separated sites, added local auth for UI

roles/common/defaults/main.yaml

@@ -1,5 +1,5 @@
 ---
-target_path: /tmp/conductor_stack
+target_path: "/tmp/conductor_stack"
 conductor_network: conductor-network
 conductor_db: postgres
 init_db: True

roles/conductor/tasks/main.yaml

@@ -4,6 +4,11 @@
     src: templates/conductor-swarm.yaml.j2
     dest: "{{ target_path }}/conductor-swarm.yaml"
 
+- name: Generate auth config
+  template:
+    src: templates/auth.cfg.j2
+    dest: "{{ target_path }}/auth.cfg"
+
 - name: Generate conductor config from dynomite seeds
   when: conductor_db is defined and conductor_db == 'dynomite'
   vars:

roles/conductor/templates/auth.cfg.j2

@@ -0,0 +1,23 @@
+{
+ "strategy": "local",
+ "strategySettings":{
+   "users": {
+     "admin": {
+       "hash": "098039dd5e84e486f83eadefc31ce038ccc90d6d62323528181049371c9460b4",
+       "salt": "salt",
+       "displayName": "Admin",
+       "email": "marco.lettere@nubisware.com",
+       "roles": [ "admin", "viewer" ]
+     }
+   }
+ },
+ "audit": true,
+ "acl": [
+   "POST /(.*)                         admin",
+   "PUT /(.*)                          admin",
+   "DELETE /(.*)                       admin",
+   "GET /api/(.*)                      viewer",
+   "GET /(.*)                          *"
+ ]
+}
+

roles/conductor/templates/conductor-swarm.yaml.j2

@@ -39,6 +39,7 @@ services:
   conductor-ui:
     environment:
       - WF_SERVER=http://conductor-server:8080/api/
+      - AUTH_CONFIG_PATH=/app/config/auth.config
     image: nubisware/conductor-ui
     networks:
       - {{ conductor_network }}
@@ -49,6 +50,9 @@ services:
     ports:
       - "5000:5000"
 {% endif %}
+    configs:
+      - source: auth-config
+        target: /app/config/auth.config
     deploy:
       mode: replicated
       replicas: {{ conductor_replicas }}
@@ -73,3 +77,5 @@ networks:
 configs:
    swarm-config:
      file: ./{{ conductor_config }}
+   auth-config:
+     file: ./auth.cfg

roles/databases/defaults/main.yaml

@@ -9,14 +9,6 @@ postgres_jdbc_pass: password
 postgres_jdbc_db: conductor
 postgres_jdbc_url: jdbc:postgresql://{{ postgres_service_name }}:5432/{{ mysql_jdbc_db }}
 
-postgres_host_name: 'postgresql-srv.d4science.org'
-postgres_replicas: 1
-postgres_conductor_db: postgres
-postgres_jdbc_user: conductor_u
-postgres_jdbc_pass: c36dda661add7c2b5093087ddb655992 
-postgres_jdbc_db: conductor
-postgres_jdbc_url: jdbc:postgresql://{{ postgres_service_name }}:5432/{{ mysql_jdbc_db }}
-
 mysql_image_name: 'mariadb'
 mysql_service_name: 'mysqldb'
 mysql_replicas: 1

roles/postgres/defaults/main.yml

@@ -3,7 +3,7 @@ use_jdbc: True
 postgres_service_name: 'postgresdb'
 postgres_replicas: 1
 conductor_db: postgres 
-jdbc_user: conductor
-jdbc_pass: password
-jdbc_db: conductor
-jdbc_url: jdbc:postgresql://{{ postgres_service_name }}:5432/{{ postgres_jdbc_db }}
+postgres_jdbc_user: conductor
+postgres_jdbc_pass: password
+postgres_jdbc_db: conductor
+postgres_jdbc_url: jdbc:postgresql://{{ postgres_service_name }}:5432/{{ postgres_jdbc_db }}

site-dev.yaml

@@ -0,0 +1,50 @@
+---
+- hosts: dev_infra 
+  vars:
+    cluster_check: true 
+    infrastructure: dev
+    conductor_workers_server: http://conductor-server:8080/api 
+  roles:
+    - common
+    - databases   
+    - conductor
+    - workers
+    - cluster-replacement
+  tasks:
+    - name: Start {{ db|default('postgres', true) }} and es
+      docker_stack:
+        name: 'conductor-{{ infrastructure }}'
+        state: present
+        compose:
+          - "{{ target_path }}/{{ db|default('postgres', true) }}-swarm.yaml"
+          - "{{ target_path }}/elasticsearch-swarm.yaml"
+      when: dry is not defined or not dry|bool
+
+    - name: Waiting for databases
+      pause:
+        seconds: 20 
+      when: dry is not defined or not dry|bool
+
+    - name: Start conductor
+      docker_stack:
+        name: "conductor-{{ infrastructure }}"
+        state: present
+        compose:
+          - "{{ target_path }}/conductor-swarm.yaml"
+      when: dry is not defined or not dry|bool
+   
+    - name: Start haproxy
+      docker_stack:
+        name: 'conductor-{{ infrastructure }}'
+        state: present
+        compose:
+          - "{{ target_path }}/haproxy-swarm.yaml"
+      when: dry is not defined or not dry|bool
+
+    - name: Start workers
+      docker_stack:
+        name: "conductor-{{ infrastructure }}"
+        state: present
+        compose:
+          - "{{ target_path }}/conductor-workers-swarm.yaml"
+      when: dry is not defined or not dry|bool

site-pre.yaml

@@ -0,0 +1,44 @@
+---
+- hosts: pre_infra 
+  vars_files:
+    - roles/external-postgres/defaults/vault_main.yaml
+  vars:
+    cluster_check: true 
+    infrastructure: pre
+    conductor_workers_server: http://conductor-server:8080/api 
+  roles:
+    - common
+    - databases 
+    - cluster-replacement
+    - conductor
+    - workers
+  tasks:
+    - name: Start {{ db|default('postgres', true) }} and es
+      docker_stack:
+        name: 'conductor-{{ infrastructure }}'
+        state: present
+        compose:
+          - "{{ target_path }}/{{ db|default('postgres', true) }}-swarm.yaml"
+          - "{{ target_path }}/elasticsearch-swarm.yaml"
+      when: dry is not defined or not dry|bool
+
+    - name: Waiting for databases
+      pause:
+        seconds: 20
+      when: dry is not defined or not dry|bool
+
+    - name: Start conductor
+      docker_stack:
+        name: "conductor-{{ infrastructure }}"
+        state: present
+        compose:
+          - "{{ target_path }}/conductor-swarm.yaml"
+      when: dry is not defined or not dry|bool
+    
+    - name: Start workers
+      docker_stack:
+        name: "conductor-{{ infrastructure }}"
+        state: present
+        compose:
+          - "{{ target_path }}/conductor-workers-swarm.yaml"
+      when: dry is not defined or not dry|bool