diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 566abab..69f5ece 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -69,3 +69,7 @@ portainer: domain: "portainer.{{ base_domain }}" volume_folder: "{{ volume_root_folder }}/portainer" +gluu: + domain: "gluu.{{ base_domain }}" + volume_folder: "{{ volume_root_folder }}/gluu" + diff --git a/roles/docker/tasks/services/gluu.yml b/roles/docker/tasks/services/gluu.yml new file mode 100644 index 0000000..878ec33 --- /dev/null +++ b/roles/docker/tasks/services/gluu.yml @@ -0,0 +1,204 @@ +- name: create gluu volume folders + file: + name: "{{ volume_root_folder }}/{{ volume }}" + state: directory + loop: + - "consul" + - "consul/data" + - "opendj" + - "opendj/config" + - "opendj/ldif" + - "opendj/logs" + - "opendj/db" + - "opendj/flag" + - "opendj/backup" + - "oxauth" + - "oxauth/custom" + - "oxauth/custom/pages" + - "oxauth/custom/static" + - "oxauth/lib" + - "oxauth/lib/ext" + - "oxauth/logs" + - "oxtrust" + - "oxtrust/custom" + - "oxtrust/custom/pages" + - "oxtrust/lib" + - "oxtrust/lib/ext" + - "oxtrust/logs" + - "shared-shibboleth-idp" + +- name: set up gluu + docker_service: + project_name: gluu + pull: yes + definition: + version: "2.3" + services: + consul: + image: consul + command: agent -server -bootstrap -ui + hostname: consul-1 + environment: + - CONSUL_BIND_INTERFACE=eth0 + - CONSUL_CLIENT_INTERFACE=eth0 + container_name: consul + restart: unless-stopped + volumes: + - "{{ volume_root_folder }}/consul:/consul/data" + labels: + - "SERVICE_IGNORE=yes" + restart: unless-stopped + + registrator: + image: gluufederation/registrator:dev + command: registrator -internal -cleanup -resync 30 -retry-attempts 5 -retry-interval 10 consul://consul:8500 + container_name: registrator + volumes: + - /var/run/docker.sock:/tmp/docker.sock + restart: unless-stopped + depends_on: + - consul + + # redis: + # image: redis:alpine + # # run cluster-enabled redis-server + # # command: redis-server --port 6379 --cluster-enabled yes --cluster-config-file nodes.conf --appendonly yes --cluster-node-timeout 5000 + # container_name: redis + # labels: + # - "SERVICE_IGNORE=yes" + # restart: unless-stopped + + nginx: + image: gluufederation/nginx:3.1.4_01 + environment: + - GLUU_CONFIG_ADAPTER=consul + - GLUU_CONSUL_HOST=consul + - GLUU_CONSUL_PORT=8500 + - VIRTUAL_HOST="{{ gluu.domain }}" + - LETSENCRYPT_HOST="{{ gluu.domain }}" + - LETSENCRYPT_EMAIL="{{ letsencrypt_email }}" + ports: + - "80" + - "443" + container_name: nginx + restart: unless-stopped + labels: + - "SERVICE_IGNORE=yes" + + ldap: + image: gluufederation/opendj:3.1.4_04 + environment: + - GLUU_CONFIG_ADAPTER=consul + - GLUU_CONSUL_HOST=consul + - GLUU_CONSUL_PORT=8500 + - GLUU_LDAP_INIT=true + - GLUU_LDAP_INIT_HOST=ldap + - GLUU_LDAP_INIT_PORT=1636 + - GLUU_LDAP_ADDR_INTERFACE=eth0 + - GLUU_OXTRUST_CONFIG_GENERATION=true + - GLUU_CACHE_TYPE=NATIVE_PERSISTENCE + # - GLUU_CACHE_TYPE=REDIS # don't forget to enable redis service + # - GLUU_REDIS_URL=redis:6379 + # - GLUU_REDIS_TYPE=STANDALONE + # the value must match service name `ldap` because other containers + # use this value as LDAP hostname + - GLUU_CERT_ALT_NAME=ldap + container_name: ldap + volumes: + - "{{ volume_root_folder }}/opendj/config:/opt/opendj/config" + - "{{ volume_root_folder }}/opendj/ldif:/opt/opendj/ldif" + - "{{ volume_root_folder }}/opendj/logs:/opt/opendj/logs" + - "{{ volume_root_folder }}/opendj/db:/opt/opendj/db" + - "{{ volume_root_folder }}/opendj/flag:/flag" + - "{{ volume_root_folder }}/opendj/backup:/opt/opendj/bak" + restart: unless-stopped + labels: + - "SERVICE_IGNORE=yes" + + oxauth: + image: gluufederation/oxauth:3.1.4_03 + environment: + - GLUU_CONFIG_ADAPTER=consul + - GLUU_CONSUL_HOST=consul + - GLUU_CONSUL_PORT=8500 + - GLUU_LDAP_URL=ldap:1636 + extra_hosts: + - "${DOMAIN}:${HOST_IP}" + container_name: oxauth + volumes: + - "{{ volume_root_folder }}/oxauth/custom/pages:/opt/gluu/jetty/oxauth/custom/pages" + - "{{ volume_root_folder }}/oxauth/custom/static:/opt/gluu/jetty/oxauth/custom/static" + - "{{ volume_root_folder }}/oxauth/lib/ext:/opt/gluu/jetty/oxauth/lib/ext" + - "{{ volume_root_folder }}/oxauth/logs:/opt/gluu/jetty/oxauth/logs" + mem_limit: 1536M + restart: unless-stopped + labels: + - "SERVICE_NAME=oxauth" + - "SERVICE_8080_CHECK_HTTP=/oxauth/.well-known/openid-configuration" + - "SERVICE_8080_CHECK_INTERVAL=15s" + - "SERVICE_8080_CHECK_TIMEOUT=5s" + + oxtrust: + image: gluufederation/oxtrust:3.1.4_02 + environment: + - GLUU_CONFIG_ADAPTER=consul + - GLUU_CONSUL_HOST=consul + - GLUU_CONSUL_PORT=8500 + - GLUU_LDAP_URL=ldap:1636 + - GLUU_OXAUTH_BACKEND=oxauth:8080 + extra_hosts: + - "${DOMAIN}:${HOST_IP}" + container_name: oxtrust + volumes: + - "{{ volume_root_folder }}/oxtrust/custom/pages:/opt/gluu/jetty/identity/custom/pages" + - "{{ volume_root_folder }}/oxtrust/custom/static:/opt/gluu/jetty/identity/custom/static" + - "{{ volume_root_folder }}/oxtrust/lib/ext:/opt/gluu/jetty/identity/lib/ext" + - "{{ volume_root_folder }}/oxtrust/logs:/opt/gluu/jetty/identity/logs" + - "{{ volume_root_folder }}/shared-shibboleth-idp:/opt/shared-shibboleth-idp" + mem_limit: 1536M + restart: unless-stopped + labels: + - "SERVICE_NAME=oxtrust" + - "SERVICE_8080_CHECK_HTTP=/identity/restv1/scim-configuration" + - "SERVICE_8080_CHECK_INTERVAL=15s" + - "SERVICE_8080_CHECK_TIMEOUT=5s" + + oxshibboleth: + image: gluufederation/oxshibboleth:3.1.4_01 + environment: + - GLUU_CONFIG_ADAPTER=consul + - GLUU_CONSUL_HOST=consul + - GLUU_CONSUL_PORT=8500 + - GLUU_LDAP_URL=ldap:1636 + extra_hosts: + - "${DOMAIN}:${HOST_IP}" + container_name: oxshibboleth + volumes: + - "{{ volume_root_folder }}/volumes/shared-shibboleth-idp:/opt/shared-shibboleth-idp" + mem_limit: 1024M + restart: unless-stopped + labels: + - "SERVICE_NAME=oxshibboleth" + - "SERVICE_8086_CHECK_HTTP=/idp" + - "SERVICE_8086_CHECK_INTERVAL=15s" + - "SERVICE_8086_CHECK_TIMEOUT=5s" + + oxpassport: + image: gluufederation/oxpassport:3.1.4_02 + environment: + - GLUU_CONFIG_ADAPTER=consul + - GLUU_CONSUL_HOST=consul + - GLUU_CONSUL_PORT=8500 + - GLUU_LDAP_URL=ldap:1636 + # required by wait-for-it script + - GLUU_OXAUTH_BACKEND=oxauth:8080 + - GLUU_OXTRUST_BACKEND=oxtrust:8080 + extra_hosts: + - "{{gluu.domain}}:85.235.225.231" + container_name: oxpassport + restart: unless-stopped + labels: + - "SERVICE_NAME=oxpassport" + - "SERVICE_8090_CHECK_HTTP=/passport" + - "SERVICE_8090_CHECK_INTERVAL=15s" + - "SERVICE_8090_CHECK_TIMEOUT=5s" \ No newline at end of file