Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change ports for motley-cue #64

Merged
merged 9 commits into from
Sep 20, 2024
Merged

Change ports for motley-cue #64

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
ebd73ee
open ports for motley-cue
sebastian-luna-valero Sep 19, 2024
8fbdc29
revert bf972a1 and apply prettier
sebastian-luna-valero Sep 20, 2024
9c6772b
add DASHBOARD_HOSTNAME back to traefik.http.routers.dashboard.rule in…
sebastian-luna-valero Sep 20, 2024
bd45d01
move motley-cue to port 8181
sebastian-luna-valero Sep 20, 2024
93b0e19
linting
sebastian-luna-valero Sep 20, 2024
a92c772
Dump DASHBOARD_HOSTNAME to .env file
sebastian-luna-valero Sep 20, 2024
31f095b
add SSH explicitly to the motley-cue security group
sebastian-luna-valero Sep 20, 2024
e6a1656
Merge branch 'ports' of github.com:EGI-Federation/fedcloud-dashboard …
sebastian-luna-valero Sep 20, 2024
bdaf963
we should be using handlers
sebastian-luna-valero Sep 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,14 @@ This code relies on docker-compose to run 3 containers:
- some python code to generate the list of endpoints

The existing docker-compose file assumes you will run the code on a publicly
accessible host with a valid name:
accessible host with a valid name. You can create a `.env` file with the
`DASHBOARD_HOSTNAME` variable defined with the hostname of your server and just
start the service:

```shell
cd /path/to/working/directory
git clone https://github.com/EGI-Federation/fedcloud-dashboard.git
cd fedcloud-dashboard
echo "DASHBOARD_HOSTNAME="<your host name>" > .env
docker-compose up --build
```

Expand Down
22 changes: 21 additions & 1 deletion deployment/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ resource "openstack_compute_instance_v2" "dashboard" {
network {
uuid = var.net_id
}
security_groups = [openstack_compute_secgroup_v2.secgroup.name, "default"]
security_groups = ["HTTP", "motley-cue"]
}

resource "openstack_compute_secgroup_v2" "secgroup" {
Expand All @@ -28,6 +28,26 @@ resource "openstack_compute_secgroup_v2" "secgroup" {
}
}

resource "openstack_compute_secgroup_v2" "motley" {
name = "motley-cue"
description = "Open access via ssh-oidc"

rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}

rule {
from_port = 8181
to_port = 8181
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}

}

resource "openstack_networking_floatingip_v2" "fip" {
pool = var.ip_pool
}
Expand Down
36 changes: 35 additions & 1 deletion deployment/playbook.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,47 @@
become: yes
gather_facts: yes
tasks:
- name: Disable default site in nginx
ansible.builtin.file:
path: /etc/nginx/sites-enabled/default
state: absent

- name: Move motley-cue to a different port (nginx)
ansible.builtin.lineinfile:
path: /etc/nginx/sites-available/nginx.motley_cue
search_string: "8080;"
line: 8181;

- name: Move motley-cue to a different port (pam-ssh-oidc)
ansible.builtin.lineinfile:
path: /etc/pam.d/pam-ssh-oidc-config.ini
search_string: "http://localhost:8080/verify_user"
line: http://localhost:8181/verify_user

- name: Restart nginx
ansible.builtin.service:
name: nginx
state: restarted
enabled: yes

- name: Restart motley-cue
ansible.builtin.service:
name: motley-cue
state: restarted
enabled: yes

- name: Checkout repo at VM
ansible.builtin.git:
repo: "https://github.com/EGI-Federation/fedcloud-dashboard.git"
version: "{{ git_ref }}"
dest: /fedcloud-dashboard

- name: env file
ansible.builtin.copy:
content: |
DASHBOARD_HOSTNAME=dashboard.cloud.egi.eu
dest: /fedcloud-dashboard/.env

- name: service file
ansible.builtin.copy:
content: |
Expand All @@ -38,7 +73,6 @@
Description=Dashboard
After=docker.service
Requires=docker.service

[Service]
Type=oneshot
RemainAfterExit=true
Expand Down
6 changes: 3 additions & 3 deletions docker-compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ services:
image: "traefik:v2.11"
container_name: "traefik"
command:
# - "--log.level=DEBUG"
#- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
Expand All @@ -14,7 +14,7 @@ services:
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
# #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=enol.fernandez@egi.eu"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
Expand All @@ -32,7 +32,7 @@ services:
image: "b4bz/homer:v24.05.1"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=HostRegexp(`{any:.+}`)"
- "traefik.http.routers.dashboard.rule=Host(`${DASHBOARD_HOSTNAME}`)"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.tls.certresolver=myresolver"
volumes_from:
Expand Down