fix: repair and readd image factory service OIDC

2025-12-06 08:51:37 +01:00 · 2023-06-07 08:33:14 +00:00
parent 7dafe7e3a7
commit fa27f02259
3 changed files with 10 additions and 16 deletions
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -41,7 +41,7 @@ keycloak_address: keycloak.atlantishq.de

 keycloak_clients:
    python-flask-picture-factory:
-        party_secret : "HISTORY_PURGED_SECRETKG0j"
+        party_secret : "HISTORY_PURGED_SECRET"
        client_id: z_images
        client_secret: "HISTORY_PURGED_SECRET"
        redirect_uris:
--- a/roles/web1/tasks/main.yaml
+++ b/roles/web1/tasks/main.yaml
@@ -21,17 +21,6 @@
    line:  "            flow.redirect_uri = url_for('_oidc_callback', _external=True, _scheme='https')"
    backup: yes

- name: Set owner in case git already exists and has bad ownership
-  file:
-    path: /var/www/{{ item }}/
-    owner: root
-    group: root
-    recurse: true
-  with_items:        
-    - python-flask-picture-factory
-    - simple-log-server
-    - soundlib-interface
-
 - name: Set mode /usr/local/lib/ (python libraries)
  file:
    path: /usr/local/lib/
@@ -42,12 +31,14 @@
  git:
    repo: https://github.com/FAUSheppy/{{ item }}.git
    dest: "/var/www/{{ item }}"
+  become: yes
+  become_user: www-data
  with_items:        
    - python-flask-picture-factory
    - simple-log-server
    - soundlib-interface

- name: Reset Ownership to www-data
+- name: Ensure Ownership to www-data
  file:
    path: /var/www/{{ item }}/
    owner: www-data
@@ -104,13 +95,15 @@
  with_items:
    - simple-log-server
    - soundlib-interface
+    - python-flask-picture-factory

 - name: Template Systemd Units
  template:
    src: "waitress-systemd-unit.j2"
    dest: "/etc/systemd/system/{{ item.name }}.service"
  with_items:
-    - { name : "image-factory",      path : "/var/www/python-flask-picture-factory" }
+    - { name : "python-flask-picture-factory",
+                                     path : "/var/www/python-flask-picture-factory", external_oidc : true }
    - { name : "serien-ampel",       path : "/var/www/serien-ampel" }
    - { name : "simple-log-server",  path : "/var/www/simple-log-server", external_oidc : true }
    - { name : "soundlib-interface", path : "/var/www/soundlib-interface", external_oidc : true }
@@ -130,6 +123,7 @@
  with_items:
    - soundlib-interface
    - simple-log-server
+    - python-flask-picture-factory

 - name: Enable and Start Systemd Units
  systemd:
@@ -137,7 +131,7 @@
    enabled: yes
    state: started
  with_items:
-    - image-factory
+    - python-flask-picture-factory
    - serien-ampel
    - simple-log-server
    - soundlib-interface
--- a/vars/services.yaml
+++ b/vars/services.yaml
@@ -1,5 +1,5 @@
 services:
-    image-factory:
+    python-flask-picture-factory:
        port: 5000
    serien-ampel:
        port: 5001