Merge branch 'main' into athena-module-config

requirements.txt

@@ -4,7 +4,7 @@ ansible-lint==5.3.2
 cffi==1.15.0
 colorama==0.4.4
 commonmark==0.9.1
-cryptography==41.0.0
+cryptography==41.0.4
 Jinja2==3.0.3
 MarkupSafe==2.0.1
 packaging==21.3

roles/artemis/README.md

@@ -1,4 +1,4 @@
-Role Name
+Artemis
 =========
 
 This role installs artemis on a host. The role supports single node installations as well as multi node installations.

roles/artemis/defaults/main.yml

@@ -9,6 +9,7 @@ artemis_server_port: 8080
 install_artemis: true
 upgrade_artemis: false
 use_docker: false
+artemis_node_count: 1
 
 check_variables: true
 
@@ -181,7 +182,7 @@ artemis_external_password_reset_link_de: "https://campus.tum.de/tumonline/ee/ui/
   #  url:
 
 # Define node local hazelcast_address - Uses wireguard net by default
-hazelcast_address: "{% if is_multinode_install is defined and is_multinode_install|bool == true %}[{{ wireguard_interface_address }}]{% endif %}"
+hazelcast_address: "{% if is_multinode_install is defined and is_multinode_install|bool == true and not use_docker%}[{{ wireguard_interface_address }}]{% endif %}"
 
 artemis_eureka_urls: "{% if registry.url is defined and registry.url is not none %}http://admin:${jhipster.registry.password}@{{ registry.url }}:8761/eureka/{% endif %}"
 artemis_eureka_instance_id: "{{ node_id }}"
@@ -200,12 +201,13 @@ artemis_eureka_instance_id: "{{ node_id }}"
 # Compute Spring Profiles from set variables
 artemis_spring_profile_env: "prod"
 artemis_spring_profile_user_management: "{% if user_management.jira is defined and user_management.jira is not none %},jira{% endif %}" # none HAS to be lowercase ¯\_(ツ)_/¯
-artemis_spring_profile_ldap: "{% if ldap.password is defined and ldap.password is not none %},ldap{% endif %}"
-artemis_spring_profile_version_control: "{% if version_control.bitbucket is defined and version_control.bitbucket is not none %},bitbucket{% elif version_control.gitlab is defined and version_control.gitlab is not none %},gitlab{% endif %}"
-artemis_spring_profile_continuous_integration: "{% if continuous_integration.bamboo is defined and continuous_integration.bamboo is not none %},bamboo{% elif continuous_integration.jenkins is defined and continuous_integration.jenkins is not none %},jenkins{% endif %}"
+artemis_spring_profile_ldap: "{% if ldap.password is defined and ldap.password is not none %}{% if user_management.jira is defined and user_management.jira is not none %},ldap{% else %},ldap-only{% endif %}{% endif %}"
+artemis_spring_profile_version_control: "{% if version_control.bitbucket is defined and version_control.bitbucket is not none %},bitbucket{% elif version_control.gitlab is defined and version_control.gitlab is not none %},gitlab{% elif version_control.localvc is defined and version_control.localvc is not none %},localvc{% endif %}"
+artemis_spring_profile_continuous_integration: "{% if continuous_integration.bamboo is defined and continuous_integration.bamboo is not none %},bamboo{% elif continuous_integration.jenkins is defined and continuous_integration.jenkins is not none %},jenkins{% elif continuous_integration.localci is defined and continuous_integration.localci is not none %},localci{% endif %}"
 artemis_spring_profile_athena: "{% if athena is defined and athena is not none %},athena{% endif %}"
 artemis_spring_profile_apollon: "{% if apollon_url is defined and apollon_url is not none %},apollon{% endif %}"
 artemis_spring_profile_scheduling: "{% if node_id is defined and node_id == 1 %},scheduling{% endif %}"
 artemis_spring_profile_docker: "{% if use_docker %},docker{% endif %}"
 artemis_spring_profile_iris: "{% if iris is defined and iris is not none %},iris{% endif %}"
-artemis_spring_profiles: "{{ artemis_spring_profile_env }}{{ artemis_spring_profile_user_management }}{{ artemis_spring_profile_ldap }}{{ artemis_spring_profile_version_control }}{{ artemis_spring_profile_continuous_integration }}{{ artemis_spring_profile_athena }}{{ artemis_spring_profile_scheduling }}{{ artemis_spring_profile_docker }}{{ artemis_spring_profile_iris }}"
+artemis_spring_profile_lti: "{% if lti.oauth_secret is defined and lti.oauth_secret is not none %},lti{% endif %}"
+artemis_spring_profiles: "{{ artemis_spring_profile_env }}{{ artemis_spring_profile_user_management }}{{ artemis_spring_profile_ldap }}{{ artemis_spring_profile_version_control }}{{ artemis_spring_profile_continuous_integration }}{{ artemis_spring_profile_athena }}{{ artemis_spring_profile_scheduling }}{{ artemis_spring_profile_docker }}{{ artemis_spring_profile_iris }}{{ artemis_spring_profile_lti }}"

roles/artemis/tasks/docker_deploy_artemis.yml

@@ -56,6 +56,21 @@
   register: config
   notify: restart docker artemis
 
+- name: Copy node env files
+  loop: "{{ range(1, artemis_node_count + 1) }}"
+  loop_control:
+    loop_var: docker_node_id
+  when: is_multinode_install
+  become: true
+  template:
+    src: "templates/node.env.j2"
+    dest: "{{ artemis_working_directory }}/node{{ docker_node_id }}.env"
+    owner: "{{ artemis_user_name }}"
+    group: "{{ artemis_user_group }}"
+    mode: 0660
+  register: config
+  notify: restart docker artemis
+
 - name: Create artemis ssh key directory
   become: true
   file:

roles/artemis/templates/application-prod.yml.j2

@@ -147,6 +147,13 @@ artemis:
     versionControlAccessToken: true
 {% endif %}
 
+{% if version_control.localvc is defined %}
+  version-control:
+    url: {{ version_control.localvc.url }}
+    local-vcs-repo-path: {{ artemis_repo_basepath }}/local-vcs-repos
+    user: "demo"
+    password: "demo"
+{% endif %}
 
 {% if continuous_integration.bamboo is defined %}
   continuous-integration:
@@ -171,6 +178,10 @@ artemis:
     artemis-authentication-token-value: {{ continuous_integration.jenkins.artemis_auth_token_value }}
 {% endif %}
 
+{% if continuous_integration.localci is defined %}
+  continuous-integration:
+    artemis-authentication-token-value: "demo"
+{% endif %}
 
 
 {% if lti is defined %}

roles/artemis/templates/artemis-docker.sh.j2

@@ -1,13 +1,15 @@
 #!/bin/bash
 
 PROJECT_DIR="{{ artemis_working_directory }}/Artemis/docker"
-{% if artemis_database_type == "mysql" %}
-COMPOSE_FILE="test-server-mysql.yml"
-{% endif %}
-{% if artemis_database_type == "postgresql" %}
-COMPOSE_FILE="test-server-postgresql.yml"
-{% endif %}
+{% set default_compose_file = "test-server-" + artemis_database_type + ".yml" %}
+{% set localci_compose_file = "test-server-" + artemis_database_type + "-localci.yml" %}
+{% set multi_node_localci_compose_file = "test-server-multi-node-" + artemis_database_type + "-localci.yml" %}
+
+COMPOSE_FILE="{% if continuous_integration.localci is defined and is_multinode_install is defined %}{{ multi_node_localci_compose_file }}{% elif continuous_integration.localci is defined %}{{ localci_compose_file }}{% else %}{{ default_compose_file }}{% endif %}"
 ENV_FILE="{{ artemis_working_directory }}/docker.env"
+{% if continuous_integration.localci is defined %}
+export DOCKER_GROUP_ID=$(getent group docker | cut -d: -f3)
+{% endif %}
 
 # Function: Print general usage information
 function general_help {

roles/artemis/templates/artemis.env.j2

@@ -129,6 +129,16 @@ ARTEMIS_CONTINUOUSINTEGRATION_VCSCREDENTIALS='{{ continuous_integration.jenkins.
 ARTEMIS_CONTINUOUSINTEGRATION_ARTEMISAUTHENTICATIONTOKENKEY='{{ continuous_integration.jenkins.artemis_auth_token_key }}'
 ARTEMIS_CONTINUOUSINTEGRATION_ARTEMISAUTHENTICATIONTOKENVALUE='{{ continuous_integration.jenkins.artemis_auth_token_value }}'
 {% endif %}
+{% if version_control.localvc is defined %}
+ARTEMIS_VERSIONCONTROL_URL='{{ version_control.localvc.url }}'
+ARTEMIS_VERSIONCONTROL_LOCALVCSREPOPATH='{{ artemis_repo_basepath }}/local-vcs-repos'
+ARTEMIS_VERSIONCONTROL_USER='demo'
+ARTEMIS_VERSIONCONTROL_PASSWORD='demo'
+{% endif %}
+{% if continuous_integration.localci is defined %}
+ARTEMIS_CONTINUOUSINTEGRATION_ARTEMISAUTHENTICATIONTOKENVALUE='demo'
+ARTEMIS_CONTINUOUSINTEGRATION_DOCKERCONNECTIONURI='unix:///var/run/docker.sock'
+{% endif %}
 ARTEMIS_USERMANAGEMENT_LOGIN_ACCOUNTNAME='{{ artemis_account_login_info }}'
 {% if lti is defined %}
 ARTEMIS_LTI_ID='artemis_lti'
@@ -186,9 +196,13 @@ INFO_SENTRY_DSN='https://ceeb3e72ec094684aefbb132f87231f2@sentry.ase.in.tum.de/2
 EUREKA_CLIENT_ENABLED='true'
 EUREKA_CLIENT_SERVICEURL_DEFAULTZONE='{{ artemis_eureka_urls }}'
 EUREKA_INSTANCE_PREFERIPADDRESS='true'
+{% if hazelcast_address is defined and hazelcast_address != "" %}
 EUREKA_INSTANCE_IPADDRESS='{{ hazelcast_address }}'
+{% endif %}
 EUREKA_INSTANCE_APPNAME='Artemis'
+{% if artemis_eureka_instance_id is defined and artemis_eureka_instance_id != "" %}
 EUREKA_INSTANCE_INSTANCEID='Artemis:{{ artemis_eureka_instance_id }}'
 {% endif %}
+{% endif %}
 LOGGING_FILE_NAME='{{ artemis_working_directory }}/artemis.log'
 MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED='true'

roles/artemis/templates/docker.env.j2

@@ -1,13 +1,25 @@
 ARTEMIS_DOCKER_TAG='{{ artemis_build_version }}'
 ARTEMIS_SSH_KEY_PATH='{{ artemis_ssh_key_path }}'
+
 ARTEMIS_ENV_FILE='{{ artemis_working_directory }}/artemis.env'
+{% if is_multinode_install %}
+{% for node_id in range(1, artemis_node_count + 1) %}
+ARTEMIS_NODE_{{ node_id }}_ENV_FILE='{{ artemis_working_directory }}/node{{ node_id }}.env'
+{% endfor %}
+{% endif %}
+
 ARTEMIS_VOLUME_MOUNT='{{ artemis_working_directory }}/data/artemis'
 ARTEMIS_LEGAL_MOUNT='{{ artemis_working_directory }}/legal'
 ARTEMIS_DATA_EXPORT_MOUNT='{{ artemis_working_directory }}/data-exports'
 
 DATABASE_ENV_FILE='{{ artemis_working_directory }}/database.env'
 DATABASE_VOLUME_MOUNT='{{ artemis_working_directory }}/data/database'
 
+# Broker & Registry vars
+REGISTRY_PASSWORD='{{ artemis_jhipster_registry_password }}'
+BROKER_USER='{{ broker.username }}'
+BROKER_PASSWORD='{{ broker.password }}'
+
 # Nginx vars
 NGINX_PROXY_SSL_CERTIFICATE_PATH='{{ proxy_ssl_certificate_path }}'
 NGINX_PROXY_SSL_CERTIFICATE_KEY_PATH='{{ proxy_ssl_certificate_key_path }}'

roles/artemis/templates/node.env.j2

@@ -0,0 +1,4 @@
+SPRING_PROFILES_ACTIVE='{{ artemis_spring_profiles }}{% if docker_node_id == 1 %},scheduling{% endif %}'
+EUREKA_INSTANCE_INSTANCEID='Artemis:{{ docker_node_id }}'
+EUREKA_INSTANCE_HOSTNAME='artemis-app-node-{{ docker_node_id }}'
+SPRING_HAZELCAST_INTERFACE='artemis-app-node-{{ docker_node_id }}'

roles/pyris/README.md

@@ -0,0 +1,22 @@
+Pyris
+=========
+
+This role installs Pyris on a host. The role supports single node installations via Docker
+
+Role Variables
+--------------
+Default variables can be found in the `defaults/main.yml` file.
+
+### Variables that have to be configured for a single node installation:
+
+```
+pyris_deployment_user_public_key: #FIXME
+
+pyris_config: #FIXME
+
+proxy_ssl_certificate_path: #FIXME
+proxy_ssl_certificate_key_path: #FIXME
+
+```
+
+pyris_config is the configuration for Pyris. See https://github.com/ls1intum/Pyris for details

roles/pyris/defaults/main.yml

@@ -0,0 +1,33 @@
+---
+pyris_build_version: "latest"
+pyris_working_directory: "/opt/pyris"
+
+##############################################################################
+# Pyris Linux Users
+##############################################################################
+
+pyris_user_name: "pyris"
+pyris_user_group: "pyris"
+pyris_user_uid: "1337"
+pyris_user_gid: "1337"
+
+pyris_create_deployment_user: false
+pyris_deployment_user_name: deployment
+pyris_deployment_user_uid: 1338
+pyris_deployment_user_public_key: ""
+pyris_deployment_user_comment: "User to deploy pyris to this host"
+
+
+##############################################################################
+# OpenAI Setup
+##############################################################################
+
+pyris_config: #FIXME
+
+
+##############################################################################
+# Nginx Setup
+##############################################################################
+
+proxy_ssl_certificate_path: #FIXME
+proxy_ssl_certificate_key_path: #FIXME

roles/pyris/handlers/main.yml

@@ -0,0 +1,18 @@
+---
+# handlers file for pyris
+- name: restart docker compose pyris
+  become: true
+  shell: |
+    ./pyris-docker.sh restart {{ pyris_build_version }} {{ pyris_branch }}
+  args:
+    chdir: "{{ pyris_working_directory }}"
+  listen: "restart docker pyris"
+
+- name: start docker compose pyris
+  become: true
+  command: ./pyris-docker.sh start {{ pyris_build_version }} {{ pyris_branch }}
+  args:
+    chdir: "{{ pyris_working_directory }}"
+  listen: "start docker pyris"
+
+

roles/pyris/tasks/main.yml

@@ -0,0 +1,98 @@
+---
+- name: Ensure pyris group {{ pyris_user_group }} exists
+  become: yes
+  group:
+    name: "{{ pyris_user_group }}"
+    gid: "{{ pyris_user_gid }}"
+    state: present
+
+- name: Ensure pyris user {{ pyris_user_name }} exists
+  become: yes
+  user:
+    name: "{{ pyris_user_name }}"
+    state: present
+    uid: "{{ pyris_user_uid }}"
+    group: "{{ pyris_user_group }}"
+    groups: "docker"
+
+- name: Ensure deployment user {{ pyris_deployment_user_name }} exists
+  become: yes
+  user:
+    name: "{{ pyris_deployment_user_name }}"
+    comment: "{{ pyris_deployment_user_comment }}"
+    state: present
+    uid: "{{ pyris_deployment_user_uid }}"
+    group: "{{ pyris_user_group }}"
+    groups: "sudo,docker"
+    append: yes
+  when: (pyris_create_deployment_user | bool)
+
+- name: Ensure (limited) sudo privileges for user {{ pyris_deployment_user_name }}
+  become: yes
+  template:
+    src: pyris_deployment_sudoers.j2
+    dest: /etc/sudoers.d/pyris_deployment
+    validate: 'visudo -cf %s'
+    mode: 0440
+  when: (pyris_create_deployment_user | bool)
+
+- name: Authorize ssh-key for deployment user
+  become: yes
+  authorized_key:
+    user: "{{ pyris_deployment_user_name }}"
+    state: present
+    key: "{{ pyris_deployment_user_public_key }}"
+  when: (pyris_create_deployment_user | bool)
+
+- name: Create pyris directory
+  become: true
+  file:
+    path: "{{ pyris_working_directory }}"
+    state: directory
+    mode: '0775'
+
+- name: Set permissions for pyris directory
+  become: true
+  file:
+    path: "{{ pyris_working_directory }}"
+    state: directory
+    recurse: yes
+    owner: "{{ pyris_user_name }}"
+    group: "{{ pyris_user_group }}"
+  register: permissions
+  notify: restart docker pyris
+
+- name: Copy docker.env to pyris directory
+  become: true
+  template:
+    src: "templates/docker.env.j2"
+    dest: "{{ pyris_working_directory }}/docker.env"
+    owner: "{{ pyris_user_name }}"
+    group: "{{ pyris_user_group }}"
+    mode: 0660
+  register: config
+  notify: restart docker pyris
+
+- name: Copy application.yml to pyris directory
+  become: true
+  template:
+    src: "templates/application.yml.j2"
+    dest: "{{ pyris_working_directory }}/application.yml"
+    owner: "{{ pyris_user_name }}"
+    group: "{{ pyris_user_group }}"
+    mode: 0660
+  register: config
+  notify: restart docker pyris
+
+- name: Copy pyris-docker.sh helper script
+  become: true
+  template:
+    src: "templates/pyris-docker.sh.j2"
+    dest: "{{ pyris_working_directory }}/pyris-docker.sh"
+    owner: "{{ pyris_user_name }}"
+    group: "{{ pyris_user_group }}"
+    mode: 0770
+  register: config
+  notify: restart docker pyris
+
+

roles/pyris/templates/application.yml.j2

@@ -0,0 +1 @@
+{{ pyris_config |to_yaml(indent=4) }}

roles/pyris/templates/docker.env.j2

@@ -0,0 +1,6 @@
+PYRIS_DOCKER_TAG='{{ pyris_build_version }}'
+PYRIS_APPLICATION_YML_FILE='{{ pyris_working_directory }}/application.yml'
+
+# Nginx vars
+NGINX_PROXY_SSL_CERTIFICATE_PATH='{{ proxy_ssl_certificate_path }}'
+NGINX_PROXY_SSL_CERTIFICATE_KEY_PATH='{{ proxy_ssl_certificate_key_path }}'