Skip to content

Commit

Permalink
Issue Sunbird-Lern#24 chore:Sunbird auth package build
Browse files Browse the repository at this point in the history
  • Loading branch information
ahghatol committed Dec 20, 2017
1 parent cb966cb commit e2c4211
Show file tree
Hide file tree
Showing 18 changed files with 3,046 additions and 22 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
es_heap_size: 1500m
es_etc_cluster_name: sunbird-dev
es_etc_discovery_zen_minimum_master_nodes: 2
es_snapshot_host: "{{ groups['es-backup'][0] }}"
es_restore_host: "{{ groups['es-backup'][0] }}"
snapshot_base_path: application
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Consumers to be on-boarded
kong_consumers:
- username: api-management-test-user
groups: "{{ kong_all_consumer_groups }}"
state: present
rate_limits: "{{ premium_consumer_rate_limits }}"
- username: sunbird-integrator-test-user
groups: "{{ integration_partner_groups }}"
state: present
credential_algorithm: "RS256"
credential_rsa_public_key: "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvknOmYAnTRS2BJCm0EXT\nqs3Zg3HPFyhwHIlWp2vwOo5rKLUBmNlSM91yy2vAr7A3wwg+HKe+k+b8XZEJAJyf\nlvtlbRkbuDNpxaqPVav6h7hfUT2RvJOIZn828JLtgYzsA92kD3Ef4YnQoX2FoNLn\noQL0B8WfHbVFkKTbSlz59MlEp74Wx39lTSXjFDYG0wrLiUMW7Eq8ECTEj9ombB+o\nVnBq0mgRNqywtxQlAiFFkuP2H7FATttcHi5PuF8vYMJtpj6PSHmdsMc++VdVE3Pw\n4rQ9s/WY2ThV80RecL5c7jSlfXTyLDTnR10ZNZnMCEzcZAKBSdiIlDmLoZ4852P6\ncwIDAQAB\n-----END PUBLIC KEY-----"
credential_iss: "sunbird-integrator-test.org"
- username: mobile_admin
groups: "{{ mobile_admin_groups }}"
print_credentials: true
state: present
- username: mobile_app
groups: "{{ mobile_app_groups }}"
state: present
- username: mobile_device
groups: "{{ mobile_device_groups }}"
state: present
- username: add-any-consumer-to-be-deleted
state: absent
- username: apekx-integrator-user
groups: "{{ integration_partner_groups }}"
state: absent
credential_algorithm: "RS256"
credential_rsa_public_key: "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7PtN8+rUo1VnB0BQzEgE\ntaYgYTFk5fnfLB6djy/O0IGx59msT1/V92OwCXFRtXZgCJ/9YIqwprPh/MYcdtAv\nd8Rh/OFQHndwf+yT+3vm2S834hWrgmTNE3fTpgmbbbwm41dJQ2Nv/++SrY6UN+lJ\ncuF8WbizUWZxXHe8HFyIoi52JnBBHpCunXVlMgZL9NT6/hoz8DNfehqpRswveuCF\niW66UVN3MBzBvHEv+gMFyG20UvijdY5vtGYWo30/ExeiDesdGy1JC0fHpjW3FJqE\nBu+Q7Cy1AGFa0ZexLFaLKPspKSLwR0mgkzxV+5x9bhygDC8uXEA3ImuqtkdIXTYw\nUQIDAQAB\n-----END PUBLIC KEY-----"
credential_iss: "apekx"
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
es_heap_size: 1500m
es_etc_cluster_name: sunbird-log-dev
es_snapshot_host: "{{ groups['log-es-backup'][0] }}"
es_restore_host: "{{ groups['log-es-backup'][0] }}"
snapshot_base_path: logger
es_host: "{{ groups['log-es'][0] }}"
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# postgresql_users should only be created in master and replicated to slave
postgresql_databases:
- name: "{{kong_postgres_database}}"
- name: "{{keycloak_postgres_database}}"
- name: "{{application_postgres_database}}"

postgresql_users:
- name: "{{ postgres_replication_user_name }}"
password: "{{ postgres_replication_user_password }}"
role_attr_flags: REPLICATION
- name: "{{ postgres_exporter_user }}"
password: "{{ postgres_exporter_password }}"
role_attr_flags: SUPERUSER
- name: "{{kong_postgres_user}}"
password: "{{kong_postgres_password}}"
db: "{{kong_postgres_database}}"
priv: "ALL"
- name: "{{keycloak_postgres_user}}"
password: "{{keycloak_postgres_password}}"
db: "{{keycloak_postgres_database}}"
priv: "ALL"
- name: "{{application_postgres_user}}"
password: "{{application_postgres_password}}"
db: "{{application_postgres_database}}"
priv: "ALL"
291 changes: 291 additions & 0 deletions keycloak/scripts/ansible/inventories/dev/group_vars/dev.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,291 @@
# ENVIRONMENT CONFIGURATION
env: dev #Name of the environment, e.g. dev, staging or production.
proxy_server_name: dev.open-sunbird.org #Domain on which the portal will be accessed. e.g. staging.{implementation-name}.org
proxy_site_key: "{{ vault_proxy_site_key }}" #SSL certificate's site.key file contents. More details in this wiki: https://github.com/project-sunbird/sunbird-commons/wiki/Updating-SSL-certificates-in-Sunbird-Proxy-service
proxy_site_crt: "{{ vault_proxy_site_crt }}" #SSL certificate's site.crt file contents. More details in this wiki: https://github.com/project-sunbird/sunbird-commons/wiki/Updating-SSL-certificates-in-Sunbird-Proxy-service


# DB CONFIGURATION

## Below passwords are used by DB install scripts when creating databases. Please use strong passwords.
application_postgres_password: "{{vault_application_postgres_password}}" #Password for Application database.
keycloak_postgres_password: "{{vault_keycloak_postgres_password}}" #Password for Keycloak (Authentication service) database.
kong_postgres_password: "{{ vault_kong_postgres_password }}" #Password for Kong (API Manager) database.

## Postgres configuration
swarm_address_space: 10.0.0.0/16 #Application server address space (e.g. 10.3.0.0/24), also the agentpublicSubnet if using Azure scripts provided
keycloak_address_space: 10.113.0.0/24
postgres_address_space: 10.10.0.0/24

## Cassandra configuration
cassandra_server_private_ip: 10.10.4.4 #Private IP of cassandra server
keystore_password: "{{vault_keystore_password}}" #Password to use for encrypting cassandra keystore. Use a strong password.
truststore_password: "{{vault_truststore_password}}" #Password to use for encrypting cassandra truststore. Use a strong password.

# APPLICATION CONFIGURATION

kong_host: api-manager_kong

## DB address
application_postgres_host: "{{ groups['postgresql-master'][0]}}" #Private IP of Postgres server
keycloak_postgres_host: "{{ groups['postgresql-master'][0]}}" #Private IP of Postgres server
kong_postgres_host: "{{ groups['postgresql-master'][0]}}" #Private IP of Postgres server
sunbird_mongo_ip: 10.10.2.5 #Private IP of Mongo DB server
sunbird_cassandra_host: 10.10.4.4 #Private IP of Cassandra server
sunbird_es_host: 10.10.3.7,10.10.3.8,10.10.3.6 #Private IP of Elastic Search server. If ES cluster has multiple nodes then add all nodes by separating them with comma. e.g. 10.2.0.1,10.2.0.2,10.2.0.3

## Application server configurations
sunbird_ekstep_api_base_url: https://qa.ekstep.in/api #API base URL of the Ekstep environment. Use `https://qa.ekstep.in/api` for non-prod deployments, and use `https://api.ekstep.in/` for prod deployment.
sunbird_ekstep_proxy_base_url: https://qa.ekstep.in #Base URL of the Ekstep environment. Use `https://qa.ekstep.in/` for non-prod deployments, and `https://community.ekstep.in/` for prod deployment.
sunbird_env: qa #Ekstep environment to connect to. Use `qa` for non-prod deployments, and `prod` for prod deployment.
sunbird_mail_server_host: "{{ mail_server_host }}" #SMTP server IP. Could be ignored if not mails are to be sent.
sunbird_mail_server_port: "{{ mail_server_port }}" #SMTP port. Could be ignored if not mails are to be sent.
sunbird_mail_server_username: "{{ mail_server_username }}" #SMTP username. Could be ignored if not mails are to be sent.
sunbird_mail_server_password: "{{ mail_server_password }}" #SMTP server pasword. Could be ignored if not mails are to be sent.
sunbird_mail_server_from_email: [email protected] #Email ID that should be as from address in mails

## Keycloak (auth server) login details
sunbird_sso_username: "{{ vault_sunbird_sso_username }}"
sunbird_sso_password: "{{ vault_sunbird_sso_password }}"
keycloak_admin_username: admin
keycloak_admin_initial_password: "{{ vault_keycloak_admin_password }}"
keycloak_tar_path: keycloak.tar.gz
keycloak_theme_path: artifacts/sunbird


## Content Repo configuration
sunbird_api_auth_token: "{{ vault_sunbird_api_auth_token }}" #Authorization key (JWT) to access Sunbird APIs. This will be in the output of deploy-apis.sh script, extracting it out is documented in the deployment wiki.
sunbird_ekstep_api_key: "{{ vault_sunbird_ekstep_api_key }}" #Authorization key (JWT) to access Ekstep APIs. Steps to generate this are documented on https://github.com/project-sunbird/sunbird-commons/wiki/Obtaining-API-token-for-accessing-ekstep-APIs
sunbird_trampoline_secret: "{{ vault_sunbird_trampoline_secret }}"

# ADVANCED CONFIGURATIONS

cassandra_listen_address: "{{ cassandra_server_private_ip }}"
cassandra_seeds: "{{ cassandra_server_private_ip }}"
cassandra_broadcast_rpc_address: "{{ cassandra_server_private_ip }}"
cassandra_broadcast_address: "{{ cassandra_server_private_ip }}"
cassandra_listen_interface: ''
cassandra_log_dir: '/var/log/cassandra'
cassandra_root_dir: '/etc/cassandra'
cassandra_version: '3.9'
cassandra_port: 9042
cassandra_rpc_address: 0.0.0.0
cassandra_restore_dir: /home/deployer/
cassandra_backup_azure_container_name: cassandra-backup
cassandra_backup_azure_storage_account_name: "{{ backup_storage_name }}"
cassandra_backup_azure_storage_access_key: "{{backup_storage_key}}"
cassandra_backup_dir: /data/cassandra/backup

keycloak_url: http://10.113.0.7

keycloak_auth_server_url: "https://{{ proxy_server_name }}/auth"
keycloak_realm: sunbird
sunbird_content_player_url: "https://{{ proxy_server_name }}/api/"
sunbird_learner_player_url: "https://{{ proxy_server_name }}/api/"
sunbird_sso_client_id: admin-cli
sunbird_mongo_port: 27017
sunbird_mongodb_port: 27017
sunbird_portal_realm: sunbird
sunbird_portal_auth_server_client: portal
sunbird_trampoline_client_id: trampoline
sunbird_appid: sunbird_portal
sunbird_default_tenant: sunbird
sunbird_echo_api_url: "https://{{ proxy_server_name }}/api/echo/"
sunbird_pg_host: "{{ application_postgres_host }}"
sunbird_pg_port: 5432
sunbird_pg_db: quartz
sunbird_pg_user: quartz
sunbird_pg_password: "{{ application_postgres_password }}"
sunbird_installation: sunbird
sunbird_account_name: sunbirddev
sunbird_account_key: "{{ vault_sunbird_account_key }}"
sunbird_sunbird_quartz_mode: cluster
sunbird_encryption_mode: local
sunbird_cassandra_urls: "{{ cassandra_server_private_ip }}:{{ cassandra_port }}"
sunbird_session_store_type: cassandra
sunbird_keycloak_client_id: 'portal'
sunbird_keycloak_public: true
sunbird_cache_store: "memory"
sunbird_cache_ttl: 1800
sunbird_portal_title_name: portal
sunbird_web_url: "https://{{ proxy_server_name }}"
sunbird_sso_publickey: "{{vault_sunbird_sso_publickey}}"
sunbird_azure_storage_account: "{{vault_sunbird_azure_storage_account}}"
sunbird_azure_storage_key: "{{vault_sunbird_azure_storage_key}}"
sunbird_container_name: portal
sunbird_cdn_url: https://dev-sunbird-temp.azureedge.net/{{sunbird_container_name}}
mongo_backup_dir: /home/deployer/mongo-backups
sunbird_background_actor_host: actor-service
sunbird_actor_system_name: BackGroundRemoteMiddlewareActorSystem
sunbird_app_url:
sunbird_fcm_account_key:
sunbird_env_logo_url:


#player_tenant_dir:
sunbird_dataservice_url: https://{{ proxy_server_name }}/api/
project: sunbird
application_postgres_database: quartz
application_postgres_user: quartz
keycloak_postgres_database: keycloak
keycloak_postgres_user: keycloak


## Cassandra download URI
cassandra_repo: 'deb http://www.apache.org/dist/cassandra/debian 39x main'
cassandra_repo_key: 'https://www.apache.org/dist/cassandra/KEYS'

#API Manager
kong_postgres_port: 5432
kong_postgres_user: api_manager_dev
kong_postgres_database: api_manager_dev

es_curl_host: 10.10.3.7

## Logging details
syslog:
host: 172.16.0.5
port: 51415

## PostgreSQL config
postgres_replication_user_name: replication
postgres_replication_user_password: "{{ vault_postgres_replication_user_password }}"

postgresql_hba_entries:
- { type: local, database: all, user: postgres, auth_method: peer }
- { type: local, database: all, user: all, auth_method: peer }
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
- { type: host, database: all, user: "{{ postgres_exporter_user }}", address: '{{ swarm_address_space }}', auth_method: md5 }
- { type: host, database: replication, user: "{{ postgres_replication_user_name }}", address: '{{ postgres_address_space }}', auth_method: md5 }
- { type: host, database: all, user: all, address: '{{ swarm_address_space }}', auth_method: md5 }
- { type: host, database: all, user: all, address: '{{ keycloak_address_space }}', auth_method: md5 }

ansible_vault_password: "{{ vault_ansible_vault_password }}"
docker_hub_password: "{{ vault_docker_hub_password }}"
jenkins_slave_jenkins_username: "{{ vault_jenkins_slave_jenkins_username }}"
jenkins_slave_jenkins_password: "{{ vault_jenkins_slave_jenkins_password }}"
ops_private_key: "{{ vault_ops_private_key }}"
deployer_ssh_key: "{{ vault_deployer_ssh_key }}"
proxy_prometheus_admin_creds: "{{ vault_proxy_prometheus_admin_creds }}"

# ADDITIONAL CONFIGURATION
backup_storage_name: "sunbirdbackupsdev"
prometheus_storage_retention_time: 72h0m0s
curl_host: dev.open-sunbird.org

mail_server_host: smtp.sendgrid.net
mail_server_port: 587
mail_server_username: [email protected]
mail_server_password: "{{ vault_mail_server_password }}"

logger_es_host: "{{ groups['dev-log-es'][0] }}"
logger_es_port: 9200

kibana_oauth_redirect_url: https://dev.open-sunbird.org/oauth2/callback
monitor_alerts_slack_channel: sunbird-dev-alert
keycloak: True

api__host: dev.open-sunbird.org

proxy_replicas: 2
proxy_reservation_memory: 32M
proxy_limit_memory: 128M
kong_replicas: 3
kong_reservation_memory: 64M
kong_limit_memory: 256M
echo_service_replicas: 2
echo_service_reservation_memory: 8M
echo_service_limit_memory: 16M
adminutil_replicas: 2
adminutil_reservation_memory: 512M
adminutil_limit_memory: 1024M

actor_replicas: 2
actor_reservation_memory: 500M
actor_limit_memory: 1024M

learner_replicas: 2
learner_reservation_memory: 1500M
learner_limit_memory: 1500M

player_replicas: 2
player_reservation_memory: 256M
player_limit_memory: 512M

content_replicas: 2
content_reservation_memory: 64M
content_limit_memory: 256M

keycloak1_replicas: 1
keycloak1_reservation_memory: 768M
keycloak1_limit_memory: 1024M

keycloak2_replicas: 1
keycloak2_reservation_memory: 768M
keycloak2_limit_memory: 1024M

monitor_es_host: "{{ groups['es'][0] }}"
alertmanager_host: "{{ groups['swarm-agent-for-alertmanager'][0] }}"
prometheus_host: "{{ groups['swarm-agent-for-prometheus'][0] }}"

swarm_load_balancer: 10.0.0.100
filebeat_logtsash_host: "{{ swarm_load_balancer }}"

expected_minimum_logs_per_minute: 30

proxy_prometheus: true

enable_scraping_docker_metrics: true
enable_mongodb_availability_check: false

postgres_exporter_postgres_port: 5432
postgres_exporter_user: postgres_exporter
postgres_exporter_password: "{{ vault_postgres_exporter_password }}"
sunbird_learner_service_base_url: https://dev.open-sunbird.org/api
kong_admin_api_url: http://api-manager_kong:8001

postgresql_backup_azure_storage_account_name: "{{ backup_storage_name }}"
postgresql_backup_azure_storage_access_key: "{{ backup_storage_key }}"
postgresql_restore_azure_storage_account_name: "{{ backup_storage_name }}"
postgresql_restore_azure_storage_access_key: "{{ backup_storage_key }}"

grafana_url: https://dev.open-sunbird.org/grafana
grafana_editor_username: editor

app_alerts_mailing_list: "[email protected], [email protected], [email protected],{{devops_alerts_mailing_list}}"
devops_alerts_mailing_list: "[email protected], [email protected], [email protected], [email protected], [email protected]"
site_alerts_mailing_list: "[email protected], [email protected], [email protected], [email protected], {{devops_alerts_mailing_list}}"
keycloak_alerts_mailing_list: "[email protected], [email protected], {{devops_alerts_mailing_list}}"
api_manager_alerts_mailing_list: "[email protected], [email protected], {{devops_alerts_mailing_list}}"

jenkins_url: http://10.20.0.4:8080/jenkins

kibana_oauth_authenticated_email_domains:
- ekstep.org
- sahajsoft.com
- ilimi.in
- tarento.com

kibana_oauth_authenticated_email_ids:
- [email protected]
- [email protected]
- [email protected]
- [email protected]

monitor_alerts_mail_from_email: [email protected]
monitor_alerts_mail_server_host: "{{ mail_server_host }}"
monitor_alerts_mail_server_port: "{{ mail_server_port }}"
monitor_alerts_mail_server_username: "{{ mail_server_username }}"
monitor_alerts_mail_server_password: "{{ mail_server_password }}"
env_short_name: dev

# keycloak sms provider
keycloak_build_src: "keycloak_build"
keycloak_ver: "keycloak-3.2.0.Final"
keycloak_sms_provider_build: "keycloak-email-phone-autthenticator-1.0-SNAPSHOT.jar"
keycloak_sms_provider_templates_src: "templates.tar.gz"
keycloak_sms_provider_templates_dest: "/opt/keycloak/themes/sunbird/login"
keycloak_ekstep_sunbird_login_theme_file: "login.tar.gz"
keycloak_ekstep_sunbird_login_theme_dest: "/opt/keycloak/themes/sunbird/login"
keycloak_postgresql: "postgresql-9.4.1212.jar"
Loading

0 comments on commit e2c4211

Please sign in to comment.