diff --git a/README.md b/README.md
index 54beb4f..39bb676 100644
--- a/README.md
+++ b/README.md
@@ -116,8 +116,10 @@ No modules.
| Name | Type |
|------|------|
| [azurerm_dns_a_record.fake](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource |
+| [azurerm_dns_a_record.kc](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource |
| [azurerm_dns_a_record.mtls](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource |
| [azurerm_dns_a_record.mtls_fake](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource |
+| [azurerm_dns_a_record.mtls_kc](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource |
| [azurerm_dns_a_record.mtls_tak](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource |
| [azurerm_dns_a_record.tak](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource |
| [azurerm_dns_a_record.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource |
@@ -132,8 +134,9 @@ No modules.
| [random_pet.rg_name](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource |
| [xkcdpass_generate.kc_admin_pass](https://registry.terraform.io/providers/advian-oss/xkcdpass/latest/docs/resources/generate) | resource |
| [xkcdpass_generate.kc_db_pass](https://registry.terraform.io/providers/advian-oss/xkcdpass/latest/docs/resources/generate) | resource |
+| [xkcdpass_generate.kc_keystore_pass](https://registry.terraform.io/providers/advian-oss/xkcdpass/latest/docs/resources/generate) | resource |
| [xkcdpass_generate.kc_ldap_pass](https://registry.terraform.io/providers/advian-oss/xkcdpass/latest/docs/resources/generate) | resource |
-| [xkcdpass_generate.kc_mgr_pass](https://registry.terraform.io/providers/advian-oss/xkcdpass/latest/docs/resources/generate) | resource |
+| [xkcdpass_generate.kc_truststore_pass](https://registry.terraform.io/providers/advian-oss/xkcdpass/latest/docs/resources/generate) | resource |
| [xkcdpass_generate.postgres_pass](https://registry.terraform.io/providers/advian-oss/xkcdpass/latest/docs/resources/generate) | resource |
| [xkcdpass_generate.rm_db_pass](https://registry.terraform.io/providers/advian-oss/xkcdpass/latest/docs/resources/generate) | resource |
| [xkcdpass_generate.tak_db_pass](https://registry.terraform.io/providers/advian-oss/xkcdpass/latest/docs/resources/generate) | resource |
@@ -148,8 +151,8 @@ No modules.
| [CERTBOT\_EMAIL](#input\_CERTBOT\_EMAIL) | Email address to send certificate expiration notifications. | `string` | `"benjam.gronmark_arkiproj@hotmail.com"` | no |
| [DEPLOYMENT\_NAME](#input\_DEPLOYMENT\_NAME) | Set DNS name, if not set will be automatically generated | `string` | `null` | no |
| [DOCKER\_COMPOSITION\_REPO](#input\_DOCKER\_COMPOSITION\_REPO) | The repo to use to get the docker-composition from | `string` | `"https://github.com/pvarki/docker-rasenmaeher-integration.git"` | no |
-| [DOCKER\_REPO\_TAG](#input\_DOCKER\_REPO\_TAG) | The branch/tag in DOCKER\_COMPOSITION\_REPO to use | `string` | `"1.5.0"` | no |
-| [DOCKER\_TAG\_EXTRA](#input\_DOCKER\_TAG\_EXTRA) | If you want to deploy for example a PR tagged version, messing this up is a good way to make everything take forever | `string` | `""` | no |
+| [DOCKER\_REPO\_TAG](#input\_DOCKER\_REPO\_TAG) | The branch/tag in DOCKER\_COMPOSITION\_REPO to use | `string` | `"keycloak"` | no |
+| [DOCKER\_TAG\_EXTRA](#input\_DOCKER\_TAG\_EXTRA) | If you want to deploy for example a PR tagged version, messing this up is a good way to make everything take forever | `string` | `"-95-merge"` | no |
| [EXPIRES](#input\_EXPIRES) | ISO 8601 date (yyyy-mm-dd) after which this resource is cleaned up, defaults to 30days from now | `string` | `null` | no |
| [RESOURCE\_GROUP\_LOCATION](#input\_RESOURCE\_GROUP\_LOCATION) | Location of the resource group. | `string` | `"northeurope"` | no |
| [RESOURCE\_GROUP\_NAME\_PREFIX](#input\_RESOURCE\_GROUP\_NAME\_PREFIX) | Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription. | `string` | `"rg-miniwerk"` | no |
diff --git a/azure-pipelines-solution.yml b/azure-pipelines-solution.yml
index 4862f21..4af6b2c 100644
--- a/azure-pipelines-solution.yml
+++ b/azure-pipelines-solution.yml
@@ -25,6 +25,9 @@ parameters:
- name: DOCKER_REPO_TAG
type: string
default: false
+- name: DOCKER_TAG_EXTRA
+ type: string
+ default: false
- name: VM_SIZE
type: string
default: false
@@ -89,27 +92,27 @@ stages:
command: apply
environmentServiceNameAzureRM: FDF-PVARKI-SOLUTION-Dev
- - task: Bash@3
- displayName: Create github issue
- inputs:
- targetType: 'inline'
- connection: github_connector
- script: |
- echo "Creating a GitHub issue..."
- curl -X POST \
- -H "Authorization: Bearer $(GitHubToken)" \
- -H "Accept: application/vnd.github.v3+json" \
- https://api.github.com/repos/pvarki/terraform-miniwerk-deployment/issues \
- -d '{
- "title": "Automated Issue: Created ${{ parameters.DEPLOYMENT_NAME }} with workspace ${{ parameters.WORKSPACE_NAME }}",
- "body": "This issue was created by an Azure DevOps pipeline using the GitHub service connection.",
- "labels": ["automation","instance"]
- }'
- displayName: 'Create GitHub Issue'
- workingDirectory: $(System.DefaultWorkingDirectory)
- env:
- GitHubToken: $(serviceConnection.github_connector.auth.token)
-
+ # - task: Bash@3
+ # displayName: Create github issue
+ # inputs:
+ # targetType: 'inline'
+ # connection: github_connector
+ # script: |
+ # echo "Creating a GitHub issue..."
+ # curl -X POST \
+ # # -H "Authorization: Bearer $(GitHubToken)" \
+ # -H "Accept: application/vnd.github.v3+json" \
+ # https://api.github.com/repos/pvarki/terraform-miniwerk-deployment/issues \
+ # -d '{
+ # "title": "Automated Issue: Created ${{ parameters.DEPLOYMENT_NAME }} with workspace ${{ parameters.WORKSPACE_NAME }}",
+ # "body": "This issue was created by an Azure DevOps pipeline using the GitHub service connection.",
+ # "labels": ["automation","instance"]
+ # }'
+ # displayName: 'Create GitHub Issue'
+ # workingDirectory: $(System.DefaultWorkingDirectory)
+ # env:
+ # GitHubToken: $(serviceConnection.github_connector.auth.token)
+
- stage: destroy_resources
displayName: Destroy miniwerk resources
jobs:
diff --git a/main.tf b/main.tf
index 6b26bfd..5fcbc0e 100644
--- a/main.tf
+++ b/main.tf
@@ -18,7 +18,11 @@ resource "xkcdpass_generate" "kc_admin_pass" {
length = 6
}
-resource "xkcdpass_generate" "kc_mgr_pass" {
+resource "xkcdpass_generate" "kc_keystore_pass" {
+ length = 6
+}
+
+resource "xkcdpass_generate" "kc_truststore_pass" {
length = 6
}
@@ -166,6 +170,30 @@ resource "azurerm_dns_a_record" "mtls_fake" {
}
}
+resource "azurerm_dns_a_record" "kc" {
+ name = "kc.${local.DEPLOYMENT_NAME}"
+ zone_name = data.azurerm_dns_zone.this.name
+ resource_group_name = data.azurerm_dns_zone.this.resource_group_name
+ ttl = 300
+ target_resource_id = azurerm_public_ip.this.id
+ tags = {
+ "fi.fdf.pilvi.expires" : local.expires
+ backup = "nobackup"
+ }
+}
+
+resource "azurerm_dns_a_record" "mtls_kc" {
+ name = "mtls.kc.${local.DEPLOYMENT_NAME}"
+ zone_name = data.azurerm_dns_zone.this.name
+ resource_group_name = data.azurerm_dns_zone.this.resource_group_name
+ ttl = 300
+ target_resource_id = azurerm_public_ip.this.id
+ tags = {
+ "fi.fdf.pilvi.expires" : local.expires
+ backup = "nobackup"
+ }
+}
+
resource "azurerm_dns_a_record" "mtls_keycloak" {
name = "mtls.kc.${local.DEPLOYMENT_NAME}"
zone_name = data.azurerm_dns_zone.this.name
@@ -319,25 +347,23 @@ resource "azurerm_linux_virtual_machine" "this" {
}
user_data = base64encode(templatefile("userdata.tftpl", {
- CERTBOT_EMAIL = var.CERTBOT_EMAIL
- DEPLOYMENT_DNS = trimsuffix(azurerm_dns_a_record.this.fqdn, ".")
- POSTGRES_PASSWORD = xkcdpass_generate.postgres_pass.result
- COMP_REPO_URI = var.DOCKER_COMPOSITION_REPO
- COMP_REPO_TAG = var.DOCKER_REPO_TAG
- DOCKER_TAG_EXTRA = var.DOCKER_TAG_EXTRA
- VITE_ASSET_SET = var.VITE_ASSET_SET
- DEPLOYMENT_NAME = local.DEPLOYMENT_NAME
- RM_DATABASE_PASSWORD = xkcdpass_generate.rm_db_pass.result
- KEYCLOAK_DATABASE_PASSWORD = xkcdpass_generate.kc_db_pass.result
- KEYCLOAK_ADMIN_PASSWORD = xkcdpass_generate.kc_admin_pass.result
- KEYCLOAK_MANAGEMENT_PASSWORD = xkcdpass_generate.kc_mgr_pass.result
- LDAP_ADMIN_PASSWORD = xkcdpass_generate.kc_ldap_pass.result
- TAK_DATABASE_PASSWORD = xkcdpass_generate.tak_db_pass.result
- TAKSERVER_CERT_PASS = xkcdpass_generate.tak_jks1_pass.result
- TAK_CA_PASS = xkcdpass_generate.tak_jks2_pass.result
- EXPIRES = local.expires
- KEYCLOAK_HTTPS_KEY_STORE_PASSWORD = xkcdpass_generate.keystore_pass.result
- KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD = xkcdpass_generate.trust_pass.result
+ CERTBOT_EMAIL = var.CERTBOT_EMAIL
+ DEPLOYMENT_DNS = trimsuffix(azurerm_dns_a_record.this.fqdn, ".")
+ POSTGRES_PASSWORD = xkcdpass_generate.postgres_pass.result
+ COMP_REPO_URI = var.DOCKER_COMPOSITION_REPO
+ COMP_REPO_TAG = var.DOCKER_REPO_TAG
+ DOCKER_TAG_EXTRA = var.DOCKER_TAG_EXTRA
+ VITE_ASSET_SET = var.VITE_ASSET_SET
+ DEPLOYMENT_NAME = local.DEPLOYMENT_NAME
+ RM_DATABASE_PASSWORD = xkcdpass_generate.rm_db_pass.result
+ KEYCLOAK_DATABASE_PASSWORD = xkcdpass_generate.kc_db_pass.result
+ KEYCLOAK_ADMIN_PASSWORD = xkcdpass_generate.kc_admin_pass.result
+ KEYCLOAK_MANAGEMENT_PASSWORD = xkcdpass_generate.kc_mgr_pass.result
+ LDAP_ADMIN_PASSWORD = xkcdpass_generate.kc_ldap_pass.result
+ TAK_DATABASE_PASSWORD = xkcdpass_generate.tak_db_pass.result
+ TAKSERVER_CERT_PASS = xkcdpass_generate.tak_jks1_pass.result
+ TAK_CA_PASS = xkcdpass_generate.tak_jks2_pass.result
+ EXPIRES = local.expires
}))
admin_username = "azureuser"
diff --git a/userdata.tftpl b/userdata.tftpl
index 6fe5d4e..0a33be8 100644
--- a/userdata.tftpl
+++ b/userdata.tftpl
@@ -55,13 +55,16 @@ echo "RM_DATABASE_PASSWORD=${RM_DATABASE_PASSWORD}" >>.env
echo "KEYCLOAK_DATABASE_PASSWORD=${KEYCLOAK_DATABASE_PASSWORD}" >>.env
echo "LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}" >>.env
echo "KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}" >>.env
-echo "KEYCLOAK_MANAGEMENT_PASSWORD=${KEYCLOAK_MANAGEMENT_PASSWORD}" >>.env
+echo "KEYCLOAK_HTTPS_KEY_STORE_PASSWORD=${KEYCLOAK_HTTPS_KEY_STORE_PASSWORD}" >>.env
+echo "KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD=${KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD}" >>.env
echo "TAK_DATABASE_PASSWORD=${TAK_DATABASE_PASSWORD}" >>.env
echo "TAKSERVER_CERT_PASS=${TAKSERVER_CERT_PASS}" >>.env
echo "TAK_CA_PASS=${TAK_CA_PASS}" >>.env
echo "CFSSL_CA_EXPIRY=$EXPIRES_IN_HOURS" >>.env
echo "CFSSL_SIGN_DEFAULT_EXPIRY=$EXPIRES_IN_HOURS" >>.env
echo "KEYCLOAK_PROFILEROOT_UUID=$(uuidgen -r)" >>.env
+echo "KEYCLOAK_HTTPS_KEY_STORE_PASSWORD=${KEYCLOAK_HTTPS_KEY_STORE_PASSWORD}" >> .env
+echo "KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD=${KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD}" >> .env
if [ ! -z "${DOCKER_TAG_EXTRA}" ]
then
echo "DOCKER_TAG_EXTRA=${DOCKER_TAG_EXTRA}" >>.env
diff --git a/variables.tf b/variables.tf
index 4beb05c..d1cb12a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -43,7 +43,7 @@ variable "DOCKER_COMPOSITION_REPO" {
type = string
}
-
+# FIXME: Update the tag when https://github.com/pvarki/docker-rasenmaeher-integration/pull/95 is merged
variable "DOCKER_REPO_TAG" {
default = "1.5.1" # do not set to "main", nothing guarantees there are no backwards incompatible changes
description = "The branch/tag in DOCKER_COMPOSITION_REPO to use"
@@ -75,19 +75,7 @@ variable "CERTBOT_EMAIL" {
}
variable "DOCKER_TAG_EXTRA" {
- default = ""
+ default = "-95-merge"
description = "If you want to deploy for example a PR tagged version, messing this up is a good way to make everything take forever"
type = string
-}
-
-variable "KEYCLOAK_HTTPS_KEY_STORE_PASSWORD" {
- description = "Keycloak key store password"
- type = string
- default = ""
-}
-
-variable "KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD" {
- description = "Keycloak trust store password"
- type = string
- default = ""
-}
+}
\ No newline at end of file