Updated epas-teleworker ansible role config
This commit is contained in:
parent
d169537ed9
commit
a3ac3edb05
|
@ -1,3 +1,4 @@
|
||||||
# ---> Ansible
|
# ---> Ansible
|
||||||
*.retry
|
*.retry
|
||||||
|
|
||||||
|
/.project
|
||||||
|
|
81
README.md
81
README.md
|
@ -1,7 +1,7 @@
|
||||||
Role Name
|
Role Name
|
||||||
=========
|
=========
|
||||||
|
|
||||||
A role that installs ePAS, electronic Personnel Attendance System. <https://epas.projects.iit.cnr.it>
|
A role that installs ePAS Teleworker a plugin of electronic Personnel Attendance System. <https://epas.projects.iit.cnr.it>
|
||||||
|
|
||||||
Role Variables
|
Role Variables
|
||||||
--------------
|
--------------
|
||||||
|
@ -9,55 +9,47 @@ Role Variables
|
||||||
The most important variables are listed below:
|
The most important variables are listed below:
|
||||||
|
|
||||||
``` yaml
|
``` yaml
|
||||||
epas_docker_stack_name: 'epas_prod'
|
epas_teleworker_docker_stack_name: 'epas_teleworker_prod'
|
||||||
epas_docker_service_server_name: 'epas'
|
epas_teleworker_docker_service_server_name: 'epas-teleworker'
|
||||||
epas_docker_registry: 'docker-registry.services.iit.cnr.it'
|
epas_teleworker_docker_registry: 'docker-registry.services.iit.cnr.it'
|
||||||
epas_docker_server_image: '{{ epas_docker_registry }}/epas/epas:stable'
|
epas_teleworker_docker_server_image: '{{ epas_teleworker_docker_registry }}/epas/telework-stampings:latest'
|
||||||
epas_docker_registry_user: 'epas.user'
|
epas_teleworker_docker_server_build: './'
|
||||||
epas_docker_registry_pwd: 'use a vault file'
|
epas_teleworker_docker_registry_user: 'epas.user'
|
||||||
epas_docker_network: 'epas_net'
|
#epas_teleworker_docker_registry_pwd: 'use a vault file'
|
||||||
epas_attachments_node: 'localhost'
|
epas_teleworker_docker_network: 'epas_net'
|
||||||
epas_attachments_volume: 'epas_attachments_data'
|
epas_teleworker_attachments_node: 'localhost'
|
||||||
epas_node_constraints: 'node.labels.epas_storage == attachments'
|
epas_teleworker_node_constraints: 'node.labels.epas_teleworker_storage == attachments'
|
||||||
epas_behind_haproxy: True
|
epas_teleworker_behind_haproxy: True
|
||||||
epas_haproxy_public_net: 'haproxy-public'
|
epas_teleworker_haproxy_public_net: 'haproxy-public'
|
||||||
# DB
|
# DB
|
||||||
# Set to true if postgresql must be a container too
|
# Set to true if postgresql must be a container too
|
||||||
epas_dockerized_db: False
|
epas_teleworker_dockerized_db: False
|
||||||
# IMPORTANT. Set it to True for the server that is going to host the DB
|
# IMPORTANT. Set it to True for the server that is going to host the DB
|
||||||
epas_docker_db_node: False
|
epas_teleworker_docker_db_node: False
|
||||||
epas_pg_version: '12'
|
epas_teleworker_pg_version: '12'
|
||||||
epas_db_image: 'postgres:{{ epas_pg_version }}-alpine'
|
epas_teleworker_db_image: 'postgres:{{ epas_teleworker_pg_version }}-alpine'
|
||||||
# The default hostname is the name of the container service
|
# The default hostname is the name of the container service
|
||||||
epas_db_host: 'postgres'
|
epas_teleworker_db_host: 'postgres'
|
||||||
epas_db_name: 'epas_prod_db'
|
epas_teleworker_db_port: '5432'
|
||||||
epas_db_allowed_hosts:
|
epas_teleworker_db_name: 'epas_teleworker_prod_db'
|
||||||
|
epas_teleworker_db_allowed_hosts:
|
||||||
- '127.0.0.1'
|
- '127.0.0.1'
|
||||||
#epas_db_pwd: 'set it in a vault file'
|
epas_teleworker_db_user: 'epas_teleworker_prod_user'
|
||||||
epas_db_user: 'epas_prod_user'
|
#epas_teleworker_db_pwd: 'set it in a vault file'
|
||||||
epas_db_volume: 'epas_prod_pg_data'
|
epas_teleworker_db_host_auth_method: 'password'
|
||||||
epas_db_constraints: '[node.labels.pg_data==epas_db]'
|
epas_teleworker_db_volume: 'epas_teleworker_prod_pg_data'
|
||||||
epas_pg_data_volume: 'epas_db_data'
|
epas_teleworker_db_constraints: '[node.labels.epas_teleworker_pg_data==epas_teleworker_db]'
|
||||||
epas_pg_backups_volume: 'epas_db_data'
|
epas_teleworker_pg_data_volume: 'epas_teleworker_db_data'
|
||||||
psql_db_data: '{{ epas_psql_pg_data }}'
|
epas_teleworker_pg_backups_volume: 'epas_teleworker_db_data'
|
||||||
|
psql_db_data: '{{ epas_teleworker_psql_pg_data }}'
|
||||||
# Environment
|
# Environment
|
||||||
epas_server_hostname: 'epas.example.com'
|
epas_teleworker_server_host: 'epas-teleworker'
|
||||||
## SMTP
|
epas_teleworker_server_ports: '8080'
|
||||||
epas_smtp_server: 'localhost'
|
epas_teleworker_server_username: 'app.epas'
|
||||||
epas_smtp_port: 587
|
#epas_teleworker_server_password: 'set it in a vault file'
|
||||||
epas_smtp_channel: 'starttls'
|
|
||||||
epas_smtp_from: 'epas@cnr.it'
|
|
||||||
epas_smtp_protocol: 'smtp'
|
|
||||||
epas_smtp_authentication: True
|
|
||||||
epas_smtp_user: ''
|
|
||||||
epas_smtp_password: 'use a vault file'
|
|
||||||
## LDAP
|
|
||||||
epas_ldap_login: 'false'
|
|
||||||
epas_ldap_url: 'ldap://ldap.example.org:389'
|
|
||||||
epas_ldap_timeout: 1000
|
|
||||||
epas_ldap_base_dn: 'ou=People,dc=example,dc=org'
|
|
||||||
epas_ldap_login_return_uri: '/.'
|
|
||||||
epas_ldap_eppn_attribute_name: 'eduPersonPrincipalName'
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Dependencies
|
Dependencies
|
||||||
|
@ -73,4 +65,5 @@ EUPL-1.2
|
||||||
Author Information
|
Author Information
|
||||||
------------------
|
------------------
|
||||||
|
|
||||||
|
Giancarlo Panichi, <giancarlo.panichi@isti.cnr.it>
|
||||||
Andrea Dell'Amico, <andrea.dellamico@isti.cnr.it>
|
Andrea Dell'Amico, <andrea.dellamico@isti.cnr.it>
|
||||||
|
|
|
@ -1,60 +1,39 @@
|
||||||
---
|
---
|
||||||
epas_docker_stack_name: 'epas_prod'
|
epas_teleworker_docker_stack_name: 'epas_teleworker_prod'
|
||||||
epas_docker_service_server_name: 'epas'
|
epas_teleworker_docker_service_server_name: 'epas-teleworker'
|
||||||
epas_docker_registry: 'docker-registry.services.iit.cnr.it'
|
epas_teleworker_docker_registry: 'docker-registry.services.iit.cnr.it'
|
||||||
epas_docker_server_image: '{{ epas_docker_registry }}/epas/epas:stable'
|
epas_teleworker_docker_server_image: '{{ epas_teleworker_docker_registry }}/epas/telework-stampings:latest'
|
||||||
epas_docker_registry_user: 'epas.user'
|
epas_teleworker_docker_server_build: './'
|
||||||
epas_docker_registry_pwd: 'use a vault file'
|
epas_teleworker_docker_registry_user: 'epas.user'
|
||||||
epas_docker_network: 'epas_net'
|
#epas_teleworker_docker_registry_pwd: 'use a vault file'
|
||||||
epas_docker_attachments_node: 'localhost'
|
epas_teleworker_docker_network: 'epas_net'
|
||||||
epas_attachments_volume: 'epas_attachments_data'
|
epas_teleworker_attachments_node: 'localhost'
|
||||||
epas_node_constraints: 'node.labels.epas_storage == attachments'
|
epas_teleworker_node_constraints: 'node.labels.epas_teleworker_storage == attachments'
|
||||||
epas_behind_haproxy: True
|
epas_teleworker_behind_haproxy: True
|
||||||
epas_haproxy_public_net: 'haproxy-public'
|
epas_teleworker_haproxy_public_net: 'haproxy-public'
|
||||||
# DB
|
# DB
|
||||||
# Set to true if postgresql must be a container too
|
# Set to true if postgresql must be a container too
|
||||||
epas_dockerized_db: False
|
epas_teleworker_dockerized_db: False
|
||||||
epas_pg_version: '12'
|
# IMPORTANT. Set it to True for the server that is going to host the DB
|
||||||
epas_db_image: 'postgres:{{ epas_pg_version }}-alpine'
|
epas_teleworker_docker_db_node: False
|
||||||
|
epas_teleworker_pg_version: '12'
|
||||||
|
epas_teleworker_db_image: 'postgres:{{ epas_teleworker_pg_version }}-alpine'
|
||||||
# The default hostname is the name of the container service
|
# The default hostname is the name of the container service
|
||||||
epas_db_host: 'postgres'
|
epas_teleworker_db_host: 'postgres'
|
||||||
epas_db_name: 'epas_prod_db'
|
epas_teleworker_db_port: '5432'
|
||||||
epas_db_allowed_hosts:
|
epas_teleworker_db_name: 'epas_teleworker_prod_db'
|
||||||
|
epas_teleworker_db_allowed_hosts:
|
||||||
- '127.0.0.1'
|
- '127.0.0.1'
|
||||||
#epas_db_pwd: 'set it in a vault file'
|
epas_teleworker_db_user: 'epas_teleworker_prod_user'
|
||||||
epas_db_user: 'epas_prod_user'
|
#epas_teleworker_db_pwd: 'set it in a vault file'
|
||||||
epas_docker_db_node: 'localhost'
|
epas_teleworker_db_host_auth_method: 'password'
|
||||||
epas_db_volume: 'epas_prod_pg_data'
|
epas_teleworker_db_volume: 'epas_teleworker_prod_pg_data'
|
||||||
epas_db_constraints: '[node.labels.epas_pg_data==epas_db]'
|
epas_teleworker_db_constraints: '[node.labels.epas_teleworker_pg_data==epas_teleworker_db]'
|
||||||
epas_pg_data_volume: 'epas_db_data'
|
epas_teleworker_pg_data_volume: 'epas_teleworker_db_data'
|
||||||
epas_pg_backups_volume: 'epas_db_data'
|
epas_teleworker_pg_backups_volume: 'epas_teleworker_db_data'
|
||||||
psql_db_data: '{{ epas_psql_pg_data }}'
|
psql_db_data: '{{ epas_teleworker_psql_pg_data }}'
|
||||||
# Environment
|
# Environment
|
||||||
epas_server_hostname: 'epas.example.com'
|
epas_teleworker_server_host: 'epas-teleworker'
|
||||||
epas_flows_enabled: False
|
epas_teleworker_server_ports: '8080'
|
||||||
epas_attestati_url: 'https://attestativ2.rm.cnr.it'
|
epas_teleworker_server_username: 'app.epas'
|
||||||
epas_attestati_user: ''
|
#epas_teleworker_server_password: 'set it in a vault file'
|
||||||
#epas_attestati_password: 'use a fault'
|
|
||||||
## SMTP
|
|
||||||
epas_smtp_server: 'localhost'
|
|
||||||
epas_smtp_port: 587
|
|
||||||
epas_smtp_channel: 'starttls'
|
|
||||||
epas_smtp_from: 'epas@cnr.it'
|
|
||||||
epas_smtp_protocol: 'smtp'
|
|
||||||
epas_smtp_authentication: True
|
|
||||||
epas_smtp_user: ''
|
|
||||||
epas_smtp_password: 'use a vault file'
|
|
||||||
## LDAP
|
|
||||||
epas_ldap_login: 'false'
|
|
||||||
epas_ldap_url: 'ldap://ldap.example.org:389'
|
|
||||||
epas_ldap_timeout: 1000
|
|
||||||
epas_ldap_base_dn: 'ou=People,dc=example,dc=org'
|
|
||||||
epas_ldap_login_return_uri: '/.'
|
|
||||||
epas_ldap_eppn_attribute_name: 'eduPersonPrincipalName'
|
|
||||||
epas_ldap_starttls_enabled: 'false'
|
|
||||||
epas_ldap_authenticated_bind: False
|
|
||||||
epas_ldap_bind_dn: 'cn=readuser,ou=People,o=example,c=org'
|
|
||||||
#epas_ldap_bind_credentials: 'use a vault file'
|
|
||||||
epas_ldap_authenticate_user_search_dn: 'o=example,c=org'
|
|
||||||
epas_log_level: 'INFO'
|
|
||||||
epas_log_appenders: 'stderr'
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Andrea Dell'Amico
|
author: Giancarlo Panichi
|
||||||
description: Systems Architect
|
description: Software Developer
|
||||||
company: ISTI-CNR
|
company: ISTI-CNR
|
||||||
|
|
||||||
issue_tracker_url: https://support.d4science.org/projects/d4science-operation
|
issue_tracker_url: https://support.d4science.org/projects/d4science-operation
|
||||||
|
@ -21,11 +21,11 @@ galaxy_info:
|
||||||
- 7
|
- 7
|
||||||
|
|
||||||
galaxy_tags:
|
galaxy_tags:
|
||||||
- epas
|
- epas-teleworker
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-pgsql-db-management.git
|
- src: git+https://gitea-s2i2s.isti.cnr.it/ePAS-ISTI/ansible-role-epas-teleworker.git
|
||||||
version: master
|
version: master
|
||||||
name: pgsql-db-management
|
name: pgsql-db-management
|
||||||
state: latest
|
state: latest
|
||||||
when: not epas_dockerized_db
|
when: not epas_teleworker_dockerized_db
|
||||||
|
|
|
@ -1,57 +1,50 @@
|
||||||
---
|
---
|
||||||
- name: Manage the installation of the ePAS configuration of the swarm service
|
- name: Manage the installation of the ePAS Teleworker configuration of the swarm service
|
||||||
block:
|
block:
|
||||||
- name: Create the directory where the DB init script is going to be installed
|
- name: Create the directory where the DB init script is going to be installed
|
||||||
file: dest={{ epas_compose_dir }} state=directory
|
file: dest={{ epas_teleworker_compose_dir }} state=directory
|
||||||
|
|
||||||
- name: Install the DB initialization script
|
- name: Install the DB initialization script
|
||||||
template: src=pg-create-user-db.sh.j2 dest={{ epas_compose_dir }}/pg-create-user-db.sh owner=root group=root mode='0555'
|
template: src=pg-create-user-db.sh.j2 dest={{ epas_teleworker_compose_dir }}/pg-create-user-db.sh owner=root group=root mode='0555'
|
||||||
|
|
||||||
when:
|
when:
|
||||||
- epas_dockerized_db
|
- epas_teleworker_dockerized_db
|
||||||
- epas_docker_db_node == ansible_fqdn
|
- epas_teleworker_docker_db_node == ansible_fqdn
|
||||||
tags: [ 'epas', 'epas_swarm', 'epas_db' ]
|
tags: [ 'epas_teleworker', 'epas_teleworker_swarm', 'epas_teleworker_db' ]
|
||||||
|
|
||||||
- name: Manage the installation of the ePAS configuration of the swarm service
|
- name: Manage the installation of the ePAS Teleworker configuration of the swarm service
|
||||||
block:
|
block:
|
||||||
- name: Add the label that will be used as a constraint for the attachments volume
|
|
||||||
docker_node:
|
|
||||||
hostname: '{{ epas_docker_attachments_node }}'
|
|
||||||
labels:
|
|
||||||
epas_storage: 'attachments'
|
|
||||||
labels_state: 'merge'
|
|
||||||
|
|
||||||
- name: Add the label that will be used as a constraint for the postgresql DB
|
- name: Add the label that will be used as a constraint for the postgresql DB
|
||||||
docker_node:
|
docker_node:
|
||||||
hostname: '{{ epas_docker_db_node }}'
|
hostname: '{{ epas_teleworker_docker_db_node }}'
|
||||||
labels:
|
labels:
|
||||||
epas_pg_data: 'epas_db'
|
epas_teleworker_pg_data: 'epas_teleworker_db'
|
||||||
labels_state: 'merge'
|
labels_state: 'merge'
|
||||||
when: epas_dockerized_db
|
when: epas_teleworker_dockerized_db
|
||||||
|
|
||||||
- name: Create the directory where the compose file will be placed
|
- name: Create the directory where the compose file will be placed
|
||||||
file: dest={{ epas_compose_dir }} state=directory owner=root group=root mode=0750
|
file: dest={{ epas_teleworker_compose_dir }} state=directory owner=root group=root mode=0750
|
||||||
|
|
||||||
- name: Install the docker compose file
|
- name: Install the docker compose file
|
||||||
template: src=epas-docker-compose.yml.j2 dest={{ epas_compose_dir }}/docker-epas-stack.yml owner=root group=root mode='0400'
|
template: src=epas-teleworker-docker-compose.yml.j2 dest={{ epas_teleworker_compose_dir }}/docker-epas-teleworker-stack.yml owner=root group=root mode='0400'
|
||||||
|
|
||||||
- name: Login into the IIT registry
|
- name: Login into the IIT registry
|
||||||
shell: docker login -u {{ epas_docker_registry_user }} -p {{ epas_docker_registry_pwd }} {{ epas_docker_registry }}
|
shell: docker login -u {{ epas_teleworker_docker_registry_user }} -p {{ epas_teleworker_docker_registry_pwd }} {{ epas_teleworker_docker_registry }}
|
||||||
|
|
||||||
- name: Start the ePAS stack
|
- name: Start the ePAS Teleworker stack
|
||||||
docker_stack:
|
docker_stack:
|
||||||
name: '{{ epas_docker_stack_name }}'
|
name: '{{ epas_teleworker_docker_stack_name }}'
|
||||||
state: present
|
state: present
|
||||||
with_registry_auth: True
|
with_registry_auth: True
|
||||||
compose:
|
compose:
|
||||||
- '{{ epas_compose_dir }}/docker-epas-stack.yml'
|
- '{{ epas_teleworker_compose_dir }}/docker-epas-teleworker-stack.yml'
|
||||||
|
|
||||||
# - name: Connect the ePAS service to the haproxy-public network
|
# - name: Connect the ePAS Teleworker service to the haproxy-public network
|
||||||
# command: docker service update --network-add {{ epas_haproxy_public_net }} {{ item }} --update-delay 30s --update-parallelism 1
|
# command: docker service update --network-add {{ epas_teleworker_haproxy_public_net }} {{ item }} --update-delay 30s --update-parallelism 1
|
||||||
# with_items:
|
# with_items:
|
||||||
# - '{{ epas_docker_stack_name }}_{{ epas_docker_service_server_name }}'
|
# - '{{ epas_teleworker_docker_stack_name }}_{{ epas_teleworker_docker_service_server_name }}'
|
||||||
# ignore_errors: True
|
# ignore_errors: True
|
||||||
# when: epas_behind_haproxy
|
# when: epas_teleworker_behind_haproxy
|
||||||
|
|
||||||
when: docker_swarm_manager_node is defined and docker_swarm_manager_node
|
when: docker_swarm_manager_node is defined and docker_swarm_manager_node
|
||||||
tags: [ 'epas', 'epas_swarm', 'epas_server' ]
|
tags: [ 'epas_teleworker', 'epas_teleworker_swarm', 'epas_teleworker_server' ]
|
||||||
|
|
|
@ -1,126 +0,0 @@
|
||||||
version: '3.2'
|
|
||||||
|
|
||||||
networks:
|
|
||||||
{{ epas_haproxy_public_net }}:
|
|
||||||
external: true
|
|
||||||
{{ epas_docker_network }}:
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
{{ epas_attachments_volume }}:
|
|
||||||
{% if epas_dockerized_db %}
|
|
||||||
{{ epas_pg_backups_volume }}:
|
|
||||||
{{ epas_db_volume }}:
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
services:
|
|
||||||
{{ epas_docker_service_server_name }}:
|
|
||||||
image: {{ epas_docker_server_image }}
|
|
||||||
networks:
|
|
||||||
- {{ epas_docker_network }}
|
|
||||||
- {{ epas_haproxy_public_net }}
|
|
||||||
volumes:
|
|
||||||
- {{ epas_attachments_volume }}:/home/epas/epas/data/attachments
|
|
||||||
- /etc/localtime:/etc/localtime:ro
|
|
||||||
- /etc/timezone:/etc/timezone:ro
|
|
||||||
environment:
|
|
||||||
- VIRTUAL_HOST={{ epas_server_hostname }}
|
|
||||||
- PROTOCOL=https # default: http -- (http,https)
|
|
||||||
# - EPAS_SHIB_LOGIN= # default: false -- (true,false)
|
|
||||||
- JOBS_ACTIVE=true # default: false -- (true,false) -- Se forzato a true abilita l'esecuzione di tutti i job
|
|
||||||
# - SKIP_IP_CHECK= # default: false -- (true,false) -- Disabilita il controllo sugli indirizzi ip delle richieste
|
|
||||||
######## LOGS ###########
|
|
||||||
- LOG_LEVEL={{ epas_log_level }} # Opzionale. default: INFO -- (OFF,FATAL,ERROR,WARN,INFO,DEBUG,TRACE,ALL)
|
|
||||||
- APPENDERS={{ epas_log_appenders }} # Opzionale. default: stdout, stderr -- (stdout, stderr, file, graylog2). Abilita i log sulla console, file e server graylog
|
|
||||||
# - GRAYLOG_HOST= # Obbligatorio se attivato log sull'appender graylog2. default: null
|
|
||||||
# - GRAYLOG_PORT= # Opzionale. default: 3514
|
|
||||||
# - GRAYLOG_ORIGIN_HOST= # Opzionale. default: valore in VIRTUAL_HOST
|
|
||||||
###### Container ########
|
|
||||||
# - BACKUP_CRON= # default: disattivato. (utilizzare il format del crontab. Es. 0 0 * * *)
|
|
||||||
# - CERT_NAME= # default: valore specificato in VIRTUAL_HOST -- Specifica un nome diverso per i file del certificato SSL
|
|
||||||
- TZ=Europe/Rome
|
|
||||||
#### Connessione DB ####
|
|
||||||
- DB_HOST={{ epas_db_host }} # default: indirizzo assegnato al container postgres linkato
|
|
||||||
- DB_NAME={{ epas_db_name }} # default: epas
|
|
||||||
- DB_PASS={{ epas_db_pwd }} # default: "non necessaria"
|
|
||||||
- DB_PORT=5432 # default: 5432
|
|
||||||
- DB_USER={{ epas_db_user }} # default: postgres
|
|
||||||
#### server SMTP ####
|
|
||||||
- SMTP_HOST={{ epas_smtp_server }} # default: smtp.cnr.it
|
|
||||||
- SMTP_PORT={{ epas_smtp_port }} # default: 25 se SMTP_CHANNEL è impostato clear o starttls; 465 se impostato su ssl
|
|
||||||
- SMTP_CHANNEL={{ epas_smtp_channel }} # default: clear -- (clear, ssl ,starttls)
|
|
||||||
- SMTP_FROM={{ epas_smtp_from }} # default: epas@cnr.it -- Indirizzo utilizzato per il campo mittente delle mail inviate dal sistema
|
|
||||||
- SMTP_PROTOCOL={{ epas_smtp_protocol}} # default: smtp -- (smtp, smtps)
|
|
||||||
{% if epas_smtp_authentication %}
|
|
||||||
- SMTP_USER={{ epas_smtp_user }} # user utilizzato per l'autenticazione sul server smtp (se necessario)
|
|
||||||
- SMTP_PASS={{ epas_smtp_password }} # password utilizzato per l'autenticazione sul server smtp (se necessaria)
|
|
||||||
{% endif %}
|
|
||||||
#### Autenticazione LDAP ####
|
|
||||||
- LDAP_LOGIN={{ epas_ldap_login }} # default: false. Impostare a true per attivare l'autenticazione tramite LDAP
|
|
||||||
- LDAP_URL={{ epas_ldap_url }} # url del server LDAP, per esempio ldap://ldap.cnr.it:389
|
|
||||||
- LDAP_STARTTLS={{ epas_ldap_starttls_enabled }} # Deve valere true quando è richiesto TLS sulla porta 389. False quando viene usato ldaps sulla 636
|
|
||||||
- LDAP_TIMEOUT={{ epas_ldap_timeout }} # default: 1000. Time in millisecondi della connessione LDAP.
|
|
||||||
- LDAP_DN_BASE={{ epas_ldap_base_dn }} # DN per la ricerca degli utenti su LDAP, per esempio ou=People,dc=iit,dc=cnr,dc=it
|
|
||||||
- LDAP_LOGIN_RETURN={{ epas_ldap_login_return_uri }} # default: /. Indirizzo relativo di reindirizzamento dopo il login LDAP.
|
|
||||||
- LDAP_EPPN_ATTRIBUTE_NAME={{ epas_ldap_eppn_attribute_name }} # default: eduPersonPrincipalName. Campo LDAP utilizzato per il mapping con il campo eppn presente in ePAS.
|
|
||||||
{% if epas_ldap_authenticated_bind %}
|
|
||||||
- LDAP_BIND_DN={{ epas_ldap_bind_dn }}
|
|
||||||
- LDAP_BIND_CREDENTIALS={{ epas_ldap_bind_credentials }}
|
|
||||||
- LDAP_AUTHENTICATE_USER_SEARCH_DN={{ epas_ldap_authenticate_user_search_dn }}
|
|
||||||
{% endif %}
|
|
||||||
{% if epas_flows_enabled %}
|
|
||||||
- FLOWS_ACTIVE=true # defalut: false --(true,false) -- se impostato a true abilita l'utilizzo dei flussi interni a ePAS
|
|
||||||
- URL_ATTESTATI={{ epas_attestati_url }} # default: https://attestativ2.rm.cnr.it
|
|
||||||
- URL_USER={{ epas_attestati_user }}
|
|
||||||
- URL_PASS={{ epas_attestati_password }}
|
|
||||||
{% endif %}
|
|
||||||
#### Invio Segnalazioni via email
|
|
||||||
#- REPORT_TO=${REPORT_TO} # default: epas@iit.cnr.it
|
|
||||||
#- REPORT_FROM=${REPORT_FROM} # default: segnalazioni@epas.tools.iit.cnr.it
|
|
||||||
#- REPORT_SUBJECT=${REPORT_SUBJECT} # default: Segnalazione ePAS
|
|
||||||
deploy:
|
|
||||||
mode: replicated
|
|
||||||
replicas: 1
|
|
||||||
endpoint_mode: dnsrr
|
|
||||||
placement:
|
|
||||||
constraints:
|
|
||||||
- node.role == worker
|
|
||||||
- {{ epas_node_constraints }}
|
|
||||||
restart_policy:
|
|
||||||
condition: on-failure
|
|
||||||
delay: 5s
|
|
||||||
max_attempts: 3
|
|
||||||
window: 120s
|
|
||||||
logging:
|
|
||||||
driver: 'journald'
|
|
||||||
|
|
||||||
{% if epas_dockerized_db %}
|
|
||||||
postgres:
|
|
||||||
image: {{ epas_db_image }}
|
|
||||||
environment:
|
|
||||||
POSTGRES_PASSWORD: {{ epas_db_pwd }}
|
|
||||||
POSTGRES_DB: postgres
|
|
||||||
POSTGRES_USER: postgres
|
|
||||||
POSTGRES_PORT: 5432
|
|
||||||
PGDATA: /var/lib/postgresql/data/pg_data
|
|
||||||
networks:
|
|
||||||
- {{ epas_docker_network }}
|
|
||||||
volumes:
|
|
||||||
- {{ epas_pg_data_volume }}:/var/lib/postgresql/data/pg_data
|
|
||||||
- {{ epas_pg_backups_volume }}:/tmp:ro
|
|
||||||
- /etc/localtime:/etc/localtime:ro
|
|
||||||
- /etc/timezone:/etc/timezone:ro
|
|
||||||
deploy:
|
|
||||||
mode: replicated
|
|
||||||
replicas: 1
|
|
||||||
endpoint_mode: dnsrr
|
|
||||||
placement:
|
|
||||||
constraints: {{ epas_db_constraints }}
|
|
||||||
restart_policy:
|
|
||||||
condition: on-failure
|
|
||||||
delay: 5s
|
|
||||||
max_attempts: 3
|
|
||||||
window: 120s
|
|
||||||
logging:
|
|
||||||
driver: 'journald'
|
|
||||||
{% endif %}
|
|
||||||
|
|
|
@ -0,0 +1,58 @@
|
||||||
|
version: '3.2'
|
||||||
|
|
||||||
|
{% if epas_teleworker_behind_haproxy %}
|
||||||
|
networks:
|
||||||
|
{{ epas_teleworker_haproxy_public_net }}:
|
||||||
|
external: true
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
{% if epas_teleworker_dockerized_db %}
|
||||||
|
{{ epas_teleworker_pg_backups_volume }}:
|
||||||
|
{{ epas_teleworker_db_volume }}:
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
services:
|
||||||
|
{{ epas_teleworker_docker_service_server_name }}:
|
||||||
|
image: {{ epas_teleworker_docker_server_image }}
|
||||||
|
networks:
|
||||||
|
- {{ epas_teleworker_docker_network }}
|
||||||
|
- {{ epas_teleworker_haproxy_public_net }}
|
||||||
|
volumes:
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
- /etc/timezone:/etc/timezone:ro
|
||||||
|
environment:
|
||||||
|
- MICRONAUT_SERVER_HOST={{ epas_teleworker_server_host }}
|
||||||
|
- MICRONAUT_SERVER_PORT={{ epas_teleworker_server_ports }}
|
||||||
|
- TELEWORK_USERNAME:{{ epas_teleworker_server_username }}
|
||||||
|
- TELEWORK_PASSWORD:{{ epas_teleworker_server_password }}
|
||||||
|
#### Connessione DB ####
|
||||||
|
- POSTGRESQL_SERVER_HOST={{ epas_teleworker_db_host }}
|
||||||
|
- POSTGRESQL_SERVER_PORT={{ epas_teleworker_db_port }}
|
||||||
|
- POSTGRESQL_DATABASE_NAME={{ epas_teleworker_db_name }}
|
||||||
|
- POSTGRESQL_USERNAME={{ epas_teleworker_db_user }}
|
||||||
|
- POSTGRESQL_PASSWORD={{ epas_teleworker_db_pwd }}
|
||||||
|
deploy:
|
||||||
|
mode: replicated
|
||||||
|
replicas: 1
|
||||||
|
endpoint_mode: dnsrr
|
||||||
|
placement:
|
||||||
|
constraints:
|
||||||
|
- node.role == worker
|
||||||
|
- {{ epas_teleworker_node_constraints }}
|
||||||
|
restart_policy:
|
||||||
|
condition: on-failure
|
||||||
|
delay: 5s
|
||||||
|
max_attempts: 3
|
||||||
|
window: 120s
|
||||||
|
logging:
|
||||||
|
driver: 'journald'
|
||||||
|
|
||||||
|
{% if epas_teleworker_dockerized_db %}
|
||||||
|
epas-teleworker-postgresql:
|
||||||
|
extends:
|
||||||
|
file: postgresql.yml
|
||||||
|
service: epas-teleworker-postgresql
|
||||||
|
{% endif %}
|
||||||
|
|
|
@ -3,10 +3,10 @@
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
||||||
CREATE USER {{ epas_db_user }} password '{{ epas_db_pwd }}';
|
CREATE USER {{ epas_teleworker_db_user }} password '{{ epas_teleworker_db_pwd }}';
|
||||||
CREATE DATABASE {{ epas_db_name }}
|
CREATE DATABASE {{ epas_teleworker_db_name }}
|
||||||
OWNER {{ epas_db_user }}
|
OWNER {{ epas_teleworker_db_user }}
|
||||||
ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8'
|
ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8'
|
||||||
TEMPLATE template0;
|
TEMPLATE template0;
|
||||||
GRANT ALL PRIVILEGES ON DATABASE {{ epas_db_name }} TO {{ epas_db_user }};
|
GRANT ALL PRIVILEGES ON DATABASE {{ epas_teleworker_db_name }} TO {{ epas_teleworker_db_user }};
|
||||||
EOSQL
|
EOSQL
|
||||||
|
|
|
@ -0,0 +1,32 @@
|
||||||
|
version: '2'
|
||||||
|
services:
|
||||||
|
epas-teleworker-postgresql:
|
||||||
|
image: {{epas_teleworker_db_image}}
|
||||||
|
environment:
|
||||||
|
- POSTGRES_DB={{epas_telewoerker_db_name}}
|
||||||
|
- POSTGRES_USER={{epas_telewoerker_db_user}}
|
||||||
|
- POSTGRES_PASSWORD={{epas_teleworker_db_pwd}}
|
||||||
|
- POSTGRES_HOST_AUTH_METHOD={{epas_teleworker_db_host_auth_method}}
|
||||||
|
- PGDATA=/var/lib/postgresql/data/pg_data
|
||||||
|
ports:
|
||||||
|
- 5432:5432
|
||||||
|
networks:
|
||||||
|
- {{ epas_teleworker_docker_network }}
|
||||||
|
volumes:
|
||||||
|
- {{ epas_teleworker_pg_data_volume }}:/var/lib/postgresql/data/
|
||||||
|
- {{ epas_teleworker_pg_backups_volume }}:/tmp:ro
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
- /etc/timezone:/etc/timezone:ro
|
||||||
|
deploy:
|
||||||
|
mode: replicated
|
||||||
|
replicas: 1
|
||||||
|
endpoint_mode: dnsrr
|
||||||
|
placement:
|
||||||
|
constraints: {{ epas_teleworker_db_constraints }}
|
||||||
|
restart_policy:
|
||||||
|
condition: on-failure
|
||||||
|
delay: 5s
|
||||||
|
max_attempts: 3
|
||||||
|
window: 120s
|
||||||
|
logging:
|
||||||
|
driver: 'journald'
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
epas_compose_dir: '/srv/epas_stack'
|
epas_teleworker_compose_dir: '/srv/epas_teleworker_stack'
|
||||||
|
|
||||||
epas_psql_pg_data:
|
epas_psql_pg_data:
|
||||||
- { db_host: '{{ epas_db_host }}', pgsql_version: '{{ epas_pg_version }}', name: '{{ epas_db_name }}', encoding: 'UTF8', user: '{{ epas_db_user }}', roles: 'NOCREATEDB,NOSUPERUSER', pwd: '{{ epas_db_pwd }}', managedb: True, allowed_hosts: '{{ epas_db_allowed_hosts }}' }
|
- { db_host: '{{ epas_teleworker_db_host }}', pgsql_version: '{{ epas_teleworker_pg_version }}', name: '{{ epas_teleworker_db_name }}', encoding: 'UTF8', user: '{{ epas_teleworker_db_user }}', roles: 'NOCREATEDB,NOSUPERUSER', pwd: '{{ epas_teleworker_db_pwd }}', managedb: True, allowed_hosts: '{{ epas_teleworker_db_allowed_hosts }}' }
|
||||||
|
|
Loading…
Reference in New Issue