Fix: how ickweb is started

7 files changed, 61 insertions, 3 deletions

diff --git a/group_vars/all.yml b/group_vars/all.yml
index b42720e..26dc61c 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -1,3 +1,34 @@
+ql_ick_apt_signing_key: |
+    -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+    mQINBFsqXtgBEADkoJ5/pbHjDHxYteLm9aFeaRrkTzorLRQJbLJrzKhhdk6rHC1e
+    PLhTOto5dIzk1WaFL9y4YYcTcH8DG3RECfYN0XP7alO7jSUSbavMzFkdTCfj7nve
+    VzXFOHKAPjQ5sNk1RmkXhymN47Jz0P7wDXuPfUOesYcsZbiPqYt58Lo8uM9cXxxw
+    7QKr1fcgiobVIOliUGRK5xd1ouf89RHnNx4mnGU8h253Uj/3W2HxYvjQJ+viJwZ5
+    2RBG0If0+NT2mWo57b91TadkNh3ePPGzeQ44HK/FKyTmJh/LhYhVTIUd1V2a8Lb4
+    ZsLbsLbKZ5JOWMluCE15zfRm5i5jCr/kKw6jkXl/GSsTTTKP/7QLDTsV8bpQTQIB
+    gH63zTdbNnGgOdW8h6Mbba5fxk5uYikVCzyXrBJMz1iPN81kmrKxrNQHeD/W+izE
+    Is1vgRCob0FQvXY12nUioxHalzpo48hfPLqraN+YrLV+ZMay+mDawp9I4UyjZZVJ
+    BvPtIFVk00dan0qRvrJSDC01I8e3OiPnSR/fxYpsgnRMZq/izR6vxurcvltw4xZf
+    qQduHQIwhMBS0fqZsWA2+iRxcoJHSHyU8GjaR56J7FyVFRVYALEDRwMivGQJA9EB
+    tGs/to6jKI44/mTQuINSXbqg675fK8BBD9cKfgbm0e7d29RL1opKHmkc/QARAQAB
+    tC5RdmFybkxhYnMgQ0kgc2lnbmluZyBrZXkgMiA8b3BzQHF2YXJubGFicy5jb20+
+    iQJOBBMBCgA4FiEEuNQCV3NzVKizncG08iKomR2ZL5QFAlsqXtgCGwMFCwkIBwMF
+    FQoJCAsFFgIDAQACHgECF4AACgkQ8iKomR2ZL5TnsxAAt3bqgpVD4WhtzJY2HaC4
+    EwfNApC3K2pdHTNH02fA2xbw/cZoVzyq+8yHfMy30EeWfQmyAf3yUM0GcmQuKq8S
+    qRcP3AthGZCMZlYoRorpTe+1RnpSvxcty9feDSdyvhDQvz7sWiy1apbn378eYGyk
+    uuRUgyzmeYOyQvtpEshiGcQNANJYTOAlV5txqzkZEVAuATnaFo0zIpg37uYgl/Hq
+    doongXIU3vYKEum000/h04198Na1j1X/5q3sdUvBu4s6FuSSG+Y2gHLM+ZvpQ3AA
+    H7PNypPHqKgVVbid67OyzQr4AX+dD90G1Y/3tgZu4Y2YS84G5t9TWmkj5gKdeMIk
+    osNui5ewSKF99goMu8nFT5BIQzAYVinE1GdDO4nZuBVRntbb+aizDVBrQmtDogDy
+    QhmZN2zDXu+mSCOuc/4Vz0WzStaVt/0IGn8mhAYzWDD9qhG0y9iQjMqsJL8Mz4aU
+    zhHdLtCDzPkmA/PmJ5xMWkYBg3o50Zym7th5VNx7WiH1x60aIuop1cY4ijIwtq2I
+    pk15xAMkpJu0GpmLj11NyAdNKh1ZO4C++++VeSybedUe8cALY2w7fYFoKaHlLMTJ
+    Yl0IOnX5Arsu/uDf+MEr8KqUot7wClCu2xc+Uibl82TvJughSXos837VVqwsXbrP
+    O0r4lo6OxPSsGD4HZ4/hbwk=
+    =Iy6+
+    -----END PGP PUBLIC KEY BLOCK-----
+
 ci_prep_apt_signing_key: |
     -----BEGIN PGP PUBLIC KEY BLOCK-----
 
diff --git a/group_vars/ickhost.yml b/group_vars/ickhost.yml
index aa922f4..c33d718 100644
--- a/group_vars/ickhost.yml
+++ b/group_vars/ickhost.yml
@@ -8,14 +8,17 @@ debian_mirror_src: deb.debian.org
 ci_prefix: ""
 
 sources_lists:
-  - repo: "deb http://code.liw.fi/debian stretch main"
+  - repo: "deb http://code.liw.fi/debian stretch main ickhost"
     keyring_package: code.liw.fi-keyring
     signing_key: "{{ code_liw_fi_signing_key }}"
+  - repo: "deb http://ick-controller.h.qvarnlabs.eu/debian stretch-ci main"
+    signing_key: "{{ ql_ick_apt_fi_signing_key }}"
 
 controller_port: 12765
 artifact_store_port: 12766
 qvisqve_port: 10000
 notify_port: 12767
+ickweb_port: 10001
 
 controller_url: "https://{{ controller_domain }}"
 artifact_store_url: "https://{{ artifact_store_domain }}"
diff --git a/ick-cluster.yml b/ick-cluster.yml
index 9ff578b..55b9c5b 100644
--- a/ick-cluster.yml
+++ b/ick-cluster.yml
@@ -23,6 +23,7 @@
     - ick-artifact-store
     - apt_repository
     - ick-notifier
+    - ickweb
   vars:
     hostname: ick
 
diff --git a/ick2.yml b/ick2.yml
index b91d435..afb74fb 100644
--- a/ick2.yml
+++ b/ick2.yml
@@ -13,6 +13,7 @@
     - apt_repository
     - ick-notifier
     - ick-worker
+    - ickweb
   vars:
     hostname: ick
 
diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2
index 8117d8a..0a6ec70 100644
--- a/roles/haproxy/templates/haproxy.cfg.j2
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -36,21 +36,36 @@ frontend http-in
 
     rspadd Strict-Transport-Security:\ max-age=15768000
 
+    acl ickweb path_beg /web
     acl blobs path_beg /blobs
     acl token path_beg /token
+    acl login path_beg /login
+    acl auth path_beg /auth
+    acl clients path_beg /clients
+    acl users path_beg /users
+    acl applications path_beg /applications
     acl notify path_beg /notify
     acl debian path_beg /debian
     acl any method GET HEAD POST PUT DELETE
 
     use_backend apache if debian
+    use_backend ickweb if ickweb
     use_backend notification_service if notify
     use_backend artifact_store if blobs
     use_backend qvisqve if token
+    use_backend qvisqve if login
+    use_backend qvisqve if auth
+    use_backend qvisqve if clients
+    use_backend qvisqve if users
+    use_backend qvisqve if applications
     use_backend controller if any
 
 backend apache
     server apache_1 127.0.0.1:8080
 
+backend ickweb
+    server ickweb_1 127.0.0.1:{{ ickweb_port }}
+
 backend controller
     server controller_1 127.0.0.1:{{ controller_port }}
 
diff --git a/roles/qvisqve/tasks/main.yml b/roles/qvisqve/tasks/main.yml
index 2b78dac..2d19c75 100644
--- a/roles/qvisqve/tasks/main.yml
+++ b/roles/qvisqve/tasks/main.yml
@@ -15,6 +15,14 @@
   with_items:
     - qvisqve
 
+- name: "create Qvisqve store dir"
+  file:
+    state: directory
+    path: /var/lib/qvisqve
+    owner: _qvisqve
+    group: _qvisqve
+    mode: 0755
+
 - name: "create Qvisqve config dir"
   file:
     state: directory
diff --git a/roles/qvisqve/templates/qvisqve.yaml.j2 b/roles/qvisqve/templates/qvisqve.yaml.j2
index 5d19a1d..1f22fda 100644
--- a/roles/qvisqve/templates/qvisqve.yaml.j2
+++ b/roles/qvisqve/templates/qvisqve.yaml.j2
@@ -1,8 +1,7 @@
+store: /var/lib/qvisqve
 gunicorn: yes
 gunicorn-log: /var/log/qvisqve/gunicorn.log
 gunicorn-port: {{ qvisqve_port }}
-clients:
-{{ qvisqve_clients|to_nice_yaml|indent(4,true) }}
 log: 
   - filename: /var/log/qvisqve/qvisqve.slog
 token-issuer: "https://{{ qvisqve_domain }}"