From c69b192c41c22e918d40c25de34cf56288f8c5d8 Mon Sep 17 00:00:00 2001
From: dcore94 <m.lettere@gmail.com>
Date: Tue, 23 Feb 2021 09:42:26 +0100
Subject: [PATCH] separated sites, added local auth for UI

---
 roles/common/defaults/main.yaml               |  2 +-
 roles/conductor/tasks/main.yaml               |  5 ++
 roles/conductor/templates/auth.cfg.j2         | 23 +++++++++
 .../templates/conductor-swarm.yaml.j2         |  6 +++
 roles/databases/defaults/main.yaml            |  8 ---
 roles/postgres/defaults/main.yml              |  8 +--
 site-dev.yaml                                 | 50 +++++++++++++++++++
 site-pre.yaml                                 | 44 ++++++++++++++++
 8 files changed, 133 insertions(+), 13 deletions(-)
 create mode 100644 roles/conductor/templates/auth.cfg.j2
 create mode 100644 site-dev.yaml
 create mode 100644 site-pre.yaml

diff --git a/roles/common/defaults/main.yaml b/roles/common/defaults/main.yaml
index ab0a403..e25f3ef 100644
--- a/roles/common/defaults/main.yaml
+++ b/roles/common/defaults/main.yaml
@@ -1,5 +1,5 @@
 ---
-target_path: /tmp/conductor_stack
+target_path: "/tmp/conductor_stack"
 conductor_network: conductor-network
 conductor_db: postgres
 init_db: True
diff --git a/roles/conductor/tasks/main.yaml b/roles/conductor/tasks/main.yaml
index 961eb69..3e42e03 100644
--- a/roles/conductor/tasks/main.yaml
+++ b/roles/conductor/tasks/main.yaml
@@ -4,6 +4,11 @@
     src: templates/conductor-swarm.yaml.j2
     dest: "{{ target_path }}/conductor-swarm.yaml"
 
+- name: Generate auth config
+  template:
+    src: templates/auth.cfg.j2
+    dest: "{{ target_path }}/auth.cfg"
+
 - name: Generate conductor config from dynomite seeds
   when: conductor_db is defined and conductor_db == 'dynomite'
   vars:
diff --git a/roles/conductor/templates/auth.cfg.j2 b/roles/conductor/templates/auth.cfg.j2
new file mode 100644
index 0000000..92470b9
--- /dev/null
+++ b/roles/conductor/templates/auth.cfg.j2
@@ -0,0 +1,23 @@
+{
+ "strategy": "local",
+ "strategySettings":{
+   "users": {
+     "admin": {
+       "hash": "098039dd5e84e486f83eadefc31ce038ccc90d6d62323528181049371c9460b4",
+       "salt": "salt",
+       "displayName": "Admin",
+       "email": "marco.lettere@nubisware.com",
+       "roles": [ "admin", "viewer" ]
+     }
+   }
+ },
+ "audit": true,
+ "acl": [
+   "POST /(.*)                         admin",
+   "PUT /(.*)                          admin",
+   "DELETE /(.*)                       admin",
+   "GET /api/(.*)                      viewer",
+   "GET /(.*)                          *"
+ ]
+}
+
diff --git a/roles/conductor/templates/conductor-swarm.yaml.j2 b/roles/conductor/templates/conductor-swarm.yaml.j2
index 48db361..ef465ab 100644
--- a/roles/conductor/templates/conductor-swarm.yaml.j2
+++ b/roles/conductor/templates/conductor-swarm.yaml.j2
@@ -39,6 +39,7 @@ services:
   conductor-ui:
     environment:
       - WF_SERVER=http://conductor-server:8080/api/
+      - AUTH_CONFIG_PATH=/app/config/auth.config
     image: nubisware/conductor-ui
     networks:
       - {{ conductor_network }}
@@ -49,6 +50,9 @@ services:
     ports:
       - "5000:5000"
 {% endif %}
+    configs:
+      - source: auth-config
+        target: /app/config/auth.config
     deploy:
       mode: replicated
       replicas: {{ conductor_replicas }}
@@ -73,3 +77,5 @@ networks:
 configs:
    swarm-config:
      file: ./{{ conductor_config }}
+   auth-config:
+     file: ./auth.cfg
diff --git a/roles/databases/defaults/main.yaml b/roles/databases/defaults/main.yaml
index 03d570c..93ae5fc 100644
--- a/roles/databases/defaults/main.yaml
+++ b/roles/databases/defaults/main.yaml
@@ -9,14 +9,6 @@ postgres_jdbc_pass: password
 postgres_jdbc_db: conductor
 postgres_jdbc_url: jdbc:postgresql://{{ postgres_service_name }}:5432/{{ mysql_jdbc_db }}
 
-postgres_host_name: 'postgresql-srv.d4science.org'
-postgres_replicas: 1
-postgres_conductor_db: postgres
-postgres_jdbc_user: conductor_u
-postgres_jdbc_pass: c36dda661add7c2b5093087ddb655992 
-postgres_jdbc_db: conductor
-postgres_jdbc_url: jdbc:postgresql://{{ postgres_service_name }}:5432/{{ mysql_jdbc_db }}
-
 mysql_image_name: 'mariadb'
 mysql_service_name: 'mysqldb'
 mysql_replicas: 1
diff --git a/roles/postgres/defaults/main.yml b/roles/postgres/defaults/main.yml
index afe7850..c90ac1a 100644
--- a/roles/postgres/defaults/main.yml
+++ b/roles/postgres/defaults/main.yml
@@ -3,7 +3,7 @@ use_jdbc: True
 postgres_service_name: 'postgresdb'
 postgres_replicas: 1
 conductor_db: postgres 
-jdbc_user: conductor
-jdbc_pass: password
-jdbc_db: conductor
-jdbc_url: jdbc:postgresql://{{ postgres_service_name }}:5432/{{ postgres_jdbc_db }}
+postgres_jdbc_user: conductor
+postgres_jdbc_pass: password
+postgres_jdbc_db: conductor
+postgres_jdbc_url: jdbc:postgresql://{{ postgres_service_name }}:5432/{{ postgres_jdbc_db }}
diff --git a/site-dev.yaml b/site-dev.yaml
new file mode 100644
index 0000000..6390d32
--- /dev/null
+++ b/site-dev.yaml
@@ -0,0 +1,50 @@
+---
+- hosts: dev_infra 
+  vars:
+    cluster_check: true 
+    infrastructure: dev
+    conductor_workers_server: http://conductor-server:8080/api 
+  roles:
+    - common
+    - databases   
+    - conductor
+    - workers
+    - cluster-replacement
+  tasks:
+    - name: Start {{ db|default('postgres', true) }} and es
+      docker_stack:
+        name: 'conductor-{{ infrastructure }}'
+        state: present
+        compose:
+          - "{{ target_path }}/{{ db|default('postgres', true) }}-swarm.yaml"
+          - "{{ target_path }}/elasticsearch-swarm.yaml"
+      when: dry is not defined or not dry|bool
+
+    - name: Waiting for databases
+      pause:
+        seconds: 20 
+      when: dry is not defined or not dry|bool
+
+    - name: Start conductor
+      docker_stack:
+        name: "conductor-{{ infrastructure }}"
+        state: present
+        compose:
+          - "{{ target_path }}/conductor-swarm.yaml"
+      when: dry is not defined or not dry|bool
+   
+    - name: Start haproxy
+      docker_stack:
+        name: 'conductor-{{ infrastructure }}'
+        state: present
+        compose:
+          - "{{ target_path }}/haproxy-swarm.yaml"
+      when: dry is not defined or not dry|bool
+
+    - name: Start workers
+      docker_stack:
+        name: "conductor-{{ infrastructure }}"
+        state: present
+        compose:
+          - "{{ target_path }}/conductor-workers-swarm.yaml"
+      when: dry is not defined or not dry|bool
diff --git a/site-pre.yaml b/site-pre.yaml
new file mode 100644
index 0000000..b2a52bf
--- /dev/null
+++ b/site-pre.yaml
@@ -0,0 +1,44 @@
+---
+- hosts: pre_infra 
+  vars_files:
+    - roles/external-postgres/defaults/vault_main.yaml
+  vars:
+    cluster_check: true 
+    infrastructure: pre
+    conductor_workers_server: http://conductor-server:8080/api 
+  roles:
+    - common
+    - databases 
+    - cluster-replacement
+    - conductor
+    - workers
+  tasks:
+    - name: Start {{ db|default('postgres', true) }} and es
+      docker_stack:
+        name: 'conductor-{{ infrastructure }}'
+        state: present
+        compose:
+          - "{{ target_path }}/{{ db|default('postgres', true) }}-swarm.yaml"
+          - "{{ target_path }}/elasticsearch-swarm.yaml"
+      when: dry is not defined or not dry|bool
+
+    - name: Waiting for databases
+      pause:
+        seconds: 20
+      when: dry is not defined or not dry|bool
+
+    - name: Start conductor
+      docker_stack:
+        name: "conductor-{{ infrastructure }}"
+        state: present
+        compose:
+          - "{{ target_path }}/conductor-swarm.yaml"
+      when: dry is not defined or not dry|bool
+    
+    - name: Start workers
+      docker_stack:
+        name: "conductor-{{ infrastructure }}"
+        state: present
+        compose:
+          - "{{ target_path }}/conductor-workers-swarm.yaml"
+      when: dry is not defined or not dry|bool