diff --git a/README.md b/README.md index 28bc872..ca45d6f 100644 --- a/README.md +++ b/README.md @@ -102,6 +102,10 @@ configured in the main.yml Create a PostgreSQL database and configure your database credentials in the environment variables, see 'Verifying the deployment section', other database configurations are in the roles/tpa_single_node/vars/main.yml +Postgres ssl mode is enabled by default. To disable it please change the following in vars/main.yml file: +`tpa_single_node_pg_ssl_mode: disable`. + + ### S3 or S3 compatible service like Minio Have the following unversioned S3 bucket names created: ``` @@ -159,9 +163,11 @@ ansible-galaxy collection install redhat.trusted_profile_analyzer:==0.2.0 export TPA_SINGLE_NODE_REGISTRATION_PASSWORD= export TPA_SINGLE_NODE_REGISTRY_USERNAME= export TPA_SINGLE_NODE_REGISTRY_PASSWORD= - export TPA_PG_HOST= - export TPA_PG_USER= - export TPA_PG_PASSWORD== + export TPA_PG_HOST= + export TPA_PG_ADMIN= + export TPA_PG_ADMIN_PASSWORD== + export TPA_PG_USER= + export TPA_PG_USER_PASSWORD== export TPA_STORAGE_ACCESS_KEY= export TPA_STORAGE_SECRET_KEY= export TPA_OIDC_ISSUER_URL= diff --git a/roles/tpa_single_node/README.md b/roles/tpa_single_node/README.md index e627fbe..2d34e23 100644 --- a/roles/tpa_single_node/README.md +++ b/roles/tpa_single_node/README.md @@ -1,85 +1,92 @@ + # Ansible Role: redhat.trusted_profile_analyzer.tpa_single_node + Version: 0.2.0 Deploy the [RHTPA](https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/) service on a single managed node by using the `tpa_single_node` role. - Requires RHEL 9.2 or later. +Requires RHEL 9.3 or later. ## Role Arguments + ### Required -|Option|Description|Type|Default| -|---|---|---|---| -| tpa_single_node_storage_access_key | Storage access key, readed form the env var TPA_STORAGE_ACCESS_KEY. | str | | -| tpa_single_node_storage_secret_key | Storage access key, readed form the env var TPA_STORAGE_SECRET_KEY. | str | | -| tpa_single_node_event_access_key_id | Kafka Username or AWS SQS Access Key ID, readed from TPA_EVENT_ACCESS_KEY_ID env var | str | | -| tpa_single_node_event_secret_access_key | Kafka password or AWS SQS Secret Access Key, readed from TPA_EVENT_SECRET_ACCESS_KEY env var | str | | -| tpa_single_node_root_ca | rootCA path on the controller machine | str | | -| tpa_single_node_trust_cert_tls_crt_path | pem path on the controller machine | str | | -| tpa_single_node_trust_cert_tls_key_path | key path on the controller machine | str | | -| tpa_single_node_nginx_tls_crt_path | nginx-tls-certificate.pem path on the controller machine | str | | -| tpa_single_node_nginx_tls_key_path | nginx-tls.key path on the controller machine | str | | + +| Option | Description | Type | Default | +| --------------------------------------- | -------------------------------------------------------------------------------------------- | ---- | ------- | +| tpa_single_node_storage_access_key | Storage access key, readed form the env var TPA_STORAGE_ACCESS_KEY. | str | | +| tpa_single_node_storage_secret_key | Storage access key, readed form the env var TPA_STORAGE_SECRET_KEY. | str | | +| tpa_single_node_event_access_key_id | Kafka Username or AWS SQS Access Key ID, readed from TPA_EVENT_ACCESS_KEY_ID env var | str | | +| tpa_single_node_event_secret_access_key | Kafka password or AWS SQS Secret Access Key, readed from TPA_EVENT_SECRET_ACCESS_KEY env var | str | | +| tpa_single_node_root_ca | rootCA path on the controller machine | str | | +| tpa_single_node_trust_cert_tls_crt_path | pem path on the controller machine | str | | +| tpa_single_node_trust_cert_tls_key_path | key path on the controller machine | str | | +| tpa_single_node_nginx_tls_crt_path | nginx-tls-certificate.pem path on the controller machine | str | | +| tpa_single_node_nginx_tls_key_path | nginx-tls.key path on the controller machine | str | | ### Optional -|Option|Description|Type|Default| -|---|---|---|---| -| tpa_single_node_trustification_image | Trustification image. | str | `registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9:2943d20c8ac831f4ae4f209c8ca6807619404062` | -| tpa_single_node_guac_image | Guac image. | str | `registry.redhat.io/rhtpa/rhtpa-guac-rhel9:f0688194637cc759052e02c350c38dbabc19484e` | -| tpa_single_node_base_hostname | The user name logging in to the registry to pull images. | str | `trustification` | -| tpa_single_node_rhel_host | Ip of the instance. | str | | -| tpa_single_node_certificates_dir | Folder where to place the certificates to deploy on the instance. | str | `certs` | -| tpa_single_node_config_dir | Configuration directory on the instance. | str | `/etc/rhtpa` | -| tpa_single_node_kube_manifest_dir | Configuration directory on the instance containing the manifests. | str | `/etc/rhtpa/manifests` | -| tpa_single_node_namespace | Podman network namespace. | str | `trustification` | -| tpa_single_node_podman_network | Podman network name. | str | `tcnet` | -| tpa_single_node_systemd_directory | Folder where to store the systemd configurations files. | str | `/etc/systemd/system` | -| tpa_single_node_default_empty | Default empty value. | str | | -| tpa_single_node_pg_host | Host ip of the postgresql db instance. Readed from the TPA_PG_HOST env | str | | -| tpa_single_node_pg_port | Port of the postgresql db instance. | str | `5432` | -| tpa_single_node_pg_db | DB name. | str | `guac` | -| tpa_single_node_pg_user | DB username. | str | `guac` | -| tpa_single_node_pg_user_passwd | DB password. | str | `guac1234` | -| tpa_single_node_pg_ssl_mode | DB SSL mode enabled/disabled. | str | `disable` | -| tpa_single_node_storage_type | Storage type s3/minio/other s3 compatible. | str | `minio` | -| tpa_single_node_storage_bombastic_bucket | Bombastic storage bucket name. | str | `bombastic-default` | -| tpa_single_node_storage_v11y_bucket | V11y storage bucket name. | str | `v11y-default` | -| tpa_single_node_storage_vexination_bucket | V11y storage bucket name. | str | `vexination-default` | -| tpa_single_node_storage_region | AWS S3 Storage region | str | `eu-west-1` | -| tpa_single_node_storage_endpoint | Minio storage endpoint if used instead of S3 | str | `eu-west-1` | -| tpa_single_node_event_bus_type | Kafka or SQS | str | `kafka` | -| tpa_single_node_bombastic_topic_failed | Bombastic Events topic failed | str | `bombastic-failed-default` | -| tpa_single_node_bombastic_topic_indexed | Bombastic Events topic indexed | str | `bombastic-indexed-default` | -| tpa_single_node_bombastic_topic_stored | Bombastic Events topic stored | str | `bombastic-stored-default` | -| tpa_single_node_vexination_topic_failed | Vexination Events topic failed | str | `vexination-failed-default` | -| tpa_single_node_vexination_topic_indexed | Vexination Events topic indexed | str | `vexination-indexed-default` | -| tpa_single_node_vexination_topic_stored | Vexination Events topic stored | str | `vexination-stored-default` | -| tpa_single_node_v11y_topic_failed | V11y Events topic failed | str | `vv1y-failed-default` | -| tpa_single_node_v11y_topic_indexed | V11y Events topic indexed | str | `v11y-indexed-default` | -| tpa_single_node_v11y_topic_stored | V11y Events topic stored | str | `v11y-stored-default` | -| tpa_single_node_kafka_bootstrap_servers | Kafka bootstrap servers readed from TPA_EVENT_BOOTSTRAP_SERVER env var | str | | -| tpa_single_node_kafka_security_protocol | Kafka security protocol | str | `SASL_PLAINTEXT` | -| tpa_single_node_kafka_auth_mechanism | Kafka auth mechanism | str | `SCRAM-SHA-512` | -| tpa_single_node_sqs_region | AWS SQS Region | str | `eu-west-1` | -| tpa_single_node_oidc_type | Keycloak or AWS Cognito | str | `keycloak` | -| tpa_single_node_oidc_issuer_url | Readed from TPA_OIDC_ISSUER_URL env var | str | | -| tpa_single_node_oidc_frontend_id | Readed from TPA_OIDC_FRONTEND_ID env var | str | | -| tpa_single_node_oidc_provider_client_id | Readed from TPA_OIDC_PROVIDER_CLIENT_ID env var | str | | -| tpa_single_node_oidc_provider_client_secret | Readed from TPA_OIDC_PROVIDER_CLIENT_SECRET env var | str | | -| tpa_single_node_aws_cognito_domain | Readed from TPA_OIDC_COGNITO_DOMAIN env var | str | | -| tpa_single_node_storage_secret | storage-secret.yaml path on the target machine | str | `/etc/rhtpa/manifests/storage-secret.yaml` | -| tpa_single_node_event_secret | event-secret.yaml path on the target machine | str | `/etc/rhtpa/manifests/event-secret.yaml` | -| tpa_single_node_oidc_secret | oidc-secret.yaml path on the target machine | str | `/etc/rhtpa/manifests/oidc-secret.yaml` | -| tpa_single_node_spog_ui_port | Spog ui port | int | `8080` | -| tpa_single_node_vexination_api_port | Vexination api port | int | `8081` | -| tpa_single_node_bombastic_api_port | Bombastic api port | int | `8082` | -| tpa_single_node_spog_api_port | Spog api port | int | `8084` | -| tpa_single_node_collector_osv_port | Collector OSV api port | int | `8085` | -| tpa_single_node_v11y_api_port | V11y api port | int | `8087` | -| tpa_single_node_collectorist_api_port | Collectorist api port | int | `8088` | -| tpa_single_node_guac_graphql_port | Guac GraphQl port | int | `8089` | -| tpa_single_node_bombastic_walker_suspended | Bombastic walker suspended flag | bool | `True` | -| tpa_single_node_dataset_job_suspended | Dataset job suspended flag | bool | `True` | -| tpa_single_node_vexination_walker_suspended | Vexination walker job suspended flag | bool | `True` | -| tpa_single_node_v11y_walker_suspended | V11y walker job suspended flag | bool | `False` | + +| Option | Description | Type | Default | +| ------------------------------------------- | ---------------------------------------------------------------------- | ---- | ------------------------------------------------------------------------------------------------------ | +| tpa_single_node_trustification_image | Trustification image. | str | `registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9:2943d20c8ac831f4ae4f209c8ca6807619404062` | +| tpa_single_node_guac_image | Guac image. | str | `registry.redhat.io/rhtpa/rhtpa-guac-rhel9:f0688194637cc759052e02c350c38dbabc19484e` | +| tpa_single_node_base_hostname | The user name logging in to the registry to pull images. | str | `trustification` | +| tpa_single_node_rhel_host | Ip of the instance. | str | | +| tpa_single_node_certificates_dir | Folder where to place the certificates to deploy on the instance. | str | `certs` | +| tpa_single_node_config_dir | Configuration directory on the instance. | str | `/etc/rhtpa` | +| tpa_single_node_kube_manifest_dir | Configuration directory on the instance containing the manifests. | str | `/etc/rhtpa/manifests` | +| tpa_single_node_namespace | Podman network namespace. | str | `trustification` | +| tpa_single_node_podman_network | Podman network name. | str | `tcnet` | +| tpa_single_node_systemd_directory | Folder where to store the systemd configurations files. | str | `/etc/systemd/system` | +| tpa_single_node_default_empty | Default empty value. | str | | +| tpa_single_node_pg_host | Host ip of the postgresql db instance. Readed from the TPA_PG_HOST env | str | | +| tpa_single_node_pg_port | Port of the postgresql db instance. | str | `5432` | +| tpa_single_node_pg_db | DB name. | str | `guac` | +| tpa_single_node_pg_admin | DB admin user. | str | `postgres` | +| tpa_single_node_pg_admin_passwd | DB admin password. | str | `postgres1234` | +| tpa_single_node_pg_user | DB username. | str | `guac` | +| tpa_single_node_pg_user_passwd | DB user password. | str | `guac1234` | +| tpa_single_node_pg_ssl_mode | DB SSL mode require/disabled. | str | `disable` | +| tpa_single_node_storage_type | Storage type s3/minio/other s3 compatible. | str | `minio` | +| tpa_single_node_storage_bombastic_bucket | Bombastic storage bucket name. | str | `bombastic-default` | +| tpa_single_node_storage_v11y_bucket | V11y storage bucket name. | str | `v11y-default` | +| tpa_single_node_storage_vexination_bucket | V11y storage bucket name. | str | `vexination-default` | +| tpa_single_node_storage_region | AWS S3 Storage region | str | `eu-west-1` | +| tpa_single_node_storage_endpoint | Minio storage endpoint if used instead of S3 | str | `eu-west-1` | +| tpa_single_node_event_bus_type | Kafka or SQS | str | `kafka` | +| tpa_single_node_bombastic_topic_failed | Bombastic Events topic failed | str | `bombastic-failed-default` | +| tpa_single_node_bombastic_topic_indexed | Bombastic Events topic indexed | str | `bombastic-indexed-default` | +| tpa_single_node_bombastic_topic_stored | Bombastic Events topic stored | str | `bombastic-stored-default` | +| tpa_single_node_vexination_topic_failed | Vexination Events topic failed | str | `vexination-failed-default` | +| tpa_single_node_vexination_topic_indexed | Vexination Events topic indexed | str | `vexination-indexed-default` | +| tpa_single_node_vexination_topic_stored | Vexination Events topic stored | str | `vexination-stored-default` | +| tpa_single_node_v11y_topic_failed | V11y Events topic failed | str | `vv1y-failed-default` | +| tpa_single_node_v11y_topic_indexed | V11y Events topic indexed | str | `v11y-indexed-default` | +| tpa_single_node_v11y_topic_stored | V11y Events topic stored | str | `v11y-stored-default` | +| tpa_single_node_kafka_bootstrap_servers | Kafka bootstrap servers readed from TPA_EVENT_BOOTSTRAP_SERVER env var | str | | +| tpa_single_node_kafka_security_protocol | Kafka security protocol | str | `SASL_PLAINTEXT` | +| tpa_single_node_kafka_auth_mechanism | Kafka auth mechanism | str | `SCRAM-SHA-512` | +| tpa_single_node_sqs_region | AWS SQS Region | str | `eu-west-1` | +| tpa_single_node_oidc_type | Keycloak or AWS Cognito | str | `keycloak` | +| tpa_single_node_oidc_issuer_url | Readed from TPA_OIDC_ISSUER_URL env var | str | | +| tpa_single_node_oidc_frontend_id | Readed from TPA_OIDC_FRONTEND_ID env var | str | | +| tpa_single_node_oidc_provider_client_id | Readed from TPA_OIDC_PROVIDER_CLIENT_ID env var | str | | +| tpa_single_node_oidc_provider_client_secret | Readed from TPA_OIDC_PROVIDER_CLIENT_SECRET env var | str | | +| tpa_single_node_aws_cognito_domain | Readed from TPA_OIDC_COGNITO_DOMAIN env var | str | | +| tpa_single_node_storage_secret | storage-secret.yaml path on the target machine | str | `/etc/rhtpa/manifests/storage-secret.yaml` | +| tpa_single_node_event_secret | event-secret.yaml path on the target machine | str | `/etc/rhtpa/manifests/event-secret.yaml` | +| tpa_single_node_oidc_secret | oidc-secret.yaml path on the target machine | str | `/etc/rhtpa/manifests/oidc-secret.yaml` | +| tpa_single_node_spog_ui_port | Spog ui port | int | `8080` | +| tpa_single_node_vexination_api_port | Vexination api port | int | `8081` | +| tpa_single_node_bombastic_api_port | Bombastic api port | int | `8082` | +| tpa_single_node_spog_api_port | Spog api port | int | `8084` | +| tpa_single_node_collector_osv_port | Collector OSV api port | int | `8085` | +| tpa_single_node_v11y_api_port | V11y api port | int | `8087` | +| tpa_single_node_collectorist_api_port | Collectorist api port | int | `8088` | +| tpa_single_node_guac_graphql_port | Guac GraphQl port | int | `8089` | +| tpa_single_node_bombastic_walker_suspended | Bombastic walker suspended flag | bool | `True` | +| tpa_single_node_dataset_job_suspended | Dataset job suspended flag | bool | `True` | +| tpa_single_node_vexination_walker_suspended | Vexination walker job suspended flag | bool | `True` | +| tpa_single_node_v11y_walker_suspended | V11y walker job suspended flag | bool | `False` | ## Example Playbook @@ -95,7 +102,7 @@ Deploy the [RHTPA](https://docs.redhat.com/en/documentation/red_hat_trusted_prof tpa_single_node_trust_cert_tls_key_path: # TODO: required, type: str tpa_single_node_nginx_tls_crt_path: # TODO: required, type: str tpa_single_node_nginx_tls_key_path: # TODO: required, type: str - + tasks: - name: Include TPA single node role ansible.builtin.include_role: diff --git a/roles/tpa_single_node/meta/argument_specs.yml b/roles/tpa_single_node/meta/argument_specs.yml index 471d537..c504370 100644 --- a/roles/tpa_single_node/meta/argument_specs.yml +++ b/roles/tpa_single_node/meta/argument_specs.yml @@ -75,18 +75,32 @@ argument_specs: type: "str" version_added: "0.2.0" default: "guac" + tpa_single_node_pg_admin: + description: "DB admin user." + type: "str" + required: true + version_added: "1.2.0" + default: "postgres" + tpa_single_node_pg_admin_passwd: + description: "DB admin password." + type: "str" + required: true + version_added: "1.2.0" + default: "posgres1234" tpa_single_node_pg_user: - description: "DB username." + description: "DB user." type: "str" + required: true version_added: "0.2.0" default: "guac" tpa_single_node_pg_user_passwd: - description: "DB password." + description: "DB user password." type: "str" + required: true version_added: "0.2.0" default: "guac1234" tpa_single_node_pg_ssl_mode: - description: "DB SSL mode enabled/disabled." + description: "DB SSL mode require/disabled." type: "str" version_added: "0.2.0" default: "disable" diff --git a/roles/tpa_single_node/tasks/guac/init.yml b/roles/tpa_single_node/tasks/guac/init.yml index 412e09e..67c564e 100644 --- a/roles/tpa_single_node/tasks/guac/init.yml +++ b/roles/tpa_single_node/tasks/guac/init.yml @@ -2,21 +2,19 @@ - name: Copy init-db.sql to Server ansible.builtin.copy: content: "{{ lookup('ansible.builtin.template', 'configs/init-db.sql') }}" - dest: "/tmp/init-db.sql" + dest: "{{ tpa_single_node_config_dir }}/init-db.sql" remote_src: true - mode: "0666" + mode: "0600" - name: Run init-db.sql - ansible.builtin.command: - cmd: > - psql -v ON_ERROR_STOP=1 - -v db_name={{ tpa_single_node_pg_db }} - -v db_user={{ tpa_single_node_pg_user }} - -v db_password={{ tpa_single_node_pg_user_passwd }} - -f /tmp/init-db.sql + ansible.builtin.command: "psql postgresql://{{ tpa_single_node_pg_admin }}:{{ tpa_single_node_pg_admin_passwd }}@\ + {{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }} \ + -v ON_ERROR_STOP=1 \ + -v db_name={{ tpa_single_node_pg_db }} \ + -v db_user={{ tpa_single_node_pg_user }} \ + -v db_password={{ tpa_single_node_pg_user_passwd }} \ + -f {{ tpa_single_node_config_dir }}/init-db.sql" changed_when: false - become: true - become_user: postgres - name: Testing DB guac to make sure it is available ansible.builtin.command: "psql postgresql://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@\ diff --git a/roles/tpa_single_node/tasks/infra/main.yml b/roles/tpa_single_node/tasks/infra/main.yml index 27e2c77..79a2535 100644 --- a/roles/tpa_single_node/tasks/infra/main.yml +++ b/roles/tpa_single_node/tasks/infra/main.yml @@ -4,6 +4,7 @@ args: apply: become: true + when: tpa_single_node_pg_install_enabled - name: Configure OIDC ansible.builtin.include_tasks: infra/oidc.yml diff --git a/roles/tpa_single_node/templates/manifests/collectorist/api/Configmap.yaml.j2 b/roles/tpa_single_node/templates/manifests/collectorist/api/Configmap.yaml.j2 index 8eff450..df814b9 100644 --- a/roles/tpa_single_node/templates/manifests/collectorist/api/Configmap.yaml.j2 +++ b/roles/tpa_single_node/templates/manifests/collectorist/api/Configmap.yaml.j2 @@ -12,7 +12,7 @@ data: collectors: osv: cadence: 1d - url: https://collector-osv-pod:{{ tpa_single_node_collector_osv_port }}/api/v1/ + url: https://{{ tpa_single_node_rhel_host }}:{{ tpa_single_node_collector_osv_port }}/api/v1/ interests: - package - vulnerability diff --git a/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml.j2 b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml.j2 index e2f36e2..4f14a04 100644 --- a/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml.j2 +++ b/roles/tpa_single_node/templates/manifests/guac/graphql/Deployment.yaml.j2 @@ -31,7 +31,7 @@ spec: command: - /opt/guac/guacmigrate args: - - --db-address=postgres://{{ tpa_single_node_pg_user }}:{{ tpa_single_node_pg_user_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }}?sslmode={{ tpa_single_node_pg_ssl_mode }} + - --db-address=postgres://{{ tpa_single_node_pg_admin }}:{{ tpa_single_node_pg_admin_passwd }}@{{ tpa_single_node_pg_host }}:{{ tpa_single_node_pg_port }}/{{ tpa_single_node_pg_db }}?sslmode={{ tpa_single_node_pg_ssl_mode }} - --db-driver=postgres - --db-debug=true volumeMounts: null diff --git a/roles/tpa_single_node/vars/main.yml b/roles/tpa_single_node/vars/main.yml index 4a69b94..eb0dd88 100644 --- a/roles/tpa_single_node/vars/main.yml +++ b/roles/tpa_single_node/vars/main.yml @@ -10,12 +10,15 @@ tpa_single_node_systemd_directory: /etc/systemd/system tpa_single_node_default_empty: "" # DB_SERVICE +tpa_single_node_pg_install_enabled: false tpa_single_node_pg_host: "{{ lookup('env', 'TPA_PG_HOST') | default('192.168.121.60', true) }}" tpa_single_node_pg_port: 5432 tpa_single_node_pg_db: guac +tpa_single_node_pg_admin: "{{ lookup('env', 'TPA_PG_ADMIN') }}" +tpa_single_node_pg_admin_passwd: "{{ lookup('env', 'TPA_PG_ADMIN_PASSWORD') }}" tpa_single_node_pg_user: "{{ lookup('env', 'TPA_PG_USER') }}" -tpa_single_node_pg_user_passwd: "{{ lookup('env', 'TPA_PG_PASSWORD') }}" -tpa_single_node_pg_ssl_mode: disable +tpa_single_node_pg_user_passwd: "{{ lookup('env', 'TPA_PG_USER_PASSWORD') }}" +tpa_single_node_pg_ssl_mode: require # Storage Service tpa_single_node_storage_access_key: "{{ lookup('env', 'TPA_STORAGE_ACCESS_KEY') }}" # S3/minio root username diff --git a/roles/tpa_single_node/vars/main_example_aws.yml b/roles/tpa_single_node/vars/main_example_aws.yml index 61a3280..1ff3c14 100644 --- a/roles/tpa_single_node/vars/main_example_aws.yml +++ b/roles/tpa_single_node/vars/main_example_aws.yml @@ -11,12 +11,14 @@ tpa_single_node_systemd_directory: /etc/systemd/system tpa_single_node_default_empty: "" # DB_SERVICE -tpa_single_node_pg_host: "{{ lookup('env', 'TPA_PG_HOST', default='192.168.121.60') }}" +tpa_single_node_pg_host: "{{ lookup('env', 'TPA_PG_HOST') | default('192.168.121.60', true) }}" tpa_single_node_pg_port: 5432 tpa_single_node_pg_db: guac -tpa_single_node_pg_user: guac -tpa_single_node_pg_user_passwd: guac1234 -tpa_single_node_pg_ssl_mode: disable +tpa_single_node_pg_admin: "{{ lookup('env', 'TPA_PG_ADMIN') }}" +tpa_single_node_pg_admin_passwd: "{{ lookup('env', 'TPA_PG_ADMIN_PASSWORD') }}" +tpa_single_node_pg_user: "{{ lookup('env', 'TPA_PG_USER') }}" +tpa_single_node_pg_user_passwd: "{{ lookup('env', 'TPA_PG_USER_PASSWORD') }}" +tpa_single_node_pg_ssl_mode: require # Storage Service tpa_single_node_storage_type: s3 diff --git a/roles/tpa_single_node/vars/main_example_nonaws.yml b/roles/tpa_single_node/vars/main_example_nonaws.yml index fb2cc23..dde566b 100644 --- a/roles/tpa_single_node/vars/main_example_nonaws.yml +++ b/roles/tpa_single_node/vars/main_example_nonaws.yml @@ -11,11 +11,13 @@ tpa_single_node_systemd_directory: /etc/systemd/system tpa_single_node_default_empty: "" # DB_SERVICE -tpa_single_node_pg_host: "{{ lookup('env', 'TPA_PG_HOST', default='192.168.121.60') }}" +tpa_single_node_pg_host: "{{ lookup('env', 'TPA_PG_HOST') | default('192.168.121.60', true) }}" tpa_single_node_pg_port: 5432 tpa_single_node_pg_db: guac -tpa_single_node_pg_user: guac -tpa_single_node_pg_user_passwd: guac1234 +tpa_single_node_pg_admin: "{{ lookup('env', 'TPA_PG_ADMIN') }}" +tpa_single_node_pg_admin_passwd: "{{ lookup('env', 'TPA_PG_ADMIN_PASSWORD') }}" +tpa_single_node_pg_user: "{{ lookup('env', 'TPA_PG_USER') }}" +tpa_single_node_pg_user_passwd: "{{ lookup('env', 'TPA_PG_USER_PASSWORD') }}" tpa_single_node_pg_ssl_mode: disable # Storage Service