fix merge conflict

Author: crosmuller

.github/workflows/molecule-loadbalancer.yml

@@ -23,7 +23,7 @@ jobs:
   build:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Set up Python 3.8
         uses: actions/setup-python@v5

.github/workflows/molecule-mongo.yml

@@ -17,7 +17,7 @@ jobs:
   build:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Set up Python 3.8
         uses: actions/setup-python@v5

.github/workflows/syntax.yml

@@ -19,7 +19,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Set up Python 3.8
         uses: actions/setup-python@v5

environments/template/group_vars/all.yml

@@ -34,8 +34,8 @@ httpd_csp:
   lenient: "default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; form-action 'self'; frame-ancestors 'none'; base-uri 'none'"
   lenient_with_static_img: "default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' https://{{ static_vhost }} http://localhost:* data:; form-action 'self'; frame-ancestors 'none'; base-uri 'none'"
   lenient_with_static_img_with_oidcng: "default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://{{ oidcng_vhost }}; img-src 'self' https://{{ static_vhost }} http://localhost:* data:; form-action 'self'; frame-ancestors 'none'; base-uri 'none'"
-  strict: "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; img-src 'self' data:; form-action 'self'; frame-ancestors 'none'; base-uri 'none'"
-  strict_with_static_img: "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; img-src 'self' https://{{ static_vhost }} http://localhost:* data:; form-action 'self'; frame-ancestors 'none'; base-uri 'none'"
+  strict: "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; img-src 'self' data:; form-action 'self'; frame-ancestors 'none'; base-uri 'none'; manifest-src 'self'"
+  strict_with_static_img: "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; img-src 'self' https://{{ static_vhost }} http://localhost:* data:; form-action 'self'; frame-ancestors 'none'; base-uri 'none'; manifest-src 'self'"
   lenient_with_static_img_for_idp: "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' https://{{ oidcng_vhost }}; img-src 'self' https://{{ static_vhost }} http://localhost:* data:; form-action 'self' https://*.{{ base_domain }}; frame-ancestors 'none'; base-uri 'none'"
   lenient_with_static_img_for_idp_frcapi: "default-src 'none'; frame-src https://global.frcapi.com/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' https://{{ oidcng_vhost }}; img-src 'self' https://{{ static_vhost }} http://localhost:* data:; form-action 'self' https://*.{{ base_domain }}; frame-ancestors 'none'; base-uri 'none'"
   nothing: "default-src 'none'; frame-ancestors 'none'; form-action 'none'; base-uri 'none'"

environments/template/group_vars/template.yml

@@ -283,6 +283,7 @@ myconext:
   feature_mail_inactivity_mails: true
   feature_nudge_app_mail: true
   feature_service_desk_active: true
+  feature_use_remote_creation_for_affiliation: true
   feature_send_js_exceptions: true
   feature_deny_disposable_email_providers: true
   feature_create_eduid_institution_enabled: true
@@ -302,6 +303,7 @@ myconext:
     - { name: "privacy_policy" , url: "https://example.org/x/MIzaAQ" }
     - { name: "terms_of_service" , url: "https://example.org/x/LozaAQ"}
     - { name: "voorwaarden" , url: "https://example.org/x/HYzaAQ"}
+  geo_location_  external_url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key={license_key}&suffix=tar.gz"
 
 monitoring_tests:
   metadata_sp_url: "{{ monitoring_tests_metadata_sp_url }}"

roles/dashboard/defaults/main.yml

@@ -1,2 +1,4 @@
 dashboard_organization: SURFconext
 dashboard_hide_tabs: none
+dashboard_server_restart_policy: always
+dashboard_server_restart_retries: 0

roles/dashboard/tasks/main.yml

@@ -27,7 +27,8 @@
       TZ: "{{ timezone }}"
     image: ghcr.io/openconext/openconext-dashboard/dashboard-server:{{ dashboard_server_version }}
     pull: true
-    restart_policy: "always"
+    restart_policy: "{{ dashboard_server_restart_policy }}"
+    restart_retries: "{{ dashboard_server_restart_retries }}" # Only for restart policy on-failure
     state: started
     networks:
       - name: "loadbalancer"

roles/galera/tasks/cluster_nodes.yml

@@ -225,7 +225,8 @@
     login_user: root
     login_password: "{{ mariadb_root_password  }}"
     login_unix_socket: /var/lib/mysql/mysql.sock
-  run_once: true # run once because it is synced to other cluster nodes
+  run_once: true
+  no_log: true
 
 # Add backup user
 - name: add mariadb backup user
@@ -237,8 +238,13 @@
     login_user: root
     login_password: "{{ mariadb_root_password }}"
     login_unix_socket: /var/lib/mysql/mysql.sock
+<<<<<<< HEAD
   run_once: true # run once because it is synced to other cluster nodes
 
+=======
+  run_once: true
+  no_log: true
+>>>>>>> main
 
 - name: Add Galera clustercheck user, used for keepalived to connect
   mysql_user:
@@ -249,7 +255,12 @@
     login_user: root
     login_password: "{{ mariadb_root_password }}"
     login_unix_socket: /var/lib/mysql/mysql.sock
+<<<<<<< HEAD
   run_once: true # run once because it is synced to other cluster nodes
+=======
+  run_once: true
+  no_log: true
+>>>>>>> main
 
 - name: Create the backup directory
   file:
@@ -288,6 +299,7 @@
   run_once: true # run once because it is synced to other cluster nodes
   tags: galera_create_db
 
+<<<<<<< HEAD
 - name: Create database super users for provisioning users and databases
   mysql_user:
     name: "{{ item.0.name }}"
@@ -304,6 +316,8 @@
   run_once: true # run once because it is synced to other cluster nodes
   tags: galera_create_db
 
+=======
+>>>>>>> main
 - name: MySQL my.cnf
   template:
     src: "my.cnf.j2"

roles/invite/defaults/main.yml

@@ -15,5 +15,8 @@ invite_manage_provision_oauth_rs_scopes: "openid"
 invite_mock_install: false
 # Override is in the dockerX.env host_var files
 invite_cronjobmaster: true
+invite_logback_json: true
 invite_docker_networks:
   - name: loadbalancer
+invite_server_restart_policy: always
+invite_server_restart_retries: 0

roles/invite/tasks/main.yml

@@ -16,6 +16,7 @@
     mode: "0644"
   with_items:
     - serverapplication.yml
+    - logback.xml
   notify: restart inviteserver
 
 - name: Copy private key for manage secrets encryption
@@ -62,13 +63,17 @@
       TZ: "{{ timezone }}"
     image: ghcr.io/openconext/openconext-invite/inviteserver:{{ invite_server_version }}
     pull: true
-    restart_policy: "always"
+    restart_policy: "{{ invite_server_restart_policy }}"
+    restart_retries: "{{ invite_server_restart_retries }}" # Only for restart policy on-failure
     state: started
     networks: "{{ invite_docker_networks }}"
     mounts:
       - source: /opt/openconext/invite/serverapplication.yml
         target: /application.yml
         type: bind
+      - source: /opt/openconext/invite/logback.xml
+        target: /logback.xml
+        type: bind
       - source: /opt/openconext/invite/private_key_pkcs8.pem
         target: /private_key_pkcs8.pem
         type: bind