From f4024e32cbd5d6a469b33ca9af45e2da731d3a18 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Fri, 4 Apr 2025 14:55:26 +0000
Subject: [PATCH] ENVRI-Hub: move deployment and swtch to staging ENVRI AAI
---
envri-hub/deployments/envri-hub.yaml | 24 +++++++++---------------
envri-hub/inventory/1-envri-hub.yaml | 20 ++++++++++----------
envri-hub/inventory/99-all.yaml | 3 ---
3 files changed, 19 insertions(+), 28 deletions(-)
diff --git a/envri-hub/deployments/envri-hub.yaml b/envri-hub/deployments/envri-hub.yaml
index 5b9ce2f..d2ec132 100644
--- a/envri-hub/deployments/envri-hub.yaml
+++ b/envri-hub/deployments/envri-hub.yaml
@@ -66,28 +66,22 @@ hub:
Authenticator:
enable_auth_state: true
admin_users:
- # valtri@civ.zcu.cz
- - 52cc7599bd1553c9d63e34e4c90b7e84d44967490c28bb4c53fe97b0c881d677@egi.eu
+ # valtri@gapps.zcu.cz
+ - 2cb7429d-f37e-44a9-991b-0aafaebe5c85@login.staging.envri.eu
allowed_groups:
- - urn:egi.eu:group:envri-hub-next-all
- - urn:egi.eu:group:envri-vre:role=member
- - urn:egi.eu:group:vo.envrihub.eu:role=member
- # previous entitlements:
- - urn:mace:egi.eu:group:envri-hub-next-all#sso.egi.eu
- - urn:mace:egi.eu:group:envri-vre:role=member#aai.egi.eu
- - urn:mace:egi.eu:group:vo.envrihub.eu:role=member#aai.egi.eu
- claim_groups_key: "eduperson_entitlement"
+ - urn:geant:envri.eu:staging:group:vre:role=member
+ claim_groups_key: "entitlements"
EGICheckinAuthenticator:
checkin_host: "{{ secrets['checkin_host']}}"
- authorize_url: "https://{{ secrets['checkin_host']}}/auth/realms/egi/protocol/openid-connect/auth"
- token_url: "https://{{ secrets['checkin_host']}}/auth/realms/egi/protocol/openid-connect/token"
- userdata_url: "https://{{ secrets['checkin_host']}}/auth/realms/egi/protocol/openid-connect/userinfo"
+ authorize_url: "https://{{ secrets['checkin_host']}}/auth/realms/envri/protocol/openid-connect/auth"
+ token_url: "https://{{ secrets['checkin_host']}}/auth/realms/envri/protocol/openid-connect/token"
+ userdata_url: "https://{{ secrets['checkin_host']}}/auth/realms/envri/protocol/openid-connect/userinfo"
client_id: "{{ secrets['client_id'] }}"
client_secret: "{{ secrets['client_secret'] }}"
oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
# (unused, for JWT wrapper)
- openid_configuration_url: "https://{{ secrets['checkin_host'] }}/.well-known/openid-configuration"
- scope: ["openid", "profile", "email", "offline_access", "eduperson_entitlement"]
+ openid_configuration_url: "https://{{ secrets['checkin_host'] }}/auth/realms/envri/.well-known/openid-configuration"
+ scope: ["openid", "profile", "email", "offline_access", "entitlements"]
username_key: "sub"
JupyterHub:
admin_access: true
diff --git a/envri-hub/inventory/1-envri-hub.yaml b/envri-hub/inventory/1-envri-hub.yaml
index cf6807f..3f03cf5 100644
--- a/envri-hub/inventory/1-envri-hub.yaml
+++ b/envri-hub/inventory/1-envri-hub.yaml
@@ -1,33 +1,33 @@
---
# fip:
# hosts:
-# 147.251.245.108:
+# 78.128.235.222:
ingress_0:
hosts:
# fake ingress for squid (CVMFS)
- 10.0.0.70:
+ 10.10.0.202:
ingress:
hosts:
# fake ingress for squid (CVMFS
- 10.0.0.70:
+ 10.10.0.202:
master:
hosts:
- 10.0.0.11:
- 10.0.0.12:
- 10.0.0.13:
+ 10.10.0.11:
+ 10.10.0.12:
+ 10.10.0.13:
nfs:
hosts:
worker:
hosts:
- 10.0.0.70:
- 10.0.0.89:
- 10.0.0.251:
- 10.0.0.211:
+ 10.10.0.202:
+ 10.10.0.115:
+ 10.10.0.77:
+ 10.10.0.210:
gpu:
hosts:
diff --git a/envri-hub/inventory/99-all.yaml b/envri-hub/inventory/99-all.yaml
index 5a112e0..27ebb98 100644
--- a/envri-hub/inventory/99-all.yaml
+++ b/envri-hub/inventory/99-all.yaml
@@ -20,7 +20,4 @@ all:
vault_mount_point: secrets/users/e1662e20-e34b-468c-b0ce-d899bc878364@egi.eu/envri-hub
notebooks_hostname: vre.staging.envri.eu
- notebooks_redirect:
- hostname: envri-vre.cloud.cesnet.cz
- namespace: envri-hub
grafana_hostname: grafana.envri-vre.cloud.cesnet.cz
--
GitLab