This is an automated email from the ASF dual-hosted git repository.
isjarana pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
The following commit(s) were added to refs/heads/develop by this push:
new bc72babe5 fix ansible issues
new 0b8f1e324 Merge pull request #388 from isururanawaka/develop
bc72babe5 is described below
commit bc72babe5a54857541f49ae100a417e87cf831fa
Author: Isuru Ranawaka <[email protected]>
AuthorDate: Thu Jun 15 10:46:15 2023 -0400
fix ansible issues
---
ansible/custos.yml | 6 +-
.../files/keycloak-client-truststore.pkcs12 | Bin 0 -> 1702 bytes
.../inventories/develop/group_vars/all/vars.yml | 18 ++-
.../inventories/develop/group_vars/all/vault.yml | 172 ++++++++++-----------
ansible/roles/custos/tasks/main.yml | 63 +++-----
.../custos-core-services/application.properties.j2 | 17 +-
.../custos-core-services/bootstrap.properties.j2 | 7 -
.../application.properties.j2 | 2 +-
ansible/roles/env_setup/tasks/main.yml | 146 ++++++++++++++---
ansible/vault_pass | 1 +
10 files changed, 252 insertions(+), 180 deletions(-)
diff --git a/ansible/custos.yml b/ansible/custos.yml
index 435321500..52d992df2 100644
--- a/ansible/custos.yml
+++ b/ansible/custos.yml
@@ -1,5 +1,4 @@
#
-#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -31,6 +30,7 @@
# roles:
# - role: migrate_db
# tags: [migrate_db, never]
+### enable following for fresh deployment
#- hosts: hashicorp
# roles:
# - role: env_setup # execute env_setup role only when env_setup tag is
specified
@@ -50,6 +50,6 @@
tags: [env_setup, never]
- role: nginx
- role: database
-# - zookeeper
-# - kafka
+# - zookeeper this is outdated, hence, commented out
+# - kafka this is outdated, hence, commented out
- role: custos
\ No newline at end of file
diff --git
a/ansible/inventories/develop/files/keycloak-client-truststore.pkcs12
b/ansible/inventories/develop/files/keycloak-client-truststore.pkcs12
new file mode 100644
index 000000000..4ccb397f8
Binary files /dev/null and
b/ansible/inventories/develop/files/keycloak-client-truststore.pkcs12 differ
diff --git a/ansible/inventories/develop/group_vars/all/vars.yml
b/ansible/inventories/develop/group_vars/all/vars.yml
index a32fe2752..e81f8834c 100644
--- a/ansible/inventories/develop/group_vars/all/vars.yml
+++ b/ansible/inventories/develop/group_vars/all/vars.yml
@@ -81,20 +81,22 @@ sharing_subnets:
custos_core_grpc_port: 7071
custos_core_server_port: 8081
+
+
custos_int_grpc_port: 7070
-custos_int_server_port: 8080
+custos_int_server_port: 8000
# vault variables
-vault_port: 443
-vault_scheme: https
-vault_host: "{{ hostvars['hashicorp'].ansible_host }}"
-vault_uri: https://{{ hostvars['hashicorp'].ansible_host }}
+vault_port: 8200
+vault_scheme: http
+vault_host: "127.0.0.1"
+vault_uri: "http://127.0.0.1:8201";
spring_cloud_vault_authentication: token
-spring_cloud_vault_ssl_trust_store:
file:/home/ubuntu/vault-client-truststore.pkcs12
+
# consul variables
-consul_version: 1.7.1
+consul_version: 1.12.1
consul_zip_file: consul_{{ consul_version }}_linux_amd64.zip
consul_install_dir: /usr/local/bin
consul_config_dir: /etc/consul
@@ -103,4 +105,4 @@ consul_data_dir: /var/data
active_profile: dev
apache_maven_version: "apache-maven-3.6.3"
-apache_maven_url:
"https://www-eu.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz";
+apache_maven_url:
"https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.2/apache-maven-3.6.2-bin.tar.gz";
diff --git a/ansible/inventories/develop/group_vars/all/vault.yml
b/ansible/inventories/develop/group_vars/all/vault.yml
index 75bf904e0..6ae9172f1 100644
--- a/ansible/inventories/develop/group_vars/all/vault.yml
+++ b/ansible/inventories/develop/group_vars/all/vault.yml
@@ -1,87 +1,87 @@
$ANSIBLE_VAULT;1.1;AES256
-30646239373631363363386161343937356262643737373933373431616431306533323332303937
-3637316537613363663737623736383836316233383433620a396130323531366131663562393166
-33336361653535663163386438653365336135623366623330313265363833383562366534336332
-3734383262663732660a313761663534373938353637366532626664333665356332343162363262
-34643161616234356436373661353132353737363463383930646366316335336531636663383163
-62623161653265323565666562323433303662643534653834616434396135393030656333663332
-34356638646334653364643134656664353434386263396266343363643738656661326166383938
-37633139653138396663653137303432323034313762633131663439343032373935643935333338
-33613833353565613362383962613433323830373934636439333862313435343461623933383762
-61323462626465383735346630393738653862656666396239303866393135303665636164363865
-36313564663233623234353035646239383934376230346366623063646566366538636230333539
-64393433663535656339663535653138356430373863343833353663663038353362616365336531
-34623332623436663331616232636637303137386437303765353134323630653436376562313065
-34303639333864356133633264316434366662366162656230636337643966333565653861313863
-63643064333066396334393964623063366536383239626563623535633561393261313230343466
-64393535356162653966313831653465366563393066356663353830346337386438646233663834
-32646132396633326164383661663731343464386238386334623733393135363137666138393831
-35333064383735333132383630633264356362326337343964356464663433303161376439393032
-63323661363137333932613163633433386661643836303632316538663234613830623635643036
-37383030646366313837376435653831363134616633386464333437333763653337373732373861
-34326363613433623138353535323137376135663664633466393632633133626564623131623431
-37396333333638386363373137383439353739306564333834653566393539356164343736646361
-63663536363861653865633762353861313937316266663133363861303064396465666464356333
-31393832653132656638633530656631633631333266376136316433323663366538383237393462
-33333766653761353061633330353736323632653062633764393037363133356462383661636437
-31306562613235623961383037363366306361393264303932656538363830653031613437636534
-30383466356261633133393064623234303666656138313833633633653066393030616561333163
-32373966306166333837396562353666386336313538353332376164626164346362316637376366
-62383037363565663939353062663538336236656431383332343530646232663639313739386266
-61313330376563653035646339333433393038633830303338616165383761333438383863613138
-65616437333236653338313335343432633632376435353665396533313932306461343463346462
-62663063656463626537376264623435306239636337383765323236336437643336623330643332
-61393664666239383661626362353032313662613931653930376135353836656632616633653564
-35643731363664636636626430303236303839663635633266346136383731636461343334353930
-38646530656130663139643865303433373534343164313563353038373230643138633636373836
-61663762646531643830373538656663343465373230383962626237386361626263353033316135
-36393462643736643735383531383131333564663561313331326636623632306333323761623731
-37306261313865613037303566353466653838393233366438383434613636343638306333643030
-39373633616631363961386631396466333136616363353434366436626236376262336230353534
-64653334646362666236356232656162653433323331626362613930633562663638633536663864
-64383538333263633639666666353132633866303765323834626364626231656330303637353566
-65323365323932623933316333313062373332383738333132623631616633643036353866303430
-62356461303032653461663830623733393034306266616234386362353934373332646631353634
-63346137393432306461663038653061633065613733353764366338363739333762393939353461
-38323332646364346137656263303536366639353930656634373235343562303739333837336130
-35366437613163656361343466376136643539383161316362636634366139313234366561663563
-65646236666237383161633636613364343161633639633838343934363331643461393064363837
-35623932323933363736633565396662333739643332653862376633666138376333616364383239
-30306364386332386139633364346265636631363532613731643862633030313933303435373539
-61386661373637656264396330396337613234616261386162623935626466613662343238383939
-36623435343237333463386539303964626238653030633766613030393435653066623234396530
-33376563653062363232396166623739383165373934643739663061393230366537393762383131
-38623961346235356133356430343565653066643565303138663130343839343432393333626430
-37336161353938346465383663623235373864393765663635323136306339633737303937633332
-62666165306566323865323035393237666663636165323634626632323566656161316439346163
-61386339633362346231356135643566336462366237666666643763303237323264393937383163
-31336565616262376538343539313336623662393461343932333038353766343835313633316161
-36376535303439303834336335303332333636383135373161666162313131393065333133623331
-38636562633366633731613138323538656235653530623031393232623663323264373963333432
-31303066653561643561346333623132303766323031656232386665633463366333623766643361
-33306662303939303333626166306333326234396636303134353639353433346330373362366433
-63396636626238323661363666396634643935363434363661383130333038366331626166356236
-64316662323637386631323464346231613263656665303264616436333032336437616361373662
-63306634373565656135393464366366396339333030373537653035363466633933303732343932
-37376532633038303731386463363635636662366137383936343435373332646131666166643766
-66353733343864326538383633326631623530393163343661306537363239326366616262303166
-33303232313933633735336639663830346537333962333366333832626632666461303230616565
-31333961373030316265363862666236616332636230393562663930343634383366613438373136
-37623239663330386631623834376165326233646265373835316261633033383330373838396365
-33653839336434353762343838323164373931663638363636666331316638633566356631346566
-34626264663961383932346431396562393837656234313334323438336530346136326462303739
-39396538323861383939373263363938393034656362386666346331646139393630303734666630
-65633161383966633063303433316431313635373432383338396463623033356564656664623739
-66653864636663663436663134376331656330663661613833363735323531303330633633333662
-33356331396361326432616638333637666565663231396335653736326265623134363631306565
-61376466343634666138313633633864366339393437386564316339656537313136366666316230
-64616137333736393036373662633633396636396531386566633235656564323461613535303933
-31383166643337323333636238316263353531343737306461303330353763633735376262633032
-65643934376333396132646364316530386362396466326461363339373236663065613736663664
-66323666303030373764336339393062316334376161633264636533333533656133646139393563
-63323830343064643533306134636563333837313139323235313363633432353337616531363133
-36663662643135633261663366666365386538313937626133333563353438323135643734353834
-31373336306631303336386535353864613763306266626232656266616133616338363665383433
-30356562626137313030353333353337653638643933333534653739396161366338383738653334
-34376562353135353662663835303639366633366138303032623134376264373238336437393039
-3766633230346237383534653335383538363834303064613363
+32643332623135616636643661633434343164313738306463356231306436346439666239383666
+6231663632376261363562623663393934666432656563650a333130653234383366643834656237
+33386631626132373935623464656661356339353038353937363265303338656464333732366530
+6365363730323139620a636263303162323266306563326266363166303366313938383637303437
+64333562346539373730373962316438656665386465393865643330303165373934396135653639
+63386538663461636236333265346462373430376363613033626163663937393261316132316463
+66353530343162303936653738656464626638656364303134623266373961316435663239653336
+37666239396230356237633365363031306165643837663236353564663562313438646361663636
+65343237333664346666303834333065653063333662666438366133393538623336343834643235
+35346664373138663638393632363738653861383435306633373133373537396630373536393734
+38633739613463396130653763346538613761616665386137386462306430346230316336356133
+64313439363561333633356139366139393433363262306531353665396565343331313365333939
+63303736316637366365393566333731383730303364356234356238633730393334663662613963
+38316133356636383732316332326535313138386635623135393038623230386364376364313630
+38633537363731313662366336326664353365386639326430316566633638623332303935353739
+33303035383063386333633637303366363266303639616532613534313938356234396662326137
+39386132343663636130636234666230316336333963373864643065393339623835646465663135
+34386630306464313466376462653461303234643835363166323461323038653534333162363863
+30373837336235326662303766363438376162656532636566616234383435623364396463643435
+32636236626138313138386266653735616662623164343763323831666436356666313566333462
+32363566613731323866633637346136356432656539376632663739626133353163373535663939
+62656563373833666636323232363763316232663765353231366634633135393561663837313366
+38643239626636396336626235366337373261326166336632356135613662376362626637376262
+34366130393565336266393134643866613265303563343266333435353665643531343363366238
+63356130353664306638663436623333346137346564636430633064316237363334373630626365
+63643261653930623566313131316637663966633830343933313933313465373566373232363762
+65343333343939663366316562373239646434376537316632376166373863363136363034313763
+38313663643363396433623738366133306635616234643736346432343033636531383666616235
+63393965353336343832346664366661643835363333356533363533663339333666393637396664
+61376361353463646434333863666337653561633434326538333935343339316439306634646430
+63363864336664316261616265653231366638383939373934346635376532313366396535306133
+63633339323431666337376663393933336437383466343261313831616336376163623761353366
+34623066616136393133313733663966643735653138323061623738383030646239666336626531
+36353534353433333432363661386365363066653536393430636334396534326461313963373762
+32633339363931633065373433346430613262616563626161643636363762343466653136366464
+62656363333535356232623038366438373462353532396565623531613266666237303266386262
+33316630386261386465356132643634336236613335383563616538613330636339363461316363
+61326139303062343332643632323939333533323662653362396535616565663761623732363638
+36383065363336643139393839386539316137653431646465323062316234316430306563613931
+64343132396162386565386334666163313334383035313531666366613637343030643730376566
+36326433363131636336336661363732343566326133326336343966643235323339363163623638
+36616265393264393861303635633861616432636638633238636638323166343537316534653333
+32396661616430353932653733313863346161623563633435646361393838326336373538386439
+36383639386461613362386261363031633836623064396263363534336565303638343263386461
+38663034396534633033303834383133643530613664303132376166663339316163333862613036
+65343037353136363630383339376638343837383066333134613735336262633034653064373262
+30376334646463393636613430353863363464326530663465656663646434666664323739663834
+36336261393763353761393261373331653139386533636332303964313133353839316538633236
+36643235366637333563383864323461313332383662623932623333313039323638383033653566
+31356437353465396239343938306234666531616165326439333364303130346463323666393565
+39623762376338356237336666393336353765333934336134353434643534666535306136616663
+34656633626163306139666134306132633537623937393963323631343938666638616464313731
+64613938396539613765366563376563393230393061386666376135393361336165666333376565
+31613866363733306439666139313236636662613539353861636538343632613966393665323166
+32366533336361313636306137653334396163323934306334353333303535383033366333323666
+30383239666132376262363237383239666666346134323966383266333134373237356532353463
+61366235336236653430326133336263323065333830366166383865393439376162373761666462
+66353661653730363336363766303530313335376466643136343662313739323638346234366430
+35386330336431656165376638323834346235633366303664613538623634613331623966303731
+31313162633864393334356133363130353862613035303239306330663938666661306462613262
+31653336366131633830316366316436363938626636376637643533616339303663653334313935
+39346532396266333831643636363862393434386333323130373665343431346564646266666165
+64373035643536396161623362613435643263366165313932323832636338333534653162353432
+32653234636638386533633637616531643735316264376338653263646333373665313830333730
+39336566613837336532666432626164383037303738616363653931613863613634643133346536
+36653565383430613161366539653037353565393831323333363865313162343030623361653536
+64383139636138613031663334376234303338356466336330333862626436343534356463653134
+62306563613930336164636666643539386230663139633434343835623265336430393763326363
+36373236393266323464326161343535353063383565646165383732366131363564643166323031
+33323839313534646465353130336366303133363466303233616430373565343130383236393332
+38393834303733323638393334393865626438316637633533353865663539383237373931346365
+32663539643566346166336266626633333339663435663330653635663362353730333366623132
+37306261616664343435306139333161376266663039363737646561303061623039373332383133
+62343437363533613438326434313331383661663832366132396361656364323036633737303232
+32336239666230386162303764303039663231626165353832323530376165646366346665313763
+64633830663763616266633762323832353466616162656562303362616537373736643863326538
+32653036616331336535316365633963646436616166393137353262633265373532653862316231
+35356633306261656231616561306564303161356631633866303235386633363462383363623830
+37646639666636373639386663313536343938333665316237663339613162653166613734643761
+38343366656132313065346634353233656564383436336463613230623232653736636266383239
+35373165356330376435373662373933383430353037626630313463393464663463363062333939
+32376233303436613933376139633461643761336365363033343337343666623532626264373866
+34356437313830333730313038643265643236393864396333313563343339333434343464336232
+39376633613464373038356432636337643436326164663863663935316138343739326665363363
+37643931313532343539366662346537316230613363633161613364383966313637396338303734
+3131393239613463326661313631373939396132323730623964
diff --git a/ansible/roles/custos/tasks/main.yml
b/ansible/roles/custos/tasks/main.yml
index be7054073..6afea5695 100644
--- a/ansible/roles/custos/tasks/main.yml
+++ b/ansible/roles/custos/tasks/main.yml
@@ -80,15 +80,15 @@
become: yes
become_user: "{{ user }}"
-- name: Copy hashicorp and keycloak truststore files
- copy:
- src: "{{ custos_source_dir
}}/custos-services/custos-core-services-server/src/main/dist/conf/{{ item }}"
- dest: /home/ubuntu/{{ item }}
- remote_src: yes
- with_items:
- - keycloak-client-truststore.pkcs12
- - vault-client-truststore.pkcs12
- become: yes
+#- name: Copy hashicorp and keycloak truststore files
+# copy:
+# src: "{{ custos_source_dir
}}/custos-services/custos-core-services-server/src/main/dist/conf/{{ item }}"
+# dest: /home/ubuntu/{{ item }}
+# remote_src: yes
+# with_items:
+# - keycloak-client-truststore.pkcs12
+# - vault-client-truststore.pkcs12
+# become: yes
- name: Copy Custos property files
template: "src={{ item.name }}
@@ -99,47 +99,24 @@
with_items:
- { name: custos-core-services/application.properties.j2,
dir: "Custos-Core-Services-Server-{{custos_distribution_version}}",
- target: application.properties}
- - { name: custos-core-services/bootstrap.properties.j2,
- dir: "Custos-Core-Services-Server-{{custos_distribution_version}}",
- target: bootstrap.properties }
+ target: application.properties }
- { name: custos-integration-services/application.properties.j2,
dir:
"Custos-Integration-Services-Server-{{custos_distribution_version}}",
target: application.properties }
become: yes
become_user: "{{ user }}"
-- include: start_custos.yml
-
-- name: Start envoy proxy
- script: "start_envoy_proxy.sh"
+- name: Transfer keycloak-client-truststore.pkcs12 KeyStore file
+ copy: src={{inventory_dir}}/files/keycloak-client-truststore.pkcs12
+ dest="{{ custos_deployment_dir
}}/Custos-Core-Services-Server-{{custos_distribution_version}}/conf/keycloak-client-truststore.pkcs12"
+ owner={{ user }} group={{ group }}
become: yes
become_user: "{{ user }}"
-- name: allow all networks to access custos ports
- firewalld:
- zone: public
- permanent: yes
- state: enabled
- immediate: yes
- port: "{{ custos_int_grpc_port }}/tcp"
- become: yes
-
-- name: allow all networks to access port 80
- firewalld:
- zone: public
- permanent: yes
- state: enabled
- immediate: yes
- port: "80/tcp"
- become: yes
-
+- include: start_custos.yml
-- name: allow all networks to access 443
- firewalld:
- zone: public
- permanent: yes
- state: enabled
- immediate: yes
- port: "443/tcp"
- become: yes
\ No newline at end of file
+# This will start envoy proxy
+#- name: start envoy proxy
+# script: "start_envoy_proxy.sh"
+# become: yes
+# become_user: "{{ user }}"
\ No newline at end of file
diff --git
a/ansible/roles/custos/templates/custos-core-services/application.properties.j2
b/ansible/roles/custos/templates/custos-core-services/application.properties.j2
index 54f950cb2..fe5c99e18 100644
---
a/ansible/roles/custos/templates/custos-core-services/application.properties.j2
+++
b/ansible/roles/custos/templates/custos-core-services/application.properties.j2
@@ -3,7 +3,6 @@ server.port={{custos_core_server_port}}
spring.application.name=CustosCoreServicesServer
spring.main.allow-bean-definition-overriding=true
-
## Hibernate Properties
# The SQL dialect makes Hibernate generate better SQL for the chosen database
spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.MySQL55Dialect
@@ -11,14 +10,13 @@
spring.jpa.properties.hibernate.dialect.storage_engine=innodb
spring.jpa.properties.hibernate.enable_lazy_load_no_trans=true
# Hibernate ddl auto (create, create-drop, validate, update)
spring.jpa.hibernate.ddl-auto = update
-#[email protected]@
-#logging.level.root=INFOciLogon.admin.auth.endpoint=https://test.cilogon.org/oauth2/oidc-cm
+
spring.datasource.username = {{custos_core_spring_datasource_username}}
spring.datasource.password = {{custos_core_spring_datasource_password}}
spring.datasource.url =
jdbc:mysql://localhost:3306/core_services_server_db?useSSL=false&serverTimezone=UTC&useLegacyDatetimeCode=false&createDatabaseIfNotExist=true
-spring.profiles.active=local
+spring.profiles.active={{active_profile}}
#Keycloak properties
iam.server.admin.username={{custos_core_iam_server_admin_username}}
@@ -26,20 +24,19 @@
iam.server.admin.password={{custos_core_iam_server_admin_password}}
iam.server.truststore.password={{custos_core_iam_server_truststore_password}}
iam.server.url=https://{{ hostvars['keycloak'].ansible_host }}/auth/
-
mail.sender.password=test
enable.messaging.service=false
#CiLogon Properties
ciLogon.admin.client.id={{custos_core_ciLogon_admin_client_id}}
ciLogon.admin.client.secret={{custos_core_ciLogon_admin_client_secret}}
-iam.server.truststore.path=/home/{{user}}/custos-deployment/Custos-Core-Services-Server-1.1-SNAPSHOT/conf/
-
+ciLogon.admin.auth.endpoint=https://test.cilogon.org/oauth2/oidc-cm
+iam.server.truststore.path=/home/{{user}}/custos-deployment/Custos-Core-Services-Server-1.1-SNAPSHOT/conf/keycloak-client-truststore.pkcs12
spring.cloud.vault.token={{vault_token}}
-spring.cloud.vault.scheme=https
-spring.cloud.vault.host={{ hostvars['hashicorp'].ansible_host }}
+spring.cloud.vault.scheme=http
+spring.cloud.vault.host=127.0.0.1
spring.cloud.vault.port=8200
-spring.cloud.vault.uri=http://{{ hostvars['hashicorp'].ansible_host }}:8201
+spring.cloud.vault.uri=http://127.0.0.1:8200
spring.cloud.vault.authentication=token
\ No newline at end of file
diff --git
a/ansible/roles/custos/templates/custos-core-services/bootstrap.properties.j2
b/ansible/roles/custos/templates/custos-core-services/bootstrap.properties.j2
deleted file mode 100644
index 642e8c64b..000000000
---
a/ansible/roles/custos/templates/custos-core-services/bootstrap.properties.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-spring.cloud.vault.token={{vault_token}}
-spring.cloud.vault.scheme=https
-spring.cloud.vault.host={{ hostvars['hashicorp'].ansible_host }}
-spring.cloud.vault.port=8200
-
-spring.cloud.vault.uri=http://{{ hostvars['hashicorp'].ansible_host }}:8201
-spring.cloud.vault.authentication=token
\ No newline at end of file
diff --git
a/ansible/roles/custos/templates/custos-integration-services/application.properties.j2
b/ansible/roles/custos/templates/custos-integration-services/application.properties.j2
index 38536f56d..102cb3156 100644
---
a/ansible/roles/custos/templates/custos-integration-services/application.properties.j2
+++
b/ansible/roles/custos/templates/custos-integration-services/application.properties.j2
@@ -7,7 +7,7 @@ spring.profiles.active={{active_profile}}
scim.user.schema.location=custos_user_schema_extention.json
core.services.server.port={{custos_core_grpc_port}}
-core.services.server.hostname={{ansible_host}}
+core.services.server.hostname=127.0.0.1
iam.server.url=https://{{ansible_host}}/auth/
tenant.base.uri=http://{{ansible_host}}/apiserver/tenant-management/v1.0.0/oauth2/tenant
diff --git a/ansible/roles/env_setup/tasks/main.yml
b/ansible/roles/env_setup/tasks/main.yml
index 8c58f3f6d..bd4d5e50c 100644
--- a/ansible/roles/env_setup/tasks/main.yml
+++ b/ansible/roles/env_setup/tasks/main.yml
@@ -35,33 +35,134 @@
user: name={{ user }} group={{ group }}
become: yes
-- name: Install Firewalld (Debian)
- apt: name=firewalld state=latest update_cache=yes
+#- name: Install Firewalld (Debian)
+# apt: name=firewalld state=latest update_cache=yes
+# become: yes
+#
+# # TODO: stop iptables service, can't have both iptables and firewalld on
same host
+# # firewalld is just a frontend for iptables - so we can't remove it
+# # if we try to stop non existing service ansible fails.
+## - name: Stop iptables, ip6tables services
+## service: name="{{ item }}" state=stopped
+## with_items:
+## - iptables
+## - ip6tables
+#
+#- name: Start firewalld service
+# service: name=firewalld state=started
+# become: yes
+#
+## Issues with firewalld module on Ubuntu
https://github.com/ansible/ansible/issues/24855
+## So as workaround, just calling firewall-cmd directly for now
+#- name: open firewall port 22 for SSH connections (Debian)
+# command: firewall-cmd --zone=public --add-port=22/tcp
+# become: yes
+#
+#- name: open firewall port 22 for SSH connections permanently (Debian)
+# command: firewall-cmd --zone=public --permanent --add-port=22/tcp
+# become: yes
+#
+#- name: open firewall port 80
+# firewalld:
+# zone: public
+# permanent: yes
+# state: enabled
+# immediate: yes
+# rich_rule: rule family=ipv4 port port="80" protocol=tcp accept
+# become_user: root
+#
+#- name: open firewall port 443
+# firewalld:
+# zone: public
+# permanent: yes
+# state: enabled
+# immediate: yes
+# rich_rule: rule family=ipv4 port port="443" protocol=tcp accept
+# become_user: root
+#
+#- name: open firewall port {{ custos_int_grpc_port }}
+# firewalld:
+# zone: public
+# permanent: yes
+# state: enabled
+# immediate: yes
+# rich_rule: rule family=ipv4 port port="{{ custos_int_grpc_port }}"
protocol=tcp accept
+# become_user: root
+
+- name: Allow everything and enable UFW
+ community.general.ufw:
+ state: enabled
+ policy: allow
+ become: yes
+
+- name: Set logging
+ community.general.ufw:
+ logging: 'on'
become: yes
- # TODO: stop iptables service, can't have both iptables and firewalld on
same host
- # firewalld is just a frontend for iptables - so we can't remove it
- # if we try to stop non existing service ansible fails.
-# - name: Stop iptables, ip6tables services
-# service: name="{{ item }}" state=stopped
-# with_items:
-# - iptables
-# - ip6tables
-
-- name: Start firewalld service
- service: name=firewalld state=started
+- community.general.ufw:
+ rule: limit
+ port: ssh
+ proto: tcp
become: yes
-# Issues with firewalld module on Ubuntu
https://github.com/ansible/ansible/issues/24855
-# So as workaround, just calling firewall-cmd directly for now
-- name: open firewall port 22 for SSH connections (Debian)
- command: firewall-cmd --zone=public --add-port=22/tcp
+- community.general.ufw:
+ rule: allow
+ name: OpenSSH
become: yes
-- name: open firewall port 22 for SSH connections permanently (Debian)
- command: firewall-cmd --zone=public --permanent --add-port=22/tcp
+- name: Allow all access to tcp port 80
+ community.general.ufw:
+ rule: allow
+ port: '80'
+ proto: tcp
become: yes
+- name: Allow all access to tcp port 80
+ community.general.ufw:
+ rule: allow
+ port: '443'
+ proto: tcp
+ become: yes
+
+- name: Allow all access to tcp port 80
+ community.general.ufw:
+ rule: allow
+ port: '{{ custos_int_grpc_port }}'
+ proto: tcp
+ become: yes
+
+
+
+#- name: allow all networks to access custos ports
+# firewalld:
+# zone: public
+# permanent: yes
+# state: enabled
+# immediate: yes
+# port: "{{ custos_int_grpc_port }}/tcp"
+# become: yes
+#
+#- name: allow all networks to access port 80
+# firewalld:
+# zone: public
+# permanent: yes
+# state: enabled
+# immediate: yes
+# port: "80/tcp"
+# become: yes
+#
+#
+#- name: allow all networks to access 443
+# firewalld:
+# zone: public
+# permanent: yes
+# state: enabled
+# immediate: yes
+# port: "443/tcp"
+# become: yes
+
+
- name: install JDK 17
apt:
name:
@@ -87,7 +188,7 @@
- name: download {{ apache_maven_version }}
get_url: url="{{ apache_maven_url }}" dest="/opt/{{ apache_maven_version
}}-bin.tar.gz"
become: yes
- become_user: root
+
- name: unzip maven
unarchive:
@@ -95,11 +196,12 @@
dest: /opt
remote_src: yes
become: yes
- become_user: root
+
- name: add maven to PATH
template:
src: maven.sh
dest: /etc/profile.d/maven.sh
become: yes
- become_user: root
\ No newline at end of file
+
+
diff --git a/ansible/vault_pass b/ansible/vault_pass
index e69de29bb..8b1378917 100644
--- a/ansible/vault_pass
+++ b/ansible/vault_pass
@@ -0,0 +1 @@
+
