changes from user-mgmt-ui branch

f688877d · Temur Maisuradze · a8e585ba · f688877d · f688877d · f688877d
Commit f688877d authored 3 years ago by Temur Maisuradze
--- a/.gitmodules
+++ b/.gitmodules
+[submodule "user-mgmt-ui"]
+	path = user-mgmt-ui
+	url = https://gitlab.geant.org/gn4-3-wp8-t3.1-soc/soctools-user-mgmt-ui.git
--- a/configure.sh
+++ b/configure.sh
+#!/bin/bash
+set -e
+if [ -f group_vars/all/variables.yml ]; then 
+	echo "Variables file (group_vars/all/variables.yml) is configure manually. please take a look if everything is correct and move to next step"
+	cat group_vars/all/variables.yml
+else 
+	echo "set FQDN which will be used to access the soctools services. (the DNS record should already be in place.)"
+	read -p 'soctoolsproxy: ' soctoolsproxy
+	if [ -z $soctoolsproxy ]; then
+		echo "Error: Empty string for soctoolsproxy! exiting..."
+		exit 1
+	fi
+	echo
+	echo "Organization's top level domain (will be used as organization name and organization domain in different services)"
+	read -p 'domain: ' domain
+        if [ -z $domain ]; then
+                echo "Error: Empty string for domain! exiting..."
+                exit 1
+        fi
+	echo
+	echo
+	echo
+	echo "Please provide following parameters for first socctolls user which will be created during the initialization with organization admin privileges:"
+	echo "firstname - First name of the user"
+	echo "lastname 	- Last name of the user"
+	echo "username 	- Username of the user"
+	echo "DN 	- Distinguished Name of the user, for user certificate"
+	echo "CN 	- Common Name of the user, for user certificate"
+	echo "Email will be generated automatically in Username@Domain format becouse of format restrictions in some services"
+	sleep 10
+	for i in firstname lastname username; do
+		read -p "${i}: " $i
+	      	if [ -z $i ]; then
+                	echo "Error: Empty string for ${i}! exiting..."
+                	exit 1
+        	fi
+	done
+	read -p "Enter CN for Certificate [${firstname}${lastname}]: " CN
+	CN=${CN:-${firstname}${lastname}}
+	DN=${CN}
+	echo
+	echo
+	echo
+	sleep 2
+	echo "Please check the gethered variables and type 'yes' if everything is correct: "
+	echo "soctoolsproxy: 	$soctoolsproxy"
+	echo "domain: 		$domain"
+	echo "firstname: 	$firstname"
+	echo "lastname: 	$lastname"
+	echo "username: 	$username"
+	echo "DN: 		$DN"
+	echo "CN:		$CN"
+	echo
+	echo
+	sleep 10
+	read -p "Correct? type 'yes' or 'no': " ANSWER
+	if [ $ANSWER = "yes" ]; then
+		if ! [ -f group_vars/all/variables.template ]; then
+			echo "template file(group_vars/all/variables.template) does not exists! exiting ..."
+			exit 1
+		else
+			cp -f group_vars/all/variables.template group_vars/all/variables.yml
+			sed -i "s/CHANGE_ME_TO_FQDN/${soctoolsproxy}/g" group_vars/all/variables.yml
+			sed -i "s/soctools.test/${domain}/g" group_vars/all/variables.yml
+			sed -i "11s/soc_admin/${firstname}/" group_vars/all/variables.yml
+			sed -i "12s/SOC/${lastname}/" group_vars/all/variables.yml
+			sed -i "13s/soc_admin/${username}/" group_vars/all/variables.yml
+			sed -i "14s/soc_admin/${username}/" group_vars/all/variables.yml
+			sed -i "15s/SOC_Admin/${DN}/" group_vars/all/variables.yml
+			sed -i "16s/SOC_Admin/${CN}/" group_vars/all/variables.yml
+			sed -i "26s/soc_admin/${username}/" group_vars/all/variables.yml
+			echo
+			echo
+			echo "variables file generated (group_vars/all/variables.yml)"
+			sleep 2
+			echo "move to next command to deploy the soctools cluster."
+			echo 'Thank You!'
+		fi
+	else
+		echo "Exiting based of user input ..."
+		exit 0
+	fi
+fi
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
 ---
-soctoolsproxy: "CHANGE_ME_TO_FQDN"
 maxmind_key: ""
 docker_build_dir: "{{playbook_dir}}/build"
 soctools_netname: "soctoolsnet"
 soctools_network: "172.22.0.0/16"
+soctools_network_gw: "172.22.0.1"
 repo: soctools
 version: 7
@@ -15,6 +14,12 @@ suffix: a20201004
 kibana_plugins_version: "v0.7"
+THEHIVE_KIBANA_USER:
+  username: "kibana"
+  name: "Kibana"
+  surname: "User"
+  roles: '["read", "write"]'
 haproxy_name: "soctools-haproxy"
 haproxy_version: "2.2"
 haproxy_img: "{{repo}}/haproxy:{{version}}{{suffix}}"

--- a/group_vars/all/users.yml
+++ b/group_vars/all/users.yml
---
-domain: "soctools.test"
-soctools_users:
-  - firstname: "User1"
-    lastname: "SOC"
-    username: "user1"
-    email: "user1@{{domain}}"
-    DN: "CN=User1Soctools"
-    CN: "User1Soctools"
-  - firstname: "User2"
-    lastname: "SOC"
-    username: "user2"
-    email: "user2@{{domain}}"
-    DN: "CN=User2Soctools"
-    CN: "User2Soctools"
-# Minimum one user is required
-ODFE_ADMIN_USERS:
-  - user1
-THEHIVE_KIBANA_USER:
-  username: "kibana"
-  name: "Kibana"
-  surname: "User"
-  roles: '["read", "write"]'
-# Special account for user management GUI, configured as admin user in some of the tools
-USER_MGMT_ADMIN_USER:
-  username: "soctools-user-mgmt"
-  DN: "CN=soctools-user-mgmt"
-  CN: "soctools-user-mgmt"
\ No newline at end of file
--- a/group_vars/all/variables.template
+++ b/group_vars/all/variables.template
+---
+# set FQDN which will be used to access the soctools services. (the DNS record should already be in place.)
+soctoolsproxy: "CHANGE_ME_TO_FQDN"
+# Organization's top level domain (will be used as organization name and organization domain in different services)
+domain: "soctools.test"
+#List of users which will be created during the initialization with organization admin privileges
+soctools_users:
+  - firstname: "soc_admin"
+    lastname: "SOC"
+    username: "soc_admin"
+    email: "soc_admin@{{domain}}"
+    DN: "CN=SOC_Admin"
+    CN: "SOC_Admin"
+#  - firstname: "soc_admin_2"
+#    lastname: "SOC"
+#    username: "soc_admin_2"
+#    email: "soc_admin_2@{{domain}}"
+#    DN: "CN=SOC_Admin_2"
+#    CN: "SOC_Admin_2"
+# list of users(username) from previous step which will recive admin roles in ODFE. (Minimum one user is required)
+ODFE_ADMIN_USERS:
+  - soc_admin
+#  -   soc_admin_2
--- a/roles/docker/tasks/haproxy.yml
+++ b/roles/docker/tasks/haproxy.yml
@@ -10,6 +10,7 @@
    networks_cli_compatible: yes
    published_ports:
      - "443:443"
+      - "5443:5443"
      - "8888:8888"
      - "8443:8443"
      - "9443:9443"

--- a/roles/haproxy/templates/haproxy.cfg.j2
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -86,6 +86,17 @@ listen cortexserv
 	server {{cortexhost}} {{cortexhost}}:9001 check verify none
 {% endfor %}
+listen user-mgmt-ui
+        bind *:5443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
+        mode http
+        maxconn 5000
+        fullconn 5000
+        balance source
+        option tcpka
+        option forwardfor
+        option httplog
+        server soctools_server {{ soctools_network_gw }}:8050
 {% for port in range(50, 60) %}
 listen nifiservtcp77{{port}}
 	bind *:77{{port}}

--- a/roles/soctools-server/tasks/main.yml
+++ b/roles/soctools-server/tasks/main.yml
@@ -13,13 +13,36 @@
  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
 - name: Install required packages
  yum:
-    name: ["docker-ce","docker-ce-cli","containerd.io","python-pip","unzip","firewalld","python-docker-py"]
+    name: ["docker-ce","docker-ce-cli","containerd.io","python-pip","unzip","firewalld","python-docker-py","python36"]
    state: latest
    validate_certs: no
  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
 - name: Install pip packages
  pip:
    name: ["pexpect==3.3"]
+- name: create venv for user-mgmt-ui
+  shell: 'python3 -m venv venv'
+  args:
+    chdir: '{{playbook_dir}}/user-mgmt-ui'
+    warn: no
+- name: install venv packages for user-mgmt-ui
+  shell: './venv/bin/python3 -m pip install -r requirements.txt'
+  args:
+    chdir: '{{playbook_dir}}/user-mgmt-ui'
+    warn: no
+- name: create systemd service file for user-mgmt-ui
+  template: src=user-mgmt-ui.service.j2 dest=/etc/systemd/system/user-mgmt-ui.service mode=644
+- name: enable and start user-mgmt-ui service
+  systemd:
+    state: restarted
+    daemon_reload: yes
+    name: user-mgmt-ui
+    enabled: yes
 - name: Set sysctl parameters
  sysctl:
    name: "{{item.key}}"

--- a/roles/soctools-server/templates/user-mgmt-ui.service.j2
+++ b/roles/soctools-server/templates/user-mgmt-ui.service.j2
+[Unit]
+Description=user-mgmt-ui service
+Requires=network.target
+After=syslog.target network.target
+[Service]
+Type=simple
+ExecStart={{playbook_dir}}/user-mgmt-ui/venv/bin/gunicorn --workers=2 --bind 0.0.0.0:8050 main:app
+User=root
+KillMode=process
+WorkingDirectory={{playbook_dir}}/user-mgmt-ui
+[Install]
+WantedBy=multi-user.target