From be0cf8edc83ff2c6651935eefba506fd40e0cdbd Mon Sep 17 00:00:00 2001 From: Mats Heemeyer Date: Mon, 12 Feb 2024 14:57:47 +0100 Subject: [PATCH] Add deployment for region michendorf --- .github/workflows/deploy.yml | 14 ++--- docker-compose.yml | 113 ++++++++++++++++------------------- entrypoint.sh | 4 +- grafana.ini | 10 ++-- settings.js | 44 +++++++------- 5 files changed, 89 insertions(+), 96 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 1108ca4..d3fd532 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -4,7 +4,7 @@ on: workflow_dispatch: push: branches: - - main + - release/michendorf jobs: build-grafana: @@ -20,8 +20,8 @@ jobs: - run: >- docker build . -f Dockerfile.grafana - -t ghcr.io/klima-dashboard/data-tools:grafana - - run: docker push ghcr.io/klima-dashboard/data-tools:grafana + -t ghcr.io/klima-dashboard/data-tools:grafana-michendorf + - run: docker push ghcr.io/klima-dashboard/data-tools:grafana-michendorf build-node-red: runs-on: ubuntu-latest @@ -36,8 +36,8 @@ jobs: - run: >- docker build . -f Dockerfile.node-red - -t ghcr.io/klima-dashboard/data-tools:node-red - - run: docker push ghcr.io/klima-dashboard/data-tools:node-red + -t ghcr.io/klima-dashboard/data-tools:node-red-michendorf + - run: docker push ghcr.io/klima-dashboard/data-tools:node-red-michendorf deploy: runs-on: ubuntu-latest @@ -45,7 +45,7 @@ jobs: QUANTUM_USER: ${{ secrets.QUANTUM_USER }} QUANTUM_PASSWORD: ${{ secrets.QUANTUM_PASSWORD }} QUANTUM_ENDPOINT: "tpwd-klimadashboard" - QUANTUM_STACK: "data-tools" + QUANTUM_STACK: "data-tools-michendorf" steps: - uses: actions/checkout@v3 - run: | @@ -55,4 +55,4 @@ jobs: -e QUANTUM_PASSWORD \ -e QUANTUM_ENDPOINT \ --rm r.planetary-quantum.com/quantum-public/cli:2 \ - quantum-cli stacks update --create --stack $QUANTUM_STACK --wait \ No newline at end of file + quantum-cli stacks update --create --stack $QUANTUM_STACK --wait diff --git a/docker-compose.yml b/docker-compose.yml index 61132d3..aed2c32 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,11 +2,11 @@ version: "3.7" services: node-red-main: - image: ghcr.io/klima-dashboard/data-tools:node-red + image: ghcr.io/klima-dashboard/data-tools:node-red-michendorf environment: - TZ=Europe/Amsterdam - ADMIN_PASSWORD=$$2b$$08$$v8d1BR/rftGMP6969SHnHO5wWNGirMJxRuKQ28wxPs56nc7A79r0G - - REDIRECT_URI=https://node-red.bad-belzig.klima-daten.de/auth/strategy/callback + - REDIRECT_URI=https://node-red.michendorf.klima-daten.de/auth/strategy/callback networks: public: data-tools: @@ -17,23 +17,23 @@ services: restart_policy: condition: on-failure labels: - traefik.http.routers.node-red.rule: Host(`node-red.bad-belzig.klima-daten.de`) - traefik.http.routers.node-red.tls: "true" - traefik.http.routers.node-red.tls.certresolver: default + traefik.http.routers.node-red-michendorf.rule: Host(`node-red.michendorf.klima-daten.de`) + traefik.http.routers.node-red-michendorf.tls: "true" + traefik.http.routers.node-red-michendorf.tls.certresolver: default traefik.docker.network: public - traefik.http.services.node-red.loadbalancer.server.port: 1880 + traefik.http.services.node-red-michendorf.loadbalancer.server.port: 1880 traefik.enable: "true" secrets: - - node-red-credential-secret - - node-red-keycloak-client-secret + - node-red-credential-secret-michendorf + - node-red-keycloak-client-secret-michendorf node-red-1: - image: ghcr.io/klima-dashboard/data-tools:node-red + image: ghcr.io/klima-dashboard/data-tools:node-red-michendorf environment: - TZ=Europe/Amsterdam - ADMIN_PASSWORD=$$2b$$08$$v8d1BR/rftGMP6969SHnHO5wWNGirMJxRuKQ28wxPs56nc7A79r0G - - REDIRECT_URI=https://node-red-1.bad-belzig.klima-daten.de/auth/strategy/callback + - REDIRECT_URI=https://node-red-1.michendorf.klima-daten.de/auth/strategy/callback networks: public: data-tools: @@ -44,22 +44,22 @@ services: restart_policy: condition: on-failure labels: - traefik.http.routers.node-red-1.rule: Host(`node-red-1.bad-belzig.klima-daten.de`) - traefik.http.routers.node-red-1.tls: "true" - traefik.http.routers.node-red-1.tls.certresolver: default + traefik.http.routers.node-red-1-michendorf.rule: Host(`node-red-1.michendorf.klima-daten.de`) + traefik.http.routers.node-red-1-michendorf.tls: "true" + traefik.http.routers.node-red-1-michendorf.tls.certresolver: default traefik.docker.network: public - traefik.http.services.node-red-1.loadbalancer.server.port: 1880 + traefik.http.services.node-red-1-michendorf.loadbalancer.server.port: 1880 traefik.enable: "true" secrets: - - node-red-credential-secret - - node-red-keycloak-client-secret + - node-red-credential-secret-michendorf + - node-red-keycloak-client-secret-michendorf node-red-2: - image: ghcr.io/klima-dashboard/data-tools:node-red + image: ghcr.io/klima-dashboard/data-tools:node-red-michendorf environment: - TZ=Europe/Amsterdam - ADMIN_PASSWORD=$$2b$$08$$v8d1BR/rftGMP6969SHnHO5wWNGirMJxRuKQ28wxPs56nc7A79r0G - - REDIRECT_URI=https://node-red-2.bad-belzig.klima-daten.de/auth/strategy/callback + - REDIRECT_URI=https://node-red-2.michendorf.klima-daten.de/auth/strategy/callback networks: public: data-tools: @@ -70,22 +70,22 @@ services: restart_policy: condition: on-failure labels: - traefik.http.routers.node-red-2.rule: Host(`node-red-2.bad-belzig.klima-daten.de`) - traefik.http.routers.node-red-2.tls: "true" - traefik.http.routers.node-red-2.tls.certresolver: default + traefik.http.routers.node-red-2-michendorf.rule: Host(`node-red-2.michendorf.klima-daten.de`) + traefik.http.routers.node-red-2-michendorf.tls: "true" + traefik.http.routers.node-red-2-michendorf.tls.certresolver: default traefik.docker.network: public - traefik.http.services.node-red-2.loadbalancer.server.port: 1880 + traefik.http.services.node-red-2-michendorf.loadbalancer.server.port: 1880 traefik.enable: "true" secrets: - - node-red-credential-secret - - node-red-keycloak-client-secret + - node-red-credential-secret-michendorf + - node-red-keycloak-client-secret-michendorf node-red-3: - image: ghcr.io/klima-dashboard/data-tools:node-red + image: ghcr.io/klima-dashboard/data-tools:node-red-michendorf environment: - TZ=Europe/Amsterdam - ADMIN_PASSWORD=$$2b$$08$$v8d1BR/rftGMP6969SHnHO5wWNGirMJxRuKQ28wxPs56nc7A79r0G - - REDIRECT_URI=https://node-red-3.bad-belzig.klima-daten.de/auth/strategy/callback + - REDIRECT_URI=https://node-red-3.michendorf.klima-daten.de/auth/strategy/callback networks: public: data-tools: @@ -96,15 +96,15 @@ services: restart_policy: condition: on-failure labels: - traefik.http.routers.node-red-3.rule: Host(`node-red-3.bad-belzig.klima-daten.de`) - traefik.http.routers.node-red-3.tls: "true" - traefik.http.routers.node-red-3.tls.certresolver: default + traefik.http.routers.node-red-3-michendorf.rule: Host(`node-red-3.michendorf.klima-daten.de`) + traefik.http.routers.node-red-3-michendorf.tls: "true" + traefik.http.routers.node-red-3-michendorf.tls.certresolver: default traefik.docker.network: public - traefik.http.services.node-red-3.loadbalancer.server.port: 1880 + traefik.http.services.node-red-3-michendorf.loadbalancer.server.port: 1880 traefik.enable: "true" secrets: - - node-red-credential-secret - - node-red-keycloak-client-secret + - node-red-credential-secret-michendorf + - node-red-keycloak-client-secret-michendorf influxdb: @@ -112,11 +112,11 @@ services: command: ["influxd", "--session-length=1440"] deploy: labels: - traefik.http.routers.influxdb.rule: Host(`influxdb.bad-belzig.klima-daten.de`) - traefik.http.routers.influxdb.tls: "true" - traefik.http.routers.influxdb.tls.certresolver: default + traefik.http.routers.influxdb-michendorf.rule: Host(`influxdb.michendorf.klima-daten.de`) + traefik.http.routers.influxdb-michendorf.tls: "true" + traefik.http.routers.influxdb-michendorf.tls.certresolver: default traefik.docker.network: public - traefik.http.services.influxdb.loadbalancer.server.port: 8086 + traefik.http.services.influxdb-michendorf.loadbalancer.server.port: 8086 traefik.enable: "true" environment: - DOCKER_INFLUXDB_INIT_MODE=setup @@ -124,66 +124,59 @@ services: - DOCKER_INFLUXDB_INIT_BUCKET=node-red - DOCKER_INFLUXDB_INIT_USERNAME=influxdb-user - DOCKER_INFLUXDB_INIT_RETENTION=4w - - DOCKER_INFLUXDB_INIT_PASSWORD_FILE=/run/secrets/influxdb-password + - DOCKER_INFLUXDB_INIT_PASSWORD_FILE=/run/secrets/influxdb-password-michendorf networks: public: data-tools: volumes: - influxdb-data:/var/lib/influxdb2 secrets: - - influxdb-password - - influxdb-admin-token + - influxdb-password-michendorf + - influxdb-admin-token-michendorf grafana: - image: ghcr.io/klima-dashboard/data-tools:grafana + image: ghcr.io/klima-dashboard/data-tools:grafana-michendorf deploy: labels: - traefik.http.routers.grafana.rule: Host(`grafana.bad-belzig.klima-daten.de`) - traefik.http.routers.grafana.tls: "true" - traefik.http.routers.grafana.tls.certresolver: default + traefik.http.routers.grafana-michendorf.rule: Host(`grafana.michendorf.klima-daten.de`) + traefik.http.routers.grafana-michendorf.tls: "true" + traefik.http.routers.grafana-michendorf.tls.certresolver: default traefik.docker.network: public - traefik.http.services.grafana.loadbalancer.server.port: 3000 + traefik.http.services.grafana-michendorf.loadbalancer.server.port: 3000 traefik.enable: "true" environment: - - GF_SECURITY_ADMIN_PASSWORD__FILE=/run/secrets/grafana-admin-password + - GF_SECURITY_ADMIN_PASSWORD__FILE=/run/secrets/grafana-admin-password-michendorf networks: public: data-tools: volumes: - grafana-data:/var/lib/grafana secrets: - - grafana-admin-password - - grafana-keycloak-client-secret + - grafana-admin-password-michendorf + - grafana-keycloak-client-secret-michendorf volumes: node-red-data: - external: true node-red-1-data: - external: true node-red-2-data: - external: true node-red-3-data: - external: true influxdb-data: - external: true grafana-data: - external: true secrets: - influxdb-password: + influxdb-password-michendorf: external: true - influxdb-admin-token: + influxdb-admin-token-michendorf: external: true - grafana-admin-password: + grafana-admin-password-michendorf: external: true - node-red-credential-secret: + node-red-credential-secret-michendorf: external: true - node-red-keycloak-client-secret: + node-red-keycloak-client-secret-michendorf: external: true - grafana-keycloak-client-secret: + grafana-keycloak-client-secret-michendorf: external: true networks: public: external: true data-tools: - external: true diff --git a/entrypoint.sh b/entrypoint.sh index 72d43ce..03ff4a3 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,8 +1,8 @@ #!/bin/bash cp /settings.js /data/settings.js -export NODE_RED_CREDENTIAL_SECRET=$(cat /run/secrets/node-red-credential-secret) -export CLIENT_SECRET=$(cat /run/secrets/node-red-keycloak-client-secret) +export NODE_RED_CREDENTIAL_SECRET=$(cat /run/secrets/node-red-credential-secret-michendorf) +export CLIENT_SECRET=$(cat /run/secrets/node-red-keycloak-client-secret-michendorf) cd /data npm i node-red-contrib-influxdb node-red-contrib-loop-processing node-red-contrib-zip cd diff --git a/grafana.ini b/grafana.ini index aca4198..dde6f52 100644 --- a/grafana.ini +++ b/grafana.ini @@ -6,12 +6,12 @@ name = OAuth icon = signin enabled = true client_id = grafana -client_secret = $__file{/run/secrets/grafana-keycloak-client-secret} +client_secret = $__file{/run/secrets/grafana-keycloak-client-secret-michendorf} scopes = openid profile email offline_access roles empty_scopes = false -auth_url = https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/auth -token_url = https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/token -api_url = https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/userinfo +auth_url = https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/auth +token_url = https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/token +api_url = https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/userinfo allow_sign_up = true email_attribute_path = email login_attribute_path = username @@ -19,7 +19,7 @@ name_attribute_path = full_name use_pkce = true role_attribute_path = contains(resource_access.grafana.roles[*], 'admin') && 'Admin' || contains(resource_access.grafana.roles[*], 'editor') && 'Editor' || 'Viewer' [server] -root_url=https://grafana.bad-belzig.klima-daten.de +root_url=https://grafana.michendorf.klima-daten.de [security] allow_embedding = true [auth.anonymous] diff --git a/settings.js b/settings.js index dead52b..4cd07ba 100644 --- a/settings.js +++ b/settings.js @@ -40,7 +40,7 @@ const keycloak = new Issuer({ 'A192CBC-HS384', 'A256CBC-HS512' ], - authorization_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/auth', + authorization_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/auth', authorization_signing_alg_values_supported: [ 'PS384', 'ES384', @@ -55,7 +55,7 @@ const keycloak = new Issuer({ 'PS512', 'RS512' ], - backchannel_authentication_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/ext/ciba/auth', + backchannel_authentication_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/ext/ciba/auth', backchannel_authentication_request_signing_alg_values_supported: [ 'PS384', 'ES384', @@ -73,7 +73,7 @@ const keycloak = new Issuer({ 'poll', 'ping' ], - check_session_iframe: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/login-status-iframe.html', + check_session_iframe: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/login-status-iframe.html', claim_types_supported: [ 'normal' ], @@ -94,8 +94,8 @@ const keycloak = new Issuer({ 'plain', 'S256' ], - device_authorization_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/auth/device', - end_session_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/logout', + device_authorization_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/auth/device', + end_session_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/logout', frontchannel_logout_session_supported: true, frontchannel_logout_supported: true, grant_types_supported: [ @@ -134,7 +134,7 @@ const keycloak = new Issuer({ 'PS512', 'RS512' ], - introspection_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/token/introspect', + introspection_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/token/introspect', introspection_endpoint_auth_methods_supported: [ 'private_key_jwt', 'client_secret_basic', @@ -156,20 +156,20 @@ const keycloak = new Issuer({ 'PS512', 'RS512' ], - issuer: 'https://keycloak.klima-daten.de/realms/klima-dashboard', - jwks_uri: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/certs', + issuer: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard', + jwks_uri: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/certs', mtls_endpoint_aliases: { - backchannel_authentication_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/ext/ciba/auth', - device_authorization_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/auth/device', - introspection_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/token/introspect', - pushed_authorization_request_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/ext/par/request', - registration_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/clients-registrations/openid-connect', - revocation_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/revoke', - token_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/token', - userinfo_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/userinfo' + backchannel_authentication_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/ext/ciba/auth', + device_authorization_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/auth/device', + introspection_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/token/introspect', + pushed_authorization_request_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/ext/par/request', + registration_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/clients-registrations/openid-connect', + revocation_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/revoke', + token_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/token', + userinfo_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/userinfo' }, - pushed_authorization_request_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/ext/par/request', - registration_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/clients-registrations/openid-connect', + pushed_authorization_request_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/ext/par/request', + registration_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/clients-registrations/openid-connect', request_object_encryption_alg_values_supported: [ 'RSA-OAEP', 'RSA-OAEP-256', @@ -221,7 +221,7 @@ const keycloak = new Issuer({ 'code token', 'code id_token token' ], - revocation_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/revoke', + revocation_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/revoke', revocation_endpoint_auth_methods_supported: [ 'private_key_jwt', 'client_secret_basic', @@ -262,7 +262,7 @@ const keycloak = new Issuer({ 'pairwise' ], tls_client_certificate_bound_access_tokens: true, - token_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/token', + token_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/token', token_endpoint_auth_methods_supported: [ 'private_key_jwt', 'client_secret_basic', @@ -297,7 +297,7 @@ const keycloak = new Issuer({ 'A192CBC-HS384', 'A256CBC-HS512' ], - userinfo_endpoint: 'https://keycloak.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/userinfo', + userinfo_endpoint: 'https://keycloak.michendorf.klima-daten.de/realms/klima-dashboard/protocol/openid-connect/userinfo', userinfo_signing_alg_values_supported: [ 'PS384', 'ES384', @@ -385,7 +385,7 @@ module.exports = { adminAuth: { type:'strategy', strategy: { - name: 'keycloak.klima-daten.de', + name: 'keycloak.michendorf.klima-daten.de', label: 'Sign in', icon:'fa-lock', strategy: Strategy,