adoptium · gdams · Jul 22, 2021 · Jul 7, 2021 · Jul 7, 2021 · Jul 8, 2021
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -58,7 +58,7 @@ jobs:
         ansible-playbook playbooks/AdoptOpenJDK_Unix_Playbook/trss.yml --syntax-check
         ansible-playbook playbooks/AdoptOpenJDK_AIX_Playbook/main.yml --syntax-check
         ansible-playbook playbooks/AdoptOpenJDK_Windows_Playbook/main.yml --syntax-check
-        ansible-playbook playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-jckservices.yml --syntax-check
+        ansible-playbook playbooks/AdoptOpenJDK_Unix_Playbook/ubuntu-jckservices.yml --syntax-check
         ansible-playbook playbooks/AdoptOpenJDK_ITW_Playbook/main.yml --syntax-check
         ansible-playbook playbooks/vagrant.yml --syntax-check
         ansible-playbook playbooks/ubuntu-jck.yml --syntax-check
diff --git a/ansible/inventory.yml b/ansible/inventory.yml
@@ -13,6 +13,9 @@ hosts:
       - aws:
           ubuntu1804-x64-1: {ip: 54.78.186.5, user: ubuntu, description: trss.adoptopenjdk.net}
 
+      - azure:
+          ubuntu2004-x64-1: {ip: 40.121.206.1, user: webmaster, description: jckservices.adoptium.net}
+
       - digitalocean:
           ubuntu2004-x64-1: {ip: 178.62.115.224, description: bastillion.adoptopenjdk.net}
 

diff --git a/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-jckservices.yml b/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-jckservices.yml
diff --git a/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/variables/adoptopenjdk_variables.yml b/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/variables/adoptopenjdk_variables.yml
diff --git a/ansible/playbooks/conf/krb5.conf → ...ix_Playbook/roles/Kerberos/conf/krb5.conf b/ansible/playbooks/conf/krb5.conf → ...ix_Playbook/roles/Kerberos/conf/krb5.conf
@@ -1,5 +1,5 @@
 [libdefaults]
-	default_realm = ADOPTOPENJDK_NET
+	default_realm = ADOPTIUM_NET
 
 # The following encryption type specification will be used by MIT Kerberos
 # if uncommented.  In general, the defaults in the MIT Kerberos code are
@@ -16,13 +16,13 @@
 #	permitted_enctypes = des3-hmac-sha1
 
 [realms]
-	ADOPTOPENJDK_NET = {
-		kdc = jckservics.adoptopenjdk.net
-		admin_server = jckservices.adoptopenjdk.net
+	ADOPTIUM_NET = {
+		kdc = jckservices.adoptium.net
+		admin_server = jckservices.adoptium.net
 	}
 
 [domain_realm]
-	adoptopenjdk.net = ADOPTOPENJDK_NET
+	adoptium.net = ADOPTIUM_NET
 
 [logging]
 	default = SYSLOG
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Kerberos/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Kerberos/tasks/main.yml
@@ -0,0 +1,49 @@
+---
+##################
+# Kerberos Setup #
+##################
+- name: Install Kerberos prerequisistes
+  apt: pkg={{ item }} state=latest
+  with_items:
+    - krb5-kdc
+    - krb5-admin-server
+    - pwgen
+  tags: dependencies
+
+- name: Copy krb5.conf
+  copy:
+    src: conf/krb5.conf
+    dest: /etc/krb5.conf
+    owner: root
+    group: root
+    mode: 0644
+    backup: yes
+
+- name: Configure kerberos server
+  shell: kdb5_util create -r ADOPTIUM_NET -W -s -P `pwgen -1`
+  args:
+    creates: /var/lib/krb5kdc/principal.kadm5
+
+- name: Run shell scripts
+  shell: "{{ item }}"
+  with_items:
+    - kadmin.local -q "addprinc -pw `pwgen -1` admin/admin@ADOPTIUM_NET"
+    - kadmin.local -q "addprinc -pw user1 user1/jckservices.adoptium.net@ADOPTIUM_NET"
+    - kadmin.local -q "addprinc -pw user2 user2/jckservices.adoptium.net@ADOPTIUM_NET"
+    - kadmin.local -q getprincs | egrep '^admin/admin@|^user1/|^user2/' > krb5.jckusers.txt; if test $(wc -l < krb5.jckusers.txt) -ne 3; then echo Wrong number of users - expected 3:; cat krb5.jckusers.txt; rm krb5.jckusers.txt; exit 1; fi
+  args:
+    creates: krb5.jckusers.txt
+  tags:
+    # false positive for 'use shell only when shell is required'
+    # this whole piece should be rewritten to avoid 'bashsible' code style
+    - skip_ansible_lint
+
+- name: Start krb5-kdc service
+  service:
+    name: krb5-kdc
+    state: started
+
+- name: Start krb5-admin-server service
+  service:
+    name: krb5-admin-server
+    state: started
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Tomcat/files/index.html b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Tomcat/files/index.html
@@ -0,0 +1,15 @@
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+    <title>jckservices | Eclipse Temurin</title>
+          <link rel="shortcut icon" href="https://adoptium.net/dist/assets/favicon.ico" type="image/x-icon">
+</head>
+
+<body>
+<p>Eclipse Temurin</p>
+
+<h1>JCKServices - used for Kerberos, FTP and HTTP testing</h1>
+
+<p>Welcome to JCKServices. To find out more about this service please go to
+<a href="https://github.com/adoptium/infrastructure">adoptium/infrastructure</a></p>
+</body>
+</html>
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Tomcat/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Tomcat/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+################
+# Tomcat Setup #
+################
+- name: Install tomcat9
+  apt: pkg=tomcat9 state=latest
+  tags: dependencies
+
+- name: Copy index.html
+  copy:
+    src: files/index.html
+    dest: /var/lib/tomcat9/webapps/ROOT/index.html
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Change port to 80
+  lineinfile:
+    path: /etc/tomcat9/server.xml
+    regexp: '<Connector port="8080" protocol="HTTP\/1.1"'
+    line: <Connector port="80" protocol="HTTP/1.1"
+
+- name: Start tomcat9 service
+  service:
+    name: tomcat9
+    state: restarted