sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(univention-management-stack): Update optional UMS preview state

Browse Source
This commit is contained in:
merge-request-bot
2023-12-05 20:27:57 +00:00
committed by Thorsten Rossner
parent 3ca54159f7
commit 94ae3da78b
15 changed files with 173 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
docs/external-services.md
View File

@@ -18,53 +18,59 @@ This document will cover the additional configuration to use external services l
When deploying this suite to production, you need to configure the applications to use your production grade database When deploying this suite to production, you need to configure the applications to use your production grade database
service. service.
| Component | Name | Type | Parameter | Key | Default | | Component | Name | Type | Parameter | Key | Default |
|-------------|--------------------|------------|-----------|----------------------------------------|----------------------------| |-------------|--------------------|------------|-----------|------------------------------------------|----------------------------|
| Element | Synapse | PostgreSQL | | | | | Element | Synapse | PostgreSQL | | | |
| | | | Name | `databases.synapse.name` | `matrix` | | | | | Name | `databases.synapse.name` | `matrix` |
| | | | Host | `databases.synapse.host` | `postgresql` | | | | | Host | `databases.synapse.host` | `postgresql` |
| | | | Port | `databases.synapse.port` | `5432` | | | | | Port | `databases.synapse.port` | `5432` |
| | | | Username | `databases.synapse.username` | `matrix_user` | | | | | Username | `databases.synapse.username` | `matrix_user` |
| | | | Password | `databases.synapse.password` | | | | | | Password | `databases.synapse.password` | |
| Keycloak | Keycloak | PostgreSQL | | | | | Keycloak | Keycloak | PostgreSQL | | | |
| | | | Name | `databases.keycloak.name` | `keycloak` | | | | | Name | `databases.keycloak.name` | `keycloak` |
| | | | Host | `databases.keycloak.host` | `postgresql` | | | | | Host | `databases.keycloak.host` | `postgresql` |
| | | | Port | `databases.keycloak.port` | `5432` | | | | | Port | `databases.keycloak.port` | `5432` |
| | | | Username | `databases.keycloak.username` | `keycloak_user` | | | | | Username | `databases.keycloak.username` | `keycloak_user` |
| | | | Password | `databases.keycloak.password` | | | | | | Password | `databases.keycloak.password` | |
| | Keycloak Extension | PostgreSQL | | | | | | Keycloak Extension | PostgreSQL | | | |
| | | | Name | `databases.keycloakExtension.name` | `keycloak_extensions` | | | | | Name | `databases.keycloakExtension.name` | `keycloak_extensions` |
| | | | Host | `databases.keycloakExtension.host` | `postgresql` | | | | | Host | `databases.keycloakExtension.host` | `postgresql` |
| | | | Port | `databases.keycloakExtension.port` | `5432` | | | | | Port | `databases.keycloakExtension.port` | `5432` |
| | | | Username | `databases.keycloakExtension.username` | `keycloak_extensions_user` | | | | | Username | `databases.keycloakExtension.username` | `keycloak_extensions_user` |
| | | | Password | `databases.keycloakExtension.password` | | | | | | Password | `databases.keycloakExtension.password` | |
| UMS | Notifications API | PostgreSQL | | | | | UMS | Notifications API | PostgreSQL | | | |
| | | | Name | `databases.notificationsApi.name` | `notificationsapi` | | | | | Name | `databases.umsNotificationsApi.name` | `notificationsapi` |
| | | | Host | `databases.notificationsApi.host` | `postgresql` | | | | | Host | `databases.umsNotificationsApi.host` | `postgresql` |
| | | | Port | `databases.notificationsApi.port` | `5432` | | | | | Port | `databases.umsNotificationsApi.port` | `5432` |
| | | | Username | `databases.notificationsApi.username` | `notificationsapi_user` | | | | | Username | `databases.umsNotificationsApi.username` | `notificationsapi_user` |
| | | | Password | `databases.notificationsApi.password` | | | | | | Password | `databases.umsNotificationsApi.password` | |
| Nextcloud | Nextcloud | MariaDB | | | | | | Self Service | PostgreSQL | | | |
| | | | Name | `databases.nextcloud.name` | `nextcloud` | | | | | Name | `databases.umsSelfservice.name` | `selfservice` |
| | | | Host | `databases.nextcloud.host` | `mariadb` | | | | | Host | `databases.umsSelfservice.host` | `postgresql` |
| | | | Username | `databases.nextcloud.username` | `nextcloud_user` | | | | | Port | `databases.umsSelfservice.port` | `5432` |
| | | | Password | `databases.nextcloud.password` | | | | | | Username | `databases.umsSelfservice.username` | `selfservice_user` |
| OpenProject | OpenProject | PostgreSQL | | | | | | | | Password | `databases.umsSelfservice.password` | |
| | | | Name | `databases.openproject.name` | `openproject` | | Nextcloud | Nextcloud | MariaDB | | | |
| | | | Host | `databases.openproject.host` | `postgresql` | | | | | Name | `databases.nextcloud.name` | `nextcloud` |
| | | | Port | `databases.openproject.port` | `5432` | | | | | Host | `databases.nextcloud.host` | `mariadb` |
| | | | Username | `databases.openproject.username` | `openproject_user` | | | | | Username | `databases.nextcloud.username` | `nextcloud_user` |
| | | | Password | `databases.openproject.password` | | | | | | Password | `databases.nextcloud.password` | |
| OX Appsuite | OX Appsuite | MariaDB | | | | | OpenProject | OpenProject | PostgreSQL | | | |
| | | | Name | `databases.oxAppsuite.name` | `CONFIGDB` | | | | | Name | `databases.openproject.name` | `openproject` |
| | | | Host | `databases.oxAppsuite.host` | `mariadb` | | | | | Host | `databases.openproject.host` | `postgresql` |
| | | | Username | `databases.oxAppsuite.username` | `root` | | | | | Port | `databases.openproject.port` | `5432` |
| | | | Password | `databases.oxAppsuite.password` | | | | | | Username | `databases.openproject.username` | `openproject_user` |
| XWiki | XWiki | MariaDB | | | | | | | | Password | `databases.openproject.password` | |
| | | | Name | `databases.xwiki.name` | `xwiki` | | OX Appsuite | OX Appsuite | MariaDB | | | |
| | | | Host | `databases.xwiki.host` | `mariadb` | | | | | Name | `databases.oxAppsuite.name` | `CONFIGDB` |
| | | | Username | `databases.xwiki.username` | `xwiki_user` | | | | | Host | `databases.oxAppsuite.host` | `mariadb` |
| | | | Password | `databases.xwiki.password` | | | | | | Username | `databases.oxAppsuite.username` | `root` |
| | | | Password | `databases.oxAppsuite.password` | |
| XWiki | XWiki | MariaDB | | | |
| | | | Name | `databases.xwiki.name` | `xwiki` |
| | | | Host | `databases.xwiki.host` | `mariadb` |
| | | | Username | `databases.xwiki.username` | `xwiki_user` |
| | | | Password | `databases.xwiki.password` | |
## Objectstore ## Objectstore
@@ -99,3 +105,6 @@ service.
| OpenProject | OpenProject | Memcached | | | | | OpenProject | OpenProject | Memcached | | | |
| | | | Host | `cache.openproject.host` | `memcached` | | | | | Host | `cache.openproject.host` | `memcached` |
| | | | Port | `cache.openproject.port` | `11211` | | | | | Port | `cache.openproject.port` | `11211` |
| UMS | Self Service | Memcached | | | |
| | | | Host | `cache.umsSelfservice.host` | `memcached` |
| | | | Port | `cache.umsSelfservice.port` | `11211` |

2
helmfile/apps/services/helmfile.yaml
View File

@@ -91,7 +91,7 @@ releases:
# dependencyType=service # dependencyType=service
- name: "opendesk-otterize" - name: "opendesk-otterize"
chart: "opendesk-otterize-repo/opendesk-otterize" chart: "opendesk-otterize-repo/opendesk-otterize"
version: "1.1.2" version: "1.1.3"
values: values:
- "values-otterize.gotmpl" - "values-otterize.gotmpl"
installed: {{ .Values.security.otterizeIntents.enabled }} installed: {{ .Values.security.otterizeIntents.enabled }}

6
helmfile/apps/services/values-postgresql.gotmpl
View File

@@ -24,7 +24,9 @@ job:
- username: "matrix_user" - username: "matrix_user"
password: {{ .Values.secrets.postgresql.matrixUser | quote }} password: {{ .Values.secrets.postgresql.matrixUser | quote }}
- username: "notificationsapi_user" - username: "notificationsapi_user"
password: {{ .Values.secrets.postgresql.notificationsApiUser | quote }} password: {{ .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
- username: "selfservice_user"
password: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }}
databases: databases:
- name: "keycloak" - name: "keycloak"
user: "keycloak_user" user: "keycloak_user"
@@ -37,6 +39,8 @@ job:
additionalParams: "ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0" additionalParams: "ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0"
- name: "notificationsapi" - name: "notificationsapi"
user: "notificationsapi_user" user: "notificationsapi_user"
- name: "selfservice"
user: "selfservice_user"
persistence: persistence:
storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}

14
helmfile/apps/univention-management-stack/helmfile.yaml
View File

@@ -42,7 +42,7 @@ releases:
# dependencyType=vendor # dependencyType=vendor
- name: "ums-store-dav" - name: "ums-store-dav"
chart: "ums-repo/store-dav" chart: "ums-repo/store-dav"
version: "0.5.2" version: "0.7.0"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
@@ -101,7 +101,7 @@ releases:
# dependencyType=vendor # dependencyType=vendor
- name: "ums-stack-data-ums" - name: "ums-stack-data-ums"
chart: "ums-repo/stack-data-ums" chart: "ums-repo/stack-data-ums"
version: "0.37.0" version: "0.38.1"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
@@ -116,7 +116,7 @@ releases:
# dependencyType=vendor # dependencyType=vendor
- name: "ums-stack-data-swp" - name: "ums-stack-data-swp"
chart: "ums-repo/stack-data-swp" chart: "ums-repo/stack-data-swp"
version: "0.37.0" version: "0.38.1"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
@@ -131,7 +131,7 @@ releases:
# dependencyType=vendor # dependencyType=vendor
- name: "ums-portal-server" - name: "ums-portal-server"
chart: "ums-repo/portal-server" chart: "ums-repo/portal-server"
version: "0.5.0" version: "0.6.1"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
@@ -146,7 +146,7 @@ releases:
# dependencyType=vendor # dependencyType=vendor
- name: "ums-notifications-api" - name: "ums-notifications-api"
chart: "ums-repo/notifications-api" chart: "ums-repo/notifications-api"
version: "0.5.0" version: "0.6.1"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
@@ -161,7 +161,7 @@ releases:
# dependencyType=vendor # dependencyType=vendor
- name: "ums-portal-listener" - name: "ums-portal-listener"
chart: "ums-repo/portal-listener" chart: "ums-repo/portal-listener"
version: "0.5.0" version: "0.6.1"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"
@@ -176,7 +176,7 @@ releases:
# dependencyType=vendor # dependencyType=vendor
- name: "ums-portal-frontend" - name: "ums-portal-frontend"
chart: "ums-repo/portal-frontend" chart: "ums-repo/portal-frontend"
version: "0.5.0" version: "0.6.1"
values: values:
- "values-common.gotmpl" - "values-common.gotmpl"
- "values-common.yaml" - "values-common.yaml"

10
helmfile/apps/univention-management-stack/values-notifications-api.gotmpl
View File

@@ -6,12 +6,12 @@ SPDX-License-Identifier: Apache-2.0
postgresql: postgresql:
bundled: false bundled: false
connection: connection:
host: {{ .Values.databases.notificationsApi.host | quote }} host: {{ .Values.databases.umsNotificationsApi.host | quote }}
port: {{ .Values.databases.notificationsApi.port | quote }} port: {{ .Values.databases.umsNotificationsApi.port | quote }}
auth: auth:
username: {{ .Values.databases.notificationsApi.username | quote }} username: {{ .Values.databases.umsNotificationsApi.username | quote }}
database: {{ .Values.databases.notificationsApi.name | quote }} database: {{ .Values.databases.umsNotificationsApi.name | quote }}
password: {{ .Values.databases.notificationsApi.password | default .Values.secrets.postgresql.notificationsApiUser | quote }} password: {{ .Values.databases.umsNotificationsApi.password | default .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
image: image:
registry: {{ .Values.global.imageRegistry }} registry: {{ .Values.global.imageRegistry }}

2
helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
View File

@@ -6,7 +6,7 @@ SPDX-License-Identifier: Apache-2.0
portalListener: portalListener:
adminGroup: {{ printf "%s,%s" "cn=Domain Admins,cn=groups" .Values.ldap.baseDn | quote }} adminGroup: {{ printf "%s,%s" "cn=Domain Admins,cn=groups" .Values.ldap.baseDn | quote }}
assetsRoot: {{ printf "%s%s%s" "http://portal-listener:" .Values.secrets.univentionManagementStack.storeDavUsers.portalListener "@ums-store-dav/portal-assets/" | quote }} assetsRoot: {{ printf "%s%s%s" "http://portal-listener:" .Values.secrets.univentionManagementStack.storeDavUsers.portalListener "@ums-store-dav/portal-assets/" | quote }}
ucsInternalUrl: {{ printf "%s%s%s" "http://portal-listener:" .Values.secrets.univentionManagementStack.storeDavUsers.portalListener "@ums-store-dav/portal-data/" | quote }} ucsInternalUrl: {{ printf "%s%s%s" "http://portal-listener:" .Values.secrets.univentionManagementStack.storeDavUsers.portalListener "@ums-store-dav/portal-data" | quote }}
ldapBaseDn: {{ .Values.ldap.baseDn | quote }} ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
ldapHost: {{ .Values.ldap.host | quote }} ldapHost: {{ .Values.ldap.host | quote }}

3
helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl
View File

@@ -31,6 +31,9 @@ stackDataContext:
userPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.userPassword | quote }} userPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.userPassword | quote }}
adminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }} adminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }}
userPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.userPassword | quote }}
adminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }}
image: image:
registry: {{ .Values.global.imageRegistry | quote }} registry: {{ .Values.global.imageRegistry | quote }}
repository: {{ .Values.images.umsDataLoader.repository | quote }} repository: {{ .Values.images.umsDataLoader.repository | quote }}

13
helmfile/apps/univention-management-stack/values-umc-server.gotmpl
View File

@@ -11,6 +11,19 @@ umcServer:
smtpSecret: {{ .Values.smtp.password | quote }} smtpSecret: {{ .Values.smtp.password | quote }}
postgresql:
connection:
host: {{ .Values.databases.umsSelfservice.host | quote }}
port: {{ .Values.databases.umsSelfservice.port | quote }}
auth:
username: {{ .Values.databases.umsSelfservice.username | quote }}
database: {{ .Values.databases.umsSelfservice.name | quote }}
password: {{ .Values.databases.umsSelfservice.password | default .Values.secrets.postgresql.umsSelfserviceUser | quote }}
postgresPassword: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }}
memcached:
server: {{ .Values.cache.umsSelfservice.host | quote }}
image: image:
registry: {{ .Values.global.imageRegistry | quote }} registry: {{ .Values.global.imageRegistry | quote }}
repository: {{ .Values.images.umsUmcServer.repository | quote }} repository: {{ .Values.images.umsUmcServer.repository | quote }}

5
helmfile/apps/univention-management-stack/values-umc-server.yaml
View File

@@ -43,11 +43,12 @@ extraVolumeMounts:
mountPath: "/usr/share/univention-management-console/modules/udm-portals-announcement.xml" mountPath: "/usr/share/univention-management-console/modules/udm-portals-announcement.xml"
subPath: "udm-portals-announcement.xml" subPath: "udm-portals-announcement.xml"
postgresql:
bundled: false
memcached: memcached:
bundled: false bundled: false
server: "memcached"
auth: auth:
username: null username: null
password: null password: null
... ...

1
helmfile/apps/univention-management-stack/values-ums-stack-gateway.gotmpl
View File

@@ -10,3 +10,4 @@ ingress:
- hosts: - hosts:
- {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }} - {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
secretName: {{ .Values.ingress.tls.secretName | quote }} secretName: {{ .Values.ingress.tls.secretName | quote }}
...

60
helmfile/apps/univention-management-stack/values-ums-stack-gateway.yaml
View File

@@ -7,6 +7,8 @@ ingress:
service: service:
type: "ClusterIP" type: "ClusterIP"
fullnameOverride: "ums-stack-gateway"
# The content of the "serverBlock" does resemble the Ingress configuration of # The content of the "serverBlock" does resemble the Ingress configuration of
# the UMS components. The "location" entries do intentionally reflect precisely # the UMS components. The "location" entries do intentionally reflect precisely
# the respective paths which are configured. # the respective paths which are configured.
@@ -15,7 +17,8 @@ serverBlock: |
listen 8080; listen 8080;
## portal-frontend ## portal-frontend
# The frontend does not own "/univention/portal", only these two bits # The frontend does not own "/univention/portal" nor
# "/univention/selfservice", only these two bits
location = /univention/portal/ { location = /univention/portal/ {
rewrite ^/univention/portal(/.*)$ $1 break; rewrite ^/univention/portal(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80/; proxy_pass http://ums-portal-frontend:80/;
@@ -24,6 +27,10 @@ serverBlock: |
rewrite ^/univention/portal(/.*)$ $1 break; rewrite ^/univention/portal(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80/; proxy_pass http://ums-portal-frontend:80/;
} }
location = /univention/selfservice/ {
rewrite ^/univention/selfservice(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80/;
}
# The following prefixes are owned by the frontend # The following prefixes are owned by the frontend
location /univention/portal/css/ { location /univention/portal/css/ {
@@ -50,6 +57,30 @@ serverBlock: |
rewrite ^/univention/portal(/.*)$ $1 break; rewrite ^/univention/portal(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80; proxy_pass http://ums-portal-frontend:80;
} }
location /univention/selfservice/css/ {
rewrite ^/univention/selfservice(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80;
}
location /univention/selfservice/fonts/ {
rewrite ^/univention/selfservice(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80;
}
location /univention/selfservice/i18n/ {
rewrite ^/univention/selfservice(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80;
}
location /univention/selfservice/media/ {
rewrite ^/univention/selfservice(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80;
}
location /univention/selfservice/js/ {
rewrite ^/univention/selfservice(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80;
}
location /univention/selfservice/oidc/ {
rewrite ^/univention/selfservice(/.*)$ $1 break;
proxy_pass http://ums-portal-frontend:80;
}
## frontend redirects ## frontend redirects
@@ -69,12 +100,19 @@ serverBlock: |
absolute_redirect off; absolute_redirect off;
return 302 /univention/portal/; return 302 /univention/portal/;
} }
location = /univention/selfservice {
absolute_redirect off;
return 302 /univention/selfservice/;
}
## portal-server ## portal-server
location = /univention/portal/portal.json { location = /univention/portal/portal.json {
proxy_pass http://ums-portal-server:80; proxy_pass http://ums-portal-server:80;
} }
location = /univention/selfservice/portal.json {
proxy_pass http://ums-portal-server:80;
}
location = /univention/portal/navigation.json { location = /univention/portal/navigation.json {
proxy_pass http://ums-portal-server:80; proxy_pass http://ums-portal-server:80;
} }
@@ -89,6 +127,14 @@ serverBlock: |
rewrite ^/univention/portal(/icons/logos/.*)$ /portal-assets$1 break; rewrite ^/univention/portal(/icons/logos/.*)$ /portal-assets$1 break;
proxy_pass http://ums-store-dav:80; proxy_pass http://ums-store-dav:80;
} }
location /univention/selfservice/icons/entries/ {
rewrite ^/univention/selfservice(/icons/entries/.*)$ /portal-assets$1 break;
proxy_pass http://ums-store-dav:80;
}
location /univention/selfservice/icons/logos/ {
rewrite ^/univention/selfservice(/icons/logos/.*)$ /portal-assets$1 break;
proxy_pass http://ums-store-dav:80;
}
## udm-rest-api ## udm-rest-api
@@ -128,27 +174,27 @@ serverBlock: |
rewrite ^/univention(/.*)$ $1 break; rewrite ^/univention(/.*)$ $1 break;
proxy_pass http://ums-umc-server:80; proxy_pass http://ums-umc-server:80;
} }
location /univention/logout/ { location /univention/logout {
rewrite ^/univention(/.*)$ $1 break; rewrite ^/univention(/.*)$ $1 break;
proxy_pass http://ums-umc-server:80; proxy_pass http://ums-umc-server:80;
} }
location /univention/saml/ { location /univention/saml {
rewrite ^/univention(/.*)$ $1 break; rewrite ^/univention(/.*)$ $1 break;
proxy_pass http://ums-umc-server:80; proxy_pass http://ums-umc-server:80;
} }
location /univention/get/ { location /univention/get {
rewrite ^/univention(/.*)$ $1 break; rewrite ^/univention(/.*)$ $1 break;
proxy_pass http://ums-umc-server:80; proxy_pass http://ums-umc-server:80;
} }
location /univention/set/ { location /univention/set {
rewrite ^/univention(/.*)$ $1 break; rewrite ^/univention(/.*)$ $1 break;
proxy_pass http://ums-umc-server:80; proxy_pass http://ums-umc-server:80;
} }
location /univention/command/ { location /univention/command {
rewrite ^/univention(/.*)$ $1 break; rewrite ^/univention(/.*)$ $1 break;
proxy_pass http://ums-umc-server:80; proxy_pass http://ums-umc-server:80;
} }
location /univention/upload/ { location /univention/upload {
rewrite ^/univention(/.*)$ $1 break; rewrite ^/univention(/.*)$ $1 break;
proxy_pass http://ums-umc-server:80; proxy_pass http://ums-umc-server:80;
} }

3
helmfile/environments/default/cache.yaml
View File

@@ -13,4 +13,7 @@ cache:
openproject: openproject:
host: "memcached" host: "memcached"
port: 11211 port: 11211
umsSelfservice:
host: "memcached"
port: 11211
... ...

18
helmfile/environments/default/database.yaml
View File

@@ -19,12 +19,6 @@ databases:
host: "mariadb" host: "mariadb"
username: "nextcloud_user" username: "nextcloud_user"
password: "" password: ""
notificationsApi:
name: "notificationsapi"
host: "postgresql"
port: 5432
username: "notificationsapi_user"
password: ""
openproject: openproject:
name: "openproject" name: "openproject"
host: "postgresql" host: "postgresql"
@@ -42,6 +36,18 @@ databases:
username: "matrix_user" username: "matrix_user"
password: "" password: ""
port: 5432 port: 5432
umsNotificationsApi:
name: "notificationsapi"
host: "postgresql"
port: 5432
username: "notificationsapi_user"
password: ""
umsSelfservice:
name: "selfservice"
host: "postgresql"
port: 5432
username: "selfservice_user"
password: ""
xwiki: xwiki:
name: "xwiki" name: "xwiki"
host: "mariadb" host: "mariadb"

16
helmfile/environments/default/images.yaml
View File

@@ -396,7 +396,7 @@ images:
# dependencyType=vendor # dependencyType=vendor
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/config-htpasswd" repository: "souvap/tooling/images/univention/config-htpasswd"
tag: "0.5.2@sha256:c8627e0b73ee1d92f74d2ae8b06e4593ac93b6bbde55d56d0497f3510912924c" tag: "0.7.0@sha256:8ffa8ce61fc55f67cdf740b3cd30e21d979506a1796028f5c6329da344b2e5db"
# @supplier: "Univention" # @supplier: "Univention"
umsDataLoader: umsDataLoader:
# renovate: # renovate:
@@ -404,7 +404,7 @@ images:
# dependencyType=vendor # dependencyType=vendor
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/data-loader" repository: "souvap/tooling/images/univention/data-loader"
tag: "0.36.0@sha256:045e0e524cbdc93e174ce803a12e67dbb341211f3abbc0029200ee638a0a1eb7" tag: "0.38.1@sha256:cef20b0224571eeda29f19e78340ab7d943e46b02275f9b9497605357be70e61"
# @supplier: "Univention" # @supplier: "Univention"
umsLdapNotifier: umsLdapNotifier:
# renovate: # renovate:
@@ -428,7 +428,7 @@ images:
# dependencyType=vendor # dependencyType=vendor
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/notifications-api" repository: "souvap/tooling/images/univention/notifications-api"
tag: "0.5.2@sha256:192f0ebb77ec6191d1df1edb2427739c4a69a3733c7d423f55045db5b9209c64" tag: "0.6.1@sha256:bdf0c5ba8b15c2e7f4daaf470254b13837bdc5fbaa98d9f441f33abd565acfc3"
# @supplier: "Univention" # @supplier: "Univention"
umsPortalListener: umsPortalListener:
# renovate: # renovate:
@@ -436,7 +436,7 @@ images:
# dependencyType=vendor # dependencyType=vendor
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/portal-listener" repository: "souvap/tooling/images/univention/portal-listener"
tag: "0.5.2@sha256:a1834a98cf4f4686a74077cb6c2b094429a49875d05801745de7ee13eee38a07" tag: "0.6.1@sha256:c418be054dfb2c6fe0e2e8870553c3b27269ae77b88a59cd6d790201cf7c3d17"
# @supplier: "Univention" # @supplier: "Univention"
umsPortalFrontend: umsPortalFrontend:
# renovate: # renovate:
@@ -444,7 +444,7 @@ images:
# dependencyType=vendor # dependencyType=vendor
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/portal-frontend" repository: "souvap/tooling/images/univention/portal-frontend"
tag: "0.5.2@sha256:aca1d481e23cbba7a33d5f261be6196690a6b7f1e593f7ff96fc6f22edab2c6b" tag: "0.6.1@sha256:0a4dc8ed47fd86eedd7bfd826b4538564194fe951000cff016eaa271382ed822"
# @supplier: "Univention" # @supplier: "Univention"
umsPortalServer: umsPortalServer:
# renovate: # renovate:
@@ -452,7 +452,7 @@ images:
# dependencyType=vendor # dependencyType=vendor
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/portal-server" repository: "souvap/tooling/images/univention/portal-server"
tag: "0.5.2@sha256:ed982e41ac5b0b81946272acf00f76463901da4f4b3ad50282ec4c73fd4b5833" tag: "0.6.1@sha256:dd9431c8a82e6fca89ef871de90947db2f594a349d634f0b1aa9669d0b3d5715"
# @supplier: "Univention" # @supplier: "Univention"
umsWaitForDependency: umsWaitForDependency:
# renovate: # renovate:
@@ -460,7 +460,7 @@ images:
# dependencyType=vendor # dependencyType=vendor
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/wait-for-dependency" repository: "souvap/tooling/images/univention/wait-for-dependency"
tag: "0.5.0@sha256:78cfcc52b81f620374c4b827f0055be5339a7dd469d9b8df67e3bed547abd6bc" tag: "0.6.1@sha256:e83fe2d7535167d1d1effe443fca0be431aa551ab31f172a84073b7d9ffec54b"
# @supplier: "Univention" # @supplier: "Univention"
umsStoreDav: umsStoreDav:
# renovate: # renovate:
@@ -468,7 +468,7 @@ images:
# dependencyType=vendor # dependencyType=vendor
# This is a preview and not part of the standard deployment. # This is a preview and not part of the standard deployment.
repository: "souvap/tooling/images/univention/store-dav" repository: "souvap/tooling/images/univention/store-dav"
tag: "0.5.2@sha256:1bc01b883a5ccd2612925e123da10f9d216389701d743f1cea4050633770639f" tag: "0.7.0@sha256:732b0d2fdf320209de04403753d3bc80f9c73a46b237202a95305a332805f305"
# @supplier: "Univention" # @supplier: "Univention"
umsUdmRestApi: umsUdmRestApi:
# renovate: # renovate:

3
helmfile/environments/default/secrets.gotmpl
View File

@@ -38,7 +38,8 @@ secrets:
keycloakExtensionUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_extensions_user" | sha1sum | quote }} keycloakExtensionUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_extensions_user" | sha1sum | quote }}
matrixUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_user" | sha1sum | quote }} matrixUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_user" | sha1sum | quote }}
openprojectUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "openproject_user" | sha1sum | quote }} openprojectUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "openproject_user" | sha1sum | quote }}
notificationsApiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notificationsapi_user" | sha1sum | quote }} umsNotificationsApiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notificationsapi_user" | sha1sum | quote }}
umsSelfserviceUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "selfservice_user" | sha1sum | quote }}
mariadb: mariadb:
rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "root_password" | sha1sum | quote }} rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "root_password" | sha1sum | quote }}
xwikiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "xwiki_user" | sha1sum | quote }} xwikiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "xwiki_user" | sha1sum | quote }}