Add a new tag, and a new service option.

This commit is contained in:
Andrea Dell'Amico 2022-04-29 13:41:53 +02:00
parent 4d41b2be7a
commit 8ce75ca8dc
Signed by: andrea.dellamico
GPG Key ID: 147ABE6CEB9E20FF
3 changed files with 16 additions and 10 deletions

View File

@ -11,13 +11,13 @@ inception_project_service_volume: '/srv/inception_project_data'
inception_project_service_port: 8080
# IMPORTANT. Set it to True for the server that is going to host the DB
inception_project_service_constraints: 'node.labels.service_data==inception_project'
#inception_project_behind_haproxy: False
# inception_project_behind_haproxy: False
inception_project_haproxy_public_net: 'haproxy-public'
# Settings
inception_project_server_port: 8080
inception_project_server_address: '0.0.0.0'
inception_project_server_endpoint: 'inception.localdomain'
inception_project_server_behind_reverse_proxy: True
inception_project_server_behind_reverse_proxy: true
inception_project_backup_interval: 300
inception_project_backup_keep_number: 10
inception_project_debug_enabled: 'false'
@ -29,12 +29,12 @@ inception_pep: True
inception_project_pep_allow_iframe: True
inception_authz_audience_name: inception
keycloak_auth_server: https://localhost
#keycloak_auth_credentials_prod: 'use a vault file'
# keycloak_auth_credentials_prod: 'use a vault file'
# Choices: preauth, database
inception_project_server_auth_mode: 'database'
inception_project_server_preauth_header: 'remote_user'
inception_project_server_preauth_default_roles: ''
inception_project_server_set_preauth_logout_url: False
inception_project_server_set_preauth_logout_url: false
inception_project_server_preauth_logout_url: ""
inception_project_server_preauth_users_roles: []
# - { username: 'user', roles: 'ROLE_PROJECT_CREATOR,ROLE_ADMIN' }
@ -46,7 +46,7 @@ inception_project_db_host: 'mysql-server'
inception_project_db_port: 3306
inception_project_db_name: 'inception'
inception_project_db_user: 'inception_user'
#inception_project_db_pwd: 'set it in a vault file'
# inception_project_db_pwd: 'set it in a vault file'
inception_project_db_volume: 'inception_db_data'
inception_project_db_constraints: 'node.labels.mysql_data==inception_project'
@ -69,10 +69,12 @@ inception_project_settings:
- 'websocket.enabled={{ inception_project_websockets_enabled }}'
- 'websocket.loggedevent.enabled={{ inception_project_websockets_loggedevent_enabled }}'
inception_project_additional_settings: []
pep_port: 80
pep_replicas: 1
# hostnames to be used as vhosts
#pep_credentials: in vault
nginx_pep_debug_enabled: False
# pep_credentials: in vault
nginx_pep_debug_enabled: false
nginx_pep_max_body_size: 500M
nginx_pep_body_timeout: 60s

View File

@ -11,7 +11,7 @@
template: src=settings.properties.j2 dest={{ inception_project_service_volume }}/settings.properties owner=root group=root mode='0444'
when: inception_project_docker_data_node == ansible_fqdn
tags: [ 'inception_project', 'inception_project_swarm' ]
tags: ['inception_project', 'inception_project_swarm', 'inception_project_service']
- name: Manage the installation of the Inception project Docker stack
block:
@ -45,4 +45,4 @@
run_once: True
when: docker_swarm_manager_main_node is defined and docker_swarm_manager_main_node | bool
tags: [ 'inception_project', 'inception_project_swarm' ]
tags: ['inception_project', 'inception_project_swarm', 'inception_project_service']

View File

@ -12,14 +12,18 @@ auth.preauth.newuser.roles={{ inception_project_server_preauth_default_roles }}
auth.user.{{ user_role.username }}.roles={{ user_role.roles }}
{% endfor %}
{% endif %}
{% for additional_setting in inception_project_additional_settings %}
{{ setting }}
{% endfor %}
{% if inception_project_disable_crsf %}
wicket.core.csrf.enabled=false
wicket.core.csrf.no-origin-action=allow
wicket.core.csrf.conflicting-origin-action=allow
{% endif %}
{% if inception_project_server_behind_reverse_proxy %}
#server.tomcat.internal-proxies=127\.0\.[0-1]\.1
# server.tomcat.internal-proxies=127\.0\.[0-1]\.1
server.tomcat.remote-ip-header=x-forwarded-for
server.forward-headers-strategy=NATIVE
server.tomcat.accesslog.request-attributes-enabled=true
server.tomcat.protocol-header=x-forwarded-proto
server.tomcat.protocol-header-https-value=https