add Final Infrastructure Setup

infrastructure/ansible/vars/aws.yml

@@ -0,0 +1,6 @@
+instance_type: t2.small
+security_group: aws-group # Change the security group name here
+image: ami-337be65c # CentOS7 image
+region: eu-central-1
+count: 1
+creator:

infrastructure/ansible/vars/certificates.yml

@@ -0,0 +1,52 @@
+---
+
+cert_ca_name: "tixel-test-ca.pem"
+cert_ca_key_name: "tixel-test-ca-key.pem"
+cert_path: "/opt/tixel/config"
+cert_path_v3: "/opt/tixstream-fx/config"
+local_sign_dir: "/tmp/ansible-cert-sign/{{ansible_hostname}}"
+cert_config_path: "{{local_sign_dir}}/openssl.cnf"
+cert_ca_key_path: "{{ configs.deployment_dir }}/{{ cert_ca_key_name }}"
+cert_ca_cert_path:
+  local: "{{ configs.deployment_dir }}/{{ cert_ca_name }}"
+  remote: "{{cert_path}}/trusted.pem"
+  remote_v3: "{{cert_path_v3}}/trusted.pem"
+cert_inter_key_path: "{{local_sign_dir}}/inter-key.pem"
+cert_inter_csr_path: "{{local_sign_dir}}/inter.csr"
+cert_inter_cert_path: "{{local_sign_dir}}/inter-crt.pem"
+cert_truststore_path:
+  local: "{{local_sign_dir}}/trusted.p12"
+  remote: "{{cert_path}}/trusted.p12"
+  remote_v3: "{{cert_path_v3}}/trusted.p12"
+
+cert_key_path:
+  local: "{{local_sign_dir}}/{{ansible_hostname}}-key.pem"
+  remote: "{{cert_path}}/host-key.pem"
+  remote_v3: "{{cert_path_v3}}/host-key.pem"
+
+cert_csr_path: "{{local_sign_dir}}/{{ansible_hostname}}.csr"
+cert_single_cert_path: "{{local_sign_dir}}/{{ansible_hostname}}-single-crt.pem"
+cert_cert_path:
+  local: "{{local_sign_dir}}/{{ansible_hostname}}-crt.pem"
+  remote: "{{cert_path}}/host-crt.pem"
+  remote_v3: "{{cert_path_v3}}/host-crt.pem"
+
+cert_pcks12_cert_path:
+  local: "{{local_sign_dir}}/{{ansible_hostname}}.p12"
+  remote: "{{cert_path}}/host.p12"
+  remote_v3: "{{cert_path_v3}}/host.p12"
+
+cert_owner: "tixstream"
+cert_group: "tixstream"
+cert_pkcs12_pass: "changeit"
+
+cert_key_size: "2048"
+cert_days_valid: "365"
+cert_country: "DE"
+cert_state: "Niedersachsen"
+cert_locality: "Hannover"
+cert_organization: "Tixel"
+cert_ca_fields: "/C={{cert_country}}/ST={{cert_state}}/L={{cert_locality}}/O={{cert_organization}}/OU=main/CN=ansible-root-ca"
+cert_inter_fields: "/C={{cert_country}}/ST={{cert_state}}/L={{cert_locality}}/O={{cert_organization}}/OU=sub/CN=ansible-inter-ca"
+
+# vim:ft=ansible

infrastructure/ansible/vars/cluster.yml

@@ -0,0 +1,6 @@
+---
+
+pacemaker_user: hacluster
+pacemaker_pass: hacluster
+
+# vim:ft=ansible

infrastructure/ansible/vars/demovm.yml

@@ -0,0 +1,11 @@
+---
+
+vagrant_hosts:
+  - hostname: "{{ ansible_fqdn }}"
+    name: "{{ ansible_fqdn }}"
+    ip: 127.0.0.1
+    common_ip: 127.0.0.1
+
+samba_server_ip: 127.0.0.1
+
+# vim:ft=ansible

infrastructure/ansible/vars/fx-all-parameters.yml

@@ -0,0 +1,34 @@
+tjxm_parameters_all:
+  - option: "tixstream-express-job-manager.metadata-generator"
+    line: "tixstream-express-job-manager.metadata-generator=/opt/tixel/plugins/bmf-generator/createbmf.py"
+  - option: "tixstream-express-job-manager.metadata-options"
+    line: "tixstream-express-job-manager.metadata-options=NONE,AUTO_GENERATED,USER_INPUT,USER_INPUT_MANDATORY"
+  - option: "tixstream-express-job-manager.job-history-authorization"
+    line: "tixstream-express-job-manager.job-history-authorization=all"
+  - option: "tixstream-express-job-manager.create-accounting-information-on-lock"
+    line: "tixstream-express-job-manager.create-accounting-information-on-lock=true"
+  - option: "tixstream-express-job-manager.accounting-data-path"
+    line: "tixstream-express-job-manager.accounting-data-path=/opt/tixel/data/locked-jobs"
+  - option: "tixstream-express-job-manager.default-modify-description-mode"
+    line: "tixstream-express-job-manager.default-modify-description-mode=false"
+  - option: "tixstream-express-job-manager.default-modify-reference-mode"  
+    line: "tixstream-express-job-manager.default-modify-reference-mode=false"
+
+fx_parameters_all:
+  - option: "custom.tixstream-fx.job-reference-entries-file"
+    line: "custom.tixstream-fx.job-reference-entries-file=/opt/tixel/config/references.json"
+  - option: "custom.tixstream-fx.metadata-enabled"
+    line: "custom.tixstream-fx.metadata-enabled=true"
+  - option: "custom.tixstream-fx.metadata-editor-enabled"
+    line: "custom.tixstream-fx.metadata-editor-enabled=true"
+  - option: "custom.tixstream-fx.metadata-editor-directory"
+    line: "custom.tixstream-fx.metadata-editor-directory=/opt/tixel/plugins/editor"
+  - option: "custom.tixstream-fx.metadata-editor-base-url"
+    line: "custom.tixstream-fx.metadata-editor-base-url=http://127.0.0.1:${server.port}/tixstream-fx/"
+  - option: "custom.tixstream-fx.job-history-visibility"
+    line: "custom.tixstream-fx.job-history-visibility=true"
+  - option: "custom.tixstream-fx.use-transfer-guides"
+    line: "custom.tixstream-fx.use-transfer-guides=true"
+  - option: "custom.tixstream-fx.enable-job-templates"
+    line: "custom.tixstream-fx.enable-job-templates=true"
+

infrastructure/ansible/vars/keycloak.yml

@@ -0,0 +1,16 @@
+keycloak_version: 26.0.1
+keycloak_dir: /var/lib/keycloak
+keycloak_archive: keycloak-{{ keycloak_version }}.zip
+keycloak_admin_username: "admin"
+keycloak_admin_password: "admin"
+keycloak_create_admin: True
+keycloak_mysql_host: localhost
+keycloak_mysql_user: keycloak
+keycloak_mysql_password: keycloak
+keycloak_mysql_database: keycloak
+keycloak_mysql_port: 3306
+keycloak_user: keycloak
+keycloak_group: keycloak
+tixel_realm: tixel
+tixel_client_id: tixstreamfx
+tixel_client_secret: REALLYSECRET

infrastructure/ansible/vars/ldap.yml

@@ -0,0 +1,58 @@
+---
+ldap_conf: /etc/openldap/ldap.conf
+slapd_conf: /etc/openldap/slapd.conf
+ldap_db_config_example: /usr/share/openldap-servers/DB_CONFIG.example
+ldap_db_dir: /var/lib/ldap
+ldap_db_config: "{{ ldap_db_dir }}/DB_CONFIG"
+ldap_user: ldap
+ldap_group: ldap
+ldap_root_passwd: ldap
+ldap_user_passwd: ldap
+ldif_dir: /etc/openldap/ldif
+ldif_root_passwd_file: "root_pw.ldif"
+ldif_manager_passwd_file: "manager_pw.ldif"
+ldif_config_file: "config.ldif"
+ldif_base_file: "base.ldif"
+ldif_user_file: "user.ldif"
+ldif_group_file: "group.ldif"
+
+# note: if a new user is added. group.ldif.j2 needs to be updeted too!
+ldap_users:
+  - uid: ernie
+    uidNumber: 1000
+    givenName: Ernie
+  - uid: bert
+    uidNumber: 1001
+    givenName: Bert
+  - uid: oskar
+    uidNumber: 1002
+    givenName: Oskar
+
+ldap_schemas:
+  - /etc/openldap/schema/cosine.ldif
+  - /etc/openldap/schema/nis.ldif
+  - /etc/openldap/schema/inetorgperson.ldif
+
+access_manager_ldap_config:
+  - option: "custom.security.ldap.enabled"
+    line: "custom.security.ldap.enabled=true"
+  - option: "custom.security.ldap.url"
+    line: "custom.security.ldap.url=ldap\\://{{ current_host_config.ldap_server_ip }}\\:389"
+  - option: "custom.security.ldap.root-dn"
+    line: "custom.security.ldap.root-dn=dc\\=tixel,dc\\=it"
+  - option: "custom.security.ldap.user-search-base"
+    line: "custom.security.ldap.user-search-base=ou\\=Users"
+  - option: "custom.security.ldap.group-base-search"
+    line: "custom.security.ldap.group-base-search=ou\\=Groups"
+  - option: "custom.security.ldap.user-search-filter"
+    line: "custom.security.ldap.user-search-filter=(uid\\={0})"
+  - option: "custom.security.ldap.group-search-filter"
+    line: "custom.security.ldap.group-search-filter=uniqueMember\\={0}"
+  - option: "custom.security.ldap.group-role-attribute"
+    line: "custom.security.ldap.group-role-attribute=cn"
+  - option: "custom.security.ldap.email-attribute"
+    line: "custom.security.ldap.email-attribute=email"
+  - option: "custom.security.ldap.fullname-attribute"
+    line: "custom.security.ldap.fullname-attribute=cn"
+
+# vim:ft=ansible

infrastructure/ansible/vars/local.yml

@@ -0,0 +1,91 @@
+---
+
+local_testdata_dir: /local_testdata
+localuser: tixstream
+localpass: tixstream
+localgroup: tixstream
+
+local_shares:
+  recursive_source:
+    name: local_recursive_directory
+    local_path: "{{ local_testdata_dir }}/test-source-recursive"
+    public_uri: "test-src-recursive"
+    description: "Source recursive Local Share"
+    permissions: "2"
+    user_id: "1"
+    public: "true"
+    file_io_type: "SYNC"
+  sync_source:
+    name: local_sync_source
+    local_path: "{{ local_testdata_dir }}/test-source"
+    public_uri: "local_sync_source"
+    description: "Share on local machine using syncronous file IO"
+    permissions: "2"
+    user_id: "1"
+    public: "true"
+    file_io_type: "SYNC"
+  sync_destination:
+    name: local_sync_destination
+    local_path: "{{ local_testdata_dir }}/test-destination"
+    public_uri: "local_sync_destination"
+    description: "Share on local machine using syncronous file IO"
+    permissions: "6"
+    user_id: "1"
+    public: "true"
+    file_io_type: "SYNC"
+  sequential_source:
+    name: local_sequential_source
+    local_path: "{{ local_testdata_dir }}/test-source"
+    public_uri: "local_sequential_source"
+    description: "Share on local machine using sequential file IO"
+    permissions: "2"
+    user_id: "1"
+    public: "true"
+    file_io_type: "SEQUENTIAL"
+  sequential_destination:
+    name: local_sequential_destination
+    local_path: "{{ local_testdata_dir }}/test-destination"
+    public_uri: "local_sequential_destination"
+    description: "Share on local machine using sequential file IO"
+    permissions: "6"
+    user_id: "1"
+    public: "true"
+    file_io_type: "SEQUENTIAL"
+  fake_source:
+    name: local_fake_source
+    local_path: "{{ local_testdata_dir }}/test-source"
+    public_uri: "local_fake_source"
+    description: "Share on local machine using fake file IO"
+    permissions: "2"
+    user_id: "1"
+    public: "true"
+    file_io_type: "FAKE"
+  fake_destination:
+    name: local_fake_destination
+    local_path: "{{ local_testdata_dir }}/test-destination"
+    public_uri: "local_fake_destination"
+    description: "Share on local machine using fake file IO"
+    permissions: "6"
+    user_id: "1"
+    public: "true"
+    file_io_type: "FAKE"
+  windows_source:
+    name: local_windows_source
+    local_path: "{{ local_testdata_dir }}/test-source"
+    public_uri: "local_windows_source"
+    description: "Share on local machine using windows file IO"
+    permissions: "2"
+    user_id: "1"
+    public: "true"
+    file_io_type: "WINDOWS"
+  windows_destination:
+    name: local_windows_destination
+    local_path: "{{ local_testdata_dir }}/test-destination"
+    public_uri: "local_windows_destination"
+    description: "Share on local machine using windows file IO"
+    permissions: "6"
+    user_id: "1"
+    public: "true"
+    file_io_type: "WINDOWS"
+
+# vim:ft=ansible

infrastructure/ansible/vars/proftpd.yml

@@ -0,0 +1,76 @@
+---
+ftpuser: tixstream
+ftppass: tixstream
+# created with: mkpasswd --hash=md5
+ftphash: $1$s2zr1Mjt$ie/OUvBVd85Eu3n0t8N17/
+ftpgroup: tixstream
+proftpd_ftp_port: 21
+
+sftpuser: "{{ ftpuser }}"
+sftppass: "{{ ftppass }}"
+sftphash: "{{ ftphash }}"
+sftpgroup: "{{ ftpgroup }}"
+proftpd_sftp_port: 22
+
+relay_ftp_user: fxftp
+relay_ftp_password: verysecret
+
+tixstream_express_job_manager_database_user: tixel
+tixstream_express_job_manager_database_password: tixel
+tixstream_express_job_manager_database_name: tixstream_express_job_manager
+proftpd_txe_port: 10021
+proftpd_virtual_host: 0.0.0.0
+
+ftp_shares:
+  source:
+    name: ftp_source
+    protocol: "FTP"
+    host: "{{ current_host_config.proftpd_server_ip }}"
+    port: "{{ proftpd_ftp_port }}"
+    username: "{{ ftpuser }}"
+    password: "{{ ftppass }}"
+    directory: "src"
+    description: "Source FTP Share"
+    permissions: "2"
+    user_id: "1"
+    public: "true"
+  destination:
+    name: ftp_destination
+    protocol: "FTP"
+    host: "{{ current_host_config.proftpd_server_ip }}"
+    port: "{{ proftpd_ftp_port }}"
+    username: "{{ ftpuser }}"
+    password: "{{ ftppass }}"
+    directory: "dest"
+    description: "Destination FTP Share"
+    permissions: "6"
+    user_id: "1"
+    public: "true"
+
+sftp_shares:
+  source:
+    name: sftp_source
+    protocol: "SFTP"
+    host: "{{ current_host_config.proftpd_server_ip }}"
+    port: "{{ proftpd_sftp_port }}"
+    username: "{{ sftpuser }}"
+    password: "{{ sftppass }}"
+    directory: "src"
+    description: "Source SFTP Share"
+    permissions: "2"
+    user_id: "1"
+    public: "true"
+  destination:
+    name: sftp_destination
+    protocol: "SFTP"
+    host: "{{ current_host_config.proftpd_server_ip }}"
+    port: "{{ proftpd_sftp_port }}"
+    username: "{{ sftpuser }}"
+    password: "{{ sftppass }}"
+    directory: "dest"
+    description: "Destination SFTP Share"
+    permissions: "6"
+    user_id: "1"
+    public: "true"
+
+# vim:ft=ansible

infrastructure/ansible/vars/samba.yml

@@ -0,0 +1,24 @@
+---
+smbuser: tixstream
+smbpass: tixstream
+smbgroup: tixstream
+
+samba_shares:
+  source:
+    name: samba_source
+    local_path: "{{ share_mount }}/src"
+    public_uri: "samba_source"
+    description: "Source Samba Share"
+    permissions: "2"
+    user_id: "1"
+    public: "true"
+  destination:
+    name: samba_destination
+    local_path: "{{ share_mount }}/dest"
+    public_uri: "samba_destination"
+    description: "Destination Samba Share"
+    permissions: "6"
+    user_id: "1"
+    public: "true"
+
+# vim:ft=ansible

infrastructure/ansible/vars/smtplog.yml

@@ -0,0 +1,11 @@
+---
+
+- smtplog_port: 2500
+- smtplog_service_file: /etc/systemd/system/smtplog.service
+- smtplog_logdir: /var/log/smtplog
+- smtplog_dir: /usr/local/bin
+- smtplog_maildir: /var/log/smtplog
+- smtpweb_port: 8025
+- smtpweb_service_file: /etc/systemd/system/smtpweb.service
+- smtpweb_logdir: /var/log/smtpweb
+# vim:ft=ansible

infrastructure/ansible/vars/static-vars-almalinux.yml

@@ -0,0 +1,29 @@
+---
+
+tixel_root: /opt/tixel
+tixel_root_v3: /opt/tixstream-fx
+tixel_html: /data/tixel/html
+tixel_data: /data/tixel
+data_dir: /data
+share_name: share
+share_mount: /mnt/share
+tixstream_fx_user: tixstream
+tixstream_fx_group: tixstream
+tixway_user: tixway
+mysql_root_password: standard_password
+
+tixel_config_directory:
+  path: "{{ tixel_root }}/config"
+  dest: "{{ share_mount }}/config"
+
+tixel_temp_directory:
+  path: "{{ tixel_root }}/tmp"
+  dest: "{{ share_mount }}/tmp"
+
+tixel_data_directory:
+  path: "{{ tixel_root }}/data"
+  dest: "{{ share_mount }}/data"
+
+proftpd_config: /etc/proftpd.conf
+
+remote_deployment_dir: "{{ ansible_env.HOME }}/deployment"

infrastructure/ansible/vars/static-vars-centos.yml

@@ -0,0 +1,29 @@
+---
+
+tixel_root: /opt/tixel
+tixel_html: /data/tixel/html
+tixel_data: /data/tixel
+tixel_root_v3: /opt/tixstream-fx
+data_dir: /data
+share_name: share
+share_mount: /mnt/share
+tixstream_fx_user: tixstream
+tixstream_fx_group: tixstream
+tixway_user: tixway
+mysql_root_password: standard_password
+
+tixel_config_directory:
+  path: "{{ tixel_root }}/config"
+  dest: "{{ share_mount }}/config"
+
+tixel_temp_directory:
+  path: "{{ tixel_root }}/tmp"
+  dest: "{{ share_mount }}/tmp"
+
+tixel_data_directory:
+  path: "{{ tixel_root }}/data"
+  dest: "{{ share_mount }}/data"
+
+proftpd_config: /etc/proftpd.conf
+
+remote_deployment_dir: "{{ ansible_env.HOME }}/deployment"

infrastructure/ansible/vars/static-vars-debian.yml

@@ -0,0 +1,20 @@
+---
+
+tixel_root: /opt/tixel
+tixel_root_v3: /opt/tixstream-fx
+share_name: share
+share_mount: /mnt/share
+
+tixel_config_directory:
+  path: "{{ tixel_root }}/config"
+  dest: "{{ share_mount }}/config"
+
+tixel_temp_directory:
+  path: "{{ tixel_root }}/tmp"
+  dest: "{{ share_mount }}/tmp"
+
+tixel_data_directory:
+  path: "{{ tixel_root }}/data"
+  dest: "{{ share_mount }}/data"
+
+remote_deployment_dir: "{{ ansible_env.HOME }}/deployment"

infrastructure/ansible/vars/static-vars-rocky.yml

@@ -0,0 +1,29 @@
+---
+
+tixel_root: /opt/tixel
+tixel_root_v3: /opt/tixstream-fx
+tixel_html: /data/tixel/html
+tixel_data: /data/tixel
+data_dir: /data
+share_name: share
+share_mount: /mnt/share
+tixstream_fx_user: tixstream
+tixstream_fx_group: tixstream
+tixway_user: tixway
+mysql_root_password: standard_password
+
+tixel_config_directory:
+  path: "{{ tixel_root }}/config"
+  dest: "{{ share_mount }}/config"
+
+tixel_temp_directory:
+  path: "{{ tixel_root }}/tmp"
+  dest: "{{ share_mount }}/tmp"
+
+tixel_data_directory:
+  path: "{{ tixel_root }}/data"
+  dest: "{{ share_mount }}/data"
+
+proftpd_config: /etc/proftpd.conf
+
+remote_deployment_dir: "{{ ansible_env.HOME }}/deployment"

infrastructure/ansible/vars/static-vars-ubuntu.yml

@@ -0,0 +1,29 @@
+---
+
+tixel_root: /opt/tixel
+tixel_root_v3: /opt/tixstream-fx
+tixel_html: "{{ tixel_data }}/html"
+tixel_data: "{{ data_dir }}/tixel"
+share_name: share
+share_mount: /mnt/share
+data_dir: /data
+tixstream_fx_user: tixstream
+tixstream_fx_group: tixstream
+tixway_user: tixway
+mysql_root_password: standard_password
+
+tixel_config_directory:
+  path: "{{ tixel_root }}/config"
+  dest: "{{ share_mount }}/config"
+
+tixel_temp_directory:
+  path: "{{ tixel_root }}/tmp"
+  dest: "{{ share_mount }}/tmp"
+
+tixel_data_directory:
+  path: "{{ tixel_root }}/data"
+  dest: "{{ share_mount }}/data"
+
+proftpd_config: "/etc/proftpd/proftpd.conf"
+
+remote_deployment_dir: "{{ ansible_env.HOME }}/deployment"

infrastructure/ansible/vars/static-vars-windows.yml

@@ -0,0 +1,27 @@
+---
+tixel_root_v3: /opt/tixstream-fx
+
+tixel_root: "c:/bin/tixel"
+tixel_root_v3: /opt/tixstream-fx
+share_name: share
+share_mount: "c:/mnt/share"
+
+tixel_config_directory:
+  path: "{{ tixel_root }}/config"
+  dest: "{{ tixel_root }}/config"
+  nginx: "{{ tixel_root }}/nginx/conf"
+
+nginx_config:
+  main: "{{ tixel_config_directory.nginx }}/nginx.conf"
+  bak: "{{ tixel_config_directory.nginx }}/nginx_http.conf.bak"
+  https: "{{ tixel_config_directory.nginx }}/nginx_https.conf"
+
+tixel_temp_directory:
+  path: "{{ tixel_root }}/tmp"
+  dest: "{{ share_mount }}/tmp"
+
+tixel_data_directory:
+  path: "{{ tixel_root }}/data"
+  dest: "{{ share_mount }}/data"
+
+remote_deployment_dir: "{{ ansible_facts['user_dir'] }}/deployment"