Merge pull request #7 from Diesel-Net/development

Promotion
Diesel-Net · Jun 20, 2021 · d753922 · d753922
2 parents 3a9e1cb + c1f4b88
commit d753922
Show file tree

Hide file tree

Showing 18 changed files with 79 additions and 50 deletions.
diff --git a/.ansible/group_vars/all/dockerhub.yaml b/.ansible/group_vars/all/dockerhub.yaml
@@ -0,0 +1,16 @@
+dockerhub_username: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  61343931653064343262373039383165386135303532333132336131303439316230396536313564
+  3230313537303633326465393436316161613830346331390a306264346462356165376136663930
+  30393661636338376631623537336537623035376336633635353561643033303462346461353461
+  6635663734373038640a616566636338613863363065336435653862396439633030653437623633
+  3263
+  
+dockerhub_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  62343130333463643237633263643335366561623466643036346234346337366233356166633538
+  3831316665336164626361303062643433373931663133310a356664623262353638666266663934
+  62396632306565393435343338353030653930376362346666616135303764323766656134633031
+  3436663938363265300a303136366230373332323831306465303263353131623765356533333232
+  65386462636437376538636363336432613834616165376137393064303764653239393339643862
+  6236613761656161393063393633303338613934323061316239
diff --git a/.ansible/inventory/development/group_vars/tools/proxy.yaml b/.ansible/inventory/development/group_vars/tools/proxy.yaml
@@ -1,13 +1,16 @@
 proxy:
 
-  main:
-    service: '{{ git_repository }}-{{ git_branch }}-main'
+  - service: '{{ git_repository }}-{{ git_branch }}-main'
     port: 8081
     router: '{{ git_repository }}-{{ git_branch }}-main'
     host: nexus.dev.diesel.net
 
-  docker: 
-    service: '{{ git_repository }}-{{ git_branch }}-docker'
+  - service: '{{ git_repository }}-{{ git_branch }}-docker'
     port: 8082
     router: '{{ git_repository }}-{{ git_branch }}-docker'
     host: docker.nexus.dev.diesel.net
+
+  - service: '{{ git_repository }}-{{ git_branch }}-docker-proxy'
+    port: 8083
+    router: '{{ git_repository }}-{{ git_branch }}-docker-proxy'
+    host: proxy.docker.nexus.dev.diesel.net
diff --git a/.ansible/inventory/development/group_vars/tools/repositories.yaml b/.ansible/inventory/development/group_vars/tools/repositories.yaml
@@ -17,7 +17,7 @@ repositories:
       docker:
         v1Enabled: false
         forceBasicAuth: false
-        httpPort: '{{ proxy.docker.port }}'
+        httpPort: '{{ proxy[1].port }}'
 
 
   - format: docker
@@ -46,10 +46,14 @@ repositories:
           enableCircularRedirects: false
           enableCookies: false
           useTrustStore: false
+        authentication:
+          type: "username"
+          username: "{{ dockerhub_username }}"
+          password: "{{ dockerhub_password }}"
       docker:
         v1Enabled: false
         forceBasicAuth: false
-        httpPort: '{{ proxy.docker.port + 1 }}'
+        httpPort: '{{ proxy[2].port }}'
       dockerProxy:
         indexType: 'HUB'
         indexUrl: 'https://index.docker.io/'

diff --git a/.ansible/inventory/production/group_vars/tools/proxy.yaml b/.ansible/inventory/production/group_vars/tools/proxy.yaml
@@ -1,13 +1,16 @@
 proxy:
 
-  main:
-    service: '{{ git_repository }}-{{ git_branch }}-main'
+  - service: '{{ git_repository }}-{{ git_branch }}-main'
     port: 8081
     router: '{{ git_repository }}-{{ git_branch }}-main'
     host: nexus.diesel.net
 
-  docker: 
-    service: '{{ git_repository }}-{{ git_branch }}-docker'
+  - service: '{{ git_repository }}-{{ git_branch }}-docker'
     port: 8082
     router: '{{ git_repository }}-{{ git_branch }}-docker'
     host: docker.nexus.diesel.net
+
+  - service: '{{ git_repository }}-{{ git_branch }}-docker-proxy'
+    port: 8083
+    router: '{{ git_repository }}-{{ git_branch }}-docker-proxy'
+    host: proxy.docker.nexus.diesel.net
diff --git a/.ansible/inventory/production/group_vars/tools/repositories.yaml b/.ansible/inventory/production/group_vars/tools/repositories.yaml
@@ -17,7 +17,7 @@ repositories:
       docker:
         v1Enabled: false
         forceBasicAuth: false
-        httpPort: '{{ proxy.docker.port }}'
+        httpPort: '{{ proxy[1].port }}'
 
 
   - format: docker
@@ -46,10 +46,14 @@ repositories:
           enableCircularRedirects: false
           enableCookies: false
           useTrustStore: false
+        authentication:
+            type: "username"
+            username: "{{ dockerhub_username }}"
+            password: "{{ dockerhub_password }}"
       docker:
         v1Enabled: false
         forceBasicAuth: false
-        httpPort: '{{ proxy.docker.port + 1 }}'
+        httpPort: '{{ proxy[2].port }}'
       dockerProxy:
         indexType: 'HUB'
         indexUrl: 'https://index.docker.io/'

diff --git a/.ansible/roles/configure_active_realms/tasks/configure.yaml b/.ansible/roles/configure_active_realms/tasks/configure.yaml
@@ -1,6 +1,6 @@
 - name: Update active realms
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/realms/active
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/realms/active
     method: PUT
     headers:
       content-type: 'application/json'

diff --git a/.ansible/roles/configure_anonymous_access/tasks/configure.yaml b/.ansible/roles/configure_anonymous_access/tasks/configure.yaml
@@ -1,6 +1,6 @@
 - name: Configure anonymous access for `{{ payload.realmName }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/anonymous
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/anonymous
     method: PUT
     headers:
       content-type: 'application/json'

diff --git a/.ansible/roles/configure_capabilities/tasks/configure.yaml b/.ansible/roles/configure_capabilities/tasks/configure.yaml
@@ -1,6 +1,6 @@
 - name: Create capability `{{ payload.typeId }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/extdirect
+    url: https://{{ proxy[0].host }}/service/extdirect
     method: POST
     headers:
       content-type: 'application/json'

diff --git a/.ansible/roles/configure_certificates/tasks/configure.yaml b/.ansible/roles/configure_certificates/tasks/configure.yaml
@@ -1,6 +1,6 @@
 - name: Get all certificates in nexus trust store
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/ssl/truststore
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/ssl/truststore
     method: GET
     headers:
       content-type: 'application/json'
@@ -18,7 +18,7 @@
 
 - name: Get PEM for `{{ certificate.host }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/ssl/?host={{ certificate.host | urlencode }}&port={{ certificate.port | urlencode }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/ssl/?host={{ certificate.host | urlencode }}&port={{ certificate.port | urlencode }}
     method: GET
     headers:
       content-type: 'application/json'
@@ -38,7 +38,7 @@
 
 - name: Add certificate `{{ certificate.host }}` to nexus trust store
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/ssl/truststore
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/ssl/truststore
     method: POST
     headers:
       content-type: 'application/json'

diff --git a/.ansible/roles/configure_cleanup_policies/tasks/configure.yaml b/.ansible/roles/configure_cleanup_policies/tasks/configure.yaml
@@ -1,6 +1,6 @@
 - name: Get cleanup policy `{{ payload.name }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/internal/cleanup-policies/{{ payload.name }}
+    url: https://{{ proxy[0].host }}/service/rest/internal/cleanup-policies/{{ payload.name }}
     method: GET
     headers:
       content-type: 'application/json'
@@ -19,7 +19,7 @@
 
 - name: Create cleanup policy `{{ payload.name }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/internal/cleanup-policies
+    url: https://{{ proxy[0].host }}/service/rest/internal/cleanup-policies
     method: POST
     headers:
       content-type: 'application/json'
@@ -34,7 +34,7 @@
 
 - name: Update cleanup policy `{{ payload.name }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/internal/cleanup-policies/{{ payload.name }}
+    url: https://{{ proxy[0].host }}/service/rest/internal/cleanup-policies/{{ payload.name }}
     method: PUT
     headers:
       content-type: 'application/json'

diff --git a/.ansible/roles/configure_ldap_connections/tasks/configure.yaml b/.ansible/roles/configure_ldap_connections/tasks/configure.yaml
@@ -1,6 +1,6 @@
 - name: Get ldap connection `{{ payload.name }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/ldap/{{ payload.name }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/ldap/{{ payload.name }}
     method: GET
     headers:
       content-type: 'application/json'
@@ -19,7 +19,7 @@
 
 - name: Create ldap connection `{{ payload.name }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/ldap
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/ldap
     method: POST
     headers:
       content-type: 'application/json'
@@ -34,7 +34,7 @@
 
 - name: Update ldap connection `{{ payload.name }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/ldap/{{ payload.name }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/ldap/{{ payload.name }}
     method: PUT
     headers:
       content-type: 'application/json'

diff --git a/.ansible/roles/configure_privileges/tasks/configure.yaml b/.ansible/roles/configure_privileges/tasks/configure.yaml
@@ -1,6 +1,6 @@
 - name: Get privilege `{{ privilege.payload.name }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/privileges/{{ privilege.payload.name }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/privileges/{{ privilege.payload.name }}
     method: GET
     headers:
       content-type: 'application/json'
@@ -19,7 +19,7 @@
 
 - name: Create {{ privilege.type }} privilege `{{ privilege.payload.name }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/privileges/{{ privilege.type }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/privileges/{{ privilege.type }}
     method: POST
     headers:
       content-type: 'application/json'
@@ -34,7 +34,7 @@
 
 - name: Update {{ privilege.type }} privilege `{{ privilege.payload.name }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/privileges/{{ privilege.type }}/{{ privilege.payload.name }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/privileges/{{ privilege.type }}/{{ privilege.payload.name }}
     method: PUT
     headers:
       content-type: 'application/json'

diff --git a/.ansible/roles/configure_repositories/tasks/configure.yaml b/.ansible/roles/configure_repositories/tasks/configure.yaml
@@ -1,6 +1,6 @@
 - name: Get {{ repo.format }} {{ repo.type }} repository `{{ repo.payload.name }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/repositories/{{ repo.format }}/{{ repo.type }}/{{ repo.payload.name }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/repositories/{{ repo.format }}/{{ repo.type }}/{{ repo.payload.name }}
     method: GET
     headers:
       content-type: 'application/json'
@@ -19,7 +19,7 @@
 
 - name: Create {{ repo.format }} {{ repo.type }} repository `{{ repo.payload.name }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/repositories/{{ repo.format }}/{{ repo.type }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/repositories/{{ repo.format }}/{{ repo.type }}
     method: POST
     headers:
       content-type: 'application/json'
@@ -34,7 +34,7 @@
 
 - name: Update {{ repo.format }} {{ repo.type }} repository `{{ repo.payload.name }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/repositories/{{ repo.format }}/{{ repo.type }}/{{ repo.payload.name }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/repositories/{{ repo.format }}/{{ repo.type }}/{{ repo.payload.name }}
     method: PUT
     headers:
       content-type: 'application/json'

diff --git a/.ansible/roles/configure_repositories/tasks/remove.yaml b/.ansible/roles/configure_repositories/tasks/remove.yaml
@@ -1,6 +1,6 @@
 - name: Get {{ repo.format }} {{ repo.type }} repository `{{ repo.payload.name }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/repositories/{{ repo.format }}/{{ repo.type }}/{{ repo.payload.name }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/repositories/{{ repo.format }}/{{ repo.type }}/{{ repo.payload.name }}
     method: GET
     headers:
       content-type: 'application/json'
@@ -19,7 +19,7 @@
 
 - name: Remove repository `{{ repo.payload.name }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/repositories/{{ repo.payload.name }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/repositories/{{ repo.payload.name }}
     method: DELETE
     headers:
       content-type: 'application/json'

diff --git a/.ansible/roles/configure_roles/tasks/configure.yaml b/.ansible/roles/configure_roles/tasks/configure.yaml
@@ -1,6 +1,6 @@
 - name: Get role `{{ payload.id }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/roles/{{ payload.id | urlencode }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/roles/{{ payload.id | urlencode }}
     method: GET
     headers:
       content-type: 'application/json'
@@ -19,7 +19,7 @@
 
 - name: Create role `{{ payload.id }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/roles
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/roles
     method: POST
     headers:
       content-type: 'application/json'
@@ -34,7 +34,7 @@
 
 - name: Update role `{{ payload.id }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/roles/{{ payload.id | urlencode }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/roles/{{ payload.id | urlencode }}
     method: PUT
     headers:
       content-type: 'application/json'

diff --git a/.ansible/roles/configure_users/tasks/configure.yaml b/.ansible/roles/configure_users/tasks/configure.yaml
@@ -1,6 +1,6 @@
 - name: Get user `{{ payload.userId }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/users/?userId={{ payload.userId | urlencode }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/users/?userId={{ payload.userId | urlencode }}
     method: GET
     headers:
       content-type: 'application/json'
@@ -18,7 +18,7 @@
 
 - name: Create user `{{ payload.userId }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/users
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/users
     method: POST
     headers:
       content-type: 'application/json'
@@ -33,7 +33,7 @@
 
 - name: Update user `{{ payload.userId }}`
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/users/{{ payload.userId | urlencode }}
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/users/{{ payload.userId | urlencode }}
     method: PUT
     headers:
       content-type: 'application/json'

diff --git a/.ansible/roles/setup/tasks/main.yaml b/.ansible/roles/setup/tasks/main.yaml
@@ -18,9 +18,9 @@
     name: docker
     tasks_from: stack_deploy
 
-- name: Wait for https://{{ proxy.main.host }} to be ready
+- name: Wait for https://{{ proxy[0].host }} to be ready
   uri:
-    url: https://{{ proxy.main.host }}
+    url: https://{{ proxy[0].host }}
     method: GET
     validate_certs: '{{ validate_certs }}'
   register: ui_ready
@@ -51,7 +51,7 @@
 
 - name: Change admin password (required on first login)
   uri:
-    url: https://{{ proxy.main.host }}/service/rest/v1/security/users/admin/change-password
+    url: https://{{ proxy[0].host }}/service/rest/v1/security/users/admin/change-password
     method: PUT
     headers:
       content-type: 'text/plain'

diff --git a/.ansible/templates/docker-compose.yaml.j2 b/.ansible/templates/docker-compose.yaml.j2
@@ -2,23 +2,22 @@ version: '3.8'
 services: 
 
   main:
-    image: sonatype/nexus3:3.30.1
+    image: sonatype/nexus3:3.31.0
     volumes:
       - {{ ssl_cert_dir }}:/etc/ssl/certs/
       - {{ data_dir }}:/nexus-data/
     user: "${UID}:${GID}"
     deploy:
       labels:
         - traefik.enable=true
-        - traefik.http.services.{{ proxy.main.service }}.loadbalancer.server.port={{ proxy.main.port }}
-        - traefik.http.routers.{{ proxy.main.router }}.rule=Host(`{{ proxy.main.host }}`)
-        - traefik.http.routers.{{ proxy.main.router }}.service={{ proxy.main.service }}
-        - traefik.http.routers.{{ proxy.main.router }}.tls.certresolver=step-ca
 
-        - traefik.http.services.{{ proxy.docker.service }}.loadbalancer.server.port={{ proxy.docker.port }}
-        - traefik.http.routers.{{ proxy.docker.router }}.rule=Host(`{{ proxy.docker.host }}`)
-        - traefik.http.routers.{{ proxy.docker.router }}.service={{ proxy.docker.service }}
-        - traefik.http.routers.{{ proxy.docker.router }}.tls.certresolver=step-ca
+{% for item in proxy %}
+        - traefik.http.services.{{ item.service }}.loadbalancer.server.port={{ item.port }}
+        - traefik.http.routers.{{ item.router }}.rule=Host(`{{ item.host }}`)
+        - traefik.http.routers.{{ item.router }}.service={{ item.service }}
+        - traefik.http.routers.{{ item.router }}.tls.certresolver=step-ca
+{% endfor %}
+
     networks:
       - {{ docker_network }}