Initial commit

Signed-off-by: Christian Berendt <[email protected]>

.github/pr-labeler.yml

@@ -0,0 +1,11 @@
+---
+'Type: Bugfix': ['fix/*', 'issue/*']
+'Type: Build': build/*
+'Type: CI': ['ci/*', 'travis/*', 'zuul/*']
+'Type: Documentation': ['docs/*', 'doc/*', 'documentation/*']
+'Type: Feature': ['feature/*', 'feat/*']
+'Type: Maintenance': ['chore/*', 'renovate/*']
+'Type: Refactoring': ['refactor/*', 'refactoring/*']
+'Type: Release': release/*
+'Type: Style': style/*
+'Type: Testing': ['test/*', 'testing/*']

.github/renovate.json

@@ -0,0 +1,6 @@
+{
+  "extends": [
+    "config:base"
+  ],
+  "commitBody": "Signed-off-by: Renovate Bot <[email protected]>"
+}

.github/workflows/pr-labeler.yml

@@ -0,0 +1,11 @@
+---
+name: PR labeler
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  default:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: technote-space/pr-labeler-action@v4

.github/workflows/syntax-ansible.yml

@@ -0,0 +1,19 @@
+---
+name: Check ansible syntax
+
+on:
+  push:
+    paths:
+      - 'environments/**.yml'
+      - 'playbooks/**.yml'
+  pull_request:
+    paths:
+      - 'environments/**.yml'
+      - 'playbooks/**.yml'
+
+jobs:
+  default:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ansible/ansible-lint-action@master

.github/workflows/syntax-python.yml

@@ -0,0 +1,23 @@
+---
+name: Check python syntax
+
+on:
+  push:
+    paths:
+      - '**.py'
+  pull_request:
+    paths:
+      - '**.py'
+
+jobs:
+  default:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+      - run: pip3 install flake8
+      - run: flake8

.github/workflows/syntax-rst.yml

@@ -0,0 +1,23 @@
+---
+name: Check rst syntax
+
+on:
+  push:
+    paths:
+      - '**.rst'
+  pull_request:
+    paths:
+      - '**.rst'
+
+jobs:
+  default:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+      - run: pip3 install doc8
+      - run: doc8 --max-line-length 100

.github/workflows/syntax-yaml.yml

@@ -0,0 +1,25 @@
+---
+name: Check yaml syntax
+
+on:
+  push:
+    paths:
+      - '**.yml'
+      - '**.yaml'
+  pull_request:
+    paths:
+      - '**.yml'
+      - '**.yaml'
+
+jobs:
+  default:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+      - run: pip3 install yamllint
+      - run: yamllint --config-file .github/yamllint.yml .

.github/workflows/terraform.yml

@@ -0,0 +1,38 @@
+---
+name: Verify terraform
+
+on:
+  push:
+    paths:
+      - 'terraform/**'
+      - '.github/workflows/terraform.yml'
+  pull_request:
+    paths:
+      - 'terraform/**'
+      - '.github/workflows/terraform.yml'
+
+jobs:
+  default:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        terraform-version:
+          - 0.12.29
+          - 0.13.0
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Setup terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: ${{ matrix.terraform-version }}
+      - name: Terraform init
+        run: terraform init
+        working-directory: ./terraform
+      - name: Terraform format
+        run: terraform fmt -check
+        working-directory: ./terraform
+      - name: Terraform validate
+        run: terraform validate
+        working-directory: ./terraform

.github/yamllint.yml

@@ -0,0 +1,6 @@
+---
+extends: default
+
+rules:
+  line-length: disable
+  truthy: disable

.gitignore

@@ -0,0 +1,19 @@
+.MANAGER_ADDRESS.*
+.deploy.*
+.id_rsa.*
+.terraform
+.tox
+.venv
+Pipfile.lock
+clouds.yaml
+clouds.yml
+contrib/es_test_data.py
+contrib/mysql_random_data_load
+docs/build
+environments/**/ceph.client.*.keyring
+roles
+secrets
+secure.yaml
+secure.yml
+terraform.tfstate*
+terraform.tfstate.d

README.rst

@@ -0,0 +1,31 @@
+================================================
+SCS Identity and Access Management (IAM) testbed
+================================================
+
+This testbed provides a minimized SCS manager node. By default MariaDB,
+Keystone, Keyloak and Horizon are deployed.
+
+This testbed focuses on working with Keystone and Keycloak in the context
+of the GAIA-X MVP WP.
+
+The testbed is based on the `testbed of the OSISM project <https://github.com/osism/testbed>`_.
+Documentation is available at https://docs.osism.de/testbed/.
+
+Webinterfaces & API endpoints
+=============================
+
+The web interfaces and API endpoints can also be accessed externally via
+the assigned floating IP address of the instance.
+
+================ =========================== ========= ================
+Name             URL                         Username  Password
+================ =========================== ========= ================
+ARA              http://192.168.40.5:8120    ara       password
+Cockpit          https://192.168.40.5:8130   dragon    da5pahthaew2Pai2
+Horizon          http://192.168.40.200       admin     password
+Keycloak         http://192.168.40.5:8170    admin     password
+Keystone         http://192.168.40.200:35357 admin     password
+Keystone         http://192.168.40.200:5000  admin     password
+RabbitMQ         http://192.168.40.5:15672   openstack password
+phpMyAdmin       http://192.168.40.5:8110    root      password
+================ =========================== ========= ================

environments/.vault_pass

@@ -0,0 +1 @@
+password

environments/ansible.cfg

@@ -0,0 +1,45 @@
+[defaults]
+# hide "[WARNING]: Invalid characters were found in group names but not replaced,
+# use -vvvv to see details" warning message
+force_valid_group_names = ignore
+
+host_key_checking = false
+
+# hide "[WARNING]: Platform linux on host x is using the discovered Python interpreter at
+# /usr/bin/python, but future installation of another Python interpreter could change this"
+# warning message
+#
+# https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more
+interpreter_python = auto_legacy_silent
+
+inventory = /opt/configuration/inventory
+
+# hide paramiko transport logging messages
+log_filter = paramiko.transport
+
+log_path=/ansible/logs/ansible.log
+private_key_file = /ansible/secrets/id_rsa.operator
+retry_files_enabled = false
+roles_path = /ansible/roles:/ansible/galaxy
+
+# strategy
+# strategy_plugins = /ansible/plugins/mitogen/ansible_mitogen/plugins/strategy
+# strategy = mitogen_linear
+
+# Fact caching
+gathering = smart
+fact_caching = redis
+fact_caching_timeout = 86400
+fact_caching_connection = cache:6379:0
+
+# NO CHANGE OVER THIS LINE -- YOUR CHANGES WILL BE OVERWRITTEN
+###############################################################################
+
+# Customer-specific adjustments can be set here.
+remote_user = dragon
+
+###############################################################################
+# NO CHANGE UNDER THIS LINE -- YOUR CHANGES WILL BE OVERWRITTEN
+
+[ssh_connection]
+pipelining = true

environments/configuration.yml

@@ -0,0 +1,74 @@
+---
+##########################
+# configuration
+
+configuration_directory: /opt/configuration
+
+configuration_type: git
+configuration_git_version: master
+configuration_git_host: github.com
+configuration_git_port: 443
+configuration_git_repository: SovereignCloudStack/testbed-iam.git
+configuration_git_protocol: https
+
+##########################
+# docker
+
+docker_user: "{{ operator_user }}"
+
+docker_configure_storage_driver: yes
+docker_storage_driver: overlay2
+
+ceph_docker_registry: index.docker.io
+docker_registry: index.docker.io
+docker_registry_ansible: quay.io
+
+##########################
+# docker-compose
+
+docker_compose_install_type: package
+
+##########################
+# versions
+
+docker_version: "5:19.03.5"
+repository_version: latest
+
+##########################
+# operator
+
+operator_authorized_keys:
+  - "{{lookup('file', '/ansible/secrets/id_rsa.operator.pub')}}"
+
+##########################
+# resolvconf
+
+resolvconf_nameserver:
+  - 9.9.9.9
+  - 149.112.112.112
+resolvconf_search: osism.local
+resolvconf_package: ""
+
+##########################
+# hosts
+
+hosts_type: template
+hosts_additional_entries:
+  api.osism.local: 192.168.40.200
+
+##########################
+# common
+
+cleanup_services:
+  - NetworkManager
+  - iscsid
+  - lxcfs
+  - nscd
+  - ntp
+  - networkd-dispatcher
+  - systemd-networkd
+
+##########################
+# kolla
+
+kolla_internal_vip_address: 192.168.40.200

environments/custom/configuration.yml

@@ -0,0 +1,4 @@
+---
+# Dummy variable to avoid error because ansible does not recognize the
+# file as a good configuration file when no variable in it.
+dummy:

environments/custom/files/testbed_network_devices.fact

@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+
+import json
+import netifaces
+
+NETWORKS = {
+    'external': '192.168.90',
+    'internal': '192.168.50',
+    'management': '192.168.40',
+    'storage_frontend': '192.168.70',
+    'storage_backend': '192.168.80',
+    'provider': '192.168.100'
+}
+
+result = {}
+
+for interface in netifaces.interfaces():
+    if interface in ['lo', 'docker0', 'ohm0']:
+        continue
+    elif interface.startswith('br'):
+        continue
+    elif interface.startswith('ovs'):
+        continue
+    elif interface.startswith('vxlan'):
+        continue
+    elif interface.startswith('veth'):
+        continue
+    elif interface.startswith('tap'):
+        continue
+    elif interface.startswith('qg'):
+        continue
+
+    addrs = netifaces.ifaddresses(interface)
+    if netifaces.AF_INET in addrs:
+        addr = addrs[netifaces.AF_INET][0]['addr']
+
+        for network in NETWORKS:
+            if addr.startswith(NETWORKS[network]):
+                result[network] = interface
+
+    # NOTE: After a reboot of the nodes the provider network has
+    #       no more IP configuration.
+    else:
+        result['provider'] = interface
+
+print(json.dumps(result))