diff --git a/roles/invite/templates/serverapplication.yml.j2 b/roles/invite/templates/serverapplication.yml.j2
index 251f4cff1..b7ad7f9f2 100644
--- a/roles/invite/templates/serverapplication.yml.j2
+++ b/roles/invite/templates/serverapplication.yml.j2
@@ -130,7 +130,6 @@ config:
languages: "nl, en"
environment: {{ environment_shortname }}
-
feature:
limit-institution-admin-role-visibility: {{ invite.limit_institution_admin_role_visibility }}
enable-performance-seed: False
diff --git a/roles/openaccess/defaults/main.yml b/roles/openaccess/defaults/main.yml
index ba813a4c8..888e97b36 100644
--- a/roles/openaccess/defaults/main.yml
+++ b/roles/openaccess/defaults/main.yml
@@ -1,3 +1,5 @@
---
openaccess_server_restart_policy: always
openaccess_server_restart_retries: 0
+openaccess_docker_networks:
+ - name: loadbalancer
diff --git a/roles/openaccess/tasks/main.yml b/roles/openaccess/tasks/main.yml
index c3cfb6e4a..5f92ead18 100644
--- a/roles/openaccess/tasks/main.yml
+++ b/roles/openaccess/tasks/main.yml
@@ -19,9 +19,15 @@
- serverapplication.yml
notify: restart accessserver
+
+- name: Debug mariadb_in_docker # Show with -vv
+ ansible.builtin.debug:
+ msg: "{{ mariadb_in_docker }}"
+ verbosity: 2
+
- name: Add the MariaDB docker network to the list of networks when MariaDB runs in Docker
ansible.builtin.set_fact:
- invite_docker_networks:
+ openaccess_docker_networks:
- name: loadbalancer
- name: openconext_mariadb
when: mariadb_in_docker | default(false) | bool
@@ -36,8 +42,7 @@
restart_policy: "{{ openaccess_server_restart_policy }}"
restart_retries: "{{ openaccess_server_restart_retries }}" # Only for restart policy on-failure
state: started
- networks:
- - name: "loadbalancer"
+ networks: "{{ openaccess_docker_networks }}"
mounts:
- source: /opt/openconext/openaccess/serverapplication.yml
target: /application.yml
@@ -95,4 +100,4 @@
S3_STORAGE_URL : "{{ openconextaccess.s3_storage.url }}"
S3_STORAGE_KEY : "{{ openconextaccess.s3_storage.key }}"
S3_STORAGE_SECRET : "{{ openconextaccess.s3_storage.secret }}"
- S3_STORAGE_BUCKET : "{{ openconextaccess.s3_storage.bucket }}"
\ No newline at end of file
+ S3_STORAGE_BUCKET : "{{ openconextaccess.s3_storage.bucket }}"
diff --git a/roles/openaccess/templates/serverapplication.yml.j2 b/roles/openaccess/templates/serverapplication.yml.j2
index c4cb82c89..1e5a2f9b9 100644
--- a/roles/openaccess/templates/serverapplication.yml.j2
+++ b/roles/openaccess/templates/serverapplication.yml.j2
@@ -29,17 +29,17 @@ spring:
client:
registration:
oidcng:
- client-id: {{ oidc_playground.client_id }}
- client-secret: {{ oidc_playground.secret }}
+ client-id: {{ openconextaccess.oidcng.client_id }}
+ client-secret: {{ openconextaccess.oidcng.secret }}
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
authorization-grant-type: "authorization_code"
scope: openid
provider:
oidcng:
- authorization-uri: "https://connect.{{ base_domain }}/oidc/authorize"
- token-uri: "https://connect.{{ base_domain }}/oidc/token"
- user-info-uri: "https://connect.{{ base_domain }}/oidc/userinfo"
- jwk-set-uri: "https://connect.{{ base_domain }}/oidc/certs"
+ authorization-uri: {{ openconextaccess.oidcng.authorization_uri }}
+ token-uri: {{ openconextaccess.oidcng.token_uri }}
+ user-info-uri: {{ openconextaccess.oidcng.user_info_uri }}
+ jwk-set-uri: {{ openconextaccess.oidcng.jwk_set_uri }}
user-name-attribute: sub
user-info-authentication-method: client_secret_basic
jpa:
@@ -62,8 +62,8 @@ spring:
host: {{ smtp_server }}
oidcng:
- discovery-url: "https://connect.test2.surfconext.nl/oidc/.well-known/openid-configuration"
- introspect-url: "https://connect.test2.surfconext.nl/oidc/introspect"
+ discovery-url: {{ openconextaccess.oidcng.discovery_url }}
+ introspect-url: {{ openconextaccess.oidcng.introspect_url }}
resource-server-id: myconext.rs
resource-server-secret: secret
base-url: {{ openconextaccess_base_domain }}
@@ -90,7 +90,7 @@ config:
client-url: "https://{{ openconextaccess_base_domain }}"
base-url: "{{ base_domain }}"
edu_id_schac_home_organization: "eduid.nl"
- discovery: "https://connect.test2.surfconext.nl/oidc/.well-known/openid-configuration"
+ discovery: "https://connect.{{ env }}.surfconext.nl/oidc/.well-known/openid-configuration"
invite: "https://invite.{{ base_domain }}"
sram: "https://{{ env }}.sram.surf.nl/"
service_desk: "https://servicedesk.surf.nl/jira/plugins/servlet/desk/user/requests?reporter=all"
@@ -105,7 +105,7 @@ config:
entityid: "https://idp.diy.surfconext.nl"
descriptionEN: "Een test-IdP met fictieve gebruikersaccounts. De metadata vind je hier"
descriptionNL: "Een test-IdP met fictieve gebruikersaccounts. De metadata vind je hier"
- idp_proxy_meta_data: https://metadata.test2.surfconext.nl/idp-metadata.xml
+ idp_proxy_meta_data: {{ openconextaccess.idp_proxy_meta_data }}
minimal_stepup_acr_level: "http://{{ base_domain }}/assurance/loa2"
features:
- name: idp
@@ -121,7 +121,7 @@ config:
- "{{ loa }}"
{% endfor %}
-eduid-idp-entity-id: "https://login.{{ myconext_base_domain }}"
+eduid-idp-entity-id: {{ openconextaccess.eduid_idp_entity_id }}
super-admin:
users:
@@ -166,19 +166,19 @@ invite:
user: {{ invite.access_user }}
password: "{{ invite.access_secret }}"
-# Todo relace with openconextaccess user
-statistics:
- enabled: True
- url: {{ dashboard.stats_url }}
- user: {{ dashboard.stats_user }}
- password: {{ stats_dashboard_api_password }}
-
s3storage:
url: {{ openconextaccess.s3_storage.url }}
key: {{ openconextaccess.s3_storage.key }}
secret: {{ openconextaccess.s3_storage.secret }}
bucket: {{ openconextaccess.s3_storage.bucket }}
+statistics:
+ enabled: {{ openconextaccess.statistics.enabled }}
+ url: {{ openconextaccess.statistics.url }}
+ user: {{ openconextaccess.statistics.user }}
+ password: {{ openconextaccess.statistics.password }}
+
+
management:
health:
mail: