manifest.jps

jpsVersion: 1.3
jpsType: install
application:
  id: shopozor-auth
  name: Shopozor Auth
  version: 0.0

  baseUrl: https://raw.githubusercontent.com/shopozor/fusionauth/master

  settings:
    fields:
    - name: authDatabaseRootUser
      caption: Auth Root DB User
      type: string
      default: webadmin
    - name: authDatabaseRootUserPassword
      caption: Auth Root DB User Password
      type: string
      inputType: password
      required: true
    - name: authDatabaseUser
      caption: Auth DB User
      type: string
      default: fusionauth
    - name: authDatabaseUserPassword
      caption: Auth DB User Password
      type: string
      inputType: password
      required: true
    - name: authDatabaseName
      caption: Auth DB Name
      type: string
      default: fusionauth
    - name: authDatabaseHostname
      caption: Auth DB Hostname (without https)
      type: string
      required: true
    - name: authDatabasePort
      caption: Auth DB Port
      type: string
      default: 5432
    - name: fusionauthVersion
      caption: Fusionauth version
      type: string
      default: 1.16.1
    - name: openSslNumbits
      caption: Numbits (OpenSSL)
      type: numberpicker
      required: true
      default: 4096
      editable: true
      min: 0
      max: 16384
    - name: resetDB
      type: toggle
      caption: Reset DB
      value: false
      hidden: false
      showIf:
        true:
        - name: authAdminUserEmail
          caption: Auth Admin User Email
          type: string
          default: admin@shopozor.ch
        - name: tenantIssuerName
          caption: Fusionauth Tenant Issuer
          type: string
          default: shopozor.com
        - name: corsAllowedOrigins
          caption: CORS Allowed Origins
          type: string
          default: https://shopozor.com, https://www.shopozor.com, https://admin.shopozor.com, https://staging.shopozor.com, https://admin-staging.shopozor.com, https://preprod.shopozor.com, https://admin-preprod.shopozor.com
        - name: hasuraClaimsNamespace
          caption: Hasura Claims Namespace
          type: string
          default: https://hasura.io/jwt/claims

  globals:
    AUTH_USER: fusionauth
    AUTH_USER_HOME: /home/${globals.AUTH_USER}
    AUTH_ADMIN_USER_PASSWORD: ${fn.password(20)}
    DEFAULT_TENANT_ID: ${fn.uuid}
    DHPARAM_FILENAME: /var/lib/nginx/dhparam.pem

  env:
    topology:
      nodes:
        - nodeGroup: bl
          nodeType: nginx-dockerized
          tag: 1.16.1
          displayName: Node balancing
          count: 1
          fixedCloudlets: 1
          cloudlets: 32
        - nodeGroup: cp
          nodeType: docker
          displayName: Fusion Auth
          count: 1
          fixedCloudlets: 1
          cloudlets: 16
          startServiceOnCreation: false
          image: fusionauth/fusionauth-app:${settings.fusionauthVersion}
          env:
            DATABASE_URL: jdbc:postgresql://${settings.authDatabaseHostname}:${settings.authDatabasePort}/${settings.authDatabaseName}
            DATABASE_ROOT_USER: ${settings.authDatabaseRootUser}
            DATABASE_ROOT_PASSWORD: ${settings.authDatabaseRootUserPassword}
            DATABASE_USER: ${settings.authDatabaseUser}
            DATABASE_PASSWORD: ${settings.authDatabaseUserPassword}
            FUSIONAUTH_MEMORY: 256M
          volumeMounts:
            /kickstart:
              readOnly: true
              sourcePath: /data
              sourceNodeGroup: bl
          volumes:
          - /kickstart

  onInstall:
  - if ('${settings.resetDB}' == 'true'):
    - resetDB
    - setupKickstart
  - startAuth
  - secure
  - cleanupKickstart
  - log: "admin  : ${settings.authAdminUserEmail} / ${globals.AUTH_ADMIN_USER_PASSWORD}"

  actions:
    resetDB:
    - cmd [bl]:
      - yum install -y postgresql
      user: root
    - cmd [bl]:
      - curl -fsSL ${baseUrl}/scripts/reset_auth_db.sh | /bin/sh -s ${settings.authDatabaseRootUser} ${settings.authDatabaseRootUserPassword} ${settings.authDatabaseName} ${settings.authDatabaseUser} ${settings.authDatabaseUserPassword} ${settings.fusionauthVersion} ${settings.authDatabaseHostname}
    setupKickstart:
    - jelastic.environment.control.AddContainerEnvVars [cp]:
        vars:
          FUSIONAUTH_KICKSTART: /kickstart/kickstart.json
    - cmd [bl]: |-
        wget ${baseUrl}/conf/kickstart.json -O kickstart.json
        wget ${baseUrl}/scripts/setup_kickstart.py -O setup_kickstart.py
        mkdir /data
        python setup_kickstart.py --admin-email=${settings.authAdminUserEmail} \
          --admin-password=${globals.AUTH_ADMIN_USER_PASSWORD} \
          --cors-allowed-origins="${settings.corsAllowedOrigins}" \
          --hasura-claims-namespace=${settings.hasuraClaimsNamespace} \
          --input-kickstart=kickstart.json \
          --issuer=${settings.tenantIssuerName} \
          --output-kickstart=/data/kickstart.json
      user: root
    startAuth:
    - jelastic.env.control.ExecDockerRunCmd [${nodes.cp.join(id,)}]
    secure:
    - redirectHttpToHttps
    - configureSSL
    - restartNodes [bl]
    redirectHttpToHttps:
    - cmd [bl]:
      - wget ${baseUrl}/conf/nginx/1.16.1/nginx-jelastic.conf -O /etc/nginx/nginx-jelastic.conf
      user: root
    configureSSL:
    - installAddon:
        id: letsencrypt
    - cmd [bl]:
      - wget ${baseUrl}/conf/nginx/1.16.1/conf.d/ssl.conf -O /etc/nginx/conf.d/ssl.conf
    - cmd [bl]:
      - openssl dhparam -out ${globals.DHPARAM_FILENAME} ${settings.openSslNumbits}
    - replaceConfigPlaceholders:
        filename: /etc/nginx/conf.d/ssl.conf
    replaceConfigPlaceholders:
    - replaceInFile:
        path: ${this.filename}
        replacements:
        - pattern: IP_ADDRESS
          replacement: ${nodes.cp.intIP}
        - pattern: PORT
          replacement: 9011
        - pattern: PATH_TO_PEM_FILE
          replacement: ${globals.DHPARAM_FILENAME}
      nodeType: bl
    cleanupKickstart:
    - cmd [bl]:
      - rm -f /data/kickstart.json
    - restartNodes [cp]

  addons:
  - id: letsencrypt
    name: letsencrypt
    onInstall:
    - install:
        envName: ${env.envName}
        jps: https://github.com/jelastic-jps/lets-encrypt/blob/master/manifest.jps
        settings:
          nodeGroup: bl
          customDomains: ${env.envName}.hidora.com

success: |
  Auth credentials:

  * admin  : ${settings.authAdminUserEmail} / ${globals.AUTH_ADMIN_USER_PASSWORD}