Add local preconditions and Vagrantfile
This commit adds a role to ensure local preconditions (i.e. mkcert) and a Vagrantfile to test the ansible playbook in a local virtual machine.pull/1/head
parent
bfa60b9288
commit
5daa87ca90
@ -1 +1,2 @@
|
||||
/.idea/
|
||||
/.vagrant/
|
||||
|
||||
@ -0,0 +1,28 @@
|
||||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
Vagrant.configure("2") do |config|
|
||||
config.vm.box = "generic/debian11"
|
||||
|
||||
config.vm.define "oidcbox"
|
||||
|
||||
config.vm.network "forwarded_port", guest: 4444, host: 4444, host_ip: "127.0.0.1"
|
||||
config.vm.network "forwarded_port", guest: 3000, host: 3000, host_ip: "127.0.0.1"
|
||||
config.vm.network "forwarded_port", guest: 4000, host: 4000, host_ip: "127.0.0.1"
|
||||
config.vm.network "forwarded_port", guest: 5000, host: 5000, host_ip: "127.0.0.1"
|
||||
|
||||
config.vm.provider "libvirt" do |lv|
|
||||
lv.memory = "2048"
|
||||
lv.cpus = 2
|
||||
lv.machine_virtual_size = 10
|
||||
end
|
||||
config.vm.provision "ansible" do |ansible|
|
||||
ansible.playbook = "deployment/01_install_cacert_oidc.yml"
|
||||
ansible.verbose = true
|
||||
ansible.groups = {
|
||||
"pgsqlserver" => ["oidcbox"],
|
||||
"authserver" => ["oidcbox"],
|
||||
"demoserver" => ["oidcbox"]
|
||||
}
|
||||
end
|
||||
end
|
||||
@ -1,15 +1,29 @@
|
||||
---
|
||||
- name: Install development tools
|
||||
hosts: all
|
||||
become: false
|
||||
|
||||
roles:
|
||||
- prepare_devtools
|
||||
|
||||
- name: Setup database
|
||||
hosts: pgsqlserver
|
||||
become: true
|
||||
|
||||
pre_tasks:
|
||||
|
||||
- name: Install python3-psycopg2
|
||||
- name: Install package python3-psycopg2
|
||||
ansible.builtin.package:
|
||||
name: python3-psycopg2
|
||||
state: present
|
||||
|
||||
# The ACL package is required to run commands as the postgres user
|
||||
# See https://docs.ansible.com/ansible-core/2.12/user_guide/become.html#risks-of-becoming-an-unprivileged-user
|
||||
- name: Install package acl
|
||||
ansible.builtin.package:
|
||||
name: acl
|
||||
state: present
|
||||
|
||||
roles:
|
||||
- hydra_database
|
||||
|
||||
@ -0,0 +1,31 @@
|
||||
---
|
||||
# this is for a localhost deployment, database passwords for public servers
|
||||
# must be different random values encrypted via ansible-vault
|
||||
hydra_db_password: hydra
|
||||
hydra_db_host: localhost
|
||||
hydra_db_port: 5432
|
||||
hydra_tls:
|
||||
cert: "{{ hydra_home }}/etc/hydra.cacert.localhost+1.pem"
|
||||
key: "{{ hydra_home }}/etc/hydra.cacert.localhost+1-key.pem"
|
||||
# this is for a localhost deployment, secrets for public servers must be
|
||||
# different random values encrypted via ansible-vault
|
||||
hydra_system_secret: "AczA+NZ25Ye9eAreglv5bo9XcND6uwBQHVUYCvPfwXo="
|
||||
|
||||
oidc_urls:
|
||||
hydra_admin:
|
||||
host: hydra.cacert.localhost
|
||||
port: 4445
|
||||
hydra_public:
|
||||
host: auth.cacert.localhost
|
||||
port: 4444
|
||||
idp:
|
||||
host: login.cacert.localhost
|
||||
port: 3000
|
||||
demoapp:
|
||||
host: app.cacert.localhost
|
||||
port: 4000
|
||||
register:
|
||||
host: register.cacert.localhost
|
||||
port: 5000
|
||||
|
||||
use_mkcert: true
|
||||
@ -0,0 +1,14 @@
|
||||
Role Name
|
||||
=========
|
||||
|
||||
Prepare development tools for the CAcert OIDC setup.
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
GPL-2.0-or-later
|
||||
|
||||
Author Information
|
||||
------------------
|
||||
|
||||
Jan Dittberner <jandd@cacert.org>
|
||||
@ -0,0 +1,3 @@
|
||||
---
|
||||
mkcert_version: v1.4.4
|
||||
mkcert_checksum: 6d31c65b03972c6dc4a14ab429f2928300518b26503f58723e532d1b0a3bbb52
|
||||
@ -0,0 +1,19 @@
|
||||
---
|
||||
galaxy_info:
|
||||
author: Jan Dittberner
|
||||
description: Prepare development tools for the CAcert OIDC setup.
|
||||
company: CAcert
|
||||
|
||||
license: GPL-2.0-or-later
|
||||
|
||||
min_ansible_version: 2.1
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- bullseye
|
||||
- bookworm
|
||||
|
||||
galaxy_tags: []
|
||||
|
||||
dependencies: []
|
||||
@ -0,0 +1,28 @@
|
||||
---
|
||||
- name: Create .local/bin for ansible user
|
||||
ansible.builtin.file:
|
||||
path: "/home/{{ ansible_user | default(ansible_env.USER) }}/.local/bin"
|
||||
state: directory
|
||||
owner: "{{ ansible_user | default(ansible_env.USER) }}"
|
||||
group: "{{ ansible_user | default(ansible_env.USER) }}"
|
||||
mode: "0750"
|
||||
|
||||
- name: Prepare mkcert
|
||||
block:
|
||||
|
||||
- name: Download mkcert binary
|
||||
ansible.builtin.get_url:
|
||||
url: "https://github.com/FiloSottile/mkcert/releases/download/{{ mkcert_version }}/mkcert-{{ mkcert_version }}-linux-amd64"
|
||||
dest: "/home/{{ ansible_user | default(ansible_env.USER) }}/.local/bin/mkcert"
|
||||
checksum: "sha256:{{ mkcert_checksum }}"
|
||||
owner: "{{ ansible_user | default(ansible_env.USER) }}"
|
||||
group: "{{ ansible_user | default(ansible_env.USER) }}"
|
||||
mode: "0750"
|
||||
|
||||
- name: Install mkcert CA
|
||||
ansible.builtin.command:
|
||||
cmd: "/home/{{ ansible_user | default(ansible_env.USER) }}/.local/bin/mkcert -install"
|
||||
changed_when: false
|
||||
|
||||
when: use_mkcert
|
||||
become: false
|
||||
Loading…
Reference in New Issue