WIP: Add initial version of Gluu configuration #26
|
@ -1,54 +1,58 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
62313439613039363637356330653731356138373839373435306535656137646266633764393537
|
63333365303665346136333263333734363333616230313931356131633966646263316436356536
|
||||||
3737663637343865303232643632613934313137613536640a633634356338353764366365626266
|
3565366362616366393362636336383565366531333839620a333939613332646665633236343336
|
||||||
66323064346539663435646265346665616465353363623732303563303838356364643734393231
|
36633835396234643233643936396565636564343538633838343438353030306433346262393739
|
||||||
3161633362383363390a376530393463643838303238386139313661366335386439373734333835
|
6339346565653237370a313237653734353130343334306366323633636639383261306166306530
|
||||||
63323034303732386430313265306465636630356330303431663761363461623530643933393831
|
32326636653937633233353639663035383437636638653932653639373763623433633431643231
|
||||||
62666438316266396432353663633331343137643265333966636436373730343938623732653030
|
34396237653832616638623137666530326466393966323533313261353030343165636330396631
|
||||||
62383536373139366239363535353463643961313839376436663830613738303262646639396131
|
62386331323336326665343262363232376131613365393465613334643936326263316137396633
|
||||||
66656532616231636537623162373965356537336436613130366464393461343730646664356466
|
63336135356264613461616461316630636533373961373263373165356632643738366338373366
|
||||||
38313439373332306265643039666532363863333364666233333861363832316637383432343464
|
36663432386538323836613665646664313330336363633064373337383764663937316261636661
|
||||||
64366536613364363265333938643438313837643936323536636335613064623639393437303466
|
38373632316136636337396561373738376466613165653266313434393264646130663938653739
|
||||||
31333539373130376230323964636335393166306662626131636462656632623635393036663437
|
36393933326231626466613665373964313661663464383735663765336639663436336261613834
|
||||||
37333735616665383431623266393365613433323335313161316161373637616563626637333861
|
39616239366637373462363934656239653731383063373536363338326161633831343031636565
|
||||||
37326532303638653139383639383166323361363334306361663261366661613038633464323337
|
61616133333539393464323032636235633934343339356562343234373062353830336138386138
|
||||||
31393538653830333865373064383837626261663163623664653938303230616334363861346132
|
31393661303930656334343637646335656565303161363033353762623638323537643863643134
|
||||||
63353036313164313265313134633861633937323335303830336232363939613635303764313063
|
39393539393263313836623161633465386338653336633263633336316431666333393565386435
|
||||||
33666161356366636139633138653736333662303364333838663033633163613136616639376532
|
64363631316432636637633364646365323838386630626164383266386534316639393961663534
|
||||||
31373131326264383666326566303930636166653463313630376235663638663937663765306439
|
65666166653737646336303732333063313932336261323631306661613662643334316566666434
|
||||||
31663039323663633735326266393263633937373339383537623835306431333636316664303864
|
37623463646231346461643839386365333431353738626264663535366635623634653431356463
|
||||||
63653564313339376135303237626366666164623738626439613562616338663539393635396437
|
32356232383837666466383765353561666236363337666434623335363230363966323362666536
|
||||||
30333036353035613131613034666262346233336563343531633033343163326264326563643235
|
62646238633632626162363134373036353234393134626636366565353935333339346431316461
|
||||||
62663538623532333432656435306462663362353630346133373262633630306262626362653733
|
38306430663532396132656663313964346434656462373663616639323234306330666664383166
|
||||||
65363031346339393632396664363362346236373035376632663466343034376566666563353231
|
38346430613338303136643666613765333636306537346534633162323739343537303039353938
|
||||||
36623538303262323265616237326630666662646634383962656533636165326665316366643231
|
38613264666339303436353133323763306134343935396230396639623937376634666133393133
|
||||||
39303465313135616238653664366637356361393165356430636137366236643938316430613838
|
32643832313561613138656633306236383933303365626161373366313265626639383662356634
|
||||||
65353331636564373136393930303537386335653766363632646433353962613033656434313063
|
65353366613162616366343766333830633930323433643434366635646664636362666636336435
|
||||||
35653365366332316434373665316230646665613166656230313832356136346439326232343166
|
39343236636166653736623833386333356533326266633131666262353839306538656335643230
|
||||||
38323934396561386138323739396166303132396234386435633965663139643234396434333163
|
37656430663962333666376138326662376436383736643065316163396264663830356337323339
|
||||||
66346634393330306638383430616433333361623861623864356563366162313830393334616138
|
31346130613665656438623666363764643466366331303064386237363331383030373036633637
|
||||||
32346633396662636633373637363262656165316434333139346530303562356236306637643365
|
35323437383066323962353132383462383631633435306530336666623133306636643835653837
|
||||||
65613361373637383936633431396636356634656333343537353762383537353035616131633732
|
36646438623437333566633663613932616163666137313734666137376565626334323539623637
|
||||||
38303736636136393039613537613831633139363338656239613261383637653332333737323034
|
33633435303131656538616165643238313433316534616337316464383263633430663662323933
|
||||||
61303839636330396139346436336663643531613364383134613061646136646236636364636662
|
35323766303564643237316166646539396266633765653266663861653031346139316561326239
|
||||||
33666564623731343264306638303333326463323363306439333762306434306235643530663931
|
63373939363564353563623836373831303862306637323738396434363166653433323431343837
|
||||||
63623932373737373539393230326538643739653734306131366365303638313263316635633439
|
65363437623461383936626331636138373035666264363363313034613235643864336365643464
|
||||||
34343231663761393266636537353330643361306139653734383466666662623931616665663239
|
39306433333131306136313432646464613565346536353430326264363632316661333632343862
|
||||||
65633136636333316266616433396166326333303033646162656466363931313539343035623666
|
37653138666662663632303535623737633765323731633439323664363834333262326461366463
|
||||||
63346162386533373334633261383237376330643738663761636166653033303933613630653835
|
36323339643434636134356434353332313639376164373237396562396630353433373136623332
|
||||||
66313439663732356539363833616338356337666335316136623231383161656362653561653565
|
62366638623664333765323565393464373333366332623065653034626463313336633932316637
|
||||||
33616437643533386263393733636666373237663132343432636664633535653535316134313266
|
36323465623330643731303561336366303337626432356538643561343162326339643735323061
|
||||||
66363362383662313632633535613635656364323939313466303634646237653061353766373831
|
61303237306164353339663137386337363166303935363438373733386238636463653536313733
|
||||||
62303366366564653231613863633564303637346262336535386366663034663832663762666132
|
39363063393739663030376464616661393638333030633061653466396234656530343762346663
|
||||||
64333630666463653266333430386135386436643939393964303230366538336562333737616639
|
36313664316130643837313364656230386539633330363937333132623363633161376633636134
|
||||||
65646566663363313430396132653832646263393739656564653138353637373362613261366230
|
33383764356638376135633538646638626130646530386261313964353661656335376230346430
|
||||||
62616561303735316230626134353266613938326563326232623361656364623062326365343534
|
37383263646463623166633932376335633536383131343664646336326436316637376661396466
|
||||||
62346433373965336430326632333634306463343934393830393165393933323439393534386665
|
31356461656439306436646264626265356561333264323166303165346565376237663835323536
|
||||||
32373235353037626638343066386563663431356465353039353338643835653166333761386433
|
35663935393165656365323138346236363161353161333338363632333832636536646139656532
|
||||||
64333338306661346436373238646134653233666565653834303935303235653661343366653563
|
61633666306433343332343762373061316134396130653635663435396265363933626138353338
|
||||||
63356566633730303033376230356363326561663232386161333566616334623236663562613234
|
38363331396136343065633631626663306537376461643131636532313931356666633331333231
|
||||||
63646561623565366332313837353461313566653531356662613663323065613035323731323832
|
61663338313165663734356636323732336434396465316436383961313033313965303833636162
|
||||||
31386166623935373139356239353037633363313531396466363735613332653430396161303366
|
36333937623130653062613334353438306137653238356635313132666535643131323763636137
|
||||||
37376238333831306231393433313734303839376132656532616461356662383430303532373937
|
39636462393662633765626238636136636637643335373535653436376666326134376264323539
|
||||||
39303634303762373736626439323830353665343162363531376134616466303762633535343866
|
39353437303262343664313238306364353964633161366630663233633064313163386338643662
|
||||||
3162
|
63303830643230303334336362653639323463336631323663613433336334383962663664303764
|
||||||
|
33653635626136633530356435383164383865633333353133346564666531303735643664313530
|
||||||
|
63333831343666623364623834396162636439396639343430313064303739636465323937653634
|
||||||
|
33333963326131353335326138326530393938353533383832656335623536643064643762636462
|
||||||
|
6262
|
||||||
|
|
|
@ -69,3 +69,7 @@ portainer:
|
||||||
domain: "portainer.{{ base_domain }}"
|
domain: "portainer.{{ base_domain }}"
|
||||||
volume_folder: "{{ volume_root_folder }}/portainer"
|
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||||
|
|
||||||
|
gluu:
|
||||||
|
domain: "gluu.{{ base_domain }}"
|
||||||
|
volume_folder: "{{ volume_root_folder }}/gluu"
|
||||||
|
|
||||||
|
|
235
roles/docker/tasks/services/gluu.yml
Normal file
235
roles/docker/tasks/services/gluu.yml
Normal file
|
@ -0,0 +1,235 @@
|
||||||
|
- name: create gluu volume folders
|
||||||
|
file:
|
||||||
|
name: "{{ gluu.volume_folder }}/{{ volume }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "config-init/db"
|
||||||
|
- "consul/data"
|
||||||
|
- "opendj/config"
|
||||||
|
- "opendj/ldif"
|
||||||
|
- "opendj/logs"
|
||||||
|
- "opendj/db"
|
||||||
|
- "opendj/flag"
|
||||||
|
- "opendj/backup"
|
||||||
|
- "oxauth/custom"
|
||||||
|
- "oxauth/custom/pages"
|
||||||
|
- "oxauth/custom/static"
|
||||||
|
- "oxauth/lib/ext"
|
||||||
|
- "oxauth/logs"
|
||||||
|
- "oxtrust/custom/pages"
|
||||||
|
- "oxtrust/lib/ext"
|
||||||
|
- "oxtrust/logs"
|
||||||
|
- "shared-shibboleth-idp"
|
||||||
|
- "vault/config:/vault/config"
|
||||||
|
- "vault/data:/vault/data"
|
||||||
|
- "vault/logs:/vault/logs"
|
||||||
|
loop_control:
|
||||||
|
loop_var: "volume"
|
||||||
|
|
||||||
|
- name: set up gluu
|
||||||
|
docker_service:
|
||||||
|
project_name: gluu
|
||||||
|
pull: yes
|
||||||
|
definition:
|
||||||
|
version: "2.3"
|
||||||
|
services:
|
||||||
|
consul:
|
||||||
|
image: consul
|
||||||
|
container_name: consul
|
||||||
|
command: agent -server -bootstrap -ui
|
||||||
|
hostname: consul-1
|
||||||
|
environment:
|
||||||
|
- CONSUL_BIND_INTERFACE=eth0
|
||||||
|
- CONSUL_CLIENT_INTERFACE=eth0
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "{{ gluu.volume_folder }}/consul:/consul/data"
|
||||||
|
networks:
|
||||||
|
- "gluu"
|
||||||
|
labels:
|
||||||
|
- "SERVICE_IGNORE=yes"
|
||||||
|
|
||||||
|
vault:
|
||||||
|
container_name: vault
|
||||||
|
image: vault:1.0.1
|
||||||
|
command: vault server -config=/vault/config
|
||||||
|
volumes:
|
||||||
|
- "{{ gluu.volume_folder }}/vault/config:/vault/config"
|
||||||
|
- "{{ gluu.volume_folder }}/vault/data:/vault/data"
|
||||||
|
- "{{ gluu.volume_folder }}/vault/logs:/vault/logs"
|
||||||
|
- "{{ gluu.volume_folder }}/vault/vault_gluu_policy.hcl:/vault/config/policy.hcl"
|
||||||
|
- "{{ gluu.volume_folder }}/vault/gcp_kms_stanza.hcl:/vault/config/stanza.hcl"
|
||||||
|
- "{{ gluu.volume_folder }}/vault/gcp_kms_creds.json:/vault/config/creds.json"
|
||||||
|
cap_add:
|
||||||
|
- IPC_LOCK
|
||||||
|
environment:
|
||||||
|
- VAULT_REDIRECT_INTERFACE=eth0
|
||||||
|
- VAULT_CLUSTER_INTERFACE=eth0
|
||||||
|
- VAULT_ADDR=http://0.0.0.0:8200
|
||||||
|
- VAULT_LOCAL_CONFIG={"backend":{"consul":{"address":"consul:8500","path":"vault/"}},"listener":{"tcp":{"address":"0.0.0.0:8200","tls_disable":1}}}
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- "gluu"
|
||||||
|
depends_on:
|
||||||
|
- consul
|
||||||
|
labels:
|
||||||
|
- "SERVICE_IGNORE=yes"
|
||||||
|
|
||||||
|
registrator:
|
||||||
|
container_name: registrator
|
||||||
|
image: gluufederation/registrator:dev
|
||||||
|
command: registrator -internal -cleanup -resync 30 -retry-attempts 5 -retry-interval 10 consul://consul:8500
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/tmp/docker.sock
|
||||||
|
networks:
|
||||||
|
- "gluu"
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on:
|
||||||
|
- consul
|
||||||
|
|
||||||
|
nginx:
|
||||||
|
container_name: nginx
|
||||||
|
image: gluufederation/nginx:3.1.5_02
|
||||||
|
environment:
|
||||||
|
- GLUU_CONFIG_CONSUL_HOST=consul
|
||||||
|
- GLUU_SECRET_VAULT_HOST=vault
|
||||||
|
- VIRTUAL_HOST="{{ gluu.domain }}"
|
||||||
|
- LETSENCRYPT_HOST="{{ gluu.domain }}"
|
||||||
|
- LETSENCRYPT_EMAIL="{{ letsencrypt_email }}"
|
||||||
|
ports:
|
||||||
|
- "80"
|
||||||
|
- "443"
|
||||||
|
networks:
|
||||||
|
- "external_services"
|
||||||
|
- "gluu"
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "SERVICE_IGNORE=yes"
|
||||||
|
|
||||||
|
ldap:
|
||||||
|
container_name: ldap
|
||||||
|
image: gluufederation/opendj:3.1.5_02
|
||||||
|
environment:
|
||||||
|
- GLUU_CONFIG_CONSUL_HOST=consul
|
||||||
|
- GLUU_SECRET_VAULT_HOST=vault
|
||||||
|
- GLUU_LDAP_INIT=true
|
||||||
|
- GLUU_LDAP_INIT_HOST=ldap
|
||||||
|
- GLUU_LDAP_INIT_PORT=1636
|
||||||
|
- GLUU_OXTRUST_CONFIG_GENERATION=true
|
||||||
|
- GLUU_CACHE_TYPE=NATIVE_PERSISTENCE
|
||||||
|
# - GLUU_CACHE_TYPE=REDIS # don't forget to enable redis service
|
||||||
|
# - GLUU_REDIS_URL=redis:6379
|
||||||
|
# - GLUU_REDIS_TYPE=STANDALONE
|
||||||
|
# the value must match service name `ldap` because other containers
|
||||||
|
# use this value as LDAP hostname
|
||||||
|
- GLUU_CERT_ALT_NAME=ldap
|
||||||
|
volumes:
|
||||||
|
- "{{ gluu.volume_folder }}/opendj/config:/opt/opendj/config"
|
||||||
|
- "{{ gluu.volume_folder }}/opendj/ldif:/opt/opendj/ldif"
|
||||||
|
- "{{ gluu.volume_folder }}/opendj/logs:/opt/opendj/logs"
|
||||||
|
- "{{ gluu.volume_folder }}/opendj/db:/opt/opendj/db"
|
||||||
|
- "{{ gluu.volume_folder }}/opendj/flag:/flag"
|
||||||
|
- "{{ gluu.volume_folder }}/opendj/backup:/opt/opendj/bak"
|
||||||
|
networks:
|
||||||
|
- "gluu"
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "SERVICE_IGNORE=yes"
|
||||||
|
|
||||||
|
oxauth:
|
||||||
|
container_name: oxauth
|
||||||
|
image: gluufederation/oxauth:3.1.5_02
|
||||||
|
environment:
|
||||||
|
- GLUU_CONFIG_CONSUL_HOST=consul
|
||||||
|
- GLUU_SECRET_VAULT_HOST=consul
|
||||||
|
- GLUU_LDAP_URL=ldap:1636
|
||||||
|
extra_hosts:
|
||||||
|
- "{{ gluu.domain }}:85.235.225.231"
|
||||||
|
volumes:
|
||||||
|
- "{{ gluu.volume_folder }}/oxauth/custom/pages:/opt/gluu/jetty/oxauth/custom/pages"
|
||||||
|
- "{{ gluu.volume_folder }}/oxauth/custom/static:/opt/gluu/jetty/oxauth/custom/static"
|
||||||
|
- "{{ gluu.volume_folder }}/oxauth/lib/ext:/opt/gluu/jetty/oxauth/lib/ext"
|
||||||
|
- "{{ gluu.volume_folder }}/oxauth/logs:/opt/gluu/jetty/oxauth/logs"
|
||||||
|
networks:
|
||||||
|
- "gluu"
|
||||||
|
mem_limit: 1536M
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "SERVICE_NAME=oxauth"
|
||||||
|
- "SERVICE_8080_CHECK_HTTP=/oxauth/.well-known/openid-configuration"
|
||||||
|
- "SERVICE_8080_CHECK_INTERVAL=15s"
|
||||||
|
- "SERVICE_8080_CHECK_TIMEOUT=5s"
|
||||||
|
|
||||||
|
oxtrust:
|
||||||
|
container_name: oxtrust
|
||||||
|
image: gluufederation/oxtrust:3.1.5_02
|
||||||
|
environment:
|
||||||
|
- GLUU_CONFIG_CONSUL_HOST=consul
|
||||||
|
- GLUU_SECRET_VAULT_HOST=vault
|
||||||
|
- GLUU_LDAP_URL=ldap:1636
|
||||||
|
- GLUU_OXAUTH_BACKEND=oxauth:8080
|
||||||
|
extra_hosts:
|
||||||
|
- "{{ gluu.domain }}:85.235.225.231"
|
||||||
|
volumes:
|
||||||
|
- "{{ gluu.volume_folder }}/oxtrust/custom/pages:/opt/gluu/jetty/identity/custom/pages"
|
||||||
|
- "{{ gluu.volume_folder }}/oxtrust/custom/static:/opt/gluu/jetty/identity/custom/static"
|
||||||
|
- "{{ gluu.volume_folder }}/oxtrust/lib/ext:/opt/gluu/jetty/identity/lib/ext"
|
||||||
|
- "{{ gluu.volume_folder }}/oxtrust/logs:/opt/gluu/jetty/identity/logs"
|
||||||
|
- "{{ gluu.volume_folder }}/shared-shibboleth-idp:/opt/shared-shibboleth-idp"
|
||||||
|
networks:
|
||||||
|
- "gluu"
|
||||||
|
mem_limit: 1536M
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "SERVICE_NAME=oxtrust"
|
||||||
|
- "SERVICE_8080_CHECK_HTTP=/identity/restv1/scim-configuration"
|
||||||
|
- "SERVICE_8080_CHECK_INTERVAL=15s"
|
||||||
|
- "SERVICE_8080_CHECK_TIMEOUT=5s"
|
||||||
|
|
||||||
|
oxshibboleth:
|
||||||
|
container_name: oxshibboleth
|
||||||
|
image: gluufederation/oxshibboleth:3.1.5_02
|
||||||
|
environment:
|
||||||
|
- GLUU_CONFIG_CONSUL_HOST=consul
|
||||||
|
- GLUU_SECRET_VAULT_HOST=vault
|
||||||
|
- GLUU_LDAP_URL=ldap:1636
|
||||||
|
extra_hosts:
|
||||||
|
- "{{gluu.domain}}:85.235.225.231"
|
||||||
|
volumes:
|
||||||
|
- "{{ gluu.volume_folder }}/volumes/shared-shibboleth-idp:/opt/shared-shibboleth-idp"
|
||||||
|
networks:
|
||||||
|
- "gluu"
|
||||||
|
mem_limit: 1024M
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "SERVICE_NAME=oxshibboleth"
|
||||||
|
- "SERVICE_8086_CHECK_HTTP=/idp"
|
||||||
|
- "SERVICE_8086_CHECK_INTERVAL=15s"
|
||||||
|
- "SERVICE_8086_CHECK_TIMEOUT=5s"
|
||||||
|
|
||||||
|
oxpassport:
|
||||||
|
container_name: oxpassport
|
||||||
|
image: gluufederation/oxpassport:3.1.5_02
|
||||||
|
environment:
|
||||||
|
- GLUU_CONFIG_CONSUL_HOST=consul
|
||||||
|
- GLUU_SECRET_VAULT_HOST=vault
|
||||||
|
- GLUU_LDAP_URL=ldap:1636
|
||||||
|
# required by wait-for-it script
|
||||||
|
- GLUU_OXAUTH_BACKEND=oxauth:8080
|
||||||
|
- GLUU_OXTRUST_BACKEND=oxtrust:8080
|
||||||
|
extra_hosts:
|
||||||
|
- "{{gluu.domain}}:85.235.225.231"
|
||||||
|
networks:
|
||||||
|
- "gluu"
|
||||||
|
restart: unless-stopped
|
||||||
|
labels:
|
||||||
|
- "SERVICE_NAME=oxpassport"
|
||||||
|
- "SERVICE_8090_CHECK_HTTP=/passport"
|
||||||
|
- "SERVICE_8090_CHECK_INTERVAL=15s"
|
||||||
|
- "SERVICE_8090_CHECK_TIMEOUT=5s"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
external_services:
|
||||||
|
external: true
|
||||||
|
gluu:
|
||||||
|
name: "gluu"
|
Loading…
Reference in a new issue