From 04b5cfb0b76c8c4988e1ac176675fe3fbf6cb5d8 Mon Sep 17 00:00:00 2001 From: Sven Ketelsen Date: Tue, 5 Oct 2021 21:20:00 +0200 Subject: [PATCH] feat: split management setup into own role (dev) - the smardigo management instance is now configured by group management. connect is now only for dynamic smardigo instances. - -management-01-connect. --- create-database.yml | 3 - create-server.yml | 2 - create-service.yml | 5 - group_vars/keycloak/plain.yml | 44 +------ group_vars/management/plain.yml | 55 ++++++++ group_vars/stage_dev/plain.yml | 40 +++--- group_vars/stage_dev/vault.yml | 117 ++++++++++-------- group_vars/stage_qa/plain.yml | 36 +++--- host_vars/dev-management-smardigo-01.yml | 13 -- host_vars/qa-management-smardigo-01.yml | 13 -- roles/_digitalocean/tasks/_remove_dns.yml | 2 +- roles/_digitalocean/tasks/domain.yml | 57 ++++++++- roles/awx/tasks/awx-config-get-typ-id.yml | 2 + .../awx-config-job-template-credential.yml | 2 + roles/awx/tasks/awx-config.yml | 1 + roles/connect/tasks/main.yml | 4 +- roles/connect/vars/main.yml | 2 +- roles/hcloud/tasks/_read_server_infos.yml | 2 +- roles/hcloud/tasks/_read_server_names.yml | 2 +- roles/hcloud/tasks/_set_server_state.yml | 2 +- roles/hcloud/tasks/configure-firewall.yml | 2 + roles/hetzner-state/tasks/main.yml | 1 + roles/keycloak/tasks/_authenticate.yml | 3 + roles/keycloak/tasks/_configure_client.yml | 3 + roles/keycloak/tasks/_configure_realm.yml | 15 +++ .../tasks/_configure_realm_admin_users.yml | 109 ++++++++++++++++ roles/keycloak/tasks/_create_realm_admin.yml | 109 +++------------- roles/keycloak/tasks/_create_realm_users.yml | 10 ++ .../defaults/main.yml | 6 - .../tasks/main.yml | 8 -- roles/management/defaults/main.yml | 1 + roles/management/handlers/main.yml | 1 + roles/management/meta/main.yml | 1 + roles/management/tasks/main.yaml | 17 +++ roles/management/vars/main.yml | 1 + smardigo.yml | 4 +- .../script/create-teams-message.groovy | 4 +- stage-dev | 6 +- stage-qa | 6 +- 39 files changed, 426 insertions(+), 285 deletions(-) create mode 100644 group_vars/management/plain.yml delete mode 100644 host_vars/dev-management-smardigo-01.yml delete mode 100644 host_vars/qa-management-smardigo-01.yml create mode 100644 roles/keycloak/tasks/_configure_realm_admin_users.yml delete mode 100644 roles/management-connect-postgres/defaults/main.yml delete mode 100644 roles/management-connect-postgres/tasks/main.yml create mode 100644 roles/management/defaults/main.yml create mode 100644 roles/management/handlers/main.yml create mode 100644 roles/management/meta/main.yml create mode 100644 roles/management/tasks/main.yaml create mode 100644 roles/management/vars/main.yml diff --git a/create-database.yml b/create-database.yml index e40d5b4..2f77c8f 100644 --- a/create-database.yml +++ b/create-database.yml @@ -81,9 +81,6 @@ - role: connect-postgres when: "'connect' in group_names" - - role: management-connect-postgres - when: "'management_connect' in group_names" - - role: keycloak-postgres when: "'keycloak' in group_names" diff --git a/create-server.yml b/create-server.yml index 3fde56d..e752b06 100644 --- a/create-server.yml +++ b/create-server.yml @@ -82,8 +82,6 @@ roles: - role: hcloud - - ############################################################# # Setup servers for created inventory ############################################################# diff --git a/create-service.yml b/create-service.yml index 04462b0..e19feff 100644 --- a/create-service.yml +++ b/create-service.yml @@ -58,11 +58,6 @@ with_items: "{{ cluster_services }}" when: item in ['connect_wordpress'] - - name: Remove hosts - hosts: "{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01" - tasks: - - meta: refresh_inventory - ############################################################# # Setup services for created inventory ############################################################# diff --git a/group_vars/keycloak/plain.yml b/group_vars/keycloak/plain.yml index 74b3bd3..78ceaf0 100644 --- a/group_vars/keycloak/plain.yml +++ b/group_vars/keycloak/plain.yml @@ -25,19 +25,13 @@ keycloak: { ], groups: [ { - "name": "admin", - }, - { - "name": "smardigo", - }, - { - "name": "sensw", + "name": "awx", }, { - "name": "ssp", + "name": "admin", }, { - "name": "awx", + "name": "smardigo", }, ], clients: [ @@ -48,40 +42,12 @@ keycloak: { root_url: '', redirect_uris: ' [ - "https://{{ stage }}-docker-registry-01.{{ domain }}/*", + "{{ http_s }}://{{ stage }}-docker-registry-01.{{ domain }}/*", ]', secret: '{{ docker_registry_oidc_client_secret }}', web_origins: ' [ - "https://{{ stage }}-docker-registry-01.{{ domain }}", - ]', - } - ] - }, - { - name: '{{ smardigo_management_oidc_realm }}', - display_name: '{{ smardigo_management_oidc_realm }}', - users: [ - { - "username": "{{ management_admin_username }}", - "password": "{{ management_admin_password }}", - "email": "{{ connect_admin_email }}", - } - ], - clients: [ - { - clientId: '{{ smardigo_management_oidc_client_id }}', - name: '{{ smardigo_management_oidc_client_id }}', - admin_url: '', - root_url: '', - redirect_uris: ' - [ - "https://{{ stage }}-management-smardigo-01-connect.{{ domain }}/*", - ]', - secret: '{{ smardigo_management_oidc_client_secret }}', - web_origins: ' - [ - "https://{{ stage }}-management-smardigo-01-connect.{{ domain }}", + "{{ http_s }}://{{ stage }}-docker-registry-01.{{ domain }}", ]', } ] diff --git a/group_vars/management/plain.yml b/group_vars/management/plain.yml new file mode 100644 index 0000000..7f078d1 --- /dev/null +++ b/group_vars/management/plain.yml @@ -0,0 +1,55 @@ +--- + +hetzner_server_type: cx21 + +connect_image_version: "8.5.0-SMARCH-98-1-SNAPSHOT" + +connect_workflow_env: "stage:{{ stage }};smardigoUserToken:{{ management_smardigo_user_token }}" +connect_process_search_module: "external" +connect_oidc_client_secret: "{{ management_oidc_client_secret }}" +spring_profiles_include: "prod,postgres,elastic,swagger" + +tenant_id: "{{ management_oidc_realm }}" +cluster_size: "1" +cluster_name: "{{ management_oidc_client_id }}" +cluster_services_str: "connect" +current_realm_name: "management" +current_realm_display_name: "Stage Management" + +postgres_acls: + - name: "{{ connect_postgres_database }}" + password: "{{ connect_postgres_password }}" + trusted_cidr_entry: "{{ shared_service_network }}" + +current_realm_clients: [ + { + name: '{{ management_oidc_client_id }}', + clientId: "{{ management_oidc_client_id }}", + admin_url: '', + root_url: '', + redirect_uris: ' + [ + "{{ http_s }}://{{ connect_base_url }}/*" + ]', + secret: '{{ management_oidc_client_secret }}', + web_origins: ' + [ + "{{ http_s }}://{{ connect_base_url }}" + ]', + } +] + +current_realm_users: [ + { + "username": "{{ management_admin_username }}", + "password": "{{ management_admin_password }}", + "email": "{{ connect_admin_email }}", + } +] +current_realm_admin_users: [ + { + "username": "{{ management_realm_admin_username }}", + "password": "{{ management_realm_admin_password }}", + "email": "{{ connect_admin_email }}", + } +] \ No newline at end of file diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml index d324979..7207fe9 100644 --- a/group_vars/stage_dev/plain.yml +++ b/group_vars/stage_dev/plain.yml @@ -30,7 +30,7 @@ shared_service_iam_hostname: "dev-iam-01.smardigo.digital" shared_service_keycloak_hostname: "dev-keycloak-01.smardigo.digital" shared_service_mail_hostname: "dev-mail-01.smardigo.digital" shared_service_webdav_hostname: "dev-webdav-01.smardigo.digital" -management_service_connect_hostname: "dev-management-smardigo-01-connect.smardigo.digital" +management_service_connect_hostname: "dev-management-01-connect.smardigo.digital" keycloak_server_url: "https://{{ shared_service_keycloak_hostname }}" @@ -100,8 +100,8 @@ postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }}, connect_image_version: "latest" iam_image_version: "latest" -smardigo_management_oidc_realm: "smardigo" -smardigo_management_oidc_client_id: "management-smardigo" +management_oidc_realm: "management" +management_oidc_client_id: "smardigo" smardigo_management_url: "{{ http_s }}://{{ management_service_connect_hostname }}/api/v1/scopes/{{ scope_id }}/processes/{{ process_instance_id }}/messages" smardigo_management_token: "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..rCRO1cVFgkyZ45D5cJNK5g.fc6JVOo5ja5sqe-0PQTfJGOivJ6tyiD-rwgY6rXJ3-U.tOgqgJ2zTjB3_M9BGtvVjQ" @@ -127,26 +127,30 @@ docker_admin_password: "docker-admin" management_admin_username: "management-admin" management_admin_password: "management-admin" +management_realm_admin_username: "management-realm-admin" +management_realm_admin_password: "management-realm-admin" -#harbor_admin_username: "< see vault >" -#harbor_admin_password: "< see vault >" -#harbor_postgresql_password: "< see vault >" +harbor_admin_username: "{{ harbor_admin_username_vault }}" +harbor_admin_password: "{{ harbor_admin_password_vault }}" +harbor_postgresql_password: "{{ harbor_postgresql_password_vault }}" -#docker_registry_username: "< see vault >" -#docker_registry_token: "< see vault >" +docker_registry_username: "{{ docker_registry_username_vault }}" +docker_registry_token: "{{ docker_registry_token_vault }}" -#elastic_admin_username: "< see vault >" -#elastic_admin_password: "< see vault >" +elastic_admin_username: "{{ elastic_admin_username_vault }}" +elastic_admin_password: "{{ elastic_admin_password_vault }}" -#postgres_replicator_user_password: "< see vault >" +postgres_replicator_user_password: "{{ postgres_replicator_user_password_vault }}" -#mysql_root_username: "< see vault >" -#mysql_root_password: "< see vault >" +mysql_root_username: "{{ mysql_root_username_vault }}" +mysql_root_password: "{{ mysql_root_password_vault }}" -#pgadmin4_admin_username: "< see vault >" -#pgadmin4_admin_password: "< see vault >" +pgadmin4_admin_username: "{{ pgadmin4_admin_username_vault }}" +pgadmin4_admin_password: "{{ pgadmin4_admin_password_vault }}" -#netgo_msteams_hook_alerting: "< see vault >" +netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}" -#docker_registry_oidc_client_secret: "< see vault >" -#smardigo_management_oidc_client_secret: "< see vault >" +docker_registry_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}" +management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}" + +management_smardigo_user_token: "{{ management_smardigo_user_token_vault }}" diff --git a/group_vars/stage_dev/vault.yml b/group_vars/stage_dev/vault.yml index 6ad16ec..9130af6 100644 --- a/group_vars/stage_dev/vault.yml +++ b/group_vars/stage_dev/vault.yml @@ -1,54 +1,65 @@ $ANSIBLE_VAULT;1.1;AES256 -35346362306332356236376264393165646266386333313561616633613661363634323031363937 -3564323261346239313539626166373031653531653430350a353766353239353262376366343936 -63303633383837323533643461373062373833623864373762326538383332663835306465346662 -3536353130653762650a653138663463306661626365653430396636623532333061663632336564 -34353130383534386236323030613130636366303839363739643461633866356136623761633564 -66333239636363393030386232323535343363656266376537393639656131633630333362373437 -33373363326535316330353463306434346237663439343461366634633765383633336130663233 -63633933616537363235373132386232386538323431313465306338613665306237333039626164 -63333631323436623631333739346134373738303864316264343837383731323831383563633235 -35363332383338363832646166663630393930666531366335366533313433376231613032323134 -63613238326135623032653466616338663633633465363630353761306636356264653765353534 -64343062373339393563373530343065313233643862653839343265333730373537623230353135 -62373337346530653263343631333937353538326134383332646263336661623134383965393861 -33343031663139363033383935373161306562623066306462623730343763336661383037383137 -36643439363635343865663133363931313661383234386234393161313137303038653339643565 -37326365353166306533376263396230643830633432636338323537363636326330313863613463 -66383236383339326165373836373166366434343531316631356132613431376263353231393031 -65356265336132383337306632313365663266633133353062313531643966343338636131316437 -38326438313466366336386531643733393932613935646364616433646238616433643634333335 -36366263646466666639626563613631613363353535353465396330653365386262633662373937 -32643462343730376536613062346137633865356366626263643363386434336361313730633139 -37323135393036613838323739333236376363636536636333666638356232616233666462646138 -32393938643462656237396138363463323966633334366334636465396463336533656265373030 -31336330396266306233613466383036346164653337343762626338373538316339353963323761 -38386266313564303733393361633735313762373932383763633262636565363565373863313763 -64653666666633326639653938613364366463386537663330373630663338306436663561363035 -33633035633335306261323164616636363561343332336534666564633964323463353039616431 -30313833333933393637356563343336353034336432313861313163663732643635396135623332 -61373734343733396233336462313831623335643133353933653635303636643038343737393566 -61656238356436306365343032346432616630373565656563303233623961323062313863633037 -32653761356662386566323934303735643062643865623661646366336263616636393736636335 -63626530313237373962343362346137656230646437306265353030386234373235343735303638 -65333131666435333464303338366662396565353636313237353830336366343561616634363439 -39663638396236633432613236333561356537626262626431663437353331366462366534383339 -63646337333463346136383966333535633731303631633966636130633539366334333534326336 -38316565653561636339643864613633353032366166313763336264396130343164663737356362 -35386561313235643664356264656432346266333833326366666239303361666630633266346262 -65643235616637356133646335303565353162323965623331363964333632646366323637396630 -31623234313065306431616231306134376636626232393231346636663832396266333864373130 -61356434306534393566393931356331326539653064326637393930623133346164646231626165 -35396135376532373830396236653161653137633062376437303339663433653133383630633662 -65663165336237313537303431343933333961366633333565656165656336613331613432633733 -39646538306636343839383466613333316534656131663866316334306564316135383837653964 -31393365366461356532616563353137656262323438353063613739333835323236333335353862 -66353065336663623038323130656433656231643439633133346333663530313738656461396366 -39626461383339333966626235613334343439656631653465373932366163646332343063303666 -32373133616164313034623638393438613834303133363134623562653461306430326135616663 -61323662633837613531336337386266623535316235373730616362663662363734663561363735 -62363766303561363930386139643632333565353733353338643863633261663333643937356135 -62363561373165343632346266363634323332373735633039393235383330323035613830656166 -32366334636336393065326564366361383264386335613630643166353264323032353262393865 -34333066363437373636643432396262366630396463383334356664643337646530616135316438 -31373563633637313464346637363262303430616463363632306364326339643863 +31333365653764633037643362613138633531313832313434646339306436663839653238333461 +6263353233386636326430356634333937343665333930610a336638356238623131613038306564 +66363934333339626463383662616131393364313263343264383062343032613331323136633733 +3063343730623031380a613139643738356535383436386664373236333139643561396232316632 +39366636343263323339363161393436346461323933663662356264633630363164383064306535 +65363839393336346333303062333466313133383539353539626435616462363332666238626566 +31626239653335306564333530636334383765373936366430623765653232393764323239616664 +32333632393338343065666534636635356338653534363233613666333837616231396634666562 +61303838383137633462643831666266313036333562383131666562346463346133363037356331 +61333863303234383435343334643535313733316436326330373165366537643432613963666331 +62316366633834386335376536363131626563303263363262653065373662643632326434636530 +35613237646261303837393363313165343230396661383366306466636336303338623830663332 +31393866323834653438303234643934353166316362333439656133613466646535653739333338 +64333862623230306266646131313664343934613432653866666134396432646365303432613332 +37353236353933323034343536396666653530313837346530616634313532623236623465663864 +38303331323433323131333539363366393962646534326135343630616131373739303232633231 +33643265323831316463363134363339313865313062663366323263306239666137303065393165 +36643061363562666665323465656562323330666132613064303935376538333463353832633262 +62373535613230623238646362353963393238353434393239396339393533376237663430393565 +66343933666433636534666534643731663133303831626132326461613566356430626661623139 +64303532616439383631393563343538643531353438653565366130666463393935373261613335 +65316564623762303432306365343364303739343865633635666437376237373930356466363435 +64323336633962663630663165316163313236623665343631616365623834663730623263353332 +38323364343865636531386136613835653332383639306536656238633533303865386436653633 +36633831626230353736626231376165653162623733323863356261613864393966666566636136 +38656364316435396135393261383033646262653861393833633838323235653835333934633134 +65323538646138623535346164386164663133393032343862393363656436656430343834333263 +65656435623232346333353336353330633836316363656634623735306164393838393139306539 +37653636323531653537306564373330663138303236626639643365303339643832393839373365 +66323737373438616666636266396238346565633730323134363936336161393765623366386535 +66633232336166623534383835383533303338383335373630336564383938303731616438646135 +39656238616331363032643630623132376333303433623061323533633937303130356364613763 +62613834346464396263313061366230396235323332323331333235306664313030643462633365 +33633833626263646435396137303939653163353136353366326565626335663132333139663363 +33663239663238376566623833373133393338393630616231623632623239633031666534303363 +39636237613366306635336534666533616463366537303161633461393465333237623661623464 +33643236383834353165393966326162626230636161393834396535653462386161386262656334 +32316632316330363761366336353961356163643264663262326164303463626363663739366262 +34356437633666343966613231653633393930616238363561633637353963343765353065623434 +34313761373366636430356166646161396332663632643061303331343335316539396263656633 +31616264646263616166653530336134313633393939636632393730333736613963383762366135 +30353733313065623034303236333036613238363039343436333866343866356461396233613136 +61316137363932333966373065386635633062643638646261303065646534373531666530663437 +64323163326236346132326163316132633462366236623962386563623161316432656633346261 +64626239346239653465376235623539363332353435366239353865396164626437643062386261 +30633363656531663235373730353335383731386164633837633032613661663861376230333439 +30363133306163323731656639343564666635356665636438636265643138306231333638663632 +30343464373231613763386638623961656436616661373466336466353333323862653237643063 +34613266383834633137393864623464646131623037313862626437366363616532316561333639 +36653363396630663432366331343831633865633864393364666135633766393132303735613136 +30653037613637393864373361643831363866373166316233623431386465326461333761306562 +63633464366564366564333730633733326234613434386165353132663363623533653637663435 +39363332343334363031353630346138353334316564313539396231376137373639323433346563 +30646333663462653962393866613666336231373230663930366365313134326265623530313434 +33363936333865623561333331633763356238316339373963313039623930653531313662613764 +65626365323164666631303465303736356537333336383539633062383663386364386236653233 +35616430663136633561306136323463316533396565663730326132356565303333393162313062 +35393738346339626462366363376661353663626264643035623231333565383439666665333738 +32346237316630376332303630646362613632613535363730663766616531303332333462333137 +65366461633234356562323536396232313837343862366362393238393862393264613162663837 +39376134376563383236633832323066636338623066363230356666653365643566333331353430 +34643433343034663264666663386335313763303165626134663532303432663739336363376532 +62306237333865353362623165313263336464303633313938336338376366363738356132376562 +34393263383264316330 diff --git a/group_vars/stage_qa/plain.yml b/group_vars/stage_qa/plain.yml index 467e515..22961e6 100644 --- a/group_vars/stage_qa/plain.yml +++ b/group_vars/stage_qa/plain.yml @@ -76,7 +76,7 @@ shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain }}" shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain }}" shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}" shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}" -management_service_connect_hostname: "{{ stage }}-management-smardigo-01-connect.{{ domain }}" +management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}" shared_service_docker_registry_hostname: "{{ stage }}-docker-registry-01.{{ domain }}" @@ -148,8 +148,8 @@ postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }}, connect_image_version: "latest" iam_image_version: "latest" -smardigo_management_oidc_realm: "smardigo" -smardigo_management_oidc_client_id: "management-smardigo" +management_oidc_realm: "management" +management_oidc_client_id: "smardigo" smardigo_management_url: "{{ http_s }}://{{ management_service_connect_hostname }}/api/v1/scopes/{{ scope_id }}/processes/{{ process_instance_id }}/messages" smardigo_management_token: "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..ynbVHutFvwcnzGNpUrObEA.2kHkShTJHDQIRY5QVmwrC-pQOasbQeHb33L5W4wWDdw.OVghXkhWdkps0YYEomO-pg" @@ -176,25 +176,25 @@ docker_admin_password: "{{ docker_admin_password_vault }}" management_admin_username: "management-admin" management_admin_password: "{{ management_admin_password_vault }}" -#harbor_admin_username: "< see vault >" -#harbor_admin_password: "< see vault >" -#harbor_postgresql_password: "< see vault >" +harbor_admin_username: "{{ harbor_admin_username_vault }}" +harbor_admin_password: "{{ harbor_admin_password_vault }}" +harbor_postgresql_password: "{{ harbor_postgresql_password_vault }}" -#docker_registry_username: "< see vault >" -#docker_registry_token: "< see vault >" +docker_registry_username: "{{ docker_registry_username_vault }}" +docker_registry_token: "{{ docker_registry_token_vault }}" -#elastic_admin_username: "< see vault >" -#elastic_admin_password: "< see vault >" +elastic_admin_username: "{{ elastic_admin_username_vault }}" +elastic_admin_password: "{{ elastic_admin_password_vault }}" -#postgres_replicator_user_password: "< see vault >" +postgres_replicator_user_password: "{{ postgres_replicator_user_password_vault }}" -#mysql_root_username: "< see vault >" -#mysql_root_password: "< see vault >" +mysql_root_username: "{{ mysql_root_username_vault }}" +mysql_root_password: "{{ mysql_root_password_vault }}" -#pgadmin4_admin_username: "< see vault >" -#pgadmin4_admin_password: "< see vault >" +pgadmin4_admin_username: "{{ pgadmin4_admin_username_vault }}" +pgadmin4_admin_password: "{{ pgadmin4_admin_password_vault }}" -#netgo_msteams_hook_alerting: "< see vault >" +netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}" -#docker_registry_oidc_client_secret: "< see vault >" -#smardigo_management_oidc_client_secret: "< see vault >" +docker_registry_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}" +management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}" diff --git a/host_vars/dev-management-smardigo-01.yml b/host_vars/dev-management-smardigo-01.yml deleted file mode 100644 index ddb8ea4..0000000 --- a/host_vars/dev-management-smardigo-01.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -hetzner_server_type: cpx21 - -connect_workflow_env: "stage:{{ stage }}" -connect_elastic_prefix: "dev_management_smardigo_connect" -connect_postgres_database: "dev_management_smardigo_connect" -connect_process_search_module: "external" - -current_realm_name: "{{ smardigo_management_oidc_realm }}" -cluster_name: "{{ smardigo_management_oidc_client_id }}" -connect_oidc_client_secret: "{{ smardigo_management_oidc_client_secret }}" -spring_profiles_include: "prod,postgres,elastic,swagger" diff --git a/host_vars/qa-management-smardigo-01.yml b/host_vars/qa-management-smardigo-01.yml deleted file mode 100644 index 0487b2c..0000000 --- a/host_vars/qa-management-smardigo-01.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -hetzner_server_type: cpx21 - -connect_workflow_env: "stage:{{ stage }}" -connect_elastic_prefix: "qa_management_smardigo_connect" -connect_postgres_database: "qa_management_smardigo_connect" -connect_process_search_module: "external" - -current_realm_name: "{{ smardigo_management_oidc_realm }}" -cluster_name: "{{ smardigo_management_oidc_client_id }}" -connect_oidc_client_secret: "{{ smardigo_management_oidc_client_secret }}" -spring_profiles_include: "prod,postgres,elastic,swagger" diff --git a/roles/_digitalocean/tasks/_remove_dns.yml b/roles/_digitalocean/tasks/_remove_dns.yml index 8cde1d1..b820462 100644 --- a/roles/_digitalocean/tasks/_remove_dns.yml +++ b/roles/_digitalocean/tasks/_remove_dns.yml @@ -38,7 +38,7 @@ become: false tags: - update_dns - + - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>" uri: method: DELETE diff --git a/roles/_digitalocean/tasks/domain.yml b/roles/_digitalocean/tasks/domain.yml index 37ac373..71d6583 100644 --- a/roles/_digitalocean/tasks/domain.yml +++ b/roles/_digitalocean/tasks/domain.yml @@ -1,6 +1,61 @@ --- -- name: Create DNS entry for <{{ record_name }}> if necessary +- name: "Read DNS entry for {{ record_name }}.{{ domain }} from digitalocean" + uri: + url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records?name={{ record_name }}.{{ domain }}" + headers: + accept: application/json + authorization: Bearer {{ digitalocean_authentication_token }} + return_content: yes + register: domain_records_response + delegate_to: 127.0.0.1 + become: false + tags: + - update_dns + +- name: "Save DNS entry as variable (fact)" + set_fact: + domain_records_response_json: "{{ domain_records_response.json }}" + delegate_to: 127.0.0.1 + become: false + tags: + - update_dns + +- name: "Parse DNS entry for {{ record_name }}.{{ domain }}" + set_fact: + domain_record: "{{ domain_records_response_json.domain_records | json_query(jmesquery) | first | default({'name': '-', 'ip': '-'}) }}" + vars: + jmesquery: '[*].{id: id, name: name, ip: data}' + delegate_to: 127.0.0.1 + become: false + tags: + - update_dns + +- name: "Print DNS entry for {{ record_name }}.{{ domain }}" + debug: + msg: "{{ domain_record }}" + delegate_to: 127.0.0.1 + become: false + tags: + - update_dns + +- name: "Delete DNS entry for <{{ record_data }}:{{ record_name }}> if necessary" + uri: + method: DELETE + url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records/{{ domain_record.id }}" + headers: + authorization: Bearer {{ digitalocean_authentication_token }} + return_content: yes + status_code: 204 + when: + domain_record.ip != '-' + and record_data != domain_record.ip + delegate_to: 127.0.0.1 + become: false + tags: + - update_dns + +- name: "Create DNS entry for <{{ record_name }}> if necessary" uri: method: POST url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records" diff --git a/roles/awx/tasks/awx-config-get-typ-id.yml b/roles/awx/tasks/awx-config-get-typ-id.yml index dea304f..1e4afb7 100644 --- a/roles/awx/tasks/awx-config-get-typ-id.yml +++ b/roles/awx/tasks/awx-config-get-typ-id.yml @@ -30,6 +30,7 @@ debug: msg: "{{ awx_type_info_json }}" delegate_to: 127.0.0.1 + become: false when: - debug tags: @@ -48,6 +49,7 @@ debug: msg: "{{ awx_type_id }}" delegate_to: 127.0.0.1 + become: false when: - debug tags: diff --git a/roles/awx/tasks/awx-config-job-template-credential.yml b/roles/awx/tasks/awx-config-job-template-credential.yml index 066e511..ba4e58f 100644 --- a/roles/awx/tasks/awx-config-job-template-credential.yml +++ b/roles/awx/tasks/awx-config-job-template-credential.yml @@ -29,6 +29,7 @@ debug: msg: "{{ awx_job_template_info_json }}" delegate_to: 127.0.0.1 + become: false when: - debug tags: @@ -47,6 +48,7 @@ debug: msg: "{{ awx_type_id }}" delegate_to: 127.0.0.1 + become: false when: - debug - awx_type_id is defined diff --git a/roles/awx/tasks/awx-config.yml b/roles/awx/tasks/awx-config.yml index 70f1c2b..7c9f8db 100644 --- a/roles/awx/tasks/awx-config.yml +++ b/roles/awx/tasks/awx-config.yml @@ -12,6 +12,7 @@ debug: msg: "{{ ansible_ssh_key_private }}" delegate_to: 127.0.0.1 + become: false when: - debug tags: diff --git a/roles/connect/tasks/main.yml b/roles/connect/tasks/main.yml index ad285c5..7aa7fcb 100644 --- a/roles/connect/tasks/main.yml +++ b/roles/connect/tasks/main.yml @@ -56,9 +56,9 @@ name: _deploy tasks_from: templates vars: - current_config: "elastic-certs/{{ stage}}-certs" + current_config: "elastic-certs/{{ stage}}-certs/ca" current_base_path: "{{ service_base_path }}" - current_destination: "{{ connect_id }}/certs" + current_destination: "{{ connect_id }}/certs/ca" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" cleanup_destination: "true" diff --git a/roles/connect/vars/main.yml b/roles/connect/vars/main.yml index 8e79887..8d605c7 100644 --- a/roles/connect/vars/main.yml +++ b/roles/connect/vars/main.yml @@ -93,7 +93,7 @@ connect_environment: [ "LOG_LEVEL_WORKFLOW_INDEX: \"{{ connect_loglevel_workflow_index | default('INFO') }}\"", "LOG_LEVEL_WORKFLOW_ANALYSIS: \"{{ connect_loglevel_workflow_analysis | default('INFO') }}\"", - "WORKFLOW_ENV: \"{{ connect_workflow_env | default('{}') }}\"", + "WORKFLOW_ENV: \"{{ connect_workflow_env | default('') }}\"", ] connect_docker: { diff --git a/roles/hcloud/tasks/_read_server_infos.yml b/roles/hcloud/tasks/_read_server_infos.yml index 1b1df45..6bacb6d 100644 --- a/roles/hcloud/tasks/_read_server_infos.yml +++ b/roles/hcloud/tasks/_read_server_infos.yml @@ -28,4 +28,4 @@ tags: - update_config when: - - debug \ No newline at end of file + - debug diff --git a/roles/hcloud/tasks/_read_server_names.yml b/roles/hcloud/tasks/_read_server_names.yml index 9dd88d6..f99d1a6 100644 --- a/roles/hcloud/tasks/_read_server_names.yml +++ b/roles/hcloud/tasks/_read_server_names.yml @@ -28,4 +28,4 @@ tags: - update_config when: - - debug \ No newline at end of file + - debug diff --git a/roles/hcloud/tasks/_set_server_state.yml b/roles/hcloud/tasks/_set_server_state.yml index a459402..8f03adb 100644 --- a/roles/hcloud/tasks/_set_server_state.yml +++ b/roles/hcloud/tasks/_set_server_state.yml @@ -11,4 +11,4 @@ location: nbg1 state: "{{ server_state }}" delegate_to: 127.0.0.1 - become: false \ No newline at end of file + become: false diff --git a/roles/hcloud/tasks/configure-firewall.yml b/roles/hcloud/tasks/configure-firewall.yml index b1c7eff..dbf9270 100644 --- a/roles/hcloud/tasks/configure-firewall.yml +++ b/roles/hcloud/tasks/configure-firewall.yml @@ -29,6 +29,7 @@ status_code: 201 when: firewall_records | selectattr("name", "equalto", current_firewall_name) | list | length == 0 delegate_to: 127.0.0.1 + become: false tags: - update_networks @@ -46,5 +47,6 @@ status_code: 200 when: firewall_records | selectattr("name", "equalto", current_firewall_name) | list | length == 1 delegate_to: 127.0.0.1 + become: false tags: - update_networks diff --git a/roles/hetzner-state/tasks/main.yml b/roles/hetzner-state/tasks/main.yml index 1b8b080..93c0a3d 100644 --- a/roles/hetzner-state/tasks/main.yml +++ b/roles/hetzner-state/tasks/main.yml @@ -9,3 +9,4 @@ name: "{{ inventory_hostname }}" state: "{{ hetzner_state }}" delegate_to: 127.0.0.1 + become: false diff --git a/roles/keycloak/tasks/_authenticate.yml b/roles/keycloak/tasks/_authenticate.yml index 4b17cd4..52b0ecf 100644 --- a/roles/keycloak/tasks/_authenticate.yml +++ b/roles/keycloak/tasks/_authenticate.yml @@ -8,6 +8,7 @@ body: 'username={{ keycloak_admin_username }}&password={{ keycloak_admin_password }}&client_id=admin-cli&grant_type=password' register: keycloak_authentication delegate_to: 127.0.0.1 + become: false retries: 5 delay: 5 @@ -18,5 +19,7 @@ - name: "Printing access_token for keycloak server" debug: msg: "{{ access_token }}" + delegate_to: 127.0.0.1 + become: false when: - debug \ No newline at end of file diff --git a/roles/keycloak/tasks/_configure_client.yml b/roles/keycloak/tasks/_configure_client.yml index 5faaf6f..c52562b 100644 --- a/roles/keycloak/tasks/_configure_client.yml +++ b/roles/keycloak/tasks/_configure_client.yml @@ -3,6 +3,8 @@ - name: Print client {{ client_id }} for realm {{ realm_name }} debug: msg: "{{ lookup('template','keycloak-realm-create-client.json.j2') }}" + delegate_to: 127.0.0.1 + become: false when: - debug @@ -18,3 +20,4 @@ changed_when: True when: realm_client_ids | selectattr('clientId', 'equalto', client_id) | list | length == 0 delegate_to: 127.0.0.1 + become: false diff --git a/roles/keycloak/tasks/_configure_realm.yml b/roles/keycloak/tasks/_configure_realm.yml index e64c5cd..46647e6 100644 --- a/roles/keycloak/tasks/_configure_realm.yml +++ b/roles/keycloak/tasks/_configure_realm.yml @@ -9,20 +9,27 @@ status_code: [200] register: realms delegate_to: 127.0.0.1 + become: false - name: Save realms as variable (fact) set_fact: realms_json: "{{ realms.json }}" + delegate_to: 127.0.0.1 + become: false - name: Read realm ids set_fact: realm_ids: "{{ realms_json | json_query(jmesquery) }}" vars: jmesquery: '[*].id' + delegate_to: 127.0.0.1 + become: false - name: "Printing realm ids" debug: msg: "{{ realm_ids }}" + delegate_to: 127.0.0.1 + become: false when: - debug @@ -37,6 +44,7 @@ status_code: [201] when: current_realm_name not in realm_ids delegate_to: 127.0.0.1 + become: false - name: Read clients from realm {{ current_realm_name }} uri: @@ -47,20 +55,27 @@ status_code: [200] register: realm_clients delegate_to: 127.0.0.1 + become: false - name: Save clients from realm as variable (fact) set_fact: realm_clients_json: "{{ realm_clients.json }}" + delegate_to: 127.0.0.1 + become: false - name: "Save client ids from realm {{ current_realm_name }}" set_fact: realm_client_ids: "{{ realm_clients_json | json_query(jmesquery) }}" vars: jmesquery: '[*].{id: id, clientId: clientId}' + delegate_to: 127.0.0.1 + become: false - name: "Printing client ids from realm {{ current_realm_name }}" debug: msg: "{{ realm_client_ids }}" + delegate_to: 127.0.0.1 + become: false when: - debug diff --git a/roles/keycloak/tasks/_configure_realm_admin_users.yml b/roles/keycloak/tasks/_configure_realm_admin_users.yml new file mode 100644 index 0000000..8aceaf2 --- /dev/null +++ b/roles/keycloak/tasks/_configure_realm_admin_users.yml @@ -0,0 +1,109 @@ +--- + +- name: "Reading users of realm {{ current_realm_name }}" + uri: + url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users" + method: GET + headers: + Authorization: "Bearer {{ access_token}} " + status_code: [200] + register: realm_users + delegate_to: 127.0.0.1 + become: false + +- name: "Saving users of realm {{ current_realm_name }} as variable (fact)" + set_fact: + realm_users_json: "{{ realm_users.json }}" + delegate_to: 127.0.0.1 + become: false + +- name: "Reading realm admin user id for <{{ current_realm_admin_user.username }}>" + set_fact: + realm_admin_user_id: "{{ realm_users_json | json_query(jmesquery) | first | default('None') }}" + vars: + jmesquery: "[?username==`{{ current_realm_admin_user.username }}`].id" + delegate_to: 127.0.0.1 + become: false + +- name: "Printing realm admin user id for <{{ current_realm_admin_user.username }}>" + debug: + msg: "{{ realm_admin_user_id }}" + delegate_to: 127.0.0.1 + become: false + when: + - debug + +- name: "Reading realm clients" + uri: + url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients" + method: GET + headers: + Authorization: "Bearer {{ access_token}} " + status_code: [200] + register: realm_clients + delegate_to: 127.0.0.1 + become: false + +- name: "Saving clients of realm {{ current_realm_name }} as variable (fact)" + set_fact: + realm_clients_json: "{{ realm_clients.json }}" + delegate_to: 127.0.0.1 + become: false + +- name: "Reading realm management client id" + set_fact: + realm_management_client_id: "{{ realm_clients_json | json_query(jmesquery) | first | default('None') }}" + vars: + jmesquery: "[?clientId=='realm-management'].id" + delegate_to: 127.0.0.1 + become: false + +- name: "Printing realm management client id" + debug: + msg: "{{ realm_management_client_id }}" + delegate_to: 127.0.0.1 + become: false + when: + - debug + +- name: "Reading available role mappings for realm management client" + uri: + url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}/available" + method: GET + headers: + Authorization: "Bearer {{ access_token}} " + status_code: [200] + register: realm_admin_user_client_available_roles_response + delegate_to: 127.0.0.1 + become: false + +- name: "Reading realm admin role id for management client" + set_fact: + realm_admin_role_id: "{{ realm_admin_user_client_available_roles_response.json | json_query(jmesquery) | first | default('None') }}" + vars: + jmesquery: "[?name=='realm-admin'].id" + delegate_to: 127.0.0.1 + become: false + +- name: "Printing realm admin role id for management client" + debug: + msg: "{{ realm_admin_role_id }}" + delegate_to: 127.0.0.1 + become: false + when: + - debug + +- name: "Adding realm admin role to user {{ realm_admin_user_id }}" + uri: + url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}" + method: POST + body_format: json + body: "{{ lookup('template','keycloak-become-realm-admin-user.json.j2') }}" + headers: + Content-Type: "application/json" + Authorization: "Bearer {{ access_token }}" + status_code: [204] + changed_when: True + when: realm_admin_role_id != 'None' + delegate_to: 127.0.0.1 + become: false diff --git a/roles/keycloak/tasks/_create_realm_admin.yml b/roles/keycloak/tasks/_create_realm_admin.yml index 5bd1d52..161bdb5 100644 --- a/roles/keycloak/tasks/_create_realm_admin.yml +++ b/roles/keycloak/tasks/_create_realm_admin.yml @@ -8,26 +8,35 @@ status_code: [200] register: realm_users delegate_to: 127.0.0.1 + become: false - name: "Printing realm users" debug: msg: "{{ realm_users }}" + delegate_to: 127.0.0.1 + become: false when: - debug - name: "Saving users of realm {{ current_realm_name }} as variable (fact)" set_fact: realm_users_json: "{{ realm_users.json }}" + delegate_to: 127.0.0.1 + become: false - name: "Reading user ids of realm {{ current_realm_name }}" set_fact: realm_user_usernames: "{{ realm_users_json | json_query(jmesquery) }}" vars: jmesquery: '[*].username' + delegate_to: 127.0.0.1 + become: false - name: "Printing usernames of realm {{ current_realm_name }}" debug: msg: "{{ realm_user_usernames }}" + delegate_to: 127.0.0.1 + become: false when: - debug @@ -41,102 +50,16 @@ Content-Type: "application/json" Authorization: "Bearer {{ access_token }}" status_code: [201] - with_items: [ - { - "username": "{{ connect_realm_admin_username }}", - "password": "{{ connect_realm_admin_password }}", - } - ] + with_items: "{{ current_realm_admin_users }}" when: current_realm_user.username not in realm_user_usernames changed_when: True loop_control: loop_var: current_realm_user delegate_to: 127.0.0.1 - -- name: "Reading users of realm {{ current_realm_name }}" - uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users" - method: GET - headers: - Authorization: "Bearer {{ access_token}} " - status_code: [200] - register: realm_users - delegate_to: 127.0.0.1 - -- name: "Saving users of realm {{ current_realm_name }} as variable (fact)" - set_fact: - realm_users_json: "{{ realm_users.json }}" - -- name: "Reading realm admin user id" - set_fact: - realm_admin_user_id: "{{ realm_users_json | json_query(jmesquery) | first | default('None') }}" - vars: - jmesquery: "[?username==`{{ connect_realm_admin_username }}`].id" - -- name: "Printing realm admin user id" - debug: - msg: "{{ realm_admin_user_id }}" - when: - - debug - -- name: "Reading realm clients" - uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients" - method: GET - headers: - Authorization: "Bearer {{ access_token}} " - status_code: [200] - register: realm_clients - delegate_to: 127.0.0.1 + become: false -- name: "Saving clients of realm {{ current_realm_name }} as variable (fact)" - set_fact: - realm_clients_json: "{{ realm_clients.json }}" - -- name: "Reading realm management client id" - set_fact: - realm_management_client_id: "{{ realm_clients_json | json_query(jmesquery) | first | default('None') }}" - vars: - jmesquery: "[?clientId=='realm-management'].id" - -- name: "Printing realm management client id" - debug: - msg: "{{ realm_management_client_id }}" - when: - - debug - -- name: "Reading available role mappings for realm management client" - uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}/available" - method: GET - headers: - Authorization: "Bearer {{ access_token}} " - status_code: [200] - register: realm_admin_user_client_available_roles_response - delegate_to: 127.0.0.1 - -- name: "Reading realm admin role id for management client" - set_fact: - realm_admin_role_id: "{{ realm_admin_user_client_available_roles_response.json | json_query(jmesquery) | first | default('None') }}" - vars: - jmesquery: "[?name=='realm-admin'].id" - -- name: "Printing realm admin role id for management client" - debug: - msg: "{{ realm_admin_role_id }}" - when: - - debug - -- name: "Adding realm admin role to user {{ realm_admin_user_id }}" - uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}" - method: POST - body_format: json - body: "{{ lookup('template','keycloak-become-realm-admin-user.json.j2') }}" - headers: - Content-Type: "application/json" - Authorization: "Bearer {{ access_token }}" - status_code: [204] - changed_when: True - when: realm_admin_role_id != 'None' - delegate_to: 127.0.0.1 +- name: "Adding admin users from realm {{ current_realm_name }}" + include_tasks: _configure_realm_admin_users.yml + with_items: "{{ current_realm_admin_users }}" + loop_control: + loop_var: current_realm_admin_user diff --git a/roles/keycloak/tasks/_create_realm_users.yml b/roles/keycloak/tasks/_create_realm_users.yml index f1256b6..c645a3c 100644 --- a/roles/keycloak/tasks/_create_realm_users.yml +++ b/roles/keycloak/tasks/_create_realm_users.yml @@ -9,26 +9,35 @@ status_code: [200] register: realm_users delegate_to: 127.0.0.1 + become: false - name: "Printing realm users" debug: msg: "{{ realm_users }}" + delegate_to: 127.0.0.1 + become: false when: - debug - name: "Saving users of realm {{ current_realm_name }} as variable (fact)" set_fact: realm_users_json: "{{ realm_users.json }}" + delegate_to: 127.0.0.1 + become: false - name: "Reading user ids of realm {{ current_realm_name }}" set_fact: realm_user_usernames: "{{ realm_users_json | json_query(jmesquery) }}" vars: jmesquery: '[*].username' + delegate_to: 127.0.0.1 + become: false - name: "Printing usernames of realm {{ current_realm_name }}" debug: msg: "{{ realm_user_usernames }}" + delegate_to: 127.0.0.1 + become: false when: - debug @@ -48,3 +57,4 @@ loop_control: loop_var: current_realm_user delegate_to: 127.0.0.1 + become: false diff --git a/roles/management-connect-postgres/defaults/main.yml b/roles/management-connect-postgres/defaults/main.yml deleted file mode 100644 index 67b6ec2..0000000 --- a/roles/management-connect-postgres/defaults/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -postgres_acls: - - name: "{{ management_connect_postgres_database }}" - password: "{{ management_connect_postgres_password }}" - trusted_cidr_entry: "{{ shared_service_network }}" diff --git a/roles/management-connect-postgres/tasks/main.yml b/roles/management-connect-postgres/tasks/main.yml deleted file mode 100644 index 334cbeb..0000000 --- a/roles/management-connect-postgres/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -### tags: - -- name: "Setup postgres for {{ inventory_hostname }}" - include_role: - name: postgres - tasks_from: _postgres-acls diff --git a/roles/management/defaults/main.yml b/roles/management/defaults/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/management/defaults/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/management/handlers/main.yml b/roles/management/handlers/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/management/handlers/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/management/meta/main.yml b/roles/management/meta/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/management/meta/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/management/tasks/main.yaml b/roles/management/tasks/main.yaml new file mode 100644 index 0000000..1c17927 --- /dev/null +++ b/roles/management/tasks/main.yaml @@ -0,0 +1,17 @@ +--- + +### tags: + +- name: "Create database for <{{ inventory_hostname }}> if necessary" + include_role: + name: connect-postgres + vars: + inventory_hostname: "{{ stage }}-postgres-01" + +- name: "Create realm for <{{ inventory_hostname }}> if necessary" + include_role: + name: connect-realm + +- name: "Create connect for <{{ inventory_hostname }}> if necessary" + include_role: + name: connect diff --git a/roles/management/vars/main.yml b/roles/management/vars/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/management/vars/main.yml @@ -0,0 +1 @@ +--- diff --git a/smardigo.yml b/smardigo.yml index 5c2f0cc..84b8429 100644 --- a/smardigo.yml +++ b/smardigo.yml @@ -52,5 +52,5 @@ when: "'iam' in group_names" - role: webdav when: "'webdav' in group_names" - - role: connect - when: "'connect' in group_names" + - role: management + when: "'management' in group_names" diff --git a/smardigo/provisioning/script/create-teams-message.groovy b/smardigo/provisioning/script/create-teams-message.groovy index a45b129..12b424b 100644 --- a/smardigo/provisioning/script/create-teams-message.groovy +++ b/smardigo/provisioning/script/create-teams-message.groovy @@ -1,5 +1,5 @@ -def smardigoUrl = "https://" + cluster.stage + "-management-smardigo-01-connect.smardigo.digital/api/redirect/process/" + contextScopeId + "/dossier/simple-connect/" + contextProcessId -def smardigoMessageUrl = "https://" + cluster.stage + "-management-smardigo-01-connect.smardigo.digital/api/v1/scopes/" + contextScopeId + "/processes/" + contextProcessId + "/messages" +def smardigoUrl = "https://" + cluster.stage + "-management-01-connect.smardigo.digital/api/redirect/process/" + contextScopeId + "/dossier/simple-connect/" + contextProcessId +def smardigoMessageUrl = "https://" + cluster.stage + "-management-01-connect.smardigo.digital/api/v1/scopes/" + contextScopeId + "/processes/" + contextProcessId + "/messages" def message = [:] message["@type"] = "MessageCard" diff --git a/stage-dev b/stage-dev index 9edcaba..603166f 100644 --- a/stage-dev +++ b/stage-dev @@ -2,7 +2,7 @@ dev-awx-01 [connect] -dev-management-smardigo-01 +dev-management-01 [elastic] dev-elastic-stack-elastic-01 @@ -24,6 +24,9 @@ dev-elastic-stack-kibana-01 [logstash] dev-elastic-stack-logstash-01 +[management] +dev-management-01 + [maria] dev-maria-01 @@ -52,6 +55,7 @@ iam keycloak kibana logstash +management maria pgadmin4 postfix diff --git a/stage-qa b/stage-qa index 649bdfb..f4cce40 100644 --- a/stage-qa +++ b/stage-qa @@ -2,7 +2,7 @@ qa-awx-01 [connect] -qa-management-smardigo-01 +dev-management-01 [elastic] qa-elastic-stack-elastic-01 @@ -24,6 +24,9 @@ qa-elastic-stack-kibana-01 [logstash] qa-elastic-stack-logstash-01 +[management] +dev-management-01 + [maria] qa-maria-01 @@ -52,6 +55,7 @@ iam keycloak kibana logstash +management maria pgadmin4 postfix