diff --git a/create-database-backup.yml b/create-database-backup.yml index 8326cd9..781174e 100644 --- a/create-database-backup.yml +++ b/create-database-backup.yml @@ -50,7 +50,7 @@ - "{{ item }}" changed_when: False with_items: "{{ cluster_features }}" - when: item in ['connect', 'management_connect', 'keycloak', 'gitea', 'pdns'] + when: item in ['connect', 'management_connect', 'keycloak', 'gitea'] - name: "Add maria servers to hosts if necessary" add_host: @@ -83,12 +83,6 @@ - role: keycloak_postgres when: "'keycloak' in group_names" -# - role: pdns_admin_postgres -# when: "'pdns' in group_names" - -# - role: pdns_postgres -# when: "'pdns' in group_names" - - role: connect_wordpress_maria when: "'connect_wordpress' in group_names" diff --git a/create-database.yml b/create-database.yml index 841f629..c6d44e7 100644 --- a/create-database.yml +++ b/create-database.yml @@ -4,7 +4,6 @@ # - postgres # - executed on stage specific server: {{ shared_service_postgres_primary }} # - creates databases to work with connect: {{ connect_postgres_database }} -# - creates databases to work with pdns: {{ pdns_postgres_database }} # - creates databases to work with management connect: {{ management_connect_postgres_database }} # - creates databases to work with shared keycloak: {{ keycloak_postgres_database }} # - maria @@ -55,7 +54,7 @@ - "{{ item }}" changed_when: False with_items: "{{ cluster_features }}" - when: item in ['connect', 'management_connect', 'keycloak', 'gitea', 'pdns'] + when: item in ['connect', 'management_connect', 'keycloak', 'gitea'] - name: "Add maria servers to hosts if necessary" add_host: @@ -94,16 +93,6 @@ - role: keycloak_postgres when: "'keycloak' in group_names" - - role: pdns_postgres - vars: - initialize: True - when: "'pdns' in group_names" - - - role: pdns_admin_postgres - vars: - initialize: True - when: "'pdns' in group_names" - - role: connect_wordpress_maria when: "'connect_wordpress' in group_names" diff --git a/group_vars/pdns/plain.yml b/group_vars/pdns/plain.yml deleted file mode 100644 index eb66270..0000000 --- a/group_vars/pdns/plain.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -hetzner_server_type: cx11 -hetzner_server_labels: "stage={{ stage }} service=pdns" - -pdns_id: "{{ inventory_hostname }}-pdns" -pdns_postgres_id: "{{ inventory_hostname }}-postgres-pdns" -pdns_recursor_id: "{{ inventory_hostname }}-recursor-pdns" -pdns_admin_id: "{{ inventory_hostname }}-admin-pdns" -pdns_admin_postgres_id: "{{ inventory_hostname }}-admin-postgres-pdns" -#pdns_api_key: "< see vault >" - -pdns_postgres_host: "{{ shared_service_postgres_primary }}" -pdns_postgres_database: "{{ stage }}_pdns" -pdns_postgres_username: "{{ pdns_postgres_database }}" -pdns_postgres_password: "pdns-postgres-admin" - -pdns_admin_postgres_database: "{{ stage }}_pdns_admin" -pdns_admin_postgres_username: "{{ pdns_admin_postgres_database }}" -pdns_admin_postgres_password: "pdns-admin-postgres-admin" \ No newline at end of file diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml index 023a588..b5dbf9b 100644 --- a/group_vars/stage_dev/plain.yml +++ b/group_vars/stage_dev/plain.yml @@ -11,7 +11,6 @@ shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03" shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain_env }}" shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain_env }}" -shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain_env }}" connect_jwt_enabled: true connect_jwt_secret: "908ae14462d049d3be84964ef379c7c6" diff --git a/group_vars/stage_prodnso/plain.yml b/group_vars/stage_prodnso/plain.yml index f94eabf..03cff67 100644 --- a/group_vars/stage_prodnso/plain.yml +++ b/group_vars/stage_prodnso/plain.yml @@ -8,9 +8,9 @@ shared_service_network: "10.0.0.0/16" shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01" shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02" shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03" + shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain_env }}" shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain_env }}" -shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain_env }}" connect_jwt_enabled: true connect_jwt_secret: "908ae14462d049d3be84964ef379c7c6" diff --git a/group_vars/stage_qa/plain.yml b/group_vars/stage_qa/plain.yml index ce7baf0..9ae83fc 100644 --- a/group_vars/stage_qa/plain.yml +++ b/group_vars/stage_qa/plain.yml @@ -11,7 +11,6 @@ shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03" shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain_env }}" shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain_env }}" -shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain_env }}" connect_jwt_enabled: true connect_jwt_secret: "908ae14462d049d3be84964ef379c7c6" diff --git a/pmci-inventory-database.yml b/pmci-inventory-database.yml index fbb32d2..c19141a 100644 --- a/pmci-inventory-database.yml +++ b/pmci-inventory-database.yml @@ -63,7 +63,7 @@ - "pmci_database_selector" changed_when: False with_items: "{{ ['hcloud'] + ['stage_' + stage ] + [cluster.service] + (cluster.features | default([])) }}" - when: item in ['connect', 'management_connect', 'keycloak', 'gitea', 'pdns'] + when: item in ['connect', 'management_connect', 'keycloak', 'gitea'] - name: "Add maria servers to hosts if necessary" add_host: diff --git a/remove-database.yml b/remove-database.yml index 61eb61e..a1900f2 100644 --- a/remove-database.yml +++ b/remove-database.yml @@ -48,7 +48,7 @@ - "{{ item }}" changed_when: False with_items: "{{ cluster_features }}" - when: item in ['connect', 'management_connect', 'keycloak', 'gitea', 'pdns'] + when: item in ['connect', 'management_connect', 'keycloak', 'gitea'] - name: Add maria servers to hosts if necessary add_host: @@ -88,12 +88,6 @@ - role: keycloak_postgres when: "'keycloak' in group_names" -# - role: pdns_admin_postgres -# when: "'pdns' in group_names" - -# - role: pdns_postgres -# when: "'pdns' in group_names" - - role: connect_wordpress_maria when: "'connect_wordpress' in group_names" diff --git a/roles/pdns/defaults/main.yml b/roles/pdns/defaults/main.yml deleted file mode 100644 index e5dcd2a..0000000 --- a/roles/pdns/defaults/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -pdns_image_name: "{{ shared_service_hostname_harbor }}/smardigo/pdns-authoritative" -pdns_image_version: "1.0.0" - -pdns_recursor_image_name: "{{ shared_service_hostname_harbor }}/smardigo/pdns-recursor" -pdns_recursor_image_version: "1.0.0" - -pdns_admin_image_name: "ngoduykhanh/powerdns-admin" -pdns_admin_image_version: "0.2.4" diff --git a/roles/pdns/handlers/main.yml b/roles/pdns/handlers/main.yml deleted file mode 100644 index 273c648..0000000 --- a/roles/pdns/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Verify resolv.conf - ansible.builtin.lineinfile: - path: /etc/resolv.conf - regexp: '^nameserver 127.0.0.53' - line: nameserver 127.0.0.1 diff --git a/roles/pdns/tasks/main.yml b/roles/pdns/tasks/main.yml deleted file mode 100644 index 48188df..0000000 --- a/roles/pdns/tasks/main.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- - -### tags: -### update_deployment - -- name: "Check if /etc/resolv.conf is link" - stat: - path: "/etc/resolv.conf" - register: link - -- name: "Stopping systemd-resolved if running" - ansible.builtin.systemd: - name: systemd-resolved.service - state: stopped - -- name: "Remove symbolic link to /run/systemd/resolve/stub-resolv.conf" - file: - path: "/etc/resolv.conf" - state: absent - when: link.stat.islnk is defined and link.stat.islnk - -- name: "Copy /run/systemd/resolve/stub-resolv.conf" - ansible.builtin.copy: - src: "/run/systemd/resolve/stub-resolv.conf" - remote_src: true - dest: "/etc/resolv.conf" - owner: root - group: root - mode: '0644' - when: link.stat.islnk is defined and link.stat.islnk - -- name: Adding 8.8.8.8 as fallback to resolv.conf - ansible.builtin.lineinfile: - path: /etc/resolv.conf - regexp: '^nameserver 8\.8\.8\.8' - insertafter: '^nameserver 127\.0\.0.*' - line: nameserver 8.8.8.8 - -- name: "Disabling systemd-resolved if enabled" - ansible.builtin.systemd: - name: systemd-resolved.service - enabled: no - -- name: "Deploying shared service dns to <{{ current_host }}><{{ current_server_ip }}>" - include_role: - name: shared_service - vars: - current_service: "pdns" - current_server_ip : "{{ stage_server_ip }}" - current_dns_entry: "{{ inventory_hostname }}" - current_dns_entries : "{{ pdns_public_dns_entries | default([]) }}" - current_service_id : "{{ pdns_id }}" - current_service_docker : "{{ pdns_docker }}" - -- name: Verify resolv.conf - ansible.builtin.lineinfile: - path: /etc/resolv.conf - regexp: '^nameserver 127\.0\.0.*' - line: nameserver 127.0.0.1 - -- name: "Delete search line if present" - ansible.builtin.lineinfile: - path: /etc/resolv.conf - regexp: '^search *' - state: absent diff --git a/roles/pdns/vars/main.yml b/roles/pdns/vars/main.yml deleted file mode 100644 index 16edb74..0000000 --- a/roles/pdns/vars/main.yml +++ /dev/null @@ -1,133 +0,0 @@ ---- - -pdns_labels: [ - '"traefik.enable=true"', - '"traefik.http.routers.{{ pdns_id }}.service={{ pdns_id }}"', - '"traefik.http.routers.{{ pdns_id }}.rule=Host(`{{ stage_server_domain }}`)"', - '"traefik.http.routers.{{ pdns_id }}.entrypoints=websecure"', - '"traefik.http.routers.{{ pdns_id }}.tls=true"', - '"traefik.http.routers.{{ pdns_id }}.tls.certresolver=letsencrypt"', - '"traefik.http.services.{{ pdns_id }}.loadbalancer.server.port=80"', -] - -pdns_environment: [ - "PDNS_gpgsql_host: \"{{ pdns_postgres_host }}\"", - "PDNS_gpgsql_dbname: \"{{ pdns_postgres_database }}\"", - "PDNS_gpgsql_user: \"{{ pdns_postgres_username }}\"", - "PDNS_gpgsql_password: \"{{ pdns_postgres_password }}\"", - "PDNS_master: \"yes\"", - "PDNS_api: \"yes\"", - "PDNS_api_key: \"{{ pdns_api_key }}\"", - "PDNS_webserver: \"yes\"", - "PDNS_webserver_address: \"0.0.0.0\"", - "PDNS_webserver_allow_from: \"172.6.0.0/16,0.0.0.0\"", - "PDNS_version_string: \"anonymous\"", - "PDNS_default_ttl: \"1500\"", -] - -pdns_admin_environment: [ - "SQLALCHEMY_DATABASE_URI: \"postgresql://{{ pdns_admin_postgres_username }}:{{ pdns_admin_postgres_password }}@{{ pdns_postgres_host }}/{{ pdns_admin_postgres_database }}\"", -] - -pdns_recursor_environment: [ - "PDNS_forward-zones: \"smardigo.digital=172.6.0.20\"", -] - -pdns_docker: { - networks: [ - { - name: front-tier, - external: true - }, - { - name: pdns, - ipams: [ - { - subnet: 172.6.0.0/16, - gateway: 172.6.0.1 - } - ] - }, - ], - services: [ - { - name: "{{ pdns_id }}", - image_name: "{{ pdns_image_name }}", - image_version: "{{ pdns_image_version }}", - restart: "{{ pdns_service_restart | default('always') }}", - environment: "{{ pdns_environment + ( pdns_environment_additional | default([])) }}", - volumes: [ - '"/etc/timezone:/etc/timezone:ro"', - '"/etc/localtime:/etc/localtime:ro"', - ], - networks: [ - { - name: "pdns", - aliases: "pdns", - ipv4_address: "172.6.0.20", - }, - ], - ports: [ - { - external: "8081", - internal: "8081", - }, - ], - extra_hosts: [ - { - hostname: "{{ pdns_postgres_host }}", - ip: "{{ shared_service_pg_master_ip }}" - - }, - { - hostname: "ns1.smardigo.digital", - ip: "172.6.0.20" - } - ], - }, - { - name: "{{ pdns_admin_id }}", - image_name: "{{ pdns_admin_image_name }}", - image_version: "{{ pdns_admin_image_version }}", - labels: "{{ pdns_labels + ( pdns_labels_additional | default([])) }}", - environment: "{{ pdns_admin_environment + ( pdns_admin_environment_additional | default([])) }}", - volumes: [ - '"/etc/timezone:/etc/timezone:ro"', - '"/etc/localtime:/etc/localtime:ro"', - ], - networks: [ - '"pdns"', - '"front-tier"', - ], - extra_hosts: [ - { - hostname: "{{ pdns_postgres_host }}", - ip: "{{ shared_service_pg_master_ip }}" - } - ], - }, - { - name: "{{ pdns_recursor_id }}", - image_name: "{{ pdns_recursor_image_name }}", - image_version: "{{ pdns_recursor_image_version }}", - environment: "{{ pdns_recursor_environment + ( pdns_recursor_environment_additional | default([])) }}", - volumes: [ - '"/etc/timezone:/etc/timezone:ro"', - '"/etc/localtime:/etc/localtime:ro"', - ], - ports: [ - { - external: "53", - internal: "53/tcp", - }, - { - external: "53", - internal: "53/udp", - }, - ], - networks: [ - '"pdns"', - ] - } - ], -} diff --git a/roles/pdns_admin_postgres/defaults/main.yml b/roles/pdns_admin_postgres/defaults/main.yml deleted file mode 100644 index 1c53a39..0000000 --- a/roles/pdns_admin_postgres/defaults/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -postgres_acls: - - name: "{{ pdns_admin_postgres_database }}" - password: "{{ pdns_admin_postgres_password }}" - trusted_cidr_entry: "{{ shared_service_network }}" diff --git a/roles/pdns_admin_postgres/tasks/main.yml b/roles/pdns_admin_postgres/tasks/main.yml deleted file mode 100644 index 42c1142..0000000 --- a/roles/pdns_admin_postgres/tasks/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -### tags: - -- name: "Updating database on {{ inventory_hostname }}" - include_role: - name: postgres - tasks_from: _update_database_state - when: - - database_backup_state is not defined - -- name: "Creating/Restoring database backup on {{ inventory_hostname }}" - include_role: - name: postgres - tasks_from: _create_database_backup.yml - when: - - database_backup_state is defined - - database_backup_state in ['dump', 'restore'] diff --git a/roles/pdns_postgres/defaults/main.yml b/roles/pdns_postgres/defaults/main.yml deleted file mode 100644 index ad17e6d..0000000 --- a/roles/pdns_postgres/defaults/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -postgres_acls: - - name: "{{ pdns_postgres_database }}" - password: "{{ pdns_postgres_password }}" - trusted_cidr_entry: "{{ shared_service_network }}" - -initialize: False diff --git a/roles/pdns_postgres/tasks/create-requirements.yml b/roles/pdns_postgres/tasks/create-requirements.yml deleted file mode 100644 index 2099cb5..0000000 --- a/roles/pdns_postgres/tasks/create-requirements.yml +++ /dev/null @@ -1,41 +0,0 @@ -- name: "Check if domain table in {{ pdns_postgres_database }} exist" - postgresql_query: - db: "{{ pdns_postgres_database }}" - login_host: "{{ pdns_postgres_host }}" - login_password: "{{ pdns_postgres_password }}" - login_user: "{{ pdns_postgres_username }}" - query: "SELECT EXISTS (SELECT FROM information_schema.tables WHERE table_schema='public' AND table_name='domains');" - register: result - -- name: "Convert the SELECT result" - set_fact: - converted_result: "{{ result | from_yaml }}" - -- name: "Set variable" - set_fact: - domain_table_exist: "{{ item.exists }}" - with_items: "{{ converted_result.query_result }}" - -- name: "Copy SQL script" - copy: - src: "{{ playbook_dir }}/templates/pdns/schema.pgsql.sql" - dest: /tmp/schema.pgsql.sql - mode: '0644' - when: - - not domain_table_exist - -- name: "Run queries from SQL script" - postgresql_query: - db: "{{ pdns_postgres_database }}" - login_host: "{{ pdns_postgres_host }}" - login_password: "{{ pdns_postgres_password }}" - login_user: "{{ pdns_postgres_username }}" - as_single_query: yes - path_to_script: /tmp/schema.pgsql.sql - when: - - not domain_table_exist - -- name: "Remove SQL script if present" - file: - path: /tmp/schema.pgsql.sql - state: absent diff --git a/roles/pdns_postgres/tasks/main.yml b/roles/pdns_postgres/tasks/main.yml deleted file mode 100644 index adab1da..0000000 --- a/roles/pdns_postgres/tasks/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- - -### tags: - -- name: "Updating database on {{ inventory_hostname }}" - include_role: - name: postgres - tasks_from: _update_database_state - when: - - database_backup_state is not defined - -- name: "Creating/Restoring database backup on {{ inventory_hostname }}" - include_role: - name: postgres - tasks_from: _create_database_backup.yml - when: - - database_backup_state is defined - - database_backup_state in ['dump', 'restore'] - -# TODO shouldn't be here? -- name: "Install python3-psycopg2 if not present" - apt: - name: python3-psycopg2 - state: present - -# TODO shouldn't be here? -- name: Include Create Requirements - include_tasks: create-requirements.yml - when: initialize diff --git a/smardigo.yml b/smardigo.yml index 6ea30c8..dcb28eb 100644 --- a/smardigo.yml +++ b/smardigo.yml @@ -58,9 +58,6 @@ - role: management when: "'management' in group_names" - - role: pdns - when: "'pdns' in group_names" - - role: backup when: "'backup' in group_names" @@ -72,7 +69,3 @@ - role: connect_compact when: "'connect_compact' in group_names" - -# just for certificate updates - do not run without -t update_certs -# - role: connect -# when: "'connect' in group_names" diff --git a/stage-dev b/stage-dev index eb9a228..6cf5a9a 100644 --- a/stage-dev +++ b/stage-dev @@ -34,9 +34,6 @@ dev-management-01 [maria] dev-maria-01 -[pdns] -#dev-pdns-01 - [pgadmin4] dev-pgadmin4-01 @@ -98,7 +95,6 @@ kibana logstash management maria -pdns pgadmin4 postfix postgres diff --git a/stage-prodnso b/stage-prodnso index 47cd912..8950b36 100644 --- a/stage-prodnso +++ b/stage-prodnso @@ -4,9 +4,6 @@ prodnso-backup-01 [connect] prodnso-management-01 -[pdns] -#prodnso-pdns-01 - [elastic] prodnso-elastic-stack-elastic-01 prodnso-elastic-stack-elastic-02 @@ -98,7 +95,6 @@ kibana logstash management maria -pdns pgadmin4 postfix postgres diff --git a/stage-qa b/stage-qa index 0462166..2c410d3 100644 --- a/stage-qa +++ b/stage-qa @@ -4,9 +4,6 @@ qa-backup-01 [connect] qa-management-01 -[pdns] -#qa-pdns-01 - [elastic] qa-elastic-stack-elastic-01 qa-elastic-stack-elastic-02 @@ -87,7 +84,6 @@ kube_node backup connect elastic -pdns gitea harbor iam