Fixes (#10)

* several fixes
* keycloak

---------

Co-authored-by: Antonio C. <ac@trikorasolutions.com>

Author: jacobdotcosta

gitlab/admin-guide.adoc

@@ -14,3 +14,78 @@
 
   * https://docs.gitlab.com/omnibus/settings/configuration.html
 
+Reference: https://docs.gitlab.com/omnibus/settings/smtp.html
+
+== SMTP 
+
+[source]
+----
+gitlab_rails['smtp_enable'] = true
+gitlab_rails['smtp_address'] = "smtp.server"
+gitlab_rails['smtp_port'] = 465
+gitlab_rails['smtp_user_name'] = "smtp user"
+gitlab_rails['smtp_password'] = "smtp password"
+gitlab_rails['smtp_domain'] = "example.com"
+gitlab_rails['smtp_authentication'] = "login"
+gitlab_rails['smtp_enable_starttls_auto'] = true
+gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
+
+# If your SMTP server does not like the default 'From: gitlab@localhost' you
+# can change the 'From' with this setting.
+gitlab_rails['gitlab_email_from'] = 'gitlab@example.com'
+gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
+
+# If your SMTP server is using self signed certificates you can specify a custom ca file
+#gitlab_rails['smtp_ca_file'] = '/path/to/your/cacert.pem'
+----
+
+GMAIL
+
+[source,ruby]
+----
+gitlab_rails['smtp_enable'] = true
+gitlab_rails['smtp_address'] = "smtp.gmail.com"
+gitlab_rails['smtp_port'] = 587
+gitlab_rails['smtp_user_name'] = "my.email@gmail.com"
+gitlab_rails['smtp_password'] = "my-gmail-password"
+gitlab_rails['smtp_domain'] = "smtp.gmail.com"
+gitlab_rails['smtp_authentication'] = "login"
+gitlab_rails['smtp_enable_starttls_auto'] = true
+gitlab_rails['smtp_tls'] = false
+gitlab_rails['smtp_openssl_verify_mode'] = 'peer' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert', see http://api.rubyonrails.org/classes/ActionMailer/Base.html
+----
+
+== OpenID Connect
+
+References: https://docs.gitlab.com/administration/auth/oidc/
+
+[source,rails]
+----
+gitlab_rails['omniauth_enabled'] = true
+gitlab_rails['omniauth_block_auto_created_users'] = true
+gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
+gitlab_rails['omniauth_auto_link_ldap_user'] = true
+gitlab_rails['omniauth_providers'] = [
+  {
+    name: "openid_connect", # do not change this parameter
+    label: "Keycloak", # optional label for login button, defaults to "Openid Connect"
+    icon: "<custom_provider_icon>",
+    args: {
+      name: "openid_connect",
+      scope: ["openid","profile","email"],
+      response_type: "code",
+      issuer: "http://keycloak.localdomain/",
+      discovery: true,
+      client_auth_method: "query",
+      uid_field: "preferred_username",
+      send_scope_to_token_endpoint: "false",
+      pkce: true,
+      client_options: {
+        identifier: "<your_oidc_client_id>",
+        secret: "<your_oidc_client_secret>",
+        redirect_uri: "http://gitlab.localdomain/users/auth/openid_connect/callback"
+      }
+    }
+  }
+]
+----

glpi/k8s/ansible/defaults/main.yaml

@@ -1,11 +1,16 @@
 app_name: glpi
 app_namespace: glpi
-app_version: "10.0.9"
-app_image_tag: "0.0.10"
+app_version: "10.0.19"
+app_image_tag: "0.1.3"
 
 db_name: glpi
 db_user: glpi
-storage_class: local-storage
+glpi_version: "10.0.19"
+#db_image_tag: 10.11.14
+mariadb_version: 10.11.14
+#mariadb_version: 11.8.3
+
+# storage_class: local-storage
 
 volumes:
   - name: glpi-config
@@ -32,7 +37,3 @@ volumes:
     capacity: 1Gi
     component: analytics
 
-db_image_tag: 10.10.2
-
-# glpi_version: 10.0.9
-# mariadb_version: 10.10.2

glpi/k8s/ansible/glpi-backup-playbook.yaml

@@ -76,12 +76,9 @@
     - name: "Backup GLPI database"
       kubernetes.core.k8s_exec:
         command: "mysqldump --defaults-extra-file=/tmp/.sqlpwd -u {{ db_bk_user }}  glpi"
-        # kubeconfig: "{{ k8s_config_file }}"
         namespace: "{{ k8s_ns }}"
         pod: "{{ mariadb_pod_name }}"
       register: mysqldump_res
-      # environment:
-      #   MYSQL_PWD: "{{ db_bk_pw }}"
 
     - name: "Remove password file"
       kubernetes.core.k8s_exec:
@@ -112,15 +109,13 @@
     - name: "Backup GLPI files"
       kubernetes.core.k8s_exec:
         command: "tar --warning=no-file-changed -czvf /tmp/{{ backup_file_prefix }}.files.tgz /var/lib/glpi"
-        # kubeconfig: "{{ k8s_config_file }}"
         namespace: "{{ k8s_ns }}"
         pod: "{{ glpi_pod_name }}"
       register: glpi_file_bk_res
 
   # kubectl -n glpi cp ${GLPI_POD}:/tmp/${GLPI_MYSQL_DUMP_FILENAME_PREFIX}.files.tgz ${BACKUP_ROOT_FOLDER}/glpi/${GLPI_MYSQL_DUMP_FILENAME_PREFIX}.files.tgz
     - name: "Download file backup"
       kubernetes.core.k8s_cp:
-        # kubeconfig: "{{ k8s_config_file }}"
         namespace: "{{ k8s_ns }}"
         pod: "{{ glpi_pod_name }}"
         state: from_pod
@@ -150,8 +145,8 @@
   # kubectl -n glpi exec -it ${GLPI_POD} -- tar --warning=no-file-changed -czvf /tmp/${GLPI_MYSQL_DUMP_FILENAME_PREFIX}.plugins.tgz /var/www/html/plugins
     - name: "Backup GLPI config"
       kubernetes.core.k8s_exec:
-        command: "tar --warning=no-file-changed -czvf /tmp/{{ backup_file_prefix }}.config.tgz /var/www/html/glpi/config"
-        # kubeconfig: "{{ k8s_config_file }}"
+        #command: "tar --warning=no-file-changed -czvf /tmp/{{ backup_file_prefix }}.config.tgz /var/www/html/glpi/config"
+        command: "tar --warning=no-file-changed -czvf /tmp/{{ backup_file_prefix }}.config.tgz /etc/glpi"
         namespace: "{{ k8s_ns }}"
         pod: "{{ glpi_pod_name }}"
       register: glpi_config_bk_res

glpi/k8s/ansible/glpi-restore-files-playbook.yaml

@@ -64,7 +64,7 @@
         namespace: "{{ app_namespace }}"
         pod: "{{ glpi_pod_name }}"
         command: |
-          tar -xzvm -no-overwrite-dir -C / -f /tmp/files.tgz
+          tar -xzvm --no-overwrite-dir -C / -f /tmp/files.tgz
       register: files_extract_res
 
     - name: "Print extract result"

glpi/k8s/backupNrestore.adoc

@@ -235,6 +235,13 @@ ansible-playbook mariadb/k8s/ansible/playbooks/restore-database-playbook.yaml \
   -e db_dump_file=${GLPI_DB_FILE_LOCATION}
 ----
 
+Start the application.
+
+[source,bash]
+----
+kubectl -n glpi scale deployment glpi --replicas=1
+----
+
 Restore the application files.
 
 [source,bash]
@@ -244,7 +251,6 @@ ansible-playbook glpi/k8s/ansible/glpi-restore-files-playbook.yaml \
   -e glpi_bk_file=${GLPI_BK_FILES_LOCATION}
 ----
 
-
 === Manually 
 
 Get POD names.

glpi/k8s/helm/ansible/glpi-install-playbook.yaml

@@ -37,7 +37,7 @@
     - name: "Deploy GLPI with Helm"
       kubernetes.core.helm:
         name: glpi
-        chart_ref: "{% if trikora_helm_project_dir is defined %}{{ trikora_helm_project_dir }}/charts/odoo{% else %}trikorasolns/glpi{% endif %}"
+        chart_ref: "{% if trikora_helm_project_dir is defined %}{{ trikora_helm_project_dir }}/charts/glpi{% else %}trikorasolns/glpi{% endif %}"
         release_namespace: "{{ app_namespace }}"
         wait: true
         # replace: true

glpi/k8s/helm/ansible/glpi-uninstall-playbook.yaml

@@ -34,30 +34,30 @@
         msg:
           - "glpi_helm_res: {{ glpi_helm_res }}"
 
-    - name: "Free the GLPI PV so they become available"
-      ansible.builtin.shell: |
-        kubectl patch pv {{ app_namespace }}-{{ item }}-pv -p '{"spec":{"claimRef": null}}'
-      # kubernetes.core.k8s:
-      #   kind: PV
-      #   name: "{{ app_namespace }}-{{ item }}-pv"
-      #   definition:
-      #     spec:
-      #       claimRef: null
-      loop:
-        - glpi-config
-        - glpi-files
-        - glpi-log
-        - glpi-marketplace
-        - glpi-plugins
-
-    - name: "Patch the GLPI PV so they will be bound to the correct PVC"
-      ansible.builtin.shell: |
-        kubectl patch pv {{ app_namespace }}-{{ item }}-pv -p '{"spec":{"claimRef": {"name": "{{ item }}", "namespace": "{{ app_namespace }}"}}}'
-      loop:
-        - glpi-config
-        - glpi-files
-        - glpi-log
-        - glpi-marketplace
-        - glpi-plugins
+    # - name: "Free the GLPI PV so they become available"
+    #   ansible.builtin.shell: |
+    #     kubectl patch pv {{ app_namespace }}-{{ item }}-pv -p '{"spec":{"claimRef": null}}'
+    #   # kubernetes.core.k8s:
+    #   #   kind: PV
+    #   #   name: "{{ app_namespace }}-{{ item }}-pv"
+    #   #   definition:
+    #   #     spec:
+    #   #       claimRef: null
+    #   loop:
+    #     - glpi-config
+    #     - glpi-files
+    #     - glpi-log
+    #     - glpi-marketplace
+    #     - glpi-plugins
+
+    # - name: "Patch the GLPI PV so they will be bound to the correct PVC"
+    #   ansible.builtin.shell: |
+    #     kubectl patch pv {{ app_namespace }}-{{ item }}-pv -p '{"spec":{"claimRef": {"name": "{{ item }}", "namespace": "{{ app_namespace }}"}}}'
+    #   loop:
+    #     - glpi-config
+    #     - glpi-files
+    #     - glpi-log
+    #     - glpi-marketplace
+    #     - glpi-plugins
 
 ...

glpi/k8s/helm/ansible/phpmyadmin-install-playbook.yaml

@@ -25,10 +25,9 @@ Install python requirements.
 
 [source,bash]
 ----
-$ pip install -r glpi/k8s/ansible/requirements.txt
+pip install -r glpi/k8s/ansible/requirements.txt
 ----
 
-
 === Required information
 
 Required variables.
@@ -177,8 +176,11 @@ This will deploy a MariaDB database on the application namespace.
 [source,bash]
 ----
 ansible-playbook mariadb/k8s/helm/ansible/mariadb-install-playbook.yaml \
+  -e "@glpi/k8s/ansible/defaults/main.yaml" \
+  -e "@kubernetes/storage/ceph/ansible/defaults/main.yaml" \
   -e "@_local_config/glpi.yaml" \
-  -e db_password=${DB_PASSWORD}
+  -e db_password=${DB_PASSWORD} \
+  -e db_root_password=${DB_PASSWORD}
 ----
 
 If you want to Restore a previous GLPI backup check the 
@@ -192,6 +194,7 @@ Deploy the `glpi` application using the `trikorasolns/glpi` helm chart.
 [source,bash]
 ----
 ansible-playbook glpi/k8s/helm/ansible/glpi-install-playbook.yaml \
+  -e @kubernetes/storage/ceph/ansible/defaults/main.yaml \
   -e "@glpi/k8s/ansible/defaults/main.yaml" \
   -e "@_local_config/network.yaml" \
   -e trikora_helm_project_dir=${TRIKORA_HELM} \
@@ -202,13 +205,34 @@ If deploying the application to restore an existing backup consider adding
  the `GLPICRYPT` environment variable so the `glpycrypt.key` file is restored 
  instead of GLPI having a new one generated.
 
-  -e "@glpi/k8s/ansible/defaults/main.yaml" \
+[NOTE]
+====
+To generate the base64 encoding perform the following steps.
+
+Tar the glpicrypt file. The name of the file inside the TAR GZ must be 
+ `glpicrypt.key`.
+
+[source,bash]
+----
+tar czvf glpicrypt.key.tgz glpicrypt.key
+----
+
+Base64 encode the file.
+
+[source,bash]
+----
+cat /tmp/glpicrypt.key.tgz | base64 -w 0
+----
+
+These are the contents to be passed to the `glpicrypt_targz_file`.
+====
 
 [source,bash]
 ----
 ansible-playbook glpi/k8s/helm/ansible/glpi-install-playbook.yaml \
   -e "@_local_config/glpi.yaml" \
   -e "@_local_config/network.yaml" \
+  -e "@glpi/k8s/ansible/defaults/main.yaml" \
   -e db_password=${DB_PASSWORD} \
   -e glpicrypt_targz_file="${GLPICRYPT_TARGZ_FILE}"
 ----
@@ -299,7 +323,16 @@ ansible-playbook --limit ${K8S_HOST} kubernetes/ansible/host_path/app-pv-cleanup
   -e "@glpi/k8s/ansible/defaults/main.yaml"
 ----
 
+=== MariaDB
 
+This will uninstall the MariaDB database chart on the application namespace.
+
+[source,bash]
+----
+ansible-playbook mariadb/k8s/helm/ansible/mariadb-uninstall-playbook.yaml \
+  -e "@_local_config/glpi.yaml" \
+  -e db_password=${DB_PASSWORD}
+----
 
 
 

glpi/k8s/install-helm.adoc

@@ -4,7 +4,8 @@ app_version: "26.1.3"
 
 db_name: keycloak
 db_user: keycloak
-db_type: postgresql
+db_type: postgres
+db_port: 5432
 # storage_class: local-storage
 
 volumes: