From 9cb708ad9066dc01d6c5ee7d445473ec868c4fd2 Mon Sep 17 00:00:00 2001
From: Christian Elberfeld <elberfeld@web.de>
Date: Tue, 3 Jul 2018 22:22:35 +0200
Subject: [PATCH] Hackmd, alerta und keycloak
---
host_vars/webserver | 3 ++
webserver/docker_alerta/handlers/main.yml | 7 +++
webserver/docker_alerta/tasks/main.yml | 33 ++++++++++++++
.../docker_alerta/templates/alertad.conf | 28 ++++++++++++
webserver/docker_alerta/templates/config.js | 18 ++++++++
.../templates/docker-compose.yml | 31 +++++++++++++
webserver/docker_hackmd/tasks/main.yml | 32 ++++++++++++++
.../templates/docker-compose.yml | 43 +++++++++++++++++++
.../docker_hackmd/templates/mysql-utf8.cnf | 11 +++++
webserver/docker_keycloak/tasks/main.yml | 29 +++++++++++++
.../templates/docker-compose.yml | 35 +++++++++++++++
webserver/main.yml | 3 ++
webserver/nginx/includes/alerta | 12 ++++++
webserver/nginx/includes/auth | 12 ++++++
webserver/nginx/includes/md | 12 ++++++
15 files changed, 309 insertions(+)
create mode 100644 webserver/docker_alerta/handlers/main.yml
create mode 100644 webserver/docker_alerta/tasks/main.yml
create mode 100644 webserver/docker_alerta/templates/alertad.conf
create mode 100644 webserver/docker_alerta/templates/config.js
create mode 100644 webserver/docker_alerta/templates/docker-compose.yml
create mode 100644 webserver/docker_hackmd/tasks/main.yml
create mode 100644 webserver/docker_hackmd/templates/docker-compose.yml
create mode 100644 webserver/docker_hackmd/templates/mysql-utf8.cnf
create mode 100644 webserver/docker_keycloak/tasks/main.yml
create mode 100644 webserver/docker_keycloak/templates/docker-compose.yml
create mode 100644 webserver/nginx/includes/alerta
create mode 100644 webserver/nginx/includes/auth
create mode 100644 webserver/nginx/includes/md
diff --git a/host_vars/webserver b/host_vars/webserver
index 706af93e..7ba5b54c 100644
--- a/host_vars/webserver
+++ b/host_vars/webserver
@@ -21,6 +21,8 @@ letsencrypt_tos_sha256: 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df
letsencrypt_mail: verwaltung@warpzone.ms
webserver_domains:
+ - "auth"
+ - "alerta"
- "gitlab"
- "infra"
- "infra-test"
@@ -32,6 +34,7 @@ webserver_domains:
- "proxy.jabber-test"
- "ldap"
- "mattermost"
+ - "md"
- "pad"
- "wiki"
- "www"
diff --git a/webserver/docker_alerta/handlers/main.yml b/webserver/docker_alerta/handlers/main.yml
new file mode 100644
index 00000000..57d4fb78
--- /dev/null
+++ b/webserver/docker_alerta/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: restart alerta docker
+ docker_service:
+ project_src: /srv/alerta/
+ state: present
+ restarted: yes
diff --git a/webserver/docker_alerta/tasks/main.yml b/webserver/docker_alerta/tasks/main.yml
new file mode 100644
index 00000000..516956fa
--- /dev/null
+++ b/webserver/docker_alerta/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+- include: ../functions/get_secret.yml
+ with_items:
+ - { path: /srv/alerta/alerta_secret_key, length: 24 }
+ - { path: /srv/alerta/alerta_oauth_client_secret, length: -1 }
+ - { path: /srv/alerta/telegram_token, length: -1 }
+ - { path: /srv/alerta/telegram_chatid, length: -1 }
+
+
+- name: create folder struct for alerta
+ file:
+ path: "{{ item }}"
+ state: "directory"
+ with_items:
+ - /srv/alerta/
+ - /srv/alerta/db/
+
+
+- name: Konfig-Dateien erstellen
+ template:
+ src: "{{ item }}"
+ dest: "/srv/alerta/{{ item }}"
+ with_items:
+ - docker-compose.yml
+ - alertad.conf
+ - config.js
+ notify: restart alerta docker
+
+- name: start alerta docker
+ docker_service:
+ project_src: /srv/alerta/
+ state: present
diff --git a/webserver/docker_alerta/templates/alertad.conf b/webserver/docker_alerta/templates/alertad.conf
new file mode 100644
index 00000000..3eddced9
--- /dev/null
+++ b/webserver/docker_alerta/templates/alertad.conf
@@ -0,0 +1,28 @@
+
+DEBUG = False
+PLUGINS = [ 'blackout','normalise','reject','telegram' ]
+
+SENDER_API_ALLOW = 'ON'
+BLACKOUT_DURATION = 43200
+ALLOWED_ENVIRONMENTS = [ 'warpzone' ]
+
+KEYCLOAK_URL = 'https://auth.warpzone.ms'
+KEYCLOAK_REALM = 'master'
+OAUTH2_CLIENT_ID = 'alerta-ui'
+OAUTH2_CLIENT_SECRET = '{{ alerta_oauth_client_secret }}'
+ALLOWED_KEYCLOAK_ROLES = [ '*' ]
+
+SECRET_KEY = '{{ alerta_secret_key }}'
+DATABASE_URL = 'postgres://alerta:alerta@db:5432/alerta'
+
+AUTH_REQUIRED = True
+ADMIN_USERS = [ '' ]
+
+CUSTOMER_VIEWS = False
+
+TELEGRAM_TOKEN = '{{ telegram_token }}'
+TELEGRAM_CHAT_ID = '{{ telegram_chatid }}'
+TELEGRAM_WEBHOOK_URL = 'https://alerta.warpzone.ms/api/webhooks/telegram'
+
+
+
diff --git a/webserver/docker_alerta/templates/config.js b/webserver/docker_alerta/templates/config.js
new file mode 100644
index 00000000..6882bfc8
--- /dev/null
+++ b/webserver/docker_alerta/templates/config.js
@@ -0,0 +1,18 @@
+'use strict';
+
+angular.module('config', [])
+ .constant('config', {
+ 'endpoint' : "https://"+window.location.hostname+"/api",
+ 'provider' : "keycloak", // google, github, gitlab, saml2 or basic
+ 'client_id' : "alerta-ui",
+ 'keycloak_url': "https://auth.warpzone.ms",
+ 'keycloak_realm': "master",
+
+ 'dates': {
+ 'shortTime' : 'HH:MM',
+ 'mediumDate': 'd.MM.yyyy',
+ 'longDate' : 'EEEE, MMMM d, yyyy HH:MM ss.sss (Z)' // Tuesday, April 26, 2016 13:39:43.987 (+0100)
+ },
+
+ 'refresh_interval': 30000 // Auto-refresh interval set to 30 seconds
+});
diff --git a/webserver/docker_alerta/templates/docker-compose.yml b/webserver/docker_alerta/templates/docker-compose.yml
new file mode 100644
index 00000000..9bbffc90
--- /dev/null
+++ b/webserver/docker_alerta/templates/docker-compose.yml
@@ -0,0 +1,31 @@
+
+
+version: "3"
+
+services:
+
+ app:
+
+ image: alerta/alerta-web:5.2.4
+ restart: always
+ ports:
+ - 0.0.0.0:42008:8080
+ volumes:
+ - /srv/alerta/alertad.conf:/app/alertad.conf
+ - /srv/alerta/config.js:/web/config.js
+ depends_on:
+ - db
+ environment:
+ INSTALL_PLUGINS: "normalise,telegram"
+
+
+ db:
+
+ image: postgres
+ restart: always
+ volumes:
+ - /srv/alerta/db:/var/lib/postgresql/data
+ environment:
+ POSTGRES_DB: alerta
+ POSTGRES_USER: alerta
+ POSTGRES_PASSWORD: alerta
diff --git a/webserver/docker_hackmd/tasks/main.yml b/webserver/docker_hackmd/tasks/main.yml
new file mode 100644
index 00000000..f24578eb
--- /dev/null
+++ b/webserver/docker_hackmd/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+
+- include: ../functions/get_secret.yml
+ with_items:
+ - { path: /srv/hackmd/mysql_root_pass, length: 24 }
+ - { path: /srv/hackmd/mysql_user_pass, length: 12 }
+ - { path: /srv/hackmd/hackmd_session_secret, length: 32 }
+ - { path: /srv/ldap/secret/ldap_readonly_pass, length: -1 }
+
+
+- name: create folder struct for hackmd
+ file:
+ path: "{{ item }}"
+ state: "directory"
+ with_items:
+ - /srv/hackmd/
+ - /srv/hackmd/db/
+
+
+- name: Konfig-Dateien erstellen
+ template:
+ src: "{{ item }}"
+ dest: "/srv/hackmd/{{ item }}"
+ with_items:
+ - docker-compose.yml
+ - mysql-utf8.cnf
+
+
+- name: start hackmd docker
+ docker_service:
+ project_src: /srv/hackmd/
+ state: present
diff --git a/webserver/docker_hackmd/templates/docker-compose.yml b/webserver/docker_hackmd/templates/docker-compose.yml
new file mode 100644
index 00000000..6ec70100
--- /dev/null
+++ b/webserver/docker_hackmd/templates/docker-compose.yml
@@ -0,0 +1,43 @@
+
+version: "3"
+
+services:
+
+ app:
+
+ image: hackmdio/hackmd:1.2.0
+ restart: always
+ depends_on:
+ - db
+ ports:
+ - 127.0.0.1:42007:3000
+ environment:
+ HMD_DB_URL: "mysql://hackmd:{{ mysql_user_pass }}@db:3306/hackmd"
+ CMD_SESSION_SECRET: "{{ hackmd_session_secret }}"
+ CMD_ALLOW_ANONYMOUS: "true"
+ CMD_ALLOW_ANONYMOUS_EDITS: "true"
+ CMD_DEFAULT_PERMISSION: "freely"
+ CMD_LDAP_URL: "ldap://{{ ldap_ip_ext }}:389"
+ CMD_LDAP_BINDDN: "cn=readonly,dc=warpzone,dc=ms"
+ CMD_LDAP_BINDCREDENTIALS: "{{ ldap_readonly_pass }}"
+ CMD_LDAP_SEARCHBASE: "dc=warpzone,dc=ms"
+ CMD_LDAP_SEARCHFILTER: "(&(uid={% raw %}{{username}}{% endraw %})(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))"
+ CMD_LDAP_SEARCHATTRIBUTES: "uid"
+ CMD_LDAP_USERIDFIELD: "uid"
+ CMD_LDAP_USERNAMEFIELD: "uid"
+ CMD_EMAIL: "false"
+
+
+ db:
+
+ image: mariadb:10
+ volumes:
+ - /srv/hackmd/db:/var/lib/mysql
+ - /srv/hackmd/mysql-utf8.cnf:/etc/mysql/conf.d/utf8.cnf
+ environment:
+ MYSQL_ROOT_PASSWORD: "{{ mysql_root_pass }}"
+ MYSQL_PASSWORD: "{{ mysql_user_pass }}"
+ MYSQL_DATABASE: "hackmd"
+ MYSQL_USER: "hackmd"
+
+
\ No newline at end of file
diff --git a/webserver/docker_hackmd/templates/mysql-utf8.cnf b/webserver/docker_hackmd/templates/mysql-utf8.cnf
new file mode 100644
index 00000000..367210a9
--- /dev/null
+++ b/webserver/docker_hackmd/templates/mysql-utf8.cnf
@@ -0,0 +1,11 @@
+[client]
+default-character-set=utf8
+
+[mysql]
+default-character-set=utf8
+
+
+[mysqld]
+collation-server = utf8_unicode_ci
+init-connect='SET NAMES utf8'
+character-set-server = utf8
diff --git a/webserver/docker_keycloak/tasks/main.yml b/webserver/docker_keycloak/tasks/main.yml
new file mode 100644
index 00000000..7d3b2ed0
--- /dev/null
+++ b/webserver/docker_keycloak/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+
+- include: ../functions/get_secret.yml
+ with_items:
+ - { path: /srv/keycloak/keycloak_admin_pass, length: 24 }
+ - { path: /srv/keycloak/postgres_user_pass, length: 12 }
+
+
+- name: create folder struct for keycloak
+ file:
+ path: "{{ item }}"
+ state: "directory"
+ with_items:
+ - /srv/keycloak/
+ - /srv/keycloak/db/
+
+
+- name: Konfig-Dateien erstellen
+ template:
+ src: "{{ item }}"
+ dest: "/srv/keycloak/{{ item }}"
+ with_items:
+ - docker-compose.yml
+ notify: restart keycloak docker
+
+- name: start keycloak docker
+ docker_service:
+ project_src: /srv/keycloak/
+ state: present
diff --git a/webserver/docker_keycloak/templates/docker-compose.yml b/webserver/docker_keycloak/templates/docker-compose.yml
new file mode 100644
index 00000000..6eb7c32f
--- /dev/null
+++ b/webserver/docker_keycloak/templates/docker-compose.yml
@@ -0,0 +1,35 @@
+
+
+version: "3"
+
+services:
+
+
+ app:
+
+ image: jboss/keycloak:4.0.0.Final
+ restart: always
+ ports:
+ - 127.0.0.1:42009:8080
+ depends_on:
+ - db
+ environment:
+ KEYCLOAK_USER: "admin"
+ KEYCLOAK_PASSWORD: "{{ keycloak_admin_pass }}"
+ DB_VENDOR: "POSTGRES"
+ DB_ADDR: "db"
+ DB_DATABASE: "keycloak"
+ DB_USER: "keycloak"
+ DB_PASSWORD: "{{ postgres_user_pass }}"
+ PROXY_ADDRESS_FORWARDING: "true"
+
+ db:
+
+ image: postgres
+ restart: always
+ volumes:
+ - /srv/keycloak/db:/var/lib/postgresql/data
+ environment:
+ POSTGRES_DB: keycloak
+ POSTGRES_USER: keycloak
+ POSTGRES_PASSWORD: "{{ postgres_user_pass }}"
diff --git a/webserver/main.yml b/webserver/main.yml
index fdc9588d..509f26c5 100644
--- a/webserver/main.yml
+++ b/webserver/main.yml
@@ -7,12 +7,15 @@
- { role: ../common/docker, tags: docker }
- { role: nginx, tags: nginx }
- { role: openvpn, tags: openvpn }
+ - { role: docker_alerta, tags: alerta }
- { role: docker_dokuwiki, tags: dokuwiki }
- { role: docker_etherpad, tags: etherpad }
- { role: docker_gitlab, tags: gitlab }
+ - { role: docker_hackmd, tags: hackmd }
- { role: docker_jabber, tags: jabber }
- { role: docker_jabber_test, tags: jabber_test }
- { role: docker_ldap, tags: ldap }
+ - { role: docker_keycloak, tags: keycloak }
- { role: docker_matterbridge, tags: matterbridge }
- { role: docker_warpinfra, tags: warpinfra }
- { role: docker_warpinfratest, tags: warpinfratest }
diff --git a/webserver/nginx/includes/alerta b/webserver/nginx/includes/alerta
new file mode 100644
index 00000000..faba043e
--- /dev/null
+++ b/webserver/nginx/includes/alerta
@@ -0,0 +1,12 @@
+
+ location / {
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ proxy_pass http://127.0.0.1:42008/;
+ proxy_redirect off;
+
+ }
diff --git a/webserver/nginx/includes/auth b/webserver/nginx/includes/auth
new file mode 100644
index 00000000..74801f2f
--- /dev/null
+++ b/webserver/nginx/includes/auth
@@ -0,0 +1,12 @@
+
+ location / {
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ proxy_pass http://127.0.0.1:42009/;
+ proxy_redirect off;
+
+ }
diff --git a/webserver/nginx/includes/md b/webserver/nginx/includes/md
new file mode 100644
index 00000000..72cb0aa1
--- /dev/null
+++ b/webserver/nginx/includes/md
@@ -0,0 +1,12 @@
+
+ location / {
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ proxy_pass http://127.0.0.1:42007/;
+ proxy_redirect off;
+
+ }
--
GitLab