber.warpzone.ms" - "ldap.warpzone.ms" + - "keycloak.warpzone.ms" - "md.warpzone.ms" - "wiki.warpzone.ms" - "www.warpzone.ms" diff --git a/webserver/docker_warpinfra/tasks/main.yml b/webserver/docker_warpinfra/tasks/main.yml deleted file mode 100644 index 34e0c7ad10edfa62028d5da73cda63da7e738535..0000000000000000000000000000000000000000 --- a/webserver/docker_warpinfra/tasks/main.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen -# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets -# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden -# Die Daten, die von Slurp gelesen werden sind Base64 codiert -# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden - -- name: get secrets from server 1 - slurp: src={{ item }} - with_items: - - /srv/shared/noreply_email_pass - - /srv/ldap/secret/ldap_admin_pass - - /srv/ldap/secret/ldap_readonly_pass - - /srv/warpinfra/secret/web_secret_key - - /srv/warpinfra/secret/mysql_root_pw - - /srv/warpinfra/secret/mysql_user_pw - register: warpinfra_secrets - -- name: get secrets from server 2 - set_fact: - noreply_email_pass: "{{ warpinfra_secrets.results | selectattr('item', 'equalto', '/srv/shared/noreply_email_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" - ldap_admin_pass: "{{ warpinfra_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" - ldap_readonly_pass: "{{ warpinfra_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" - web_secret_key: "{{ warpinfra_secrets.results | selectattr('item', 'equalto', '/srv/warpinfra/secret/web_secret_key') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" - mysql_root_pw: "{{ warpinfra_secrets.results | selectattr('item', 'equalto', '/srv/warpinfra/secret/mysql_root_pw') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" - mysql_user_pw: "{{ warpinfra_secrets.results | selectattr('item', 'equalto', '/srv/warpinfra/secret/mysql_user_pw') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" - -- name: create folder struct for warpinfra - file: - path: "/tmp/warpinfra_docker/" - state: "directory" - -- name: create folder struct for warpinfra - file: - path: "/srv/warpinfra/etc" - state: "directory" - -- name: create folder struct for warpinfra - file: - path: "/srv/warpinfra/data" - state: "directory" - -- name: create folder struct for warpinfra - file: - path: "/srv/warpinfra/log" - state: "directory" - -- name: clone repo - git: - repo: "https://gitlab.warpzone.ms/infrastruktur/warpinfra.git" - version: "d34c33223cc82625575b91e741cc957b866ea4b3" - dest: "/tmp/warpinfra_docker" - force: "yes" - register: gitclone - -- name: clone repo status - debug: - msg: "{{gitclone}}" - -- name: Konfig-Datei erstellen - template: - src: "config.ini" - dest: "/srv/warpinfra/etc/config.ini" - -- name: Konfig-Datei erstellen - template: - src: "docker-compose.yml" - dest: "/srv/warpinfra/docker-compose.yml" - -- name: start warpinfra docker - docker_service: - project_src: /srv/warpinfra/ - state: present - diff --git a/webserver/docker_warpinfra/templates/config.ini b/webserver/docker_warpinfra/templates/config.ini deleted file mode 100644 index 550e1756432c08ed2825dae637d427414d83d6b1..0000000000000000000000000000000000000000 --- a/webserver/docker_warpinfra/templates/config.ini +++ /dev/null @@ -1,51 +0,0 @@ - -[common] -# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay -APPS = warpmain, warpauth - -INSTANCE_NAME = 'EXTERN-PRODUKTIV' -GIT_COMMIT = '{{ gitclone.after }}' -DEPLOY_DATE = '{{ ansible_date_time.date }}--{{ ansible_date_time.hour }}-{{ ansible_date_time.minute }}' - -[debug] -DEBUG = False - -[security] -SECRET_KEY = '{{ web_secret_key }}' -PW_RESET_TOKEN_LIFETIME = 5 -ALLOWED_HOSTS = infra.warpzone.ms - -[mattermost] -API_KEY = none - -[mysql] -MYSQL_HOST = db -MYSQL_PORT = 3306 -MYSQL_USER = warpinfra -MYSQL_PASS = {{ mysql_user_pw }} -MYSQL_NAME = warpinfra - -[ldap] -LDAP_HOST = {{ ldap_ip_ext }} -LDAP_BIND_DN = {{ ldap_admin_bind_dn }} -LDAP_PASSWORD = {{ ldap_admin_pass }} - -LDAP_USER_SEARCH_PATH = ou=users,{{ ldap_base_dn }} -LDAP_GROUP_SEARCH_PATH = {{ ldap_base_dn }} -LDAP_USER_SEARCH_FILTER = (uid=%(user)s) - -LDAP_GROUP_IS_ACTIVE = cn=active,ou=groups,{{ ldap_base_dn }} -LDAP_GROUP_IS_STAFF = cn=warpauth-admin,ou=infrastructure,{{ ldap_base_dn }} -LDAP_GROUP_SUPERUSER = cn=warpauth-admin,ou=infrastructure,{{ ldap_base_dn }} - -[email] -SMTP_HOST = {{ smtp_host }} -SMTP_PORT = {{ smtp_port }} -SMTP_USERNAME = {{ noreply_email_user }} -SMTP_PASSWORD = {{ noreply_email_pass }} -SMTP_EMAIL_FROM = {{ noreply_email_user }} -SMTP_USE_TLS = True -SUBJECT_PREFIX = '' - -[misc] -LOG_PATH = /opt/log/ diff --git a/webserver/docker_warpinfra/templates/docker-compose.yml b/webserver/docker_warpinfra/templates/docker-compose.yml deleted file mode 100644 index 91682c0e1bc6178823a31478d1f80c339b089c44..0000000000000000000000000000000000000000 --- a/webserver/docker_warpinfra/templates/docker-compose.yml +++ /dev/null @@ -1,45 +0,0 @@ - -version: "3" - -services: - - db: - - image: mariadb:10.1 - restart: always - ports: - - 127.0.0.1:13306:3306 - volumes: - - /srv/warpinfra/db/:/var/lib/mysql - environment: - MYSQL_DATABASE: warpinfra - MYSQL_USER: warpinfra - MYSQL_PASSWORD: {{ mysql_user_pw }} - MYSQL_ROOT_PASSWORD: {{ mysql_root_pw }} - networks: - - default - - app: - - build: /tmp/warpinfra_docker/www/ - image: warpinfra:{{ gitclone.after }} - restart: always - depends_on: - - db - volumes: - - /tmp/warpinfra:/opt/socket - - /srv/warpinfra/etc:/etc/warpinfra - - /srv/warpinfra/data:/opt/database - - /srv/warpinfra/log:/opt/log - labels: - - traefik.enable=true - - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`) - - traefik.http.routers.{{ servicename }}.entrypoints=websecure - - traefik.http.services.{{ servicename }}.loadbalancer.server.port=8080 - networks: - - default - - web - -networks: - web: - external: true diff --git a/webserver/docker_warpinfratest/tasks/main.yml b/webserver/docker_warpinfratest/tasks/main.yml deleted file mode 100644 index 9a0e8e9318742638a4f0cf12afea4c0309f8bfd5..0000000000000000000000000000000000000000 --- a/webserver/docker_warpinfratest/tasks/main.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen -# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets -# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden -# Die Daten, die von Slurp gelesen werden sind Base64 codiert -# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden - -- name: get secrets from server 1 - slurp: src={{ item }} - with_items: - - /srv/shared/noreply_email_pass - - /srv/ldap/secret/ldap_admin_pass - - /srv/ldap/secret/ldap_readonly_pass - - /srv/warpinfratest/secret/web_secret_key - - /srv/warpinfratest/secret/mysql_root_pw - - /srv/warpinfratest/secret/mysql_user_pw - register: warpinfratest_secrets - -- name: get secrets from server 2 - set_fact: - noreply_email_pass: "{{ warpinfratest_secrets.results | selectattr('item', 'equalto', '/srv/shared/noreply_email_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" - ldap_admin_pass: "{{ warpinfratest_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" - ldap_readonly_pass: "{{ warpinfratest_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" - web_secret_key: "{{ warpinfratest_secrets.results | selectattr('item', 'equalto', '/srv/warpinfratest/secret/web_secret_key') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" - mysql_root_pw: "{{ warpinfratest_secrets.results | selectattr('item', 'equalto', '/srv/warpinfratest/secret/mysql_root_pw') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" - mysql_user_pw: "{{ warpinfratest_secrets.results | selectattr('item', 'equalto', '/srv/warpinfratest/secret/mysql_user_pw') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" - -- name: create folder struct for warpinfratest - file: - path: "/tmp/warpinfratest_docker/" - state: "directory" - -- name: create folder struct for warpinfratest - file: - path: "/srv/warpinfratest/etc" - state: "directory" - -- name: create folder struct for warpinfratest - file: - path: "/srv/warpinfratest/data" - state: "directory" - -- name: create folder struct for warpinfratest - file: - path: "/srv/warpinfratest/log" - state: "directory" - -- name: clone repo - git: - repo: "https://gitlab.warpzone.ms/infrastruktur/warpinfra.git" - dest: "/tmp/warpinfratest_docker" - force: "yes" - register: gitclone - -- name: clone repo status - debug: - msg: "{{gitclone}}" - -- name: Konfig-Datei erstellen - template: - src: "config.ini" - dest: "/srv/warpinfratest/etc/config.ini" - -- name: Konfig-Datei erstellen - template: - src: "docker-compose.yml" - dest: "/srv/warpinfratest/docker-compose.yml" - -- name: start warpinfratest docker - docker_service: - project_src: /srv/warpinfratest/ - state: present diff --git a/webserver/docker_warpinfratest/templates/config.ini b/webserver/docker_warpinfratest/templates/config.ini deleted file mode 100644 index 238ac5c8b9b284361ccc47a9bd0ea48ae07343b3..0000000000000000000000000000000000000000 --- a/webserver/docker_warpinfratest/templates/config.ini +++ /dev/null @@ -1,51 +0,0 @@ - -[common] -# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay -APPS = warpmain, warpauth, warpfood, warpapi - -INSTANCE_NAME = 'EXTERN-TEST' -GIT_COMMIT = '{{ gitclone.after }}' -DEPLOY_DATE = '{{ ansible_date_time.date }}--{{ ansible_date_time.hour }}-{{ ansible_date_time.minute }}' - -[debug] -DEBUG = True - -[security] -SECRET_KEY = '{{ web_secret_key }}' -PW_RESET_TOKEN_LIFETIME = 5 -ALLOWED_HOSTS = infra.warpzone.ms - -[mattermost] -API_KEY = none - -[mysql] -MYSQL_HOST = db -MYSQL_PORT = 3306 -MYSQL_USER = warpinfra -MYSQL_PASS = {{ mysql_user_pw }} -MYSQL_NAME = warpinfra - -[ldap] -LDAP_HOST = {{ ldap_ip_ext }} -LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms -LDAP_PASSWORD = {{ ldap_admin_pass }} - -LDAP_USER_SEARCH_PATH = ou=users,dc=warpzone,dc=ms -LDAP_GROUP_SEARCH_PATH = dc=warpzone,dc=ms -LDAP_USER_SEARCH_FILTER = (uid=%(user)s) - -LDAP_GROUP_IS_ACTIVE = cn=active,ou=groups,dc=warpzone,dc=ms -LDAP_GROUP_IS_STAFF = cn=warpauth-admin,ou=infrastructure,dc=warpzone,dc=ms -LDAP_GROUP_SUPERUSER = cn=warpauth-admin,ou=infrastructure,dc=warpzone,dc=ms - -[email] -SMTP_HOST = {{ smtp_host }} -SMTP_PORT = {{ smtp_port }} -SMTP_USERNAME = {{ noreply_email_user }} -SMTP_PASSWORD = {{ noreply_email_pass }} -SMTP_EMAIL_FROM = {{ noreply_email_user }} -SMTP_USE_TLS = True -SUBJECT_PREFIX = '[TEST] ' - -[misc] -LOG_PATH = /opt/log/ diff --git a/webserver/docker_warpinfratest/templates/docker-compose.yml b/webserver/docker_warpinfratest/templates/docker-compose.yml deleted file mode 100644 index 5fa1cdd4fb9a2b09acd128a7b28527b5e3e16be7..0000000000000000000000000000000000000000 --- a/webserver/docker_warpinfratest/templates/docker-compose.yml +++ /dev/null @@ -1,31 +0,0 @@ - -version: "3" - -services: - - db: - - image: mariadb:10.1 - restart: always - ports: - - 127.0.0.1:23306:3306 - volumes: - - /srv/warpinfratest/db/:/var/lib/mysql - environment: - MYSQL_DATABASE: warpinfra - MYSQL_USER: warpinfra - MYSQL_PASSWORD: {{ mysql_user_pw }} - MYSQL_ROOT_PASSWORD: {{ mysql_root_pw }} - - app: - - build: /tmp/warpinfratest_docker/www/ - image: warpinfratest:{{ gitclone.after }} - restart: always - depends_on: - - db - volumes: - - /tmp/warpinfratest:/opt/socket - - /srv/warpinfratest/etc:/etc/warpinfra - - /srv/warpinfratest/data:/opt/database - - /srv/warpinfratest/log:/opt/log