Move profile deployment to docker

provision.yml

@@ -181,6 +181,7 @@
     - { role: mujina-idp, tags: ["mujina-idp"] }  
     - { role: oidc-playground, tags: ["oidc-playground"] }  
     - { role: stats,      tags: ["stats"] }  
+    - { role: profile,      tags: ["profile"] }  
 
 - import_playbook: "{{ environment_dir }}/playbook.yml"
 

roles/profile/defaults/main.yml

@@ -1,42 +1,21 @@
 # Default variables used to configure Profile
 # These can be overwritten via group or extra vars
 
-# Version of Profile that is installable by this role
-# E.g. profile_version: x.y.z
-profile_version: ''
-
-# Profile installer specific variables
-profile_version_dir: "{{ profile_version | replace('/', '-') }}"
-profile_branch_dir: "{{ openconext_builds_dir }}/OpenConext-profile-{{ profile_branch | replace('/', '-') }}"
-profile_release_dir: "{{ openconext_releases_dir }}/OpenConext-profile-{{ profile_version_dir }}"
-profile_build_path: "{{ openconext_builds_dir }}/OpenConext-profile-{{ profile_version_dir }}.tar.gz"
-profile_download_url: "https://github.com/OpenConext/OpenConext-profile/releases/download/{{ profile_version }}/OpenConext-profile-{{ profile_version_dir }}.tar.gz"
-profile_current_release_symlink: "{{ openconext_releases_dir }}/OpenConext-profile"
-
-# Domain under which profile can be found
-profile_domain: profile.{{ base_domain }}
-
-# Cache and log paths
-profile_symfony_cache_path: "/tmp/profile/symfony-cache/"
-profile_symfony_log_path: "/var/log/profile"
-
 # Secret used by application for adding entropy to security related operations
 profile_secret: secret
-
+engine_api_verify_ssl: true
+profile_vhost_name: "profile.{{ base_domain }}"
 # Language code for user locale to be set by default
 # E.g. profile_default_locale: en
 profile_default_locale: en
 
-# IP-address and domain of Engine API to enable Profile to send API calls
-engine_api_verify_ssl: true
-
 # Paths of public and private key used for sending SAML AuthnRequests
-profile_saml_sp_publickey: ../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer
-profile_saml_sp_privatekey: ../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem
+profile_saml_sp_publickey: /var/www/html/vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer
+profile_saml_sp_privatekey: /var/www/html/vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem
 
 # Paths of public and private key used for signing metadata
-profile_saml_metadata_publickey: ../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer
-profile_saml_metadata_privatekey: ../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem
+profile_saml_metadata_publickey: /var/www/html/vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer
+profile_saml_metadata_privatekey: /var/www/html/vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem
 
 # Domain under which EngineBlock can be found
 engine_domain: engine.{{ base_domain }}
@@ -46,10 +25,8 @@ engine_profile_idp_entityid: https://{{ engine_domain }}/authentication/idp/meta
 
 # URL for remote identity provider's single sign on
 engine_profile_idp_sso_url: https://{{ engine_domain }}/authentication/idp/single-sign-on
-
-profile_fpm_user: profile
-profile_fpm_port: 802
-
+# Certificate containting the public SAML signing key of the reomote IDP
+engine_profile_idp_certificate: "/var/www/html/config/openconext/certs/{{ profile_eb_saml_public_key }}"
 profile_info_request_email: "{{ support_email }}"
 
 profile_lifecycle_enabled: false
@@ -63,4 +40,3 @@ profile_manage_provision_samlsp_metadata_url: "https://profile.{{ base_domain }}
 profile_manage_provision_samlsp_sp_cert: ""
 profile_manage_provision_samlsp_trusted_proxy: false
 profile_manage_provision_samlsp_sign: false
-

roles/profile/handlers/main.yml

@@ -1,5 +1,6 @@
 ---
-- name: restart php72-fpm
-  service:
-    name: php72-php-fpm
-    state: restarted
+- name: restart profile
+  community.docker.docker_container:
+    name: profile
+    state: started
+    restart: true