.gitignore

@@ -1,4 +1,3 @@
 # ---> Ansible
 *.retry
 
-/.project

README.md

@@ -11,8 +11,10 @@ The most important variables are listed below:
 ``` yaml
 epas_docker_stack_name: 'epas_prod'
 epas_docker_service_server_name: 'epas'
-epas_docker_registry: 'ghcr.io'
-epas_docker_server_image: '{{ epas_docker_registry }}/consiglionazionaledellericerche/epas:stable'
+epas_docker_registry: 'docker-registry.services.iit.cnr.it'
+epas_docker_server_image: '{{ epas_docker_registry }}/epas/epas:stable'
+epas_docker_registry_user: 'epas.user'
+epas_docker_registry_pwd: 'use a vault file'
 epas_docker_network: 'epas_net'
 epas_attachments_node: 'localhost'
 epas_attachments_volume: 'epas_attachments_data'
@@ -41,7 +43,8 @@ psql_db_data: '{{ epas_psql_pg_data }}'
 # Environment
 epas_server_hostname: 'epas.example.com'
 # Teleworker
-epas_teleworker_server_active: 'true'
+epas_teleworker_server_active: True
+epas_teleworker_server_baseurl: 'http://epasteleworker.isti.cnr.it:8080'
 epas_teleworker_server_user: 'app.epas'
 #epas_teleworker_server_password: 'set in a vault file'
 ## SMTP
@@ -60,10 +63,6 @@ epas_ldap_timeout: 1000
 epas_ldap_base_dn: 'ou=People,dc=example,dc=org'
 epas_ldap_login_return_uri: '/.'
 epas_ldap_eppn_attribute_name: 'eduPersonPrincipalName'
-## Keycloak
-epas_keyclock_enabled: True
-epas_oauth_login: 'true'
-
 ```
 
 Dependencies

defaults/main.yml

@@ -1,12 +1,10 @@
 ---
 epas_docker_stack_name: 'epas_prod'
 epas_docker_service_server_name: 'epas'
-#epas_docker_registry: 'docker-registry.services.iit.cnr.it'
-#epas_docker_server_image: '{{ epas_docker_registry }}/epas/epas:stable'
-#epas_docker_registry_user: 'epas.user'
-#epas_docker_registry_pwd: 'use a vault file'
-epas_docker_registry: 'ghcr.io'
-epas_docker_server_image: '{{ epas_docker_registry }}/consiglionazionaledellericerche/epas:stable'
+epas_docker_registry: 'docker-registry.services.iit.cnr.it'
+epas_docker_server_image: '{{ epas_docker_registry }}/epas/epas:stable'
+epas_docker_registry_user: 'epas.user'
+epas_docker_registry_pwd: 'use a vault file'
 epas_docker_network: 'epas_net'
 epas_docker_attachments_node: 'localhost'
 epas_attachments_volume: 'epas_attachments_data'
@@ -37,7 +35,7 @@ epas_attestati_url: 'https://attestativ2.rm.cnr.it'
 epas_attestati_user: ''
 #epas_attestati_password: 'use a vault file'
 # Teleworker
-epas_teleworker_server_active: 'true'
+epas_teleworker_server_active: True
 epas_teleworker_server_baseurl: 'http://epasteleworker.isti.cnr.it:8080'
 epas_teleworker_server_user: 'app.epas'
 #epas_teleworker_server_password: 'use a vault file'
@@ -62,13 +60,5 @@ epas_ldap_authenticated_bind: False
 epas_ldap_bind_dn: 'cn=readuser,ou=People,o=example,c=org'
 #epas_ldap_bind_credentials: 'use a vault file'
 epas_ldap_authenticate_user_search_dn: 'o=example,c=org'
-## Keycloak
-epas_keyclock_enabled: True
-epas_oauth_login: 'true'
-epas_keycloak_config_uri: 'https://sso.cnr.it/auth/realms/CNR/.well-known/openid-configuration'
-#epas_keycloak_client_id: 'client id'
-#epas_keycloak_client_secret: 'use a vault file'
-epas_keycloak_jwt_field: 'email_cnr'
-## Logs
 epas_log_level: 'INFO'
 epas_log_appenders: 'stderr'

tasks/main.yml

@@ -35,8 +35,8 @@
     - name: Install the docker compose file
       template: src=epas-docker-compose.yml.j2 dest={{ epas_compose_dir }}/docker-epas-stack.yml owner=root group=root mode='0400'
 
-    #- name: Login into the IIT registry
-    #  shell: docker login -u {{ epas_docker_registry_user }} -p {{ epas_docker_registry_pwd }} {{ epas_docker_registry }}
+    - name: Login into the IIT registry
+      shell: docker login -u {{ epas_docker_registry_user }} -p {{ epas_docker_registry_pwd }} {{ epas_docker_registry }}
 
     - name: Start the ePAS stack 
       docker_stack:

templates/epas-docker-compose.yml.j2

@@ -77,14 +77,6 @@ services:
       - LDAP_BIND_CREDENTIALS={{ epas_ldap_bind_credentials }}
       - LDAP_AUTHENTICATE_USER_SEARCH_DN={{ epas_ldap_authenticate_user_search_dn }}
 {% endif %}
-{% if epas_keyclock_enabled %}
-      #### Autenticazione OAuth ####
-      - OAUTH_LOGIN={{ epas_oauth_login }}                       #Opzionale. default: false. Abilita l'autenticazione keycloak.
-      - KEYCLOAK_CONFIG_URI={{ epas_keycloak_config_uri }}
-      - KEYCLOAK_CLIENT_ID={{ epas_keycloak_client_id }}
-      - KEYCLOAK_CLIENT_SECRET={{ epas_keycloak_client_secret }}
-      - KEYCLOAK_JWT_FIELD={{ epas_keycloak_jwt_field }}         #Opzionale. default: email
-{% endif %}
 {% if epas_flows_enabled %}
       - FLOWS_ACTIVE=true                     # defalut: false --(true,false) -- se impostato a true abilita l'utilizzo dei flussi interni a ePAS
       - URL_ATTESTATI={{ epas_attestati_url }}                        # default: https://attestativ2.rm.cnr.it