effi.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

- hosts: reg
  remote_user: root
  become: yes
  roles:
    - role: sane_debian_system
    - role: unix_users
    - role: haproxy
      tags: haproxy
    - role: qvisqve
    - role: muck
      tags: muck
    - role: effi-reg
      tags: effi-reg
  vars:
    hostname: effi-reg

    debian_codename: stretch
    debian_mirror: deb.debian.org
    debian_mirror_src: deb.debian.org

    sources_lists:
      - repo: "deb http://ci-prod-controller.vm.liw.fi/debian stretch-ci main ickhost"
        signing_key: "{{ ci_prod_apt_signing_key }}"

    letsencrypt_email: liw@liw.fi
    letsencrypt_domain: "{{ reg_domain }}"

    haproxy_domain: "{{ reg_domain }}"
    haproxy_rules:
      - name: qvisqve1
        path: /token
        backends: ["127.0.0.1:{{ qvisqve_port }}"]

      - name: qvisqve2
        path: /clients
        backends: ["127.0.0.1:{{ qvisqve_port }}"]

      - name: qvisqve3
        path: /auth
        backends: ["127.0.0.1:{{ qvisqve_port }}"]

      - name: effiapi1
        path: /status
        backends: ["127.0.0.1:{{ effiapi_port }}"]

      - name: effiapi2
        path: /mem
        backends: ["127.0.0.1:{{ effiapi_port }}"]

      - name: effiapi3
        path: /search
        backends: ["127.0.0.1:{{ effiapi_port }}"]

      - name: effireg1
        path: /
        backends: ["127.0.0.1:{{ effireg_port }}"]

      - name: effireg2
        path: /callback
        backends: ["127.0.0.1:{{ effireg_port }}"]

    muck_port: 12765
    effiapi_port: 8080
    effireg_port: 8181

    qvisqve_port: 10000
    qvisqve_domain: "{{ reg_domain }}"
    qvisqve_token_private_key: "{{ lookup('pipe', 'pass show effireg/token.key') }}"
    qvisqve_token_public_key: "{{ lookup('pipe', 'pass show effireg/token.key.pub') }}"