diff --git a/docs/analysis/Features.md b/docs/analysis/Features.md index 1b775f36..1b82f2e5 100644 --- a/docs/analysis/Features.md +++ b/docs/analysis/Features.md @@ -15,7 +15,7 @@ Every business is unique, and so is CyMaIS! With a modular architecture, it adap With automated updates, system health checks, and security audits, CyMaIS ensures your infrastructure is always up-to-date and running smoothly. Roles such as `sys-hlth-docker-container`, `sys-hlth-btrfs`, and `sys-hlth-webserver` help monitor system integrity. ## Uncompromised Security 🔒 -Security is a top priority! CyMaIS includes robust security features like full-disk encryption recommendations, 2FA enforcement, encrypted server deployments (`web-app-keycloak`, `svc-openldap`), and secure backup solutions (`sys-bkp-remote-to-local`, `svc-sys-bkp-data-to-usb`). +Security is a top priority! CyMaIS includes robust security features like full-disk encryption recommendations, 2FA enforcement, encrypted server deployments (`web-app-keycloak`, `svc-db-openldap`), and secure backup solutions (`sys-bkp-remote-to-local`, `svc-sys-bkp-data-to-usb`). ## User-Friendly with Expert Support 👩‍💻 No need to be a Linux or Docker expert! CyMaIS simplifies deployment with intuitive role-based automation. Documentation and community support make IT administration accessible to all experience levels. diff --git a/group_vars/all/09_ports.yml b/group_vars/all/09_ports.yml index af70885e..3f9665b2 100644 --- a/group_vars/all/09_ports.yml +++ b/group_vars/all/09_ports.yml @@ -16,7 +16,7 @@ ports: gitea: 4188 snipe-it: 4189 ldap: - openldap: 389 + svc-db-openldap: 389 http: nextcloud: 8001 gitea: 8002 @@ -73,7 +73,7 @@ ports: gitea: 2201 gitlab: 2202 ldaps: - ldap: 636 + svc-db-openldap: 636 stun: bigbluebutton: 3478 # Not sure if it's right placed here or if it should be moved to localhost section turn: diff --git a/group_vars/all/10_networks.yml b/group_vars/all/10_networks.yml index bf8220a9..53b13749 100644 --- a/group_vars/all/10_networks.yml +++ b/group_vars/all/10_networks.yml @@ -30,7 +30,7 @@ defaults_networks: subnet: 192.168.101.144/28 keycloak: subnet: 192.168.101.160/28 - openldap: + svc-db-openldap: subnet: 192.168.101.176/28 listmonk: subnet: 192.168.101.192/28 @@ -96,9 +96,9 @@ defaults_networks: # /24 Networks / 254 Usable Clients bigbluebutton: subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons, because this network is used in bbb - postgres: + svc-db-postgres: subnet: 192.168.200.0/24 - mariadb: + svc-db-mariadb: subnet: 192.168.201.0/24 - central_ldap: + svc-db-openldap: subnet: 192.168.202.0/24 diff --git a/group_vars/all/13_ldap.yml b/group_vars/all/13_ldap.yml index a5fd9841..76f0f4ba 100644 --- a/group_vars/all/13_ldap.yml +++ b/group_vars/all/13_ldap.yml @@ -6,7 +6,7 @@ # Helper Variables: # Keep in mind to mapp this variables if there is ever the possibility for the user to define them in the inventory _ldap_dn_base: "dc={{primary_domain_sld}},dc={{primary_domain_tld}}" -_ldap_server_port: "{% if applications.openldap.network.docker | bool %}{{ ports.localhost.ldap.openldap }}{% else %}{{ ports.localhost.ldaps.ldap }}{% endif %}" +_ldap_server_port: "{% if applications['svc-db-openldap'].network.docker | bool %}{{ ports.localhost.ldap[application_id] }}{% else %}{{ ports.localhost.ldaps[application_id] }}{% endif %}" _ldap_user_id: "uid" _ldap_filters_users_all: "(|(objectclass=inetOrgPerson))" @@ -25,7 +25,7 @@ ldap: # The DN used to authenticate for regular directory operations under # the data tree (adding users, modifying attributes, creating OUs, etc.). # Typically: “cn=admin,dc=example,dc=com” - data: "cn={{ applications.openldap.users.administrator.username }},{{ _ldap_dn_base }}" + data: "cn={{ applications['svc-db-openldap'].users.administrator.username }},{{ _ldap_dn_base }}" # ------------------------------------------------------------------------- # Config-Tree Administrator Bind DN @@ -33,7 +33,7 @@ ldap: # need to load or modify schema, overlays, modules, or other server- # level settings. # Typically: “cn=admin,cn=config” - configuration: "cn={{ applications.openldap.users.administrator.username }},cn=config" + configuration: "cn={{ applications['svc-db-openldap'].users.administrator.username }},cn=config" ou: # ------------------------------------------------------------------------- @@ -55,14 +55,14 @@ ldap: # for ordinary user/group operations, and vice versa. # Password to access dn.bind - bind_credential: "{{ applications.openldap.credentials.administrator_database_password }}" + bind_credential: "{{ applications['svc-db-openldap'].credentials.administrator_database_password }}" server: - domain: "{{applications.openldap.hostname if applications.openldap.network.docker | bool else domains.openldap}}" # Mapping for public or locale access + domain: "{{applications['svc-db-openldap'].hostname if applications['svc-db-openldap'].network.docker | bool else domains['svc-db-openldap']}}" # Mapping for public or locale access port: "{{_ldap_server_port}}" - uri: "{% if applications.openldap.network.docker | bool %}ldap://{{ applications.openldap.hostname }}{% else %}ldaps://{{ domains.openldap }}{% endif %}:{{ _ldap_server_port }}" + uri: "{% if applications['svc-db-openldap'].network.docker | bool %}ldap://{{ applications['svc-db-openldap'].hostname }}{% else %}ldaps://{{ domains['svc-db-openldap'] }}{% endif %}:{{ _ldap_server_port }}" security: "" #TLS, SSL - Leave empty for none network: - local: "{{applications.openldap.network.docker}}" # Uses the application configuration to define if local network should be available or not + local: "{{applications['svc-db-openldap'].network.docker}}" # Uses the application configuration to define if local network should be available or not user: objects: structural: diff --git a/roles/cmp-db-docker-proxy/tasks/main.yml b/roles/cmp-db-docker-proxy/tasks/main.yml index 19308873..f068b00c 100644 --- a/roles/cmp-db-docker-proxy/tasks/main.yml +++ b/roles/cmp-db-docker-proxy/tasks/main.yml @@ -1,8 +1,8 @@ -- name: "load docker and db for {{application_id}}" +- name: "For '{{ application_id }}': load docker and db" include_role: name: cmp-db-docker -- name: "include role srv-proxy-6-6-domain for {{application_id}}" +- name: "For '{{ application_id }}': include role srv-proxy-6-6-domain" include_role: name: srv-proxy-6-6-domain vars: diff --git a/roles/cmp-db-docker/tasks/main.yml b/roles/cmp-db-docker/tasks/main.yml index 53023752..57be0ad8 100644 --- a/roles/cmp-db-docker/tasks/main.yml +++ b/roles/cmp-db-docker/tasks/main.yml @@ -1,17 +1,17 @@ -- name: "set database_application_id (Needed due to lazzy loading issue)" +- name: "For '{{ application_id }}': Set database_application_id (Needed due to lazzy loading issue)" set_fact: database_application_id: "{{ application_id }}" -- name: "Load database variables" +- name: "For '{{ application_id }}': Load database variables" include_vars: "{{ item }}" loop: - "{{ cmp_db_docker_vars_file_docker }}" # Important to load docker variables first so that database can use them - "{{ cmp_db_docker_vars_file_db }}" # Important to load them before docker role so that backup can use them -- name: "Load docker-compose for {{ application_id }}" +- name: "For '{{ application_id }}': Load docker-compose" include_role: name: docker-compose -- name: "Load central rdbms for {{ application_id }}" +- name: "For '{{ application_id }}': Load central RDBMS" include_role: name: cmp-rdbms \ No newline at end of file diff --git a/roles/cmp-docker-proxy/tasks/main.yml b/roles/cmp-docker-proxy/tasks/main.yml index 548ed053..1c8f2faf 100644 --- a/roles/cmp-docker-proxy/tasks/main.yml +++ b/roles/cmp-docker-proxy/tasks/main.yml @@ -1,8 +1,8 @@ -- name: "include docker-compose role" +- name: "For '{{ application_id }}': include docker-compose role" include_role: name: docker-compose -- name: "include role srv-proxy-6-6-domain for {{application_id}}" +- name: "For '{{ application_id }}': include role srv-proxy-6-6-domain" include_role: name: srv-proxy-6-6-domain vars: diff --git a/roles/cmp-rdbms/tasks/main.yml b/roles/cmp-rdbms/tasks/main.yml index cbe946b4..80e84289 100644 --- a/roles/cmp-rdbms/tasks/main.yml +++ b/roles/cmp-rdbms/tasks/main.yml @@ -1,20 +1,18 @@ # The following env file will just be used from the dedicated mariadb container -# and not the {{applications['mariadb'].hostname }}-database -- name: "Create {{database_env}}" +# and not the {{applications['svc-db-mariadb'].hostname }} +- name: "For '{{ application_id }}': Create {{database_env}}" template: src: "env/{{database_type}}.env.j2" dest: "{{database_env}}" notify: docker compose up when: not applications | is_feature_enabled('central_database',application_id) -- name: "Create central database" +- name: "For '{{ application_id }}': Create central database" + # I don't know why this includes leads to that the application_id in vars/main.yml of the database role isn't used + # This is the behaviour which I want, but I'm still wondering why ;) include_role: - name: "svc-{{database_type}}" + name: "svc-db-{{database_type}}" when: applications | is_feature_enabled('central_database',application_id) -#- name: "Create central database" -# include_tasks: "{{ playbook_dir }}/roles/svc-{{database_type}}/tasks/main.yml" -# when: applications | is_feature_enabled('central_database',application_id) - -- name: "Add database to backup" - include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-to-local/tasks/seed-database-to-backup.yml" \ No newline at end of file +- name: "For '{{ application_id }}': Add Entry for Backup Procedure" + include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-to-local/tasks/seed-database-to-backup.yml" diff --git a/roles/cmp-rdbms/templates/services/postgres.yml.j2 b/roles/cmp-rdbms/templates/services/postgres.yml.j2 index c9805d3c..1b434361 100644 --- a/roles/cmp-rdbms/templates/services/postgres.yml.j2 +++ b/roles/cmp-rdbms/templates/services/postgres.yml.j2 @@ -1,7 +1,7 @@ # This template needs to be included in docker-compose.yml, which depend on a postgres database {% if not applications | is_feature_enabled('central_database',application_id) %} {{ database_host }}: - image: postgres:{{applications['postgres'].version}}-alpine + image: postgres:{{applications['svc-db-postgres'].version}}-alpine container_name: {{application_id}}-database env_file: - {{database_env}} diff --git a/roles/cmp-rdbms/vars/database.yml b/roles/cmp-rdbms/vars/database.yml index 1552129c..f2f5d3ad 100644 --- a/roles/cmp-rdbms/vars/database.yml +++ b/roles/cmp-rdbms/vars/database.yml @@ -1,9 +1,9 @@ -database_instance: "{{ 'central-' + database_type if applications | is_feature_enabled('central_database',database_application_id) else database_application_id }}" -database_host: "{{ 'central-' + database_type if applications | is_feature_enabled('central_database',database_application_id) else 'database' }}" -database_name: "{{ applications[database_application_id].database.name | default( database_application_id ) }}" # The overwritte configuration is needed by bigbluebutton -database_username: "{{ applications[database_application_id].database.username | default( database_application_id )}}" # The overwritte configuration is needed by bigbluebutton -database_password: "{{ applications[database_application_id].credentials.database_password }}" -database_port: "{{ 3306 if database_type == 'mariadb' else applications['postgres'].port }}" +database_instance: "{{ applications[ 'svc-db-' ~ database_type ].hostname if applications | is_feature_enabled('central_database',database_application_id) else database_application_id }}" +database_host: "{{ applications[ 'svc-db-' ~ database_type ].hostname if applications | is_feature_enabled('central_database',database_application_id) else 'database' }}" +database_name: "{{ applications[ database_application_id ].database.name | default( database_application_id ) }}" # The overwritte configuration is needed by bigbluebutton +database_username: "{{ applications[ database_application_id ].database.username | default( database_application_id )}}" # The overwritte configuration is needed by bigbluebutton +database_password: "{{ applications[ database_application_id ].credentials.database_password }}" +database_port: "{{ applications[ 'svc-db-' ~ database_type ].port }}" database_env: "{{docker_compose.directories.env}}{{database_type}}.env" database_url_jdbc: "jdbc:{{ database_type if database_type == 'mariadb' else 'postgresql' }}://{{ database_host }}:{{ database_port }}/{{ database_name }}" database_url_full: "{{database_type}}://{{database_username}}:{{database_password}}@{{database_host}}:{{database_port}}/{{ database_name }}" \ No newline at end of file diff --git a/roles/docker-compose/templates/networks.yml.j2 b/roles/docker-compose/templates/networks.yml.j2 index 5d509f9f..7e97bdaf 100644 --- a/roles/docker-compose/templates/networks.yml.j2 +++ b/roles/docker-compose/templates/networks.yml.j2 @@ -1,11 +1,11 @@ {# This template needs to be included in docker-compose.yml #} networks: {% if applications | is_feature_enabled('central_database',application_id) and database_type is defined %} - central_{{ database_type }}: + {{ applications[ 'svc-db-' ~ database_type ].network }}: external: true {% endif %} -{% if applications[application_id].get('features', {}).get('ldap', false) and applications.openldap.network.docker | bool %} - central_ldap: +{% if applications[application_id].get('features', {}).get('ldap', false) and applications['svc-db-openldap'].network.docker | bool %} + svc-db-openldap: external: true {% endif %} default: diff --git a/roles/docker-container/templates/networks.yml.j2 b/roles/docker-container/templates/networks.yml.j2 index 64d0e026..759e7f0a 100644 --- a/roles/docker-container/templates/networks.yml.j2 +++ b/roles/docker-container/templates/networks.yml.j2 @@ -1,10 +1,10 @@ {# This template needs to be included in docker-compose.yml containers #} networks: {% if applications | is_feature_enabled('central_database',application_id) | bool and database_type is defined %} - central_{{ database_type }}: + {{ applications[ 'svc-db-' ~ database_type ].network }}: {% endif %} -{% if applications[application_id].get('features', {}).get('ldap', false) | bool and applications.openldap.network.docker|bool %} - central_ldap: +{% if applications[application_id].get('features', {}).get('ldap', false) | bool and applications['svc-db-openldap'].network.docker|bool %} + svc-db-openldap: {% endif %} default: {{ "\n" }} \ No newline at end of file diff --git a/roles/svc-mariadb/Administration.md b/roles/svc-db-mariadb/Administration.md similarity index 100% rename from roles/svc-mariadb/Administration.md rename to roles/svc-db-mariadb/Administration.md diff --git a/roles/svc-mariadb/README.md b/roles/svc-db-mariadb/README.md similarity index 100% rename from roles/svc-mariadb/README.md rename to roles/svc-db-mariadb/README.md diff --git a/roles/svc-db-mariadb/config/main.yml b/roles/svc-db-mariadb/config/main.yml new file mode 100644 index 00000000..93a4fbd5 --- /dev/null +++ b/roles/svc-db-mariadb/config/main.yml @@ -0,0 +1,4 @@ +version: "latest" +hostname: "svc-db-mariadb" +network: "svc-db-mariadb" +port: 5432 \ No newline at end of file diff --git a/roles/svc-mariadb/defaults/README.md b/roles/svc-db-mariadb/defaults/README.md similarity index 91% rename from roles/svc-mariadb/defaults/README.md rename to roles/svc-db-mariadb/defaults/README.md index c9594580..dfce9c44 100644 --- a/roles/svc-mariadb/defaults/README.md +++ b/roles/svc-db-mariadb/defaults/README.md @@ -1,6 +1,6 @@ # defaults/ -This directory contains default variable definition files for the `svc-mariadb` Ansible role. It centralizes all configurable values related to MariaDB deployment and can be adjusted without modifying task logic. +This directory contains default variable definition files for the `svc-db-mariadb` Ansible role. It centralizes all configurable values related to MariaDB deployment and can be adjusted without modifying task logic. --- @@ -34,7 +34,7 @@ Defines default values for how the MariaDB database should be created. To customize any of these values without editing role defaults: -1. Create or update a playbook-level vars file (e.g. `group_vars/all/svc-mariadb.yml`). +1. Create or update a playbook-level vars file (e.g. `group_vars/all/svc-db-mariadb.yml`). 2. Set the desired values, for example: ```yaml diff --git a/roles/svc-mariadb/defaults/main.yml b/roles/svc-db-mariadb/defaults/main.yml similarity index 100% rename from roles/svc-mariadb/defaults/main.yml rename to roles/svc-db-mariadb/defaults/main.yml diff --git a/roles/svc-mariadb/meta/main.yml b/roles/svc-db-mariadb/meta/main.yml similarity index 100% rename from roles/svc-mariadb/meta/main.yml rename to roles/svc-db-mariadb/meta/main.yml diff --git a/roles/svc-mariadb/schema/main.yml b/roles/svc-db-mariadb/schema/main.yml similarity index 100% rename from roles/svc-mariadb/schema/main.yml rename to roles/svc-db-mariadb/schema/main.yml diff --git a/roles/svc-mariadb/tasks/main.yml b/roles/svc-db-mariadb/tasks/main.yml similarity index 70% rename from roles/svc-mariadb/tasks/main.yml rename to roles/svc-db-mariadb/tasks/main.yml index ef9154ff..0a35227d 100644 --- a/roles/svc-mariadb/tasks/main.yml +++ b/roles/svc-db-mariadb/tasks/main.yml @@ -1,29 +1,29 @@ - name: Create Docker network for MariaDB docker_network: - name: central_mariadb + name: "{{ applications['svc-db-mariadb'].network }}" state: present ipam_config: - - subnet: "{{ networks.local.mariadb.subnet }}" + - subnet: "{{ networks.local['svc-db-mariadb'].subnet }}" when: run_once_docker_mariadb is not defined - name: install MariaDB docker_container: - name: "{{applications['mariadb'].hostname }}" - image: "mariadb:{{applications['mariadb'].version}}" #could lead to problems with nextcloud + name: "{{ applications['svc-db-mariadb'].hostname }}" + image: "mariadb:{{applications['svc-db-mariadb'].version}}" detach: yes env: - MARIADB_ROOT_PASSWORD: "{{applications['mariadb'].credentials.root_password}}" + MARIADB_ROOT_PASSWORD: "{{applications['svc-db-mariadb'].credentials.root_password}}" MARIADB_AUTO_UPGRADE: "1" networks: - - name: central_mariadb + - name: "{{ applications['svc-db-mariadb'].network }}" volumes: - - central_mariadb_database:/var/lib/mysql + - mariadb_database:/var/lib/mysql published_ports: - "127.0.0.1:{{database_port}}:3306" # can be that this will be removed if all applications use sockets command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW" #for nextcloud restart_policy: "{{docker_restart_policy}}" healthcheck: - test: "/usr/bin/mariadb --user=root --password={{applications['mariadb'].credentials.root_password}} --execute \"SHOW DATABASES;\"" + test: "/usr/bin/mariadb --user=root --password={{applications['svc-db-mariadb'].credentials.root_password}} --execute \"SHOW DATABASES;\"" interval: 3s timeout: 1s retries: 5 @@ -38,7 +38,7 @@ - name: Wait until the MariaDB container is healthy community.docker.docker_container_info: - name: "{{ applications['mariadb'].hostname }}" + name: "{{ applications['svc-db-mariadb'].hostname }}" register: db_info until: - db_info.containers is defined @@ -56,7 +56,7 @@ name: "{{ database_name }}" state: present login_user: root - login_password: "{{ applications['mariadb'].credentials.root_password }}" + login_password: "{{ applications['svc-db-mariadb'].credentials.root_password }}" login_host: 127.0.0.1 login_port: "{{ database_port }}" encoding: "{{ database_encoding }}" @@ -70,7 +70,7 @@ priv: '{{database_name}}.*:ALL' state: present login_user: root - login_password: "{{applications['mariadb'].credentials.root_password}}" + login_password: "{{applications['svc-db-mariadb'].credentials.root_password}}" login_host: 127.0.0.1 login_port: "{{database_port}}" @@ -78,7 +78,7 @@ # @todo Remove if this works fine in the future. #- name: Grant database privileges # ansible.builtin.shell: -# cmd: "docker exec {{applications['mariadb'].hostname }} mariadb -u root -p{{ applications['mariadb'].credentials.root_password }} -e \"GRANT ALL PRIVILEGES ON `{{database_name}}`.* TO '{{database_username}}'@'%';\"" +# cmd: "docker exec {{applications['svc-db-mariadb'].hostname }} mariadb -u root -p{{ applications['svc-db-mariadb'].credentials.root_password }} -e \"GRANT ALL PRIVILEGES ON `{{database_name}}`.* TO '{{database_username}}'@'%';\"" # args: # executable: /bin/bash diff --git a/roles/svc-mariadb/vars/README.md b/roles/svc-db-mariadb/vars/README.md similarity index 80% rename from roles/svc-mariadb/vars/README.md rename to roles/svc-db-mariadb/vars/README.md index 2f410877..af7b93be 100644 --- a/roles/svc-mariadb/vars/README.md +++ b/roles/svc-db-mariadb/vars/README.md @@ -1,6 +1,6 @@ # vars/ -This directory contains variable definition files for the `svc-mariadb` Ansible role. It centralizes all configurable values related to MariaDB deployment and can be adjusted without modifying task logic. +This directory contains variable definition files for the `svc-db-mariadb` Ansible role. It centralizes all configurable values related to MariaDB deployment and can be adjusted without modifying task logic. --- diff --git a/roles/svc-db-mariadb/vars/main.yml b/roles/svc-db-mariadb/vars/main.yml new file mode 100644 index 00000000..affd83eb --- /dev/null +++ b/roles/svc-db-mariadb/vars/main.yml @@ -0,0 +1 @@ +application_id: svc-db-mariadb diff --git a/roles/svc-openldap/README.md b/roles/svc-db-openldap/README.md similarity index 100% rename from roles/svc-openldap/README.md rename to roles/svc-db-openldap/README.md diff --git a/roles/svc-openldap/TODO.md b/roles/svc-db-openldap/TODO.md similarity index 100% rename from roles/svc-openldap/TODO.md rename to roles/svc-db-openldap/TODO.md diff --git a/roles/svc-openldap/__init__.py b/roles/svc-db-openldap/__init__.py similarity index 100% rename from roles/svc-openldap/__init__.py rename to roles/svc-db-openldap/__init__.py diff --git a/roles/svc-openldap/config/main.yml b/roles/svc-db-openldap/config/main.yml similarity index 78% rename from roles/svc-openldap/config/main.yml rename to roles/svc-db-openldap/config/main.yml index e2445d94..7a4a236c 100644 --- a/roles/svc-openldap/config/main.yml +++ b/roles/svc-db-openldap/config/main.yml @@ -1,10 +1,11 @@ -images: - openldap: "bitnami/openldap:latest" +hostname: "svc-db-openldap" # Hostname of the LDAP Server in the ldap network network: + name: "svc-db-openldap" local: True # Activates local network. Necessary for LDIF import routines docker: True # Activates docker network to allow other docker containers to connect public: False # Set to true in inventory file if you want to expose the LDAP port to the internet -hostname: "ldap" # Hostname of the LDAP Server in the central_ldap network +images: + openldap: "bitnami/openldap:latest" webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin features: ldap: true \ No newline at end of file diff --git a/roles/svc-openldap/docs/Administration.md b/roles/svc-db-openldap/docs/Administration.md similarity index 100% rename from roles/svc-openldap/docs/Administration.md rename to roles/svc-db-openldap/docs/Administration.md diff --git a/roles/svc-openldap/docs/Change_DN.md b/roles/svc-db-openldap/docs/Change_DN.md similarity index 100% rename from roles/svc-openldap/docs/Change_DN.md rename to roles/svc-db-openldap/docs/Change_DN.md diff --git a/roles/svc-openldap/docs/Installation.md b/roles/svc-db-openldap/docs/Installation.md similarity index 100% rename from roles/svc-openldap/docs/Installation.md rename to roles/svc-db-openldap/docs/Installation.md diff --git a/roles/svc-openldap/filter_plugins/__init__.py b/roles/svc-db-openldap/filter_plugins/__init__.py similarity index 100% rename from roles/svc-openldap/filter_plugins/__init__.py rename to roles/svc-db-openldap/filter_plugins/__init__.py diff --git a/roles/svc-openldap/filter_plugins/build_ldap_nested_group_entries.py b/roles/svc-db-openldap/filter_plugins/build_ldap_nested_group_entries.py similarity index 100% rename from roles/svc-openldap/filter_plugins/build_ldap_nested_group_entries.py rename to roles/svc-db-openldap/filter_plugins/build_ldap_nested_group_entries.py diff --git a/roles/svc-openldap/filter_plugins/build_ldap_role_entries.py b/roles/svc-db-openldap/filter_plugins/build_ldap_role_entries.py similarity index 100% rename from roles/svc-openldap/filter_plugins/build_ldap_role_entries.py rename to roles/svc-db-openldap/filter_plugins/build_ldap_role_entries.py diff --git a/roles/svc-openldap/handlers/main.yml b/roles/svc-db-openldap/handlers/main.yml similarity index 100% rename from roles/svc-openldap/handlers/main.yml rename to roles/svc-db-openldap/handlers/main.yml diff --git a/roles/svc-openldap/meta/main.yml b/roles/svc-db-openldap/meta/main.yml similarity index 100% rename from roles/svc-openldap/meta/main.yml rename to roles/svc-db-openldap/meta/main.yml diff --git a/roles/svc-openldap/schema/main.yml b/roles/svc-db-openldap/schema/main.yml similarity index 100% rename from roles/svc-openldap/schema/main.yml rename to roles/svc-db-openldap/schema/main.yml diff --git a/roles/svc-openldap/tasks/add_user_objects.yml b/roles/svc-db-openldap/tasks/add_user_objects.yml similarity index 100% rename from roles/svc-openldap/tasks/add_user_objects.yml rename to roles/svc-db-openldap/tasks/add_user_objects.yml diff --git a/roles/svc-openldap/tasks/create_ldif_files.yml b/roles/svc-db-openldap/tasks/create_ldif_files.yml similarity index 100% rename from roles/svc-openldap/tasks/create_ldif_files.yml rename to roles/svc-db-openldap/tasks/create_ldif_files.yml diff --git a/roles/svc-openldap/tasks/main.yml b/roles/svc-db-openldap/tasks/main.yml similarity index 95% rename from roles/svc-openldap/tasks/main.yml rename to roles/svc-db-openldap/tasks/main.yml index 75435544..1010622a 100644 --- a/roles/svc-openldap/tasks/main.yml +++ b/roles/svc-db-openldap/tasks/main.yml @@ -19,17 +19,17 @@ - name: create docker network for LDAP, so that other applications can access it docker_network: - name: central_ldap + name: "{{ applications[application_id].network.name }}" state: present ipam_config: - - subnet: "{{ networks.local.central_ldap.subnet }}" + - subnet: "{{ networks.local['svc-db-openldap'].subnet }}" - meta: flush_handlers - name: "Wait for LDAP to be available" wait_for: host: "127.0.0.1" - port: "{{ ports.localhost.ldap.openldap }}" + port: "{{ ports.localhost.ldap['svc-db-openldap'] }}" delay: 5 timeout: 120 state: started diff --git a/roles/svc-openldap/tasks/reset_admin_passwords.yml b/roles/svc-db-openldap/tasks/reset_admin_passwords.yml similarity index 97% rename from roles/svc-openldap/tasks/reset_admin_passwords.yml rename to roles/svc-db-openldap/tasks/reset_admin_passwords.yml index 61bbc478..e1d84a2d 100644 --- a/roles/svc-openldap/tasks/reset_admin_passwords.yml +++ b/roles/svc-db-openldap/tasks/reset_admin_passwords.yml @@ -1,6 +1,5 @@ --- # Reset both Database and Configuration Admin passwords in LDAP via LDAPI -# roles/svc-openldap/tasks/reset_admin_passwords.yml - name: "Query available LDAP databases" shell: | diff --git a/roles/svc-openldap/tasks/schemas/nextcloud.yml b/roles/svc-db-openldap/tasks/schemas/nextcloud.yml similarity index 100% rename from roles/svc-openldap/tasks/schemas/nextcloud.yml rename to roles/svc-db-openldap/tasks/schemas/nextcloud.yml diff --git a/roles/svc-openldap/tasks/schemas/openssh_lpk.yml b/roles/svc-db-openldap/tasks/schemas/openssh_lpk.yml similarity index 100% rename from roles/svc-openldap/tasks/schemas/openssh_lpk.yml rename to roles/svc-db-openldap/tasks/schemas/openssh_lpk.yml diff --git a/roles/svc-openldap/templates/docker-compose.yml.j2 b/roles/svc-db-openldap/templates/docker-compose.yml.j2 similarity index 93% rename from roles/svc-openldap/templates/docker-compose.yml.j2 rename to roles/svc-db-openldap/templates/docker-compose.yml.j2 index d746ff02..bbb21b25 100644 --- a/roles/svc-openldap/templates/docker-compose.yml.j2 +++ b/roles/svc-db-openldap/templates/docker-compose.yml.j2 @@ -6,7 +6,7 @@ {% include 'roles/docker-container/templates/base.yml.j2' %} {% if applications[application_id].network.public | bool or applications[application_id].network.local | bool %} ports: - - 127.0.0.1:{{ports.localhost.ldap.openldap}}:{{ldap_docker_port}} + - 127.0.0.1:{{ports.localhost.ldap['svc-db-openldap']}}:{{ldap_docker_port}} {% endif %} volumes: - 'data:/bitnami/openldap' diff --git a/roles/svc-openldap/templates/env.j2 b/roles/svc-db-openldap/templates/env.j2 similarity index 100% rename from roles/svc-openldap/templates/env.j2 rename to roles/svc-db-openldap/templates/env.j2 diff --git a/roles/svc-openldap/templates/ldif/configuration/01_member_of_configuration.ldif.j2 b/roles/svc-db-openldap/templates/ldif/configuration/01_member_of_configuration.ldif.j2 similarity index 100% rename from roles/svc-openldap/templates/ldif/configuration/01_member_of_configuration.ldif.j2 rename to roles/svc-db-openldap/templates/ldif/configuration/01_member_of_configuration.ldif.j2 diff --git a/roles/svc-openldap/templates/ldif/configuration/02_member_of_configuration.ldif.j2 b/roles/svc-db-openldap/templates/ldif/configuration/02_member_of_configuration.ldif.j2 similarity index 100% rename from roles/svc-openldap/templates/ldif/configuration/02_member_of_configuration.ldif.j2 rename to roles/svc-db-openldap/templates/ldif/configuration/02_member_of_configuration.ldif.j2 diff --git a/roles/svc-openldap/templates/ldif/configuration/03_member_of_configuration.ldif.j2 b/roles/svc-db-openldap/templates/ldif/configuration/03_member_of_configuration.ldif.j2 similarity index 100% rename from roles/svc-openldap/templates/ldif/configuration/03_member_of_configuration.ldif.j2 rename to roles/svc-db-openldap/templates/ldif/configuration/03_member_of_configuration.ldif.j2 diff --git a/roles/svc-openldap/templates/ldif/configuration/04_hashed_password.ldif.j2 b/roles/svc-db-openldap/templates/ldif/configuration/04_hashed_password.ldif.j2 similarity index 100% rename from roles/svc-openldap/templates/ldif/configuration/04_hashed_password.ldif.j2 rename to roles/svc-db-openldap/templates/ldif/configuration/04_hashed_password.ldif.j2 diff --git a/roles/svc-openldap/templates/ldif/configuration/README.md b/roles/svc-db-openldap/templates/ldif/configuration/README.md similarity index 100% rename from roles/svc-openldap/templates/ldif/configuration/README.md rename to roles/svc-db-openldap/templates/ldif/configuration/README.md diff --git a/roles/svc-openldap/templates/ldif/data/01_rbac_group.ldif.j2 b/roles/svc-db-openldap/templates/ldif/data/01_rbac_group.ldif.j2 similarity index 100% rename from roles/svc-openldap/templates/ldif/data/01_rbac_group.ldif.j2 rename to roles/svc-db-openldap/templates/ldif/data/01_rbac_group.ldif.j2 diff --git a/roles/svc-openldap/templates/ldif/data/02_rbac_roles.ldif.j2 b/roles/svc-db-openldap/templates/ldif/data/02_rbac_roles.ldif.j2 similarity index 100% rename from roles/svc-openldap/templates/ldif/data/02_rbac_roles.ldif.j2 rename to roles/svc-db-openldap/templates/ldif/data/02_rbac_roles.ldif.j2 diff --git a/roles/svc-openldap/templates/ldif/data/README.md b/roles/svc-db-openldap/templates/ldif/data/README.md similarity index 100% rename from roles/svc-openldap/templates/ldif/data/README.md rename to roles/svc-db-openldap/templates/ldif/data/README.md diff --git a/roles/svc-db-openldap/templates/nginx.stream.conf.j2 b/roles/svc-db-openldap/templates/nginx.stream.conf.j2 new file mode 100644 index 00000000..0c846b81 --- /dev/null +++ b/roles/svc-db-openldap/templates/nginx.stream.conf.j2 @@ -0,0 +1,6 @@ +server { + listen {{ ports.public.ldaps['svc-db-openldap'] }}ssl; + proxy_pass 127.0.0.1:{{ ports.localhost.ldap['svc-db-openldap'] }}; + + {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2' %} +} diff --git a/roles/svc-openldap/users/main.yml b/roles/svc-db-openldap/users/main.yml similarity index 100% rename from roles/svc-openldap/users/main.yml rename to roles/svc-db-openldap/users/main.yml diff --git a/roles/svc-openldap/vars/main.yml b/roles/svc-db-openldap/vars/main.yml similarity index 81% rename from roles/svc-openldap/vars/main.yml rename to roles/svc-db-openldap/vars/main.yml index 1ee914af..05bdbb00 100644 --- a/roles/svc-openldap/vars/main.yml +++ b/roles/svc-db-openldap/vars/main.yml @@ -1,9 +1,9 @@ -application_id: "openldap" +application_id: "svc-db-openldap" # LDAP Variables ldaps_docker_port: 636 ldap_docker_port: 389 -ldap_server_uri: "ldap://127.0.0.1:{{ ports.localhost.ldap.openldap }}" +ldap_server_uri: "ldap://127.0.0.1:{{ ports.localhost.ldap['svc-db-openldap'] }}" ldap_hostname: "{{ applications[application_id].hostname }}" ldap_bind_dn: "{{ ldap.dn.administrator.configuration }}" ldap_bind_pw: "{{ applications[application_id].credentials.administrator_password }}" diff --git a/roles/svc-postgres/Administration.md b/roles/svc-db-postgres/Administration.md similarity index 100% rename from roles/svc-postgres/Administration.md rename to roles/svc-db-postgres/Administration.md diff --git a/roles/svc-postgres/README.md b/roles/svc-db-postgres/README.md similarity index 100% rename from roles/svc-postgres/README.md rename to roles/svc-db-postgres/README.md diff --git a/roles/svc-postgres/Todo.md b/roles/svc-db-postgres/Todo.md similarity index 100% rename from roles/svc-postgres/Todo.md rename to roles/svc-db-postgres/Todo.md diff --git a/roles/svc-postgres/Upgrade.md b/roles/svc-db-postgres/Upgrade.md similarity index 100% rename from roles/svc-postgres/Upgrade.md rename to roles/svc-db-postgres/Upgrade.md diff --git a/roles/svc-postgres/config/main.yml b/roles/svc-db-postgres/config/main.yml similarity index 75% rename from roles/svc-postgres/config/main.yml rename to roles/svc-db-postgres/config/main.yml index a67b9a11..19ade214 100644 --- a/roles/svc-postgres/config/main.yml +++ b/roles/svc-db-postgres/config/main.yml @@ -1,6 +1,6 @@ -hostname: "central-postgres" -network: "central_postgres" -port: 5432 +hostname: "svc-db-postgres" +network: "svc-db-postgres" +port: 5432 docker: images: # Postgis is necessary for mobilizon diff --git a/roles/svc-postgres/meta/main.yml b/roles/svc-db-postgres/meta/main.yml similarity index 100% rename from roles/svc-postgres/meta/main.yml rename to roles/svc-db-postgres/meta/main.yml diff --git a/roles/svc-postgres/schema/main.yml b/roles/svc-db-postgres/schema/main.yml similarity index 100% rename from roles/svc-postgres/schema/main.yml rename to roles/svc-db-postgres/schema/main.yml diff --git a/roles/svc-postgres/tasks/init_database.yml b/roles/svc-db-postgres/tasks/init_database.yml similarity index 100% rename from roles/svc-postgres/tasks/init_database.yml rename to roles/svc-db-postgres/tasks/init_database.yml diff --git a/roles/svc-postgres/tasks/main.yml b/roles/svc-db-postgres/tasks/main.yml similarity index 94% rename from roles/svc-postgres/tasks/main.yml rename to roles/svc-db-postgres/tasks/main.yml index 5b4e2a31..f2059efb 100644 --- a/roles/svc-postgres/tasks/main.yml +++ b/roles/svc-db-postgres/tasks/main.yml @@ -3,7 +3,7 @@ name: "{{ applications[application_id].network }}" state: present ipam_config: - - subnet: "{{ networks.local.postgres.subnet }}" + - subnet: "{{ networks.local['svc-db-postgres'].subnet }}" when: run_once_docker_postgres is not defined - name: Install PostgreSQL @@ -19,7 +19,7 @@ published_ports: - "127.0.0.1:{{ applications[application_id].port }}:5432" volumes: - - central_postgres_database:/var/lib/postgresql/data + - postgres_database:/var/lib/postgresql/data restart_policy: "{{ docker_restart_policy }}" healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] diff --git a/roles/svc-db-postgres/vars/main.yml b/roles/svc-db-postgres/vars/main.yml new file mode 100644 index 00000000..ed9b7c46 --- /dev/null +++ b/roles/svc-db-postgres/vars/main.yml @@ -0,0 +1 @@ +application_id: svc-db-postgres diff --git a/roles/svc-mariadb/config/main.yml b/roles/svc-mariadb/config/main.yml deleted file mode 100644 index 1afc22d3..00000000 --- a/roles/svc-mariadb/config/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -version: "latest" -hostname: "central-mariadb" \ No newline at end of file diff --git a/roles/svc-mariadb/vars/main.yml b/roles/svc-mariadb/vars/main.yml deleted file mode 100644 index 068689f3..00000000 --- a/roles/svc-mariadb/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -application_id: mariadb diff --git a/roles/svc-openldap/templates/nginx.stream.conf.j2 b/roles/svc-openldap/templates/nginx.stream.conf.j2 deleted file mode 100644 index 278e7d68..00000000 --- a/roles/svc-openldap/templates/nginx.stream.conf.j2 +++ /dev/null @@ -1,6 +0,0 @@ -server { - listen {{ports.public.ldaps.ldap}}ssl; - proxy_pass 127.0.0.1:{{ports.localhost.ldap.openldap}}; - - {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2' %} -} diff --git a/roles/svc-postgres/vars/main.yml b/roles/svc-postgres/vars/main.yml deleted file mode 100644 index 09d25696..00000000 --- a/roles/svc-postgres/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -application_id: postgres diff --git a/roles/update-docker/templates/update-docker.py.j2 b/roles/update-docker/templates/update-docker.py.j2 index 4957b6c9..bf629629 100644 --- a/roles/update-docker/templates/update-docker.py.j2 +++ b/roles/update-docker/templates/update-docker.py.j2 @@ -133,7 +133,7 @@ def update_discourse(directory): update_procedure("docker stop {{applications.discourse.container}}") update_procedure("docker rm {{applications.discourse.container}}") try: - update_procedure("docker network connect {{applications.discourse.network}} {{ applications['postgres'].hostname }}") + update_procedure("docker network connect {{applications.discourse.network}} {{ applications['bpostgres'].hostname }}") except subprocess.CalledProcessError as e: error_message = e.output.decode() if "already exists" in error_message or "is already connected" in error_message: diff --git a/roles/web-app-akaunting/tasks/main.yml b/roles/web-app-akaunting/tasks/main.yml index 8f2ac86e..0ae199d3 100644 --- a/roles/web-app-akaunting/tasks/main.yml +++ b/roles/web-app-akaunting/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: "load docker, db and proxy for {{application_id}}" +- name: "For '{{ application_id }}': load docker, db and proxy" include_role: name: cmp-db-docker-proxy @@ -9,7 +9,7 @@ detached_files: - "docker-compose.yml" -- name: "create {{docker_compose.files.env}}" +- name: "For '{{ application_id }}': create {{docker_compose.files.env}}" template: src: "env.j2" dest: "{{docker_compose.files.env}}" diff --git a/roles/web-app-attendize/tasks/main.yml b/roles/web-app-attendize/tasks/main.yml index 7d7c024a..351cdaa6 100644 --- a/roles/web-app-attendize/tasks/main.yml +++ b/roles/web-app-attendize/tasks/main.yml @@ -1,9 +1,9 @@ --- -- name: "load docker and db for {{application_id}}" +- name: "For '{{ application_id }}': load docker and db" include_role: name: cmp-db-docker -- name: "include role for {{application_id}} to receive certs & do modification routines" +- name: "For '{{ application_id }}': include role to receive certs & do modification routines" include_role: name: srv-web-7-6-composer vars: @@ -13,13 +13,13 @@ - "{{ domains | get_domain('mailu') }}" - "{{ domain }}" -- name: configure {{domains | get_domain(application_id)}}.conf +- name: "For '{{ application_id }}': configure {{domains | get_domain(application_id)}}.conf" template: src: roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 dest: "{{nginx.directories.http.servers}}{{domains | get_domain(application_id)}}.conf" notify: restart nginx -- name: "include tasks update-repository-with-files.yml" +- name: "For '{{ application_id }}': include tasks update-repository-with-files.yml" include_tasks: utils/update-repository-with-files.yml vars: detached_files: diff --git a/roles/web-app-baserow/tasks/main.yml b/roles/web-app-baserow/tasks/main.yml index 7784973b..e185e3dd 100644 --- a/roles/web-app-baserow/tasks/main.yml +++ b/roles/web-app-baserow/tasks/main.yml @@ -1,4 +1,4 @@ --- -- name: "load docker, db and proxy for {{application_id}}" +- name: "For '{{ application_id }}': load docker, db and proxy" include_role: name: cmp-db-docker-proxy \ No newline at end of file diff --git a/roles/web-app-bigbluebutton/tasks/main.yml b/roles/web-app-bigbluebutton/tasks/main.yml index 2e70aa21..ee9c55cf 100644 --- a/roles/web-app-bigbluebutton/tasks/main.yml +++ b/roles/web-app-bigbluebutton/tasks/main.yml @@ -17,7 +17,7 @@ database_username: "postgres" database_name: "" # Multiple databases -- name: "include role srv-proxy-6-6-domain for {{application_id}}" +- name: "include role srv-proxy-6-6-domain" include_role: name: srv-proxy-6-6-domain diff --git a/roles/web-app-collabora/tasks/main.yml b/roles/web-app-collabora/tasks/main.yml index 2e978708..d5a9664d 100644 --- a/roles/web-app-collabora/tasks/main.yml +++ b/roles/web-app-collabora/tasks/main.yml @@ -10,7 +10,7 @@ - name: Create Docker network for Collabora docker_network: - name: central_mariadb + name: svc-db-mariadb state: present ipam_config: - subnet: "{{ networks.local.collabora.subnet }}" diff --git a/roles/web-app-discourse/tasks/main.yml b/roles/web-app-discourse/tasks/main.yml index 0b3226ae..270c6a9e 100644 --- a/roles/web-app-discourse/tasks/main.yml +++ b/roles/web-app-discourse/tasks/main.yml @@ -43,13 +43,13 @@ meta: flush_handlers when: run_once_docker_discourse is not defined -- name: "Connect {{ applications[application_id].container }} to network {{ applications['postgres'].network }}" +- name: "Connect {{ applications[application_id].container }} to network {{ applications['svc-db-postgres'].network }}" command: > - docker network connect {{ applications['postgres'].network }} {{ applications[application_id].container }} + docker network connect {{ applications['svc-db-postgres'].network }} {{ applications[application_id].container }} register: network_connect failed_when: > network_connect.rc != 0 and - 'Error response from daemon: endpoint with name {{ applications[application_id].container }} already exists in network {{ applications['postgres'].network }}' + 'Error response from daemon: endpoint with name {{ applications[application_id].container }} already exists in network {{ applications["svc-db-postgres"].network }}' not in network_connect.stderr changed_when: network_connect.rc == 0 when: diff --git a/roles/web-app-matrix/tasks/create-and-seed-database.yml b/roles/web-app-matrix/tasks/create-and-seed-database.yml index 6ca24de2..b1dc2353 100644 --- a/roles/web-app-matrix/tasks/create-and-seed-database.yml +++ b/roles/web-app-matrix/tasks/create-and-seed-database.yml @@ -6,7 +6,7 @@ # - database_password - name: "create {{database_name}} database" include_role: - name: svc-postgres + name: svc-db-postgres when: applications | is_feature_enabled('central_database',application_id) - name: "include seed-database-to-backup.yml" diff --git a/roles/web-app-nextcloud/vars/plugins/user_ldap.yml b/roles/web-app-nextcloud/vars/plugins/user_ldap.yml index aabb5260..eda8d215 100644 --- a/roles/web-app-nextcloud/vars/plugins/user_ldap.yml +++ b/roles/web-app-nextcloud/vars/plugins/user_ldap.yml @@ -27,7 +27,7 @@ plugin_configuration: - appid: "user_ldap" configkey: "s01ldap_backup_port" - configvalue: "{{ ports.localhost.ldap.openldap }}" # This is just optimized for local port @todo implement for external ports as well + configvalue: "{{ ports.localhost.ldap['svc-db-openldap'] }}" # This is just optimized for local port @todo implement for external ports as well - appid: "user_ldap" diff --git a/roles/web-app-pgadmin/vars/db_config.yml b/roles/web-app-pgadmin/vars/db_config.yml index 3b1c6773..668e8528 100644 --- a/roles/web-app-pgadmin/vars/db_config.yml +++ b/roles/web-app-pgadmin/vars/db_config.yml @@ -9,6 +9,6 @@ pgadmin_servers: port: "{{ database_port }}" username: "postgres" maintenance_db: "postgres" - password: "{{ applications['postgres'].credentials.postgres_password }}" + password: "{{ applications['svc-db-postgres'].credentials.postgres_password }}" # Here you can add more databases \ No newline at end of file diff --git a/roles/web-app-pgadmin/vars/main.yml b/roles/web-app-pgadmin/vars/main.yml index b376a11a..7c36a0f5 100644 --- a/roles/web-app-pgadmin/vars/main.yml +++ b/roles/web-app-pgadmin/vars/main.yml @@ -1,5 +1,5 @@ application_id: "pgadmin" database_type: "postgres" -database_host: "{{ 'central-' + database_type if applications | is_feature_enabled('central_database',application_id) }}" +database_host: "{{ applications['svc-db-postgres'].hostname if applications | is_feature_enabled('central_database',application_id) }}" pgadmin_user: 5050 pgadmin_group: "{{pgadmin_user}}" \ No newline at end of file diff --git a/roles/web-app-phpmyadmin/templates/env.j2 b/roles/web-app-phpmyadmin/templates/env.j2 index c4ba7046..35766e11 100644 --- a/roles/web-app-phpmyadmin/templates/env.j2 +++ b/roles/web-app-phpmyadmin/templates/env.j2 @@ -1,7 +1,7 @@ # Configuration @see https://hub.docker.com/_/phpmyadmin -PMA_HOST={{applications['mariadb'].hostname}} +PMA_HOST={{applications['svc-db-mariadb'].hostname}} {% if applications[application_id].autologin | bool %} PMA_USER= root -PMA_PASSWORD= "{{applications['mariadb'].credentials.root_password}}" +PMA_PASSWORD= "{{applications['svc-db-mariadb'].credentials.root_password}}" {% endif %} \ No newline at end of file diff --git a/roles/web-app-phpmyadmin/vars/main.yml b/roles/web-app-phpmyadmin/vars/main.yml index 60836a8e..69da9d38 100644 --- a/roles/web-app-phpmyadmin/vars/main.yml +++ b/roles/web-app-phpmyadmin/vars/main.yml @@ -1,3 +1,3 @@ application_id: "phpmyadmin" database_type: "mariadb" -database_host: "{{ 'central-' + database_type if applications | is_feature_enabled('central_database',application_id) }}" \ No newline at end of file +database_host: "{{ applications['svc-db-mariadb'].hostname if applications | is_feature_enabled('central_database',application_id) }}" \ No newline at end of file diff --git a/tests/integration/test_networks_unique_valid_and_mapped.py b/tests/integration/test_networks_unique_valid_and_mapped.py new file mode 100644 index 00000000..aa2e6102 --- /dev/null +++ b/tests/integration/test_networks_unique_valid_and_mapped.py @@ -0,0 +1,104 @@ +import os +import unittest +import yaml +import glob +import ipaddress + +class TestNetworksUniqueValidAndMapped(unittest.TestCase): + @classmethod + def setUpClass(cls): + # locate group_vars/all/10_networks.yml + base_dir = os.path.dirname(__file__) + cls.networks_file = os.path.abspath( + os.path.join(base_dir, '..', '..', 'group_vars', 'all', '10_networks.yml') + ) + if os.path.isfile(cls.networks_file): + with open(cls.networks_file, 'r', encoding='utf-8') as f: + cls.networks_data = yaml.safe_load(f) + else: + cls.networks_data = None + + def test_networks_file_exists(self): + """Fail if the networks file is missing.""" + self.assertTrue( + os.path.isfile(self.networks_file), + f"{self.networks_file} does not exist." + ) + + def test_unique_and_non_overlapping_subnets(self): + """Ensure that all subnets are valid, unique and do not overlap.""" + if self.networks_data is None: + self.skipTest("10_networks.yml not found, skipping subnet validation.") + + # extract all named subnets under defaults_networks.local + local = self.networks_data.get('defaults_networks', {}).get('local', {}) + name_to_net = {} + for name, cfg in local.items(): + subnet = cfg.get('subnet') + if not subnet: + continue + try: + net = ipaddress.ip_network(subnet) + except ValueError as e: + self.fail(f"Invalid subnet for network '{name}': {subnet} ({e})") + name_to_net[name] = net + + # check for duplicate subnets + nets = list(name_to_net.values()) + if len(nets) != len(set(nets)): + seen = {} + dupes = [] + for nm, net in name_to_net.items(): + if net in seen: + dupes.append(f"{seen[net]} and {nm} both use {net}") + else: + seen[net] = nm + self.fail("Duplicate subnets detected:\n" + "\n".join(dupes)) + + # check for overlaps + items = list(name_to_net.items()) + for i in range(len(items)): + name1, net1 = items[i] + for j in range(i+1, len(items)): + name2, net2 = items[j] + if net1.overlaps(net2): + self.fail( + f"Subnet overlap between '{name1}' ({net1}) and " + f"'{name2}' ({net2})." + ) + + def test_network_names_mapped_to_application_id(self): + """ + Ensure each network name with a subnet under defaults_networks.local + matches an application_id in some roles/*/vars/main.yml. + """ + if self.networks_data is None: + self.skipTest("10_networks.yml not found, skipping application_id mapping check.") + + # collect network names + local = self.networks_data.get('defaults_networks', {}).get('local', {}) + network_names = [name for name, cfg in local.items() if 'subnet' in cfg] + + # gather all application_id values from roles/*/vars/main.yml + base_dir = os.path.dirname(__file__) + roles_dir = os.path.abspath(os.path.join(base_dir, '..', '..', 'roles')) + app_ids = set() + for role_path in glob.glob(os.path.join(roles_dir, '*')): + vars_file = os.path.join(role_path, 'vars', 'main.yml') + if not os.path.isfile(vars_file): + continue + with open(vars_file, 'r', encoding='utf-8') as f: + data = yaml.safe_load(f) or {} + app_id = data.get('application_id') + if app_id: + app_ids.add(app_id) + + missing = [nm for nm in network_names if nm not in app_ids] + if missing: + self.fail( + "The following networks have no matching application_id in any role:\n" + + ", ".join(missing) + ) + +if __name__ == '__main__': + unittest.main() diff --git a/tests/unit/roles/svc-openldap/__init__.py b/tests/unit/roles/svc-db-openldap/__init__.py similarity index 100% rename from tests/unit/roles/svc-openldap/__init__.py rename to tests/unit/roles/svc-db-openldap/__init__.py diff --git a/tests/unit/roles/svc-openldap/test_build_ldap_role_entries.py b/tests/unit/roles/svc-db-openldap/test_build_ldap_role_entries.py similarity index 98% rename from tests/unit/roles/svc-openldap/test_build_ldap_role_entries.py rename to tests/unit/roles/svc-db-openldap/test_build_ldap_role_entries.py index 6576019c..193c4300 100644 --- a/tests/unit/roles/svc-openldap/test_build_ldap_role_entries.py +++ b/tests/unit/roles/svc-db-openldap/test_build_ldap_role_entries.py @@ -5,7 +5,7 @@ import importlib.util # Dynamisch den Filter-Plugin Pfad hinzufügen current_dir = os.path.dirname(__file__) -filter_plugin_path = os.path.abspath(os.path.join(current_dir, "../../../../roles/svc-openldap/filter_plugins")) +filter_plugin_path = os.path.abspath(os.path.join(current_dir, "../../../../roles/svc-db-openldap/filter_plugins")) # Modul dynamisch laden spec = importlib.util.spec_from_file_location("build_ldap_role_entries", os.path.join(filter_plugin_path, "build_ldap_role_entries.py"))