Changes for 10/2022 training, inc. new db to use with SqlProvisioner

satkinson · Nov 18, 2022 · 921f2bcb0c35d6efd48be2e20a07995fc0883b09 · 921f2bc
1 parent 4c6b288
commit 921f2bcb0c35d6efd48be2e20a07995fc0883b09
Showing 4 changed files with 57 additions and 15 deletions.
diff --git a/group_vars/all.yml b/group_vars/all.yml
@@ -5,12 +5,11 @@
 # ansible-vault encrypt_string 'THE_PASSWORD' --name 'comanage_training_password'
 comanage_training_password: !vault |
           $ANSIBLE_VAULT;1.1;AES256
-          61306235363765346134666663666361336539313437306464623534376165633934626332623336
-          3034373766656465373331323935313765333962623563350a346162663436353431303739366664
-          64373237393736616261616337613032346534326331643462613039326639366462363064373032
-          3966323665313962330a383530633865653966633631646139393063346665663461323034626634
-          3831
-
+          33656532333833346137383432643930376166373039366632303164613038646635383364346266
+          3737363632373433383430356437613733343563363432630a626466313462343332666339313233
+          38366534333864393531663137393832613261333534346666373161646436636430623964303562
+          3162306437373561350a353630653032366262306237386561313366383335626435626264373531
+          6530
 # It should not be necessary to change the password salt.
 comanage_training_password_salt: !vault |
           $ANSIBLE_VAULT;1.1;AES256
@@ -50,15 +49,15 @@ vpc_availability_zone:
 
 ssh_bastion_instance_type: t2.nano
 # Most current Debian AMD x86_64, see https://wiki.debian.org/Cloud/AmazonEC2Image/
-ssh_bastion_ami_id: ami-01b290b93957fd408
+ssh_bastion_ami_id: ami-066ac52b0a91f4138
 ssh_bastion_user: admin
 ssh_bastion_device_name: /dev/xvda
 ssh_bastion_volume_type: gp2
 ssh_bastion_volume_size: 10
 
 idp_node_instance_type: t2.small
 # Most current Debian AMD x86_64, see https://wiki.debian.org/Cloud/AmazonEC2Image/
-idp_node_ami_id: ami-01b290b93957fd408
+idp_node_ami_id: ami-066ac52b0a91f4138
 idp_node_user: admin
 idp_node_device_name: /dev/xvda
 idp_node_volume_type: gp2
@@ -68,15 +67,15 @@ training_node_count: 2
 
 training_node_instance_type: t2.small
 # Most current Debian AMD x86_64, see https://wiki.debian.org/Cloud/AmazonEC2Image/
-training_node_ami_id: ami-01b290b93957fd408
+training_node_ami_id: ami-066ac52b0a91f4138
 training_node_user: admin
 training_node_device_name: /dev/xvda
 training_node_volume_type: gp2
 training_node_volume_size: 20
 
 # Docker version
-docker_ce_package_version: "5:20.10.17~3-0~debian-bullseye"
-docker_ce_cli_package_version: "5:20.10.17~3-0~debian-bullseye"
-containerd_io_package_version: "1.6.6-1"
+docker_ce_package_version: "5:20.10.20~3-0~debian-bullseye"
+docker_ce_cli_package_version: "5:20.10.20~3-0~debian-bullseye"
+containerd_io_package_version: "1.6.8-1"
 
 
diff --git a/roles/training/files/comanage-registry-stack.yml b/roles/training/files/comanage-registry-stack.yml
@@ -19,9 +19,28 @@ services:
             driver: journald
             options:
                 tag: "mariadb-{{.Name}}"
+
+    campusdatabase:
+        image: mariadb:10.4.22
+        volumes:
+            - /srv/docker/var/lib/campussql:/var/lib/mysql
+        environment:
+            - MARIADB_ROOT_PASSWORD_FILE=/run/secrets/mariadb_root_password
+            - MARIADB_DATABASE=campus
+            - MARIADB_USER=campus_user
+            - MARIADB_PASSWORD_FILE=/run/secrets/mariadb_campus_user_password
+        secrets:
+            - mariadb_root_password
+            - mariadb_campus_user_password
+        deploy:
+            replicas: 1
+        logging:
+            driver: journald
+            options:
+                tag: "mariadb-{{.Name}}"
 
     registry:
-        image: i2incommon/comanage-registry:4.0.1-20211223
+        image: i2incommon/comanage-registry:4.0.2-20220223
         volumes:
             - /srv/docker/srv/comanage-registry/local:/srv/comanage-registry/local
             - /srv/docker/etc/shibboleth/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml
@@ -44,7 +63,7 @@ services:
             - COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD_FILE=/run/secrets/comanage_registry_email_account_password
             - COMANAGE_REGISTRY_EMAIL_FROM_EMAIL=comanagetraining@gmail.com
             - COMANAGE_REGISTRY_EMAIL_FROM_NAME=Registry
-            - COMANAGE_REGISTRY_ENABLE_PLUGIN=FileSource
+            - COMANAGE_REGISTRY_ENABLE_PLUGIN=FileSource,SqlProvisioner,ApiSource,ApiProvisioner
             - SHIBBOLETH_SP_ENCRYPT_CERT=/run/secrets/shibboleth_sp_encrypt_cert
             - SHIBBOLETH_SP_ENCRYPT_PRIVKEY=/run/secrets/shibboleth_sp_encrypt_privkey
             - SHIBBOLETH_SP_SIGNING_CERT=/run/secrets/shibboleth_sp_signing_cert
@@ -66,7 +85,7 @@ services:
                 tag: "registry_{{.Name}}"
 
     cron:
-        image: i2incommon/comanage-registry-cron:4.0.1-20211223
+        image: i2incommon/comanage-registry-cron:4.0.2-20220223
         volumes:
             - /srv/docker/srv/comanage-registry/local:/srv/comanage-registry/local
         environment:
@@ -125,3 +144,7 @@ secrets:
         external: true
     shibboleth_sp_signing_privkey:
         external: true
+    mariadb_root_password:
+        external: true
+    mariadb_campus_user_password:
+        external: true
diff --git a/roles/training/tasks/main.yml b/roles/training/tasks/main.yml
@@ -27,6 +27,7 @@
       - /srv/docker/srv/comanage-registry/local
       - /srv/docker/var/lib/ldap
       - /srv/docker/var/lib/mysql
+      - /srv/docker/var/lib/campussql
       - /srv/docker/etc/ldap/slapd.d
       - /srv/docker/etc/shibboleth
       - /srv/docker/etc/apache2/sites-available
@@ -96,6 +97,18 @@
       data: "{{ comanage_training_password }}"
       state: present
 
+  - name: Create secret mariadb_root_password
+    community.general.docker_secret:
+      name: mariadb_root_password
+      data: "{{ mariadb_root_password }}"
+      state: present
+
+  - name: Create secret mariadb_campus_user_password
+    community.general.docker_secret:
+      name: mariadb_campus_user_password
+      data: "{{ comanage_training_password }}"
+      state: present
+
   - name: Create secret comanage_registry_email_account_password
     community.general.docker_secret:
       name: comanage_registry_email_account_password

diff --git a/roles/training/vars/main.yml b/roles/training/vars/main.yml
@@ -8,6 +8,13 @@
           34616630373764313136666535316637623266656237396566336239646566336466316265383230
           3830313938376430310a666466663232353264353861643932646562663335633064623635373664
           33313433323333633037653131623839366636373562636661366537613133316436
+   mariadb_root_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          32363661396439333939623236353163333839616132666363353033623366343738626436373964
+          6164343738333465636262383862656538636364666465620a666262396139383961336533303031
+          34323137616334343735376334323334326330326430623439393038633033326566663361373532
+          6435363466383864630a656165646437333830353566333236313730313763393661666337666662
+          6665
    shibboleth_sp_encrypt_cert: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           37343565666561303437386533663331643131616137353437333865376566346161333764643839