Skip to content

Commit 9a5951b

Browse files
baszoetekouwbaszoetekouw
committed
Merge remote-tracking branch 'origin/main' into fix/mariadb+docker
2 parents 5435290 + 3e26a2a commit 9a5951b

56 files changed

Lines changed: 1371 additions & 426 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

environments/template/group_vars/mongo_servers.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
replica_set_name: my_mongo_cluster
2+
mongo_replica_set_name: my_mongo_cluster
33

44
mongo_cluster_members:
55
- host: "mongo3.example.com:{{ mongo_port }}" # arbiter first or change mongo_arbiter_index

environments/template/group_vars/template.yml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -42,8 +42,7 @@ teams_gui_version: "9.1.3"
4242
teams_server_version: "9.1.3"
4343
voot_version: "6.2.0"
4444
myconext_version: "8.1.12-1"
45-
dashboard_server_version: "12.3.4"
46-
dashboard_gui_version: "12.3.4"
45+
dashboard_version: "13.0.11"
4746
invite_server_version: "0.0.2-SNAPSHOT"
4847
invite_client_version: "0.0.2-SNAPSHOT"
4948
invite_welcome_version: "0.0.2-SNAPSHOT"
@@ -157,15 +156,15 @@ voot:
157156
- { name: "voot", level: "DEBUG" }
158157
externalGroupProviders:
159158
- {
160-
type: "teams",
161-
url: "https://teams.{{ base_domain }}/api/voot",
162-
credentials: {
163-
username: "{{ teams.voot_api_user }}",
164-
secret: "{{ external_group_provider_secrets.teams }}"
165-
},
166-
schacHomeOrganization: "{{ base_domain}}",
167-
name: "SURFteams",
168-
timeoutMillis: 15000
159+
type: "invite",
160+
url: "https://invite.{{ base_domain }}/api/external/v1/voot",
161+
credentials: {
162+
username: "{{ invite.vootuser }}",
163+
secret: "{{ invite.vootsecret }}"
164+
},
165+
schacHomeOrganization: "N/A",
166+
name: "Invite",
167+
timeoutMillis: 3000
169168
}
170169

171170
oidc_playground:
@@ -339,6 +338,7 @@ manage:
339338
features: push, validation, push_preview, orphans, find_my_data, edugain, auto_refresh
340339
environment: template
341340
super_user_team_names: "urn:collab:group:test.surfteams.nl:nl:surfnet:diensten:surfconext_tpm_core"
341+
sram_rp_entity_id: "sbs.test.sram.surf.nl"
342342
apiUsers:
343343
- {
344344
name: "dashboard",

environments/template/secrets/secret_example.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ mongo_passwords:
1313
oidcng: secret
1414
myconext: secret
1515

16-
mongo_admin_password: secret
16+
mongo_admin_password: secret # this works for first time install, if you change it later you will have to do it manually
1717
mongo_ca_passphrase: secret
1818

1919
engine_api_metadata_push_password: secret

roles/dashboard/tasks/main.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@
2525
name: dashboardserver
2626
env:
2727
TZ: "{{ timezone }}"
28-
image: ghcr.io/openconext/openconext-dashboard/dashboard-server:{{ dashboard_server_version }}
28+
image: ghcr.io/openconext/openconext-dashboard/dashboard-server:{{ dashboard_version }}
2929
pull: true
3030
restart_policy: "{{ dashboard_server_restart_policy }}"
3131
restart_retries: "{{ dashboard_server_restart_retries }}" # Only for restart policy on-failure
@@ -61,7 +61,7 @@
6161
- name: Create the gui container
6262
community.docker.docker_container:
6363
name: dashboardgui
64-
image: ghcr.io/openconext/openconext-dashboard/dashboard-gui:{{ dashboard_gui_version }}
64+
image: ghcr.io/openconext/openconext-dashboard/dashboard-gui:{{ dashboard_version }}
6565
pull: true
6666
restart_policy: "always"
6767
state: started

roles/dashboard/templates/serverapplication.yml.j2

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,7 @@ dashboard.feature.consent={{ dashboard.feature_consent }}
8080
# Valid choices are 'MOCK', 'PDP' or 'MANAGE', 'MOCK' is for local development
8181
dashboard.feature.pdpSource={{ dashboard.pdp_source }}
8282
dashboard.feature.statistics=true
83+
dashboard.feature.statisticsDown={{ dashboard.feature_statsdown }}
8384
dashboard.feature.mail={{ dashboard.feature_mail }}
8485
dashboard.feature.oidc={{ dashboard.feature_oidc }}
8586
dashboard.feature.stepup={{ dashboard.feature_stepup }}

roles/docker/defaults/main.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,5 +8,6 @@ docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807c
88
docker_apt_filename: "docker"
99
docker_install_traefik: true
1010
docker_traefik_ldaps: false
11+
docker_traefik_version: 3.6.10
1112
docker_traefik_ports:
1213
- 0.0.0.0:443:443

roles/docker/tasks/main.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,7 @@
8282
- name: Create the Traefik loadbalancer
8383
community.docker.docker_container:
8484
name: loadbalancer
85-
image: traefik:latest
85+
image: traefik:{{ docker_traefik_version }}
8686
published_ports: "{{ docker_traefik_ports }}"
8787
pull: true
8888
restart_policy: "always"

roles/haproxy/tasks/main.yml

Lines changed: 1 addition & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
- name: Install haproxy and socat
1717
ansible.builtin.apt:
1818
name:
19-
- "haproxy=3.0.*"
19+
- "haproxy"
2020
- "socat"
2121
- "git"
2222
state: "present"
@@ -88,17 +88,6 @@
8888
group: haproxy
8989
mode: "0770"
9090

91-
- name: Create combined key and certificate file for HAproxy
92-
ansible.builtin.copy:
93-
content: >
94-
{{ item.key_content }}{{ lookup('file', '{{ inventory_dir }}/files/certs/{{ item.crt_name }}') }}
95-
dest: "/etc/haproxy/certs/{{ item.name }}_haproxy.pem"
96-
mode: "0600"
97-
with_items: "{{ haproxy_sni_ip.certs }}"
98-
when: haproxy_sni_ip.certs is defined
99-
notify:
100-
- "reload haproxy"
101-
10291
- name: Create backend CA directory
10392
ansible.builtin.file:
10493
path: "{{ tls_backend_ca | dirname }}"

roles/haproxy/templates/certlist.lst.j2

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,6 @@
33
/etc/haproxy/certs/{{ host }}.pem [ocsp-update on]
44
{% endfor %}
55
{% endif %}
6-
{% if haproxy_sni_ip.certs is defined %}
7-
{% for cert in haproxy_sni_ip.certs %}
8-
/etc/haproxy/certs/{{ cert.name }}_haproxy.pem [ocsp-update on]
9-
{% endfor %}
10-
{% endif %}
116
{% if haproxy_extra_certs is defined %}
127
{% for cert in haproxy_extra_certs %}
138
{{ cert }} [ocsp-update on]

roles/haproxy/templates/update_ocsp.j2

Lines changed: 0 additions & 11 deletions
This file was deleted.

0 commit comments

Comments
 (0)