fix mono_multi (#20) (#21)

* fix mono_multi

* fix orthograph, remove dlab

* Let default tenants

Co-authored-by: Ro3034 <romaingordolo@gmail.com>

deploymentByVitam/README.rst

@@ -12,11 +12,17 @@ Préparation
 
 Créer un inventaire depuis ``environments/hosts.example``
 
-Adaptation des grou_vars
+Adaptation des group_vars
 -------------------------
 
 Editer les fichiers
 
+Surcharge
+----------
+
+Editer le fichier vitamui_extra_vars.yml pour surcharger les variables
+de group_vas/all si nécessaire.
+
 Bootstrap
 ---------
 
@@ -41,9 +47,24 @@ PKI
 
 ./generate_stores.sh <inventaire>
 
+Création des hostvars
+----------------------
+
+ansible-playbook -i <inventaire> generate_hostvars_for_1_network_interface.yml --vault-password-file vault_pass.txt
+
+Création des repositories
+-------------------------
+
+ansible-playbook --become -i <inventaire> bootstrap.yml --vault-password-file vault_pass.txt [ --extra-vars=@./environments/vitamui_extra_vars.yml ]
+
 
 Déploiement
 ------------
 
-ansible-playbook -i <inventaire> vitamui.yml --vault-password-file vault_pass.txt
+ansible-playbook -i <inventaire> vitamui.yml --vault-password-file vault_pass.txt [ --extra-vars=@./environments/vitamui_extra_vars.yml ]
+
+
+Désinstallation
+----------------
 
+ansible-playbook -i <inventaire> uninstall.yml --vault-password-file vault_pass.txt [ --extra-vars=@./environments/vitamui_extra_vars.yml ]

deploymentByVitam/environments/group_vars/all/reverse_proxy_conf.yml

 ---
 
+# Choose your reverse
+
+#reverse: nginx
 reverse: apache

deploymentByVitam/environments/hosts.vitamui

+[hosts]
+
+localhost    ansible_host=127.0.0.1 ansible_connection=local    ip_admin=127.0.0.1   ip_service=127.0.0.1
+
+#vitamui host
+vitamui-env   ansible_host=changeme    ip_service=changeme     ip_admin=changeme
+
+#vitam host
+vitam-env    ansible_host=changeme   ip_service=changeme   ip_admin=changeme
+
+
+
+[hosts:children]
+vitam
+hosts_vitamui
+zone_vitamui_rp
+
+[vitam:children]
+hosts_consul_server
+hosts_ingest_external
+hosts_access_external
+hosts_ihm_demo
+hosts_elasticsearch_log
+hosts_functionnal_admin
+hosts_security_internal
+
+
+# SERVER LIST vitamui machines
+[hosts_vitamui:children]
+zone_vitamui_ui
+zone_vitamui_cas
+zone_vitamui_app
+zone_vitamui_data
+zone_vitamui_infra
+zone_vitamui_admin
+
+
+########################################################
+# ZONE Infra
+[zone_vitamui_infra:children]
+hosts_vitamui_logstash
+hosts_vitamui_consul_server
+
+[hosts_vitamui_logstash]
+# EDIT
+# not for the moment...
+vitamui-env
+
+[hosts_vitamui_consul_server]
+# EDIT
+vitamui-env
+
+########################################################
+# ZONE Data
+
+[zone_vitamui_data:children]
+hosts_vitamui_mongod
+
+[hosts_vitamui_mongod]
+# EDIT
+vitamui-env mongo_cluster_name=mongo-vitamui mongo_rs_bootstrap=true mongo_express=true
+
+########################################################
+# ZONE reverseproxy
+
+[zone_vitamui_rp:children]
+hosts_vitamui_reverseproxy
+
+[hosts_vitamui_reverseproxy]
+# EDIT
+vitamui-env
+#localhost
+
+########################################################
+# ZONE APP
+
+[zone_vitamui_app:children]
+hosts_vitamui_iam_internal
+hosts_vitamui_iam_external
+hosts_vitamui_security_internal
+
+[hosts_vitamui_iam_internal]
+# EDIT
+vitamui-env
+
+[hosts_vitamui_iam_external]
+# EDIT
+vitamui-env
+
+[hosts_vitamui_security_internal]
+vitamui-env
+
+########################################################
+# ZONE UI
+
+[zone_vitamui_ui:children]
+hosts_ui_identity
+hosts_ui_portal
+hosts_ui_search
+
+[hosts_ui_identity]
+# EDIT
+vitamui-env
+
+[hosts_ui_portal]
+# EDIT
+vitamui-env
+
+[hosts_ui_search]
+# EDIT
+vitamui-env
+
+########################################################
+# ZONE ADMIN
+
+[zone_vitamui_admin:children]
+hosts_ui_identity_admin
+
+[hosts_ui_identity_admin]
+# EDIT
+vitamui-env
+
+########################################################
+# ZONE CAS
+
+[zone_vitamui_cas:children]
+hosts_cas_server
+
+[hosts_cas_server]
+# EDIT
+vitamui-env
+
+########################################################
+# ZONE TOOLS
+
+# SERVER LIST bastion
+#
+# Jump servers where ssh jump will be installed
+#
+[bastion]
+# EDIT
+
+
+
+# SERVER LIST os_repository
+#
+# Servers hosting vitamui yum repository
+#
+[os_repository]
+# EDIT
+
+
+
+# SERVER LIST remote deployer
+#
+# Server where all tools needed for executing vitamui/vitam playbooks will be installed
+#
+[deployer]
+# EDIT
+
+
+# SERVER LIST remote access config
+#
+# Servers needing ssh acces configured. The role needs user/password for ssh connect and set's up vitamuiroot user + public key auth
+#
+[configure_remote_access]
+# EDIT
+
+
+# SERVER LIST backup
+#
+# Servers where backup mount / dir will be installed
+#
+[backup]
+# EDIT
+
+
+
+#
+# **************************************    ZONES VITAM   ******************************************************
+#
+
+# MINIMUM REQUIRED IN ZONE VITAM
+[hosts_consul_server]
+vitam-env
+
+[hosts_ingest_external]
+vitam-env
+
+[hosts_access_external]
+vitam-env
+
+[hosts_ihm_demo]
+vitam-env
+
+# [hosts_elasticsearch_log]
+# localhost
+
+[hosts_elasticsearch_log]
+vitam-env
+
+[hosts_functionnal_admin]
+vitam-env
+
+[hosts_security_internal]
+vitam-env
+
+########################################################
+# VARS - common VITAMUI and VITAM
+########################################################
+[hosts:vars]
+dns_servers=["8.8.8.8"]
+
+#ansible_ssh_user=centos
+#ansible_become=true
+vitam_site_name=changeme
+consul_domain=consul
+
+# Reverse configuration
+vitam_reverse_external_dns=changeme
+vitam_reverse_external_protocol=https
+reverse_proxy_port=443
+http_proxy_environnement=
+
+## Uncomment and fill for remote deploy
+#ansible_connection=ssh
+ansible_ssh_user=changeme
+ansible_ssh_private_key_file=changeme
+ansible_become_pass=changeme
+
+
+
+ansible_ssh_common_args='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
+
+## Activate vitam instance proxying
+vitam_ihm_demo_proxy=true
+
+## Activate consul_ui_proxy instance
+consul_ui_proxy=true
+mongo_shard_id=0

deploymentByVitam/environments/vitamui_extra_vars.yml

+#Extra vars for vitamui (for custom usage)
+
+###
+# cas.yml overload
+url_prefix: "changeme"
+
+###
+# consul_vars.yml overload
+vitamui_site_name: "changeme"
+
+consul_remote_sites:
+    - vitamui:
+      name: "changeme"
+      wan: ["changeme"]
+
+###
+# infra.yml
+smtp:
+  host: changeme
+  port: 587
+  user: no-reply@changeme
+  password: changeme
+  test_smtp_connection: false
+  auth: true
+  tls_enable: true
+  cas:
+    sender: no-reply@changeme
+    expiration: 10 # in minutes
+
+sms:
+  enabled: true
+  account: "changeme"
+  token: "changeme"
+  sender: 'changeme'
+
+###
+# repositories.yml
+
+repository_user: changeme
+repository_password: changeme
+repository_url: "changeme"
+
+vitam_repository_url: "changeme"
+
+vitam_repositories:
+    - key: vitamui
+      value: "{{ repository_url }}"
+      proxy: ""
+    - key: vitam-java
+      value: "{{ repository_url }}"
+      proxy: ""
+    - key: vitam-doc
+      value: "{{ repository_url }}"
+      proxy: ""
+    - key: vitam-external
+      value: "{{ repository_url }}"
+      proxy: ""
+    - key: vitam-product
+      value: "{{ vitam_repository_url }}"
+      proxy: ""
+
+###
+# reverse domain name for nginx (uncomment base_url if nginx)
+#
+vitamui:
+  ui_consul:
+    server_name: "{{ vitam_site_name }}.teamdlab.com"
+  ui_mongo_express:
+    server_name: "{{ vitam_site_name }}.teamdlab.com"
+  identity:
+    server_name: "{{ vitam_site_name }}-identity.teamdlab.com"
+   # base_url: "https://{{ vitam_site_name }}-identity.teamdlab.com"
+  identity_admin:
+    server_name:  "{{ vitam_site_name }}-identity-admin.teamdlab.com"
+   # base_url: "https://{{ vitam_site_name }}-identity-admin.teamdlab.com"
+  portal:
+    server_name: "{{ vitam_site_name }}-portal.teamdlab.com"
+   # base_url: "https://{{ vitam_site_name }}-portal.teamdlab.com"
+  cas_server:
+   server_name: "{{ vitam_site_name }}-cas.teamdlab.com"
+  # base_url:  "https://{{ vitam_site_name }}-cas.teamdlab.com"
+  vitam_host:
+    server_name: "{{ vitam_site_name }}-vitam.teamdlab.com"

deploymentByVitam/filter_plugins/cert_to_str_filter.py

@@ -14,7 +14,7 @@ def cert_to_str(certificate_content):
          with open("/tmp/log","w") as f:
              f.write("".join([line for line in certificate_content.splitlines() if not cert_header_pattern.match(line)]))
          return "".join([line for line in certificate_content.splitlines() if not cert_header_pattern.match(line)])
-    except Exception, e:
+    except Exception as e:
         raise errors.AnsibleFilterError(
             'certificate cannot be reduced to string ()'.str(e.message))
 

deploymentByVitam/filter_plugins/normpath_filter.py

@@ -4,7 +4,7 @@ from ansible import errors
 def normpath(*paths):
     try:
         return  os.path.normpath( "/" .join(paths))
-    except Exception, e:
+    except Exception as e:
         raise errors.AnsibleFilterError(
             'error joining path()'.str(e.message))
 

deploymentByVitam/roles/init_bdd/tasks/cas.yml

@@ -22,7 +22,6 @@
 - name: Load cas scripts in database
   command: "mongo {{ ip_service }}:{{ mongodb.mongod_port }}/admin {{ mongo_credentials }} {{ vitamui_defaults.folder.root_path }}/app/mongod/cas/{{ item | basename | regex_replace('\\.j2$') }}"
   no_log: "{{ hide_passwords_during_deploy }}"
-  with_fileglob:
-    - "{{ role_path }}/templates/cas/*"
+  loop: "{{ query('fileglob', \"{{ role_path }}/templates/cas/*\")|sort }}"
   tags:
     - update_mongodb_configuration

deploymentByVitam/roles/init_bdd/tasks/iam.yml

@@ -23,7 +23,6 @@
 - name: Load iam scripts in database
   command: "mongo {{ ip_service }}:{{ mongodb.mongod_port }}/admin {{ mongo_credentials }} {{ vitamui_defaults.folder.root_path }}/app/mongod/iam/{{ item | basename | regex_replace('\\.j2$') }}"
   no_log: "{{ hide_passwords_during_deploy }}"
-  with_fileglob:
-    - "{{ role_path }}/templates/iam/*"
+  loop: "{{ query('fileglob', \"{{ role_path }}/templates/iam/*\")|sort }}"
   tags:
     - update_mongodb_configuration

deploymentByVitam/roles/init_bdd/tasks/security.yml

@@ -23,7 +23,6 @@
 - name: Load security scripts in database
   command: "mongo {{ ip_service }}:{{ mongodb.mongod_port }}/admin {{ mongo_credentials }} {{ vitamui_defaults.folder.root_path }}/app/mongod/security/{{ item | basename | regex_replace('\\.j2$') }}"
   no_log: "{{ hide_passwords_during_deploy }}"
-  with_fileglob:
-    - "{{ role_path }}/templates/security/*"
+  loop: "{{ query('fileglob', \"{{ role_path }}/templates/security/*\")|sort }}"
   tags:
     - update_mongodb_configuration

deploymentByVitam/roles/reverse/templates/apache/httpd_config

@@ -34,7 +34,12 @@
     # Don't check the hostname of the server
     SSLProxyCheckPeerName off
     KeepAlive Off
-    # CONSUL 
+
+    # Filter to change url inside  html and js files
+    AddOutputFilterByType SUBSTITUTE text/html
+    AddOutputFilterByType SUBSTITUTE text/javascript
+
+    # CONSUL
 
 {% if groups['hosts_vitamui_consul_server']|length >0 %}
     # Consul UI
@@ -61,13 +66,16 @@
 {% for host in groups['hosts_ui_identity_admin'] %}
     ProxyPassMatch ^/identity-admin(/.*)$ {% if vitamui.identity_admin.secure|lower == "true" %}https{% else %}http{% endif %}://{{hostvars[host]['ip_service']}}:{{ vitamui.identity_admin.port_service }}/identity$1 {{reverse_connection_params}}
     ProxyPassReverse /identity-admin {% if vitamui.identity_admin.secure|lower == "true" %}https{% else %}http{% endif %}://{{hostvars[host]['ip_service']}}:{{ vitamui.identity_admin.port_service }}/identity
+
     ProxyHTMLURLMap {{ vitam_reverse_external_protocol }}://{{ vitam_reverse_external_dns }}/identity-admin/ /identity
+
     <Location /identity-admin/>
        ProxyPassReverse /identity/
        SetOutputFilter proxy-html
        ProxyHTMLURLMap /identity/ {{ vitam_reverse_external_protocol }}://{{ vitam_reverse_external_dns }}/identity-admin/
        ProxyHTMLURLMap  /identity/ /identity-admin/
-       ProxyHTMLURLMap /identity-admin/ /identity-admin/
+       Substitute s|/identity/|{{ vitam_reverse_external_protocol }}://{{ vitam_reverse_external_dns }}/identity-admin/|i
+       Substitute s|/identity/|/identity-admin/|i
        RequestHeader unset Accept-Encoding
     </Location>
 {% endfor %}
@@ -105,6 +113,4 @@
     ProxyPassReverse  / {% if vitamui.portal.secure|lower == "true" %}https{% else %}http{% endif %}://{{hostvars[host]['ip_service']}}:{{ vitamui.portal.port_service }}/
 {% endfor %}
 
-
-
 </VirtualHost>

deploymentByVitam/roles/reverse/templates/nginx/conf.d/proxy_vhosts.conf.j2

@@ -12,7 +12,7 @@ server {
 
     listen 443 ssl;
     include {{ reverse_conf_dir }}/ssl/ssl.conf;
-    server_name  {{ vitam_site_name }}.teamdlab.com;
+    server_name  {{ vitamui.ui_mongo_express.server_name }};
 
     location /mongo-express {
         proxy_pass http://mongo_express;
@@ -36,7 +36,7 @@ server {
 
     listen 443 ssl;
     include {{ reverse_conf_dir }}/ssl/ssl.conf;
-    server_name  {{ vitam_site_name }}.teamdlab.com;
+    server_name  {{ vitamui.ui_consul.server_name }};
 
     location /ui/ {
         proxy_pass http://consul_ui;
@@ -170,7 +170,7 @@ server {
     listen 443 ssl;
     include {{ reverse_conf_dir }}/ssl/ssl.conf;
 
-    server_name "{{ vitam_site_name }}-portal.teamdlab.com";
+    server_name "{{ vitamui.portal.server_name }}";
 
     location / {
         proxy_pass https://ui_portal;

deploymentByVitam/roles/vitamui/templates/cas-server/application.yml.j2

@@ -5,7 +5,6 @@ server:
     key-store-password: {{ password_keystore }}
     key-password: {{ password_manager_keystore }}
 {% endif %}
-  context-path: /cas
   host: {{ ip_service }}
   port: {{ vitamui_struct.port_service }}
 {% if vitamui.cas_server.base_url is defined %}
@@ -143,7 +142,7 @@ mfa.sms.sender: "{{ sms.sender }}"
 {% endif %}
 
 
-vitamui.portal.url: {{ vitamui.portal.base_url|default('url_prefix') }}
+vitamui.portal.url: {{ vitamui.portal.base_url|default(url_prefix) }}
 
 
 token.api.cas: tokcas_ie6UZsEcHIWrfv2x

deploymentByVitam/roles/vitamui/templates/ui-identity-admin/application.yml.j2

@@ -94,6 +94,7 @@ cas:
   external-url: "{{ url_prefix }}/cas"
 {% endif %}
   internal-url: {% if vitamui.cas_server.secure|lower == "true" %}https{% else %}http{% endif %}://{{ vitamui.cas_server.host }}:{{ vitamui.cas_server.port_service }}{% if vitamui.cas_server.base_url is undefined %}/cas{% endif %}
+
   callback-url: ${ui.url}/identity-api/callback
 {% if vitamui.cas_server.secure|lower == "true" %}
   ssl:

deploymentByVitam/roles/vitamui/templates/ui-identity/application.yml.j2

@@ -91,6 +91,7 @@ cas:
   external-url: "{{ url_prefix }}/cas"
 {% endif %}
   internal-url: {% if vitamui.cas_server.secure|lower == "true" %}https{% else %}http{% endif %}://{{ vitamui.cas_server.host }}:{{ vitamui.cas_server.port_service }}{% if vitamui.cas_server.base_url is undefined %}/cas{% endif %}
+
   callback-url: ${ui.url}/identity-api/callback
 {% if vitamui.iam_external.secure|lower == "true" %}
   ssl:

deploymentByVitam/roles/vitamui/templates/ui-portal/application.yml.j2

@@ -84,6 +84,7 @@ cas:
   external-url: "{{ url_prefix }}/cas"
 {% endif %}
   internal-url: {% if vitamui.cas_server.secure|lower == "true" %}https{% else %}http {% endif %}://{{ vitamui.cas_server.host }}:{{ vitamui.cas_server.port_service }}{% if vitamui.cas_server.base_url is undefined %}/cas{% endif %}
+
   callback-url: ${ui.url}/portal-api/callback
 {% if vitamui.cas_server.secure|lower == "true" %}
   ssl:

deploymentByVitam/uninstall.yml

+- hosts: localhost
+  connection: local
+  become: false
+  roles:
+    - bootstrap_ansible
+
+- hosts: hosts_vitamui
+  gather_facts: false
+
+  tasks:
+    - name: Stop all vitamui services
+      shell: "systemctl stop vitam*"
+      ignore_errors: yes
+
+    - name: Stop all dlab services
+      shell: "systemctl stop dlab*"
+      ignore_errors: yes
+
+    # Uninstalling package will remove systemd unit files
+    - name: Uninstall vitamui packages
+      yum:
+        name: "vitam*"
+        state: removed
+      ignore_errors: yes
+
+    - name: Reload systemd
+      command: systemctl daemon-reload
+
+    - name: Clean systemd
+      command: systemctl reset-failed
+
+#    - name: Remove yum repository
+#      file:
+#        path: "/etc/yum.repos.d/{{ item }}.repo"
+#        state: absent
+#      with_items:
+#        - logstash
+#        - mongo
+
+    - name: Clean repository metadata
+      shell: yum clean metadata
+      ignore_errors: yes
+
+    - name: Ensure yum cache is reset
+      command: yum makecache
+      ignore_errors: yes
+
+    - name: Remove vitamui file system
+      command: rm -Rf /vitamui
+      ignore_errors: yes
+
+    - name: Remove vitam file system
+      command: rm -Rf /vitam
+      ignore_errors: yes