Commit 542abf3a authored by naji's avatar naji
Browse files

certificates pastis

parent 3a3ed8a2
[hosts]
localhost ansible_host=127.0.0.1 ansible_connection=local ip_admin=127.0.0.1 ip_service=127.0.0.1
dev.vitamui.com ansible_host=dev.vitamui.com ansible_connection=local ip_admin=dev.vitamui.com ip_service=dev.vitamui.com
#vitamui host
vitamui-env ansible_host=changeme ip_service=changeme ip_admin=changeme
dev.vitamui.com ansible_host=dev.vitamui.com ip_service=dev.vitamui.com ip_admin=dev.vitamui.com
#vitam host
vitam-env ansible_host=changeme ip_service=changeme ip_admin=changeme
dev.vitamui.com ansible_host=dev.vitamui.com ip_service=dev.vitamui.com ip_admin=dev.vitamui.com
......@@ -44,11 +44,11 @@ hosts_vitamui_consul_server
[hosts_vitamui_logstash]
# EDIT
# not for the moment...
vitamui-env
dev.vitamui.com
[hosts_vitamui_consul_server]
# EDIT
vitamui-env
dev.vitamui.com
########################################################
# ZONE Data
......@@ -58,7 +58,7 @@ hosts_vitamui_mongod
[hosts_vitamui_mongod]
# EDIT
vitamui-env mongo_cluster_name=mongo-vitamui mongo_rs_bootstrap=true mongo_express=true
dev.vitamui.com mongo_cluster_name=mongo-vitamui mongo_rs_bootstrap=true mongo_express=true
########################################################
# ZONE reverseproxy
......@@ -68,7 +68,7 @@ hosts_vitamui_reverseproxy
[hosts_vitamui_reverseproxy]
# EDIT
vitamui-env
dev.vitamui.com
#localhost
########################################################
......@@ -84,42 +84,52 @@ hosts_vitamui_ingest_external
hosts_vitamui_archive_search_external
hosts_vitamui_referential_external
hosts_vitamui_security_internal
hosts_vitamui_pastis_internal
hosts_vitamui_pastis_external
[hosts_vitamui_iam_internal]
# EDIT
vitamui-env
dev.vitamui.com
[hosts_vitamui_iam_external]
# EDIT
vitamui-env
dev.vitamui.com
[hosts_vitamui_ingest_internal]
# EDIT
vitamui-env
dev.vitamui.com
[hosts_vitamui_archive_search_internal]
# EDIT
vitamui-env
dev.vitamui.com
[hosts_vitamui_pastis_internal]
# EDIT
dev.vitamui.com
[hosts_vitamui_pastis_external]
# EDIT
dev.vitamui.com
[hosts_vitamui_ingest_external]
# EDIT
vitamui-env
dev.vitamui.com
[hosts_vitamui_archive_search_external]
# EDIT
vitamui-env
dev.vitamui.com
[hosts_vitamui_referential_internal]
# EDIT
vitamui-env
dev.vitamui.com
[hosts_vitamui_referential_external]
# EDIT
vitamui-env
dev.vitamui.com
[hosts_vitamui_security_internal]
vitamui-env
dev.vitamui.com
########################################################
# ZONE UI
......@@ -131,30 +141,35 @@ hosts_ui_search
hosts_ui_ingest
hosts_ui_archive_search
hosts_ui_referential
hosts_ui_pastis
[hosts_ui_identity]
# EDIT
vitamui-env
dev.vitamui.com
[hosts_ui_pastis]
# EDIT
dev.vitamui.com
[hosts_ui_ingest]
# EDIT
vitamui-env
dev.vitamui.com
[hosts_ui_archive_search]
# EDIT
vitamui-env
dev.vitamui.com
[hosts_ui_referential]
# EDIT
vitamui-env
dev.vitamui.com
[hosts_ui_portal]
# EDIT
vitamui-env
dev.vitamui.com
[hosts_ui_search]
# EDIT
vitamui-env
dev.vitamui.com
########################################################
# ZONE ADMIN
......@@ -164,7 +179,7 @@ hosts_ui_identity_admin
[hosts_ui_identity_admin]
# EDIT
vitamui-env
dev.vitamui.com
########################################################
# ZONE CAS
......@@ -174,7 +189,7 @@ hosts_cas_server
[hosts_cas_server]
# EDIT
vitamui-env
dev.vitamui.com
########################################################
# ZONE TOOLS
......@@ -221,9 +236,6 @@ vitamui-env
# EDIT
[hosts_browse]
# EDIT
#
# ************************************** ZONES VITAM ******************************************************
......@@ -231,51 +243,51 @@ vitamui-env
# MINIMUM REQUIRED IN ZONE VITAM
[hosts_consul_server]
vitam-env
dev.vitamui.com
[hosts_ingest_external]
vitam-env
dev.vitamui.com
[hosts_access_external]
vitam-env
dev.vitamui.com
[hosts_ihm_demo]
vitam-env
dev.vitamui.com
# [hosts_elasticsearch_log]
# localhost
[hosts_elasticsearch_log]
vitam-env
dev.vitamui.com
[hosts_functionnal_admin]
vitam-env
dev.vitamui.com
[hosts_security_internal]
vitam-env
dev.vitamui.com
########################################################
# VARS - common VITAMUI and VITAM
########################################################
[hosts:vars]
dns_servers=["8.8.8.8"]
dns_servers=["10.6.1.13", "8.8.8.8"]
#ansible_ssh_user=centos
#ansible_become=true
vitam_site_name=changeme
vitam_site_name=vitam
consul_domain=consul
# Reverse configuration
vitam_reverse_external_dns=changeme
vitam_reverse_external_dns=dev.vitamui.com
vitam_reverse_external_protocol=https
reverse_proxy_port=443
http_proxy_environnement=
## Uncomment and fill for remote deploy
#ansible_connection=ssh
ansible_ssh_user=changeme
ansible_ssh_private_key_file=changeme
ansible_become_pass=changeme
ansible_ssh_user=caux
#ansible_ssh_private_key_file=changeme
#ansible_become_pass=changeme
......
......@@ -161,6 +161,7 @@ function generateHostKeystore {
fi
pki_logger "Génération du p12"
echo ${CRT_KEY_PASSWORD}
crtKeyToP12 $(dirname ${P12_KEYSTORE}) \
${CRT_KEY_PASSWORD} \
${COMPONENT} \
......@@ -168,6 +169,7 @@ function generateHostKeystore {
${P12_KEYSTORE}
pki_logger "Génération du jks"
echo ${JKS_PASSWORD}
addP12InJks ${JKS_KEYSTORE} \
${JKS_PASSWORD} \
${P12_KEYSTORE} \
......@@ -287,4 +289,4 @@ function main() {
pki_logger "-------------------------------------------"
pki_logger "Fin de la génération des stores"
}
\ No newline at end of file
}
......@@ -253,4 +253,33 @@ db.applications.insert({
"tooltip" : "Importer un arbre de positionnement ou un plan de classement",
"target" : "_self"
});
db.applications.update(
{ "identifier" : "PASTIS_APP" },
{
"$set" : {
{% if vitamui.pastis.base_url is defined %}
"url": "{{ vitamui.pastis.base_url }}/archive-search",
{% else %}
"url" : "{{ url_prefix }}/archive-search/archive-search",
{% endif %}
"icon": "vitamui-icon vitamui-icon-archive-archive",
"name": "Recherche et consultation des archives",
"category": "ingests",
"position": NumberInt(1),
"hasCustomerList": false,
"hasTenantList": false,
"hasHighlight": false,
"tooltip": "Recherche et consultation des archives",
"target": "_self"
},
"$setOnInsert": {
"identifier" : "PASTIS_APP"
}
},
{ "upsert":true }
);
print("END 208_application_ref.js");
db = db.getSiblingDB('cas')
print("START 220_cas_services_pastis_ref.js");
print("START 218_cas_services_pastis_ref.js");
var nbInsert = db.services.insert({
"_id" : NumberInt(7),
......
db = db.getSiblingDB('security')
print("START 221_security_pastis_ref.js");
db.contexts.insert({
"_id" : "ui_pastis_context",
"name": "Contexte UI Archive Search",
"fullAccess" : true,
"tenants" : [NumberInt({{ vitamui_platform_informations.proof_tenant }}), NumberInt({{ vitamui_platform_informations.cas_tenant }})],
"roleNames" : [
"ROLE_GET_USERS", "ROLE_CREATE_USERS", "ROLE_UPDATE_USERS", "ROLE_UPDATE_STANDARD_USERS", "ROLE_GENERIC_USERS", "ROLE_MFA_USERS", "ROLE_ANONYMIZATION_USERS",
"ROLE_UPDATE_ME_USERS",
"ROLE_GET_PROFILES", "ROLE_CREATE_PROFILES", "ROLE_UPDATE_PROFILES", "ROLE_DELETE_PROFILES",
"ROLE_GET_TENANTS", "ROLE_CREATE_TENANTS", "ROLE_CREATE_TENANTS_ALL_CUSTOMERS", "ROLE_UPDATE_TENANTS", "ROLE_UPDATE_TENANTS_ALL_CUSTOMERS", "ROLE_GET_ALL_TENANTS",
"ROLE_CREATE_ARCHIVE_SEARCH", "ROLE_GET_ARCHIVE_SEARCH", "ROLE_GET_ALL_ARCHIVE_SEARCH"
]
});
print("END 221_security_pastis_ref.js");
db = db.getSiblingDB('{{ mongodb.security.db }}')
print("START 222_security.populate_certificates_pastis.js.j2");
{% macro insertCertificate(pemFile, contextId) -%}
db.certificates.remove(
{"_id" : "{{ pemFile | basename | replace('.pem','_cert')}}"},
{ justOne: true }
)
db.certificates.insert({
"_id": "{{ pemFile | basename | replace('.pem','_cert')}}",
"contextId": "{{ contextId }}",
"subjectDN": "subjectDN",
"issuerDN": "issuerDN",
"serialNumber": "serialNumberAdmin",
"data": "{{ lookup('file', pemFile) | cert_to_str() }}"
})
{%- endmacro %}
{% macro process(keyPath, contextId, groupName) -%}
{% for host in groups[groupName] %}
{{ insertCertificate(keyPath | replace('%host%', host), contextId) }}
{% endfor %}
{%- endmacro %}
{{ process('{{ pki_dir }}/server/hosts/%host%/ui-pastis.pem', 'ui_pastis_context', 'hosts_ui_pastis') }}
print("END 222_security.populate_certificates_pastis.js.j2");
......@@ -58,4 +58,21 @@ db.groups.updateOne( {
}
});
// ========================================= GROUPS =========================================
// ----------------------------------------- LEVEL "0" -----------------------------------------
db.groups.updateOne( {
"_id": "admin_group"
}, {
$addToSet: {
"profileIds": {
$each: [
"system_pastis"
]
}
}
});
print("END 307_iam_ref.js");
......@@ -141,7 +141,7 @@ export function translateHttpLoaderFactory(httpBackend: HttpBackend): TranslateH
],
providers: [
Title,
{provide: BASE_URL, useValue: '/portal-api'},
{provide: BASE_URL, useValue: '/pastis-api'},
{provide: ENVIRONMENT, useValue: environment},
{provide: LOCALE_ID, useValue: 'fr'},
{provide: WINDOW_LOCATION, useValue: window.location},
......
......@@ -28,5 +28,11 @@
"secure": false,
"pathRewrite": {},
"logLevel": "debug"
}
},
"/pastis-api": {
"target": "https://dev.vitamui.com:9015/",
"secure": false,
"pathRewrite": {},
"logLevel": "debug"
},
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment