Issue Sunbird-Lern#24 chore:Sunbird auth package build

keycloak/scripts/ansible/inventories/local/group_vars/localhost.yml

@@ -0,0 +1,291 @@
+# ENVIRONMENT CONFIGURATION
+env: local #Name of the environment, e.g. dev, staging or production.
+proxy_server_name: dev.open-sunbird.org #Domain on which the portal will be accessed. e.g. staging.{implementation-name}.org
+proxy_site_key: "{{ vault_proxy_site_key }}"  #SSL certificate's site.key file contents. More details in this wiki: https://github.com/project-sunbird/sunbird-commons/wiki/Updating-SSL-certificates-in-Sunbird-Proxy-service
+proxy_site_crt: "{{ vault_proxy_site_crt }}"  #SSL certificate's site.crt file contents. More details in this wiki: https://github.com/project-sunbird/sunbird-commons/wiki/Updating-SSL-certificates-in-Sunbird-Proxy-service
+ansible_connection: "local"
+
+# DB CONFIGURATION
+
+## Below passwords are used by DB install scripts when creating databases. Please use strong passwords.
+application_postgres_password: "{{vault_application_postgres_password}}"   #Password for Application database.
+keycloak_postgres_password: "{{vault_keycloak_postgres_password}}"  #Password for Keycloak (Authentication service) database.
+kong_postgres_password:  "{{ vault_kong_postgres_password }}"         #Password for Kong (API Manager) database.
+
+## Postgres configuration
+swarm_address_space: 10.0.0.0/16  #Application server address space (e.g. 10.3.0.0/24), also the agentpublicSubnet if using Azure scripts provided
+keycloak_address_space: 10.113.0.0/24
+postgres_address_space: 10.10.0.0/24
+
+## Cassandra configuration
+cassandra_server_private_ip: 10.10.4.4 #Private IP of cassandra server
+keystore_password: "{{vault_keystore_password}}"  #Password to use for encrypting cassandra keystore. Use a strong password.
+truststore_password: "{{vault_truststore_password}}"  #Password to use for encrypting cassandra truststore. Use a strong password.
+
+# APPLICATION CONFIGURATION
+
+kong_host: api-manager_kong
+
+## DB address
+application_postgres_host: "{{ groups['postgresql-master'][0]}}"  #Private IP of Postgres server
+keycloak_postgres_host: "{{ groups['postgresql-master'][0]}}"  #Private IP of Postgres server
+kong_postgres_host: "{{ groups['postgresql-master'][0]}}"  #Private IP of Postgres server
+sunbird_mongo_ip: 10.10.2.5 #Private IP of Mongo DB server
+sunbird_cassandra_host: 10.10.4.4  #Private IP of Cassandra server
+sunbird_es_host: 10.10.3.7,10.10.3.8,10.10.3.6   #Private IP of Elastic Search server. If ES cluster has multiple nodes then add all nodes by separating them with comma. e.g. 10.2.0.1,10.2.0.2,10.2.0.3
+
+## Application server configurations
+sunbird_ekstep_api_base_url: https://qa.ekstep.in/api  #API base URL of the Ekstep environment. Use `https://qa.ekstep.in/api` for non-prod deployments, and use `https://api.ekstep.in/` for prod deployment.
+sunbird_ekstep_proxy_base_url: https://qa.ekstep.in  #Base URL of the Ekstep environment. Use `https://qa.ekstep.in/` for non-prod deployments, and `https://community.ekstep.in/` for prod deployment.
+sunbird_env: qa #Ekstep environment to connect to. Use `qa` for non-prod deployments, and `prod` for prod deployment.
+sunbird_mail_server_host: "{{ mail_server_host }}"  #SMTP server IP. Could be ignored if not mails are to be sent.
+sunbird_mail_server_port: "{{ mail_server_port }}" #SMTP port. Could be ignored if not mails are to be sent.
+sunbird_mail_server_username: "{{ mail_server_username }}"  #SMTP username. Could be ignored if not mails are to be sent.
+sunbird_mail_server_password: "{{ mail_server_password }}"  #SMTP server pasword. Could be ignored if not mails are to be sent.
+sunbird_mail_server_from_email: [email protected] #Email ID that should be as from address in mails
+
+## Keycloak (auth server) login details
+sunbird_sso_username: "{{ vault_sunbird_sso_username }}"
+sunbird_sso_password: "{{ vault_sunbird_sso_password }}"
+keycloak_admin_username: admin
+keycloak_admin_initial_password: "{{ vault_keycloak_admin_password }}"
+keycloak_tar_path: keycloak.tar.gz
+keycloak_theme_path: artifacts/sunbird
+
+
+## Content Repo configuration
+sunbird_api_auth_token: "{{ vault_sunbird_api_auth_token }}" #Authorization key (JWT) to access Sunbird APIs. This will be in the output of deploy-apis.sh script, extracting it out is documented in the deployment wiki.
+sunbird_ekstep_api_key: "{{ vault_sunbird_ekstep_api_key }}" #Authorization key (JWT) to access Ekstep APIs. Steps to generate this are documented on https://github.com/project-sunbird/sunbird-commons/wiki/Obtaining-API-token-for-accessing-ekstep-APIs
+sunbird_trampoline_secret: "{{ vault_sunbird_trampoline_secret }}"
+
+# ADVANCED CONFIGURATIONS
+
+cassandra_listen_address: "{{ cassandra_server_private_ip }}"
+cassandra_seeds: "{{ cassandra_server_private_ip }}"
+cassandra_broadcast_rpc_address: "{{ cassandra_server_private_ip }}"
+cassandra_broadcast_address: "{{ cassandra_server_private_ip }}"
+cassandra_listen_interface: ''
+cassandra_log_dir: '/var/log/cassandra'
+cassandra_root_dir: '/etc/cassandra'
+cassandra_version: '3.9'
+cassandra_port: 9042
+cassandra_rpc_address: 0.0.0.0
+cassandra_restore_dir: /home/deployer/
+cassandra_backup_azure_container_name: cassandra-backup
+cassandra_backup_azure_storage_account_name: "{{ backup_storage_name }}"
+cassandra_backup_azure_storage_access_key: "{{backup_storage_key}}"
+cassandra_backup_dir: /data/cassandra/backup
+
+keycloak_url: http://10.113.0.7
+
+keycloak_auth_server_url: "https://{{ proxy_server_name }}/auth"
+keycloak_realm: sunbird
+sunbird_content_player_url: "https://{{ proxy_server_name }}/api/"
+sunbird_learner_player_url: "https://{{ proxy_server_name }}/api/"
+sunbird_sso_client_id: admin-cli
+sunbird_mongo_port: 27017
+sunbird_mongodb_port: 27017
+sunbird_portal_realm: sunbird
+sunbird_portal_auth_server_client: portal
+sunbird_trampoline_client_id: trampoline
+sunbird_appid: sunbird_portal
+sunbird_default_tenant: sunbird
+sunbird_echo_api_url: "https://{{ proxy_server_name }}/api/echo/"
+sunbird_pg_host: "{{ application_postgres_host }}"
+sunbird_pg_port: 5432
+sunbird_pg_db: quartz
+sunbird_pg_user: quartz
+sunbird_pg_password: "{{ application_postgres_password }}"
+sunbird_installation: sunbird
+sunbird_account_name: sunbirddev
+sunbird_account_key: "{{ vault_sunbird_account_key }}"
+sunbird_sunbird_quartz_mode: cluster
+sunbird_encryption_mode: local
+sunbird_cassandra_urls: "{{ cassandra_server_private_ip }}:{{ cassandra_port }}"
+sunbird_session_store_type: cassandra
+sunbird_keycloak_client_id: 'portal'
+sunbird_keycloak_public: true
+sunbird_cache_store: "memory"
+sunbird_cache_ttl: 1800
+sunbird_portal_title_name: portal
+sunbird_web_url: "https://{{ proxy_server_name }}"
+sunbird_sso_publickey: "{{vault_sunbird_sso_publickey}}"
+sunbird_azure_storage_account: "{{vault_sunbird_azure_storage_account}}"
+sunbird_azure_storage_key: "{{vault_sunbird_azure_storage_key}}"
+sunbird_container_name: portal
+sunbird_cdn_url: https://dev-sunbird-temp.azureedge.net/{{sunbird_container_name}}
+mongo_backup_dir: /home/deployer/mongo-backups
+sunbird_background_actor_host: actor-service
+sunbird_actor_system_name: BackGroundRemoteMiddlewareActorSystem
+sunbird_app_url:
+sunbird_fcm_account_key:
+sunbird_env_logo_url:
+
+
+#player_tenant_dir:
+sunbird_dataservice_url: https://{{ proxy_server_name }}/api/
+project: sunbird
+application_postgres_database: quartz
+application_postgres_user: quartz
+keycloak_postgres_database: keycloak
+keycloak_postgres_user: keycloak
+
+
+## Cassandra download URI
+cassandra_repo: 'deb http://www.apache.org/dist/cassandra/debian 39x main'
+cassandra_repo_key: 'https://www.apache.org/dist/cassandra/KEYS'
+
+#API Manager
+kong_postgres_port: 5432
+kong_postgres_user: api_manager_dev
+kong_postgres_database: api_manager_dev
+
+es_curl_host: 10.10.3.7
+
+## Logging details
+syslog:
+    host: 172.16.0.5
+    port: 51415
+
+## PostgreSQL config
+postgres_replication_user_name: replication
+postgres_replication_user_password: "{{ vault_postgres_replication_user_password }}"
+
+postgresql_hba_entries:
+  - { type: local, database: all, user: postgres, auth_method: peer }
+  - { type: local, database: all, user: all, auth_method: peer }
+  - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
+  - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
+  - { type: host, database: all, user: "{{ postgres_exporter_user }}", address: '{{ swarm_address_space }}', auth_method: md5 }
+  - { type: host, database: replication, user: "{{ postgres_replication_user_name }}", address: '{{ postgres_address_space }}', auth_method: md5 }
+  - { type: host, database: all, user: all, address: '{{ swarm_address_space }}', auth_method: md5 }
+  - { type: host, database: all, user: all, address: '{{ keycloak_address_space }}', auth_method: md5 }
+
+ansible_vault_password: "{{ vault_ansible_vault_password }}"
+docker_hub_password: "{{ vault_docker_hub_password }}"
+jenkins_slave_jenkins_username: "{{ vault_jenkins_slave_jenkins_username }}"
+jenkins_slave_jenkins_password: "{{ vault_jenkins_slave_jenkins_password }}"
+ops_private_key: "{{ vault_ops_private_key }}"
+deployer_ssh_key: "{{ vault_deployer_ssh_key }}"
+proxy_prometheus_admin_creds: "{{ vault_proxy_prometheus_admin_creds }}"
+
+# ADDITIONAL CONFIGURATION
+backup_storage_name: "sunbirdbackupsdev"
+prometheus_storage_retention_time: 72h0m0s
+curl_host: dev.open-sunbird.org
+
+mail_server_host: smtp.sendgrid.net
+mail_server_port: 587
+mail_server_username: [email protected]
+mail_server_password: "{{ vault_mail_server_password }}"
+
+logger_es_host: "{{ groups['dev-log-es'][0] }}"
+logger_es_port: 9200
+
+kibana_oauth_redirect_url: https://dev.open-sunbird.org/oauth2/callback
+monitor_alerts_slack_channel: sunbird-dev-alert
+keycloak: True
+
+api__host: dev.open-sunbird.org
+
+proxy_replicas: 2
+proxy_reservation_memory: 32M
+proxy_limit_memory: 128M
+kong_replicas: 3
+kong_reservation_memory: 64M
+kong_limit_memory: 256M
+echo_service_replicas: 2
+echo_service_reservation_memory: 8M
+echo_service_limit_memory: 16M
+adminutil_replicas: 2
+adminutil_reservation_memory: 512M
+adminutil_limit_memory: 1024M
+
+actor_replicas: 2
+actor_reservation_memory: 500M
+actor_limit_memory: 1024M
+
+learner_replicas: 2
+learner_reservation_memory: 1500M
+learner_limit_memory: 1500M
+
+player_replicas: 2
+player_reservation_memory: 256M
+player_limit_memory: 512M
+
+content_replicas: 2
+content_reservation_memory: 64M
+content_limit_memory: 256M
+
+keycloak1_replicas: 1
+keycloak1_reservation_memory: 768M
+keycloak1_limit_memory: 1024M
+
+keycloak2_replicas: 1
+keycloak2_reservation_memory: 768M
+keycloak2_limit_memory: 1024M
+
+monitor_es_host: "{{ groups['es'][0] }}"
+alertmanager_host: "{{ groups['swarm-agent-for-alertmanager'][0] }}"
+prometheus_host: "{{ groups['swarm-agent-for-prometheus'][0] }}"
+
+swarm_load_balancer: 10.0.0.100
+filebeat_logtsash_host: "{{ swarm_load_balancer }}"
+
+expected_minimum_logs_per_minute: 30
+
+proxy_prometheus: true
+
+enable_scraping_docker_metrics: true
+enable_mongodb_availability_check: false
+
+postgres_exporter_postgres_port: 5432
+postgres_exporter_user: postgres_exporter
+postgres_exporter_password: "{{ vault_postgres_exporter_password }}"
+sunbird_learner_service_base_url: https://dev.open-sunbird.org/api
+kong_admin_api_url: http://api-manager_kong:8001
+
+postgresql_backup_azure_storage_account_name: "{{ backup_storage_name }}"
+postgresql_backup_azure_storage_access_key: "{{ backup_storage_key }}"
+postgresql_restore_azure_storage_account_name: "{{ backup_storage_name }}"
+postgresql_restore_azure_storage_access_key: "{{ backup_storage_key }}"
+
+grafana_url: https://dev.open-sunbird.org/grafana
+grafana_editor_username: editor
+
+app_alerts_mailing_list: "[email protected], [email protected], [email protected],{{devops_alerts_mailing_list}}"
+devops_alerts_mailing_list: "[email protected], [email protected], [email protected], [email protected], [email protected]"
+site_alerts_mailing_list: "[email protected], [email protected], [email protected], [email protected], {{devops_alerts_mailing_list}}"
+keycloak_alerts_mailing_list: "[email protected], [email protected], {{devops_alerts_mailing_list}}"
+api_manager_alerts_mailing_list: "[email protected], [email protected], {{devops_alerts_mailing_list}}"
+
+jenkins_url: http://10.20.0.4:8080/jenkins
+
+kibana_oauth_authenticated_email_domains:
+  - ekstep.org
+  - sahajsoft.com
+  - ilimi.in
+  - tarento.com
+
+kibana_oauth_authenticated_email_ids:
+  - [email protected]
+  - [email protected]
+  - [email protected]
+  - [email protected]
+
+monitor_alerts_mail_from_email: [email protected]
+monitor_alerts_mail_server_host: "{{ mail_server_host }}"
+monitor_alerts_mail_server_port: "{{ mail_server_port }}"
+monitor_alerts_mail_server_username: "{{ mail_server_username }}"
+monitor_alerts_mail_server_password: "{{ mail_server_password }}"
+env_short_name: dev
+
+# keycloak sms provider
+keycloak_build_src: "keycloak_build"
+keycloak_ver: "keycloak-3.2.0.Final"
+keycloak_sms_provider_build: "keycloak-email-phone-autthenticator-1.0-SNAPSHOT.jar"
+keycloak_sms_provider_templates_src: "templates.tar.gz"
+keycloak_sms_provider_templates_dest: "/opt/keycloak/themes/sunbird/login"
+keycloak_ekstep_sunbird_login_theme_file: "login.tar.gz"
+keycloak_ekstep_sunbird_login_theme_dest: "/opt/keycloak/themes/sunbird/login"
+keycloak_postgresql: "postgresql-9.4.1212.jar"

keycloak/scripts/ansible/inventories/local/hosts

@@ -0,0 +1,26 @@
+[dev-postgresql-1]
+10.10.0.4 ansible_ssh_user=deployer ansible_ssh_private_key_file=/run/secrets/deployer-ssh-key ansible_sudo_pass="{{ deployer_sudo_pass }}"
+
+[dev-postgresql-master:children]
+dev-postgresql-1
+
+[dev-postgresql-slave:children]
+
+[postgresql-master:children]
+dev-postgresql-master
+
+[postgresql-slave:children]
+dev-postgresql-slave
+
+[postgresql-backup:children]
+postgresql-master
+
+[postgresql-restore:children]
+postgresql-master
+
+[local]
+localhost ansible_connection=local
+
+[localhost]
+localhost ansible_connection=local
+