New attempt to configure access with ssh-oidc (#65)

* disable motley for now * I strongly disagree with this linting amendment :) * replace plan ubuntu 20.04 with EGI Docker VMI with ubuntu 22.04 * docker already avaialble on the new VMI * enable back motley-cue * enable back motley in playbook.yaml and remove docker
EGI-Federation · Sep 24, 2024 · f87e04c · f87e04c
1 parent f47fc40
commit f87e04c
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 15 deletions.
diff --git a/deployment/deploy.tfvars b/deployment/deploy.tfvars
@@ -6,6 +6,3 @@ ip_pool = "public-network"
 
 # Flavor: m1.medium 2cores/4GB
 flavor_id = "df25f80f-ed19-4e0b-805e-d34620ba0334"
-
-# Image: Ubuntu-20.04-20211006
-image_id = "582840e6-3cc1-4133-ad20-6b302239ce19"
diff --git a/deployment/galaxy-requirements.yaml b/deployment/galaxy-requirements.yaml
@@ -1,4 +1,2 @@
-# docker installation
-- src: grycap.docker
 # ssh-oidc access
 - src: grycap.motley_cue
diff --git a/deployment/main.tf b/deployment/main.tf
@@ -1,6 +1,6 @@
 resource "openstack_compute_instance_v2" "dashboard" {
   name      = "dashboard"
-  image_id  = var.image_id
+  image_id  = data.openstack_images_image_v2.egi-docker.id
   flavor_id = var.flavor_id
   user_data = file("cloud-init.yaml")
   network {

diff --git a/deployment/playbook.yaml b/deployment/playbook.yaml
@@ -12,8 +12,6 @@
   become: yes
   gather_facts: yes
   roles:
-    - role: "grycap.docker"
-      docker_config_values: { "mtu": 1400 }
     - role: "grycap.motley_cue"
       ssh_oidc_other_vos_name: cloud.egi.eu
       ssh_oidc_other_vos_role: auditor
@@ -30,14 +28,20 @@
     - name: Move motley-cue to a different port (nginx)
       ansible.builtin.lineinfile:
         path: /etc/nginx/sites-available/nginx.motley_cue
-        search_string: "8080;"
-        line: 8181;
+        regexp: ".*listen 8080;$"
+        line: "    listen 8181;"
+
+    - name: No IPv6 for motley-cue (nginx)
+      ansible.builtin.lineinfile:
+        path: /etc/nginx/sites-available/nginx.motley_cue
+        search_string: "listen [::]:8080;"
+        state: absent
 
     - name: Move motley-cue to a different port (pam-ssh-oidc)
       ansible.builtin.lineinfile:
         path: /etc/pam.d/pam-ssh-oidc-config.ini
-        search_string: "http://localhost:8080/verify_user"
-        line: http://localhost:8181/verify_user
+        regexp: "^verify_endpoint = http://localhost:8080/verify_user$"
+        line: "verify_endpoint = http://localhost:8181/verify_user"
 
     - name: Restart nginx
       ansible.builtin.service:

diff --git a/deployment/vars.tf b/deployment/vars.tf
@@ -8,9 +8,12 @@ variable "ip_pool" {
   description = "The floating ip pool"
 }
 
-variable "image_id" {
-  type        = string
-  description = "VM image id"
+# https://appdb.egi.eu/store/vappliance/egi.docker
+data "openstack_images_image_v2" "egi-docker" {
+  most_recent = true
+  properties = {
+    "ad:appid" = "1006"
+  }
 }
 
 variable "flavor_id" {