forked from Sunbird-Lern/sunbird-auth
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Issue Sunbird-Lern#24 chore:Sunbird auth package build
- Loading branch information
Showing
18 changed files
with
3,046 additions
and
22 deletions.
There are no files selected for viewing
6 changes: 6 additions & 0 deletions
6
keycloak/scripts/ansible/inventories/dev/group_vars/dev-es.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
es_heap_size: 1500m | ||
es_etc_cluster_name: sunbird-dev | ||
es_etc_discovery_zen_minimum_master_nodes: 2 | ||
es_snapshot_host: "{{ groups['es-backup'][0] }}" | ||
es_restore_host: "{{ groups['es-backup'][0] }}" | ||
snapshot_base_path: application |
30 changes: 30 additions & 0 deletions
30
keycloak/scripts/ansible/inventories/dev/group_vars/dev-kong-api.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
# Consumers to be on-boarded | ||
kong_consumers: | ||
- username: api-management-test-user | ||
groups: "{{ kong_all_consumer_groups }}" | ||
state: present | ||
rate_limits: "{{ premium_consumer_rate_limits }}" | ||
- username: sunbird-integrator-test-user | ||
groups: "{{ integration_partner_groups }}" | ||
state: present | ||
credential_algorithm: "RS256" | ||
credential_rsa_public_key: "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvknOmYAnTRS2BJCm0EXT\nqs3Zg3HPFyhwHIlWp2vwOo5rKLUBmNlSM91yy2vAr7A3wwg+HKe+k+b8XZEJAJyf\nlvtlbRkbuDNpxaqPVav6h7hfUT2RvJOIZn828JLtgYzsA92kD3Ef4YnQoX2FoNLn\noQL0B8WfHbVFkKTbSlz59MlEp74Wx39lTSXjFDYG0wrLiUMW7Eq8ECTEj9ombB+o\nVnBq0mgRNqywtxQlAiFFkuP2H7FATttcHi5PuF8vYMJtpj6PSHmdsMc++VdVE3Pw\n4rQ9s/WY2ThV80RecL5c7jSlfXTyLDTnR10ZNZnMCEzcZAKBSdiIlDmLoZ4852P6\ncwIDAQAB\n-----END PUBLIC KEY-----" | ||
credential_iss: "sunbird-integrator-test.org" | ||
- username: mobile_admin | ||
groups: "{{ mobile_admin_groups }}" | ||
print_credentials: true | ||
state: present | ||
- username: mobile_app | ||
groups: "{{ mobile_app_groups }}" | ||
state: present | ||
- username: mobile_device | ||
groups: "{{ mobile_device_groups }}" | ||
state: present | ||
- username: add-any-consumer-to-be-deleted | ||
state: absent | ||
- username: apekx-integrator-user | ||
groups: "{{ integration_partner_groups }}" | ||
state: absent | ||
credential_algorithm: "RS256" | ||
credential_rsa_public_key: "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7PtN8+rUo1VnB0BQzEgE\ntaYgYTFk5fnfLB6djy/O0IGx59msT1/V92OwCXFRtXZgCJ/9YIqwprPh/MYcdtAv\nd8Rh/OFQHndwf+yT+3vm2S834hWrgmTNE3fTpgmbbbwm41dJQ2Nv/++SrY6UN+lJ\ncuF8WbizUWZxXHe8HFyIoi52JnBBHpCunXVlMgZL9NT6/hoz8DNfehqpRswveuCF\niW66UVN3MBzBvHEv+gMFyG20UvijdY5vtGYWo30/ExeiDesdGy1JC0fHpjW3FJqE\nBu+Q7Cy1AGFa0ZexLFaLKPspKSLwR0mgkzxV+5x9bhygDC8uXEA3ImuqtkdIXTYw\nUQIDAQAB\n-----END PUBLIC KEY-----" | ||
credential_iss: "apekx" |
6 changes: 6 additions & 0 deletions
6
keycloak/scripts/ansible/inventories/dev/group_vars/dev-log-es.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
es_heap_size: 1500m | ||
es_etc_cluster_name: sunbird-log-dev | ||
es_snapshot_host: "{{ groups['log-es-backup'][0] }}" | ||
es_restore_host: "{{ groups['log-es-backup'][0] }}" | ||
snapshot_base_path: logger | ||
es_host: "{{ groups['log-es'][0] }}" |
25 changes: 25 additions & 0 deletions
25
keycloak/scripts/ansible/inventories/dev/group_vars/dev-postgresql-master.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# postgresql_users should only be created in master and replicated to slave | ||
postgresql_databases: | ||
- name: "{{kong_postgres_database}}" | ||
- name: "{{keycloak_postgres_database}}" | ||
- name: "{{application_postgres_database}}" | ||
|
||
postgresql_users: | ||
- name: "{{ postgres_replication_user_name }}" | ||
password: "{{ postgres_replication_user_password }}" | ||
role_attr_flags: REPLICATION | ||
- name: "{{ postgres_exporter_user }}" | ||
password: "{{ postgres_exporter_password }}" | ||
role_attr_flags: SUPERUSER | ||
- name: "{{kong_postgres_user}}" | ||
password: "{{kong_postgres_password}}" | ||
db: "{{kong_postgres_database}}" | ||
priv: "ALL" | ||
- name: "{{keycloak_postgres_user}}" | ||
password: "{{keycloak_postgres_password}}" | ||
db: "{{keycloak_postgres_database}}" | ||
priv: "ALL" | ||
- name: "{{application_postgres_user}}" | ||
password: "{{application_postgres_password}}" | ||
db: "{{application_postgres_database}}" | ||
priv: "ALL" |
291 changes: 291 additions & 0 deletions
291
keycloak/scripts/ansible/inventories/dev/group_vars/dev.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,291 @@ | ||
# ENVIRONMENT CONFIGURATION | ||
env: dev #Name of the environment, e.g. dev, staging or production. | ||
proxy_server_name: dev.open-sunbird.org #Domain on which the portal will be accessed. e.g. staging.{implementation-name}.org | ||
proxy_site_key: "{{ vault_proxy_site_key }}" #SSL certificate's site.key file contents. More details in this wiki: https://github.com/project-sunbird/sunbird-commons/wiki/Updating-SSL-certificates-in-Sunbird-Proxy-service | ||
proxy_site_crt: "{{ vault_proxy_site_crt }}" #SSL certificate's site.crt file contents. More details in this wiki: https://github.com/project-sunbird/sunbird-commons/wiki/Updating-SSL-certificates-in-Sunbird-Proxy-service | ||
|
||
|
||
# DB CONFIGURATION | ||
|
||
## Below passwords are used by DB install scripts when creating databases. Please use strong passwords. | ||
application_postgres_password: "{{vault_application_postgres_password}}" #Password for Application database. | ||
keycloak_postgres_password: "{{vault_keycloak_postgres_password}}" #Password for Keycloak (Authentication service) database. | ||
kong_postgres_password: "{{ vault_kong_postgres_password }}" #Password for Kong (API Manager) database. | ||
|
||
## Postgres configuration | ||
swarm_address_space: 10.0.0.0/16 #Application server address space (e.g. 10.3.0.0/24), also the agentpublicSubnet if using Azure scripts provided | ||
keycloak_address_space: 10.113.0.0/24 | ||
postgres_address_space: 10.10.0.0/24 | ||
|
||
## Cassandra configuration | ||
cassandra_server_private_ip: 10.10.4.4 #Private IP of cassandra server | ||
keystore_password: "{{vault_keystore_password}}" #Password to use for encrypting cassandra keystore. Use a strong password. | ||
truststore_password: "{{vault_truststore_password}}" #Password to use for encrypting cassandra truststore. Use a strong password. | ||
|
||
# APPLICATION CONFIGURATION | ||
|
||
kong_host: api-manager_kong | ||
|
||
## DB address | ||
application_postgres_host: "{{ groups['postgresql-master'][0]}}" #Private IP of Postgres server | ||
keycloak_postgres_host: "{{ groups['postgresql-master'][0]}}" #Private IP of Postgres server | ||
kong_postgres_host: "{{ groups['postgresql-master'][0]}}" #Private IP of Postgres server | ||
sunbird_mongo_ip: 10.10.2.5 #Private IP of Mongo DB server | ||
sunbird_cassandra_host: 10.10.4.4 #Private IP of Cassandra server | ||
sunbird_es_host: 10.10.3.7,10.10.3.8,10.10.3.6 #Private IP of Elastic Search server. If ES cluster has multiple nodes then add all nodes by separating them with comma. e.g. 10.2.0.1,10.2.0.2,10.2.0.3 | ||
|
||
## Application server configurations | ||
sunbird_ekstep_api_base_url: https://qa.ekstep.in/api #API base URL of the Ekstep environment. Use `https://qa.ekstep.in/api` for non-prod deployments, and use `https://api.ekstep.in/` for prod deployment. | ||
sunbird_ekstep_proxy_base_url: https://qa.ekstep.in #Base URL of the Ekstep environment. Use `https://qa.ekstep.in/` for non-prod deployments, and `https://community.ekstep.in/` for prod deployment. | ||
sunbird_env: qa #Ekstep environment to connect to. Use `qa` for non-prod deployments, and `prod` for prod deployment. | ||
sunbird_mail_server_host: "{{ mail_server_host }}" #SMTP server IP. Could be ignored if not mails are to be sent. | ||
sunbird_mail_server_port: "{{ mail_server_port }}" #SMTP port. Could be ignored if not mails are to be sent. | ||
sunbird_mail_server_username: "{{ mail_server_username }}" #SMTP username. Could be ignored if not mails are to be sent. | ||
sunbird_mail_server_password: "{{ mail_server_password }}" #SMTP server pasword. Could be ignored if not mails are to be sent. | ||
sunbird_mail_server_from_email: [email protected] #Email ID that should be as from address in mails | ||
|
||
## Keycloak (auth server) login details | ||
sunbird_sso_username: "{{ vault_sunbird_sso_username }}" | ||
sunbird_sso_password: "{{ vault_sunbird_sso_password }}" | ||
keycloak_admin_username: admin | ||
keycloak_admin_initial_password: "{{ vault_keycloak_admin_password }}" | ||
keycloak_tar_path: keycloak.tar.gz | ||
keycloak_theme_path: artifacts/sunbird | ||
|
||
|
||
## Content Repo configuration | ||
sunbird_api_auth_token: "{{ vault_sunbird_api_auth_token }}" #Authorization key (JWT) to access Sunbird APIs. This will be in the output of deploy-apis.sh script, extracting it out is documented in the deployment wiki. | ||
sunbird_ekstep_api_key: "{{ vault_sunbird_ekstep_api_key }}" #Authorization key (JWT) to access Ekstep APIs. Steps to generate this are documented on https://github.com/project-sunbird/sunbird-commons/wiki/Obtaining-API-token-for-accessing-ekstep-APIs | ||
sunbird_trampoline_secret: "{{ vault_sunbird_trampoline_secret }}" | ||
|
||
# ADVANCED CONFIGURATIONS | ||
|
||
cassandra_listen_address: "{{ cassandra_server_private_ip }}" | ||
cassandra_seeds: "{{ cassandra_server_private_ip }}" | ||
cassandra_broadcast_rpc_address: "{{ cassandra_server_private_ip }}" | ||
cassandra_broadcast_address: "{{ cassandra_server_private_ip }}" | ||
cassandra_listen_interface: '' | ||
cassandra_log_dir: '/var/log/cassandra' | ||
cassandra_root_dir: '/etc/cassandra' | ||
cassandra_version: '3.9' | ||
cassandra_port: 9042 | ||
cassandra_rpc_address: 0.0.0.0 | ||
cassandra_restore_dir: /home/deployer/ | ||
cassandra_backup_azure_container_name: cassandra-backup | ||
cassandra_backup_azure_storage_account_name: "{{ backup_storage_name }}" | ||
cassandra_backup_azure_storage_access_key: "{{backup_storage_key}}" | ||
cassandra_backup_dir: /data/cassandra/backup | ||
|
||
keycloak_url: http://10.113.0.7 | ||
|
||
keycloak_auth_server_url: "https://{{ proxy_server_name }}/auth" | ||
keycloak_realm: sunbird | ||
sunbird_content_player_url: "https://{{ proxy_server_name }}/api/" | ||
sunbird_learner_player_url: "https://{{ proxy_server_name }}/api/" | ||
sunbird_sso_client_id: admin-cli | ||
sunbird_mongo_port: 27017 | ||
sunbird_mongodb_port: 27017 | ||
sunbird_portal_realm: sunbird | ||
sunbird_portal_auth_server_client: portal | ||
sunbird_trampoline_client_id: trampoline | ||
sunbird_appid: sunbird_portal | ||
sunbird_default_tenant: sunbird | ||
sunbird_echo_api_url: "https://{{ proxy_server_name }}/api/echo/" | ||
sunbird_pg_host: "{{ application_postgres_host }}" | ||
sunbird_pg_port: 5432 | ||
sunbird_pg_db: quartz | ||
sunbird_pg_user: quartz | ||
sunbird_pg_password: "{{ application_postgres_password }}" | ||
sunbird_installation: sunbird | ||
sunbird_account_name: sunbirddev | ||
sunbird_account_key: "{{ vault_sunbird_account_key }}" | ||
sunbird_sunbird_quartz_mode: cluster | ||
sunbird_encryption_mode: local | ||
sunbird_cassandra_urls: "{{ cassandra_server_private_ip }}:{{ cassandra_port }}" | ||
sunbird_session_store_type: cassandra | ||
sunbird_keycloak_client_id: 'portal' | ||
sunbird_keycloak_public: true | ||
sunbird_cache_store: "memory" | ||
sunbird_cache_ttl: 1800 | ||
sunbird_portal_title_name: portal | ||
sunbird_web_url: "https://{{ proxy_server_name }}" | ||
sunbird_sso_publickey: "{{vault_sunbird_sso_publickey}}" | ||
sunbird_azure_storage_account: "{{vault_sunbird_azure_storage_account}}" | ||
sunbird_azure_storage_key: "{{vault_sunbird_azure_storage_key}}" | ||
sunbird_container_name: portal | ||
sunbird_cdn_url: https://dev-sunbird-temp.azureedge.net/{{sunbird_container_name}} | ||
mongo_backup_dir: /home/deployer/mongo-backups | ||
sunbird_background_actor_host: actor-service | ||
sunbird_actor_system_name: BackGroundRemoteMiddlewareActorSystem | ||
sunbird_app_url: | ||
sunbird_fcm_account_key: | ||
sunbird_env_logo_url: | ||
|
||
|
||
#player_tenant_dir: | ||
sunbird_dataservice_url: https://{{ proxy_server_name }}/api/ | ||
project: sunbird | ||
application_postgres_database: quartz | ||
application_postgres_user: quartz | ||
keycloak_postgres_database: keycloak | ||
keycloak_postgres_user: keycloak | ||
|
||
|
||
## Cassandra download URI | ||
cassandra_repo: 'deb http://www.apache.org/dist/cassandra/debian 39x main' | ||
cassandra_repo_key: 'https://www.apache.org/dist/cassandra/KEYS' | ||
|
||
#API Manager | ||
kong_postgres_port: 5432 | ||
kong_postgres_user: api_manager_dev | ||
kong_postgres_database: api_manager_dev | ||
|
||
es_curl_host: 10.10.3.7 | ||
|
||
## Logging details | ||
syslog: | ||
host: 172.16.0.5 | ||
port: 51415 | ||
|
||
## PostgreSQL config | ||
postgres_replication_user_name: replication | ||
postgres_replication_user_password: "{{ vault_postgres_replication_user_password }}" | ||
|
||
postgresql_hba_entries: | ||
- { type: local, database: all, user: postgres, auth_method: peer } | ||
- { type: local, database: all, user: all, auth_method: peer } | ||
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } | ||
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } | ||
- { type: host, database: all, user: "{{ postgres_exporter_user }}", address: '{{ swarm_address_space }}', auth_method: md5 } | ||
- { type: host, database: replication, user: "{{ postgres_replication_user_name }}", address: '{{ postgres_address_space }}', auth_method: md5 } | ||
- { type: host, database: all, user: all, address: '{{ swarm_address_space }}', auth_method: md5 } | ||
- { type: host, database: all, user: all, address: '{{ keycloak_address_space }}', auth_method: md5 } | ||
|
||
ansible_vault_password: "{{ vault_ansible_vault_password }}" | ||
docker_hub_password: "{{ vault_docker_hub_password }}" | ||
jenkins_slave_jenkins_username: "{{ vault_jenkins_slave_jenkins_username }}" | ||
jenkins_slave_jenkins_password: "{{ vault_jenkins_slave_jenkins_password }}" | ||
ops_private_key: "{{ vault_ops_private_key }}" | ||
deployer_ssh_key: "{{ vault_deployer_ssh_key }}" | ||
proxy_prometheus_admin_creds: "{{ vault_proxy_prometheus_admin_creds }}" | ||
|
||
# ADDITIONAL CONFIGURATION | ||
backup_storage_name: "sunbirdbackupsdev" | ||
prometheus_storage_retention_time: 72h0m0s | ||
curl_host: dev.open-sunbird.org | ||
|
||
mail_server_host: smtp.sendgrid.net | ||
mail_server_port: 587 | ||
mail_server_username: [email protected] | ||
mail_server_password: "{{ vault_mail_server_password }}" | ||
|
||
logger_es_host: "{{ groups['dev-log-es'][0] }}" | ||
logger_es_port: 9200 | ||
|
||
kibana_oauth_redirect_url: https://dev.open-sunbird.org/oauth2/callback | ||
monitor_alerts_slack_channel: sunbird-dev-alert | ||
keycloak: True | ||
|
||
api__host: dev.open-sunbird.org | ||
|
||
proxy_replicas: 2 | ||
proxy_reservation_memory: 32M | ||
proxy_limit_memory: 128M | ||
kong_replicas: 3 | ||
kong_reservation_memory: 64M | ||
kong_limit_memory: 256M | ||
echo_service_replicas: 2 | ||
echo_service_reservation_memory: 8M | ||
echo_service_limit_memory: 16M | ||
adminutil_replicas: 2 | ||
adminutil_reservation_memory: 512M | ||
adminutil_limit_memory: 1024M | ||
|
||
actor_replicas: 2 | ||
actor_reservation_memory: 500M | ||
actor_limit_memory: 1024M | ||
|
||
learner_replicas: 2 | ||
learner_reservation_memory: 1500M | ||
learner_limit_memory: 1500M | ||
|
||
player_replicas: 2 | ||
player_reservation_memory: 256M | ||
player_limit_memory: 512M | ||
|
||
content_replicas: 2 | ||
content_reservation_memory: 64M | ||
content_limit_memory: 256M | ||
|
||
keycloak1_replicas: 1 | ||
keycloak1_reservation_memory: 768M | ||
keycloak1_limit_memory: 1024M | ||
|
||
keycloak2_replicas: 1 | ||
keycloak2_reservation_memory: 768M | ||
keycloak2_limit_memory: 1024M | ||
|
||
monitor_es_host: "{{ groups['es'][0] }}" | ||
alertmanager_host: "{{ groups['swarm-agent-for-alertmanager'][0] }}" | ||
prometheus_host: "{{ groups['swarm-agent-for-prometheus'][0] }}" | ||
|
||
swarm_load_balancer: 10.0.0.100 | ||
filebeat_logtsash_host: "{{ swarm_load_balancer }}" | ||
|
||
expected_minimum_logs_per_minute: 30 | ||
|
||
proxy_prometheus: true | ||
|
||
enable_scraping_docker_metrics: true | ||
enable_mongodb_availability_check: false | ||
|
||
postgres_exporter_postgres_port: 5432 | ||
postgres_exporter_user: postgres_exporter | ||
postgres_exporter_password: "{{ vault_postgres_exporter_password }}" | ||
sunbird_learner_service_base_url: https://dev.open-sunbird.org/api | ||
kong_admin_api_url: http://api-manager_kong:8001 | ||
|
||
postgresql_backup_azure_storage_account_name: "{{ backup_storage_name }}" | ||
postgresql_backup_azure_storage_access_key: "{{ backup_storage_key }}" | ||
postgresql_restore_azure_storage_account_name: "{{ backup_storage_name }}" | ||
postgresql_restore_azure_storage_access_key: "{{ backup_storage_key }}" | ||
|
||
grafana_url: https://dev.open-sunbird.org/grafana | ||
grafana_editor_username: editor | ||
|
||
app_alerts_mailing_list: "[email protected], [email protected], [email protected],{{devops_alerts_mailing_list}}" | ||
devops_alerts_mailing_list: "[email protected], [email protected], [email protected], [email protected], [email protected]" | ||
site_alerts_mailing_list: "[email protected], [email protected], [email protected], [email protected], {{devops_alerts_mailing_list}}" | ||
keycloak_alerts_mailing_list: "[email protected], [email protected], {{devops_alerts_mailing_list}}" | ||
api_manager_alerts_mailing_list: "[email protected], [email protected], {{devops_alerts_mailing_list}}" | ||
|
||
jenkins_url: http://10.20.0.4:8080/jenkins | ||
|
||
kibana_oauth_authenticated_email_domains: | ||
- ekstep.org | ||
- sahajsoft.com | ||
- ilimi.in | ||
- tarento.com | ||
|
||
kibana_oauth_authenticated_email_ids: | ||
- [email protected] | ||
- [email protected] | ||
- [email protected] | ||
- [email protected] | ||
|
||
monitor_alerts_mail_from_email: [email protected] | ||
monitor_alerts_mail_server_host: "{{ mail_server_host }}" | ||
monitor_alerts_mail_server_port: "{{ mail_server_port }}" | ||
monitor_alerts_mail_server_username: "{{ mail_server_username }}" | ||
monitor_alerts_mail_server_password: "{{ mail_server_password }}" | ||
env_short_name: dev | ||
|
||
# keycloak sms provider | ||
keycloak_build_src: "keycloak_build" | ||
keycloak_ver: "keycloak-3.2.0.Final" | ||
keycloak_sms_provider_build: "keycloak-email-phone-autthenticator-1.0-SNAPSHOT.jar" | ||
keycloak_sms_provider_templates_src: "templates.tar.gz" | ||
keycloak_sms_provider_templates_dest: "/opt/keycloak/themes/sunbird/login" | ||
keycloak_ekstep_sunbird_login_theme_file: "login.tar.gz" | ||
keycloak_ekstep_sunbird_login_theme_dest: "/opt/keycloak/themes/sunbird/login" | ||
keycloak_postgresql: "postgresql-9.4.1212.jar" |
Oops, something went wrong.