gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

DEV-319: feat: split dev/qa into own hetzner projects

Browse Source
master
Ketelsen, Sven 4 years ago
parent b24ab2e823
commit 5d604700dd
73 changed files with 1404 additions and 1671 deletions
Show Stats Download Patch File Download Diff File

2
.gitmodules vendored
Unescape Escape View File

@ -1,4 +1,4 @@
[submodule "kubespray"]
path = kubespray
url = https://github.com/kubernetes-sigs/kubespray.git
branch = v2.17.1
branch = v2.18.0

7
README.md
Unescape Escape View File

@ -98,10 +98,3 @@ IPFire
Prometheus (Grafana)
docker exec -i dev-prometheus-01-grafana sh -c 'grafana-cli plugins install grafana-piechart-panel'
docker restart dev-prometheus-01-grafana
AWX
-> /etc/kubernetes/k9s
wget https://github.com/derailed/k9s/releases/download/v0.24.14/k9s_Linux_x86_64.tar.gz
tar -xzf k9s_*.tar.gz -C .
ln -s /etc/kubernetes/k9s/k9s /usr/bin/k9s
kubectl taint nodes --all node-role.kubernetes.io/master-

5
create-database.yml
Unescape Escape View File

@ -82,7 +82,10 @@
pre_tasks:
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
roles:
- role: connect_postgres

5
create-realm.yml
Unescape Escape View File

@ -65,7 +65,10 @@
pre_tasks:
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
roles:
- role: connect_realm

5
create-server.yml
Unescape Escape View File

@ -118,7 +118,10 @@
when: ansible_distribution == "Ubuntu"
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
roles:
- role: ansible-role-docker

5
create-service.yml
Unescape Escape View File

@ -57,7 +57,10 @@
pre_tasks:
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
roles:
- role: connect

4
evil-remove-server.yml
Unescape Escape View File

@ -26,8 +26,10 @@
delegate_to: 127.0.0.1
become: false
pre_tasks:
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always

2
external_monitoring.yml
Unescape Escape View File

@ -29,7 +29,7 @@
port: 9115
proto: tcp
src: "{{ item }}"
loop: "{{ promethues_endpoints_all_stages }}"
loop: "{{ promethues_endpoints_all_stages + ip_whitelist_admins}}"
- name: "Set firewall default policy"
ufw:

5
group_vars/all/plain.yml
Unescape Escape View File

@ -106,7 +106,7 @@ smardigo_plattform_users:
- 'friedrich.goerz'
ip_whitelist_admins:
- "87.150.38.134/32" # sven
- "79.215.10.239/32" # sven
- "212.86.56.112/32" # peter
ip_whitelist:
@ -123,13 +123,12 @@ docker_compose_path: "/usr/bin/docker-compose"
service_base_path: '/etc/smardigo'
# TODO we need a company email addresses
gitea_admin_email: "nso.devops@netgo.de"
lets_encrypt_email: "nso.devops@netgo.de"
docker_admin_email: "nso.devops@netgo.de"
connect_admin_email: "nso.devops@netgo.de"
keycloak_admin_email: "nso.devops@netgo.de"
pgadmin4_admin_email: "nso.devops@netgo.de"
harbor_oidc_admin_email: "nso.devops@netgo.de"
http_port: "80"
https_port: "443"

6
group_vars/k8s_cluster/plain.yml
Unescape Escape View File

@ -9,9 +9,15 @@ kube_network_plugin: calico
kube_proxy_metrics_bind_address: 0.0.0.0:10249
kubelet_preferred_address_types: InternalIP,ExternalIP,Hostname
docker_log_opts: "--log-opt max-size=100m --log-opt max-file=5 --log-opt compress=true"
#TODO https://github.com/kubernetes/kubernetes/pull/59898
containerd_max_container_log_line_size: 51200
helm_enabled: true
#TODO configuration migration needed
#cert_manager_enabled: true
#TODO configuration migration needed
#ingress_nginx_enabled: true
#TODO configuration migration needed
#argocd_enabled: true
#TODO configuration migration needed
#krew_enabled: true

45
group_vars/keycloak/plain.yml
Unescape Escape View File

@ -7,48 +7,3 @@ keycloak_postgres_host: "{{ shared_service_postgres_01_hostname }}"
keycloak_postgres_database: "{{ stage }}_keycloak"
keycloak_postgres_username: "{{ keycloak_postgres_database }}"
keycloak_postgres_password: "keycloak-postgres-admin"
# TODO shouldn't be declared in a static way -> must be stage specific
keycloak: {
realms: [
{
name: 'docker',
display_name: 'docker',
users: [
{
"username": "{{ docker_admin_username }}",
"password": "{{ docker_admin_password }}",
"email": "{{ docker_admin_email }}",
}
],
groups: [
{
"name": "awx",
},
{
"name": "admin",
},
{
"name": "smardigo",
},
],
clients: [
{
clientId: '{{ harbor_oidc_client_id }}',
name: '{{ harbor_oidc_client_id }}',
admin_url: '',
root_url: '',
redirect_uris: '
[
"{{ http_s }}://{{ shared_service_harbor_hostname }}/*",
]',
secret: '{{ harbor_oidc_client_secret }}',
web_origins: '
[
"{{ http_s }}://{{ shared_service_harbor_hostname }}",
]',
}
]
}
]
}

23
group_vars/management/plain.yml
Unescape Escape View File

@ -28,15 +28,13 @@ current_realm_clients: [
clientId: "{{ management_oidc_client_id }}",
admin_url: '',
root_url: '',
redirect_uris: '
[
redirect_uris: [
"{{ http_s }}://{{ connect_base_url }}/*"
]',
],
secret: '{{ management_oidc_client_secret }}',
web_origins: '
[
web_origins: [
"{{ http_s }}://{{ connect_base_url }}"
]',
],
}
]
@ -45,12 +43,11 @@ current_realm_users: [
"username": "{{ management_admin_username }}",
"password": "{{ management_admin_password }}",
"email": "{{ connect_admin_email }}",
"requiredActions": []
}
]
current_realm_admin_users: [
{
"username": "{{ management_realm_admin_username }}",
"password": "{{ management_realm_admin_password }}",
"email": "{{ connect_admin_email }}",
}
]
current_realm_admin_user:
username: "{{ management_realm_admin_username }}"
password: "{{ management_realm_admin_password }}"
email: "{{ connect_admin_email }}"
requiredActions: []

9
group_vars/stage_dev/plain.yml
Unescape Escape View File

@ -260,8 +260,11 @@ elastic_stack_network: {
dev-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}",
}
harbor_oidc_realm: "docker"
harbor_oidc_realm: "harbor"
harbor_oidc_client_id: "harbor"
harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
harbor_oidc_admin_username: "harbor-admin"
harbor_oidc_admin_password: "harbor-admin"
postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'"
@ -302,9 +305,6 @@ pgadmin4_admin_password: "pgadmin-admin"
awx_admin_username: "awx-admin"
awx_admin_password: "awx-admin"
docker_admin_username: "docker-admin"
docker_admin_password: "docker-admin"
management_admin_username: "management-admin"
management_admin_password: "management-admin"
management_realm_admin_username: "management-realm-admin"
@ -338,7 +338,6 @@ argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}"
netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}"
netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"
harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}"
# smardigo automation DEV gpg key

9
group_vars/stage_prodnso/plain.yml
Unescape Escape View File

@ -262,8 +262,11 @@ elastic_stack_network: {
prodnso-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}",
}
harbor_oidc_realm: "docker"
harbor_oidc_realm: "harbor"
harbor_oidc_client_id: "harbor"
harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
harbor_oidc_admin_username: "harbor-admin"
harbor_oidc_admin_password: "{{ harbor_oidc_admin_password_vault }}"
postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'"
@ -304,9 +307,6 @@ pgadmin4_admin_password: "{{ pgadmin4_admin_password_vault }}"
awx_admin_username: "awx-admin"
awx_admin_password: "{{ awx_admin_password_vault }}"
docker_admin_username: "docker-admin"
docker_admin_password: "{{ docker_admin_password_vault }}"
management_admin_username: "management-admin"
management_admin_password: "{{ management_admin_password_vault }}"
management_realm_admin_username: "management-realm-admin"
@ -340,5 +340,4 @@ argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}"
netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}"
netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"
harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}"

550
group_vars/stage_prodnso/vault.yml
Unescape Escape View File

@ -1,276 +1,276 @@
$ANSIBLE_VAULT;1.1;AES256
30353361303861653361316264663262363466643065323837313631363961616439353137323062
3964666238393265383133646462663038653335623462390a313062323831353630343362656639
30356237646361626564363534393335626564653062316639353839613739396131363338343334
6265313839613337660a326263313838326363613535316233373338306430396166313861306333
34636239626435356438316434663832393066373939633239373230306534306362346635323232
37363939666261663634303765653836613737396534646339356230316234303937653063306665
31363637306638386564613562383332366532396237393663636262323937306630616663643835
33336431653365323632393536356639383763323839376662653134313966623066336530323232
35633363323430386436373765316333396632303264653163363635353538653933306431363664
61383035663765306536396464326265353663363131626164613963386434613530656532316664
63623631666636343131366364383434316331636334616231363231623166343832396136376634
36623162623531623538306665393732363766393662616366636566393434393463343439666330
34636663613034313937356263343766633065333837313436626236333565303138373238373065
64323763343432363636383535626461323531316338663139323338653834646566643131346165
33383462613739326231393036616132303530316464333639643633343365373763653562343266
61316138633138356662626634313335363864343566346566306365323766323435626435343636
66353034663833323733656362323733306332613966396633623833323334623666306362643433
36626362336232653539666431383633316364303433343139613063616664333939323635303861
30626538626265363161336336363364663765666565356565663964393830626539623932653833
61393465343563383762336638393861646538616238663362633966633433353264316136356334
33633739346434313964396166633839636462303861303735343735656331643537616131353737
33636134663366623061356432386463373064366163313764313335303434303833333138396236
37353635356361616563646537353632383862393830333362636431383037376661346461343731
34626430636636373038353435316434613730623135636136373032643161613836303765386431
35653931386335663366363839656562336536376235373936623465636466333039656135613339
35376536323738323439336431363864663465663739623831303463306631323066353763323931
37306633613739376139663337366331353939323962336461656363366434313536616465383965
34303262613165316635666165653135313136663035376664363435376362383563616535376661
61633365303565373030376563653463616338616265313238383331636162333163383930643761
39373037356564663234383532396636616162623438373633663537386562346363323235366438
62393462316337646337383732636235613738376466326330346166616164623361363964313635
64326338323336323266353463613062663932616536646639353065366534623961303762363931
61363635656631383538343337363531663131653365633965313961383131393063663865383962
65613132306233643836353636646362663331643839383932346136393739316638656266346163
30393938646263383338366335613838613537333663656139303630303234303165346666616430
39393861333838646332666234383133363837326639633036306563363063336633623634656136
33663864336461363733623531353565326632663236373563616162373566666633633237346363
66616263383833333034663630373464373630386636636331386465633130633735653332376163
38336634363232336331376161333837653335343064333565626164316661646663613365363933
61323438656333326434393032313361363264303635353236353939633262313833613663323639
38356638663362633137613533656432666430373631616537656330383030303733366230386338
65316536393432666663373266646237353839396365373261386663636634333232303334343864
65346336666334623139396533303462663435623365613835323734383863386261346139386230
36383735313832343638343738656334383437653234626532653031663132346130666563653465
38643538666534613439316432366165393464623562333034353234323863393039353634626238
32383035393730663466663866393931363163306231326138383231643239643165323263636431
65653837653531346266336331363563633137323738653531623762393433373831643162313539
37626534313662376631663535356265343166363539653564303931633566356633626166383364
31613638303930346330336634303165663438666634333637636537626436653937666664646138
66353732346566303565623261613536366538623830623430616364386662336130366633346165
34303530636331353633626664383064376532653733636636633039643836386239363366396662
37373436313930356131613131303431326666343434326465336430306563363735363036623936
31613530393130373633303337393161633565326565393966386430613466383737316634303762
38636638326130363131653233333234333431643064333136616131613936336335656237366466
61376433343039323431393865663031623863326463353137346633356238396436343237386263
64336431323835643763313764333233343535643534616465383266353136656538633630323462
32353033386537666635306330626465323630343936633733396262666339396331346136353062
38623336653732653338333435343333313237313031363439363737346263663862373462373132
38316564393738396530663862613235643035646530306131303039366538613238336638346566
62346130393266626537393332656232343164646366373666616466313636323865616632656463
32623264346136633234336435303761653063316634336262383366313632373733366536323439
33373332616639393130336430326237356538616132366536343461353033326633646331366138
37656136303763353735323330376436613035373866656231343830653432393230653935343232
62346435616466653138363961303038313061396530316466643336376337363162623135656334
31666461613638303761353236666563326564376164633438313132343163386138646463376335
63303931646337653664633565366166306237656561306433303735386163316633333030626266
65386131623538663037616164333435336435613564356331663430333665393732633438386535
61633535343931656239353731346637383361306162636463346665663231633738386434386531
38633335616530333632326635393361396166313265653763363065666133393735376239383039
31383831646537333531376631313637306634663864653261313437373939376165613830376236
63623336663131333932643933333962363062646332343262383365376563646139323066346631
61323765393035366532336365396335333466326461313836386437616263336133346130333535
32306664393362366663646536306263376164623130323030326563646231616561613464653565
65626531633966363433363439346564663232353366666632373333343335633534363033663938
36646632663236626164663530356463363436343865663938613232613331393266656638396538
63646533306537616635323365303837373861656339333761653438396664323330396432613530
33333361653735336564623832326334313265356633373332343934623436346361633635383064
64313763303431666262316431626564313561636430616631376237623732663236663132336537
36656133393431333537633263326636313163663732633263396339616134393264383132343636
63383939326563616434626664376337633235366166626432396165323931386539363262343034
66316164376664623166313261373633633430343332636638343133336435336337656564636430
31363736313135353831313938653736623036316633363562333539663862363534613238323761
38613962633734326562643934303761313762353130636566343765306438626135313961653631
30653331333632326461343730613433376366373535663763356664383537613262356664313030
32346464633830303466623337613561313134323637623861653333643333626462626163343761
39323530366266343464366133613238366230363035373833343332333439353032326233653737
64643238613062373938353939363736633239353537663633646334396563343565336335323938
63393465383962363039336163333138376162373537356530393035386233333439663333316436
63363961646437363037333839396163323639363234343031336233323132393362306439336232
38363237346134343466613262396536626234623938356134316366333138306333366237626534
39636634306535313934636261333266626362353030633735643061666136323732653733373835
33303131623236303237653636323365653963363064343633316537653036313634346664373565
35386462376233383335623263666461356637613161616662343934663266616164643561616466
30306531323265383032663636646534383538643436343237393261303930386136613433363335
32343536306331306165393837663136623639303633353038323938353631643136386462303230
35333835343738626237396365306365316265653463653866663237616561353630613161306162
31393334333539373533383339343666376233336363333537363731323738353731303465336462
65613066323431646564623235323532343530316363656231356465366163343838646261393336
33353930663233313338346230353964326361376432343032613865323538313537623161623863
38333334666262656530393932663161303732383461613561393039373765333839323036643237
62653265343939656666313133396137353935333563643930383066326563396530306339626335
38383436666163643639353562646232353138666363323832646230343366346636376261626139
62613063363737366634383065363964613864633638613763373165373833613130313262303864
31633533613531316462623038323464313530646635623461653165663162363036353135633833
38383035333732646531653832373531663238376434653337616237373131663733626663613562
33653234323430343433643632343361633732623661663265343432323763323330353064646436
37303164313633313863643865666463623365653761396336356630346437363866326131623434
39366263303630663364323563343830326534376437373239653561313037653661333532653238
34663536383132373032363733616536663161303033613235343534623664343531386535656664
62346662373366633964613963333962363763626366663138363235366436633637653661633836
61383437633737303331373638396534336139303363356662353538366163623333653637373838
30363262656136396436646165623538326631383862643030366262303234653831626433656166
37643762303037333766326233346239613938343738626137646432333732383161356536366265
37336338313166636162366535623332366631653530626334323234333536373837663933363165
32393132636239306430343031323766306366343534333965346263616432623030646535383136
30653538363965623063303432633332666662663431633464646566623261376465633333613032
39623963633133346161313638623663343130626331373039383362383534353338373565366533
39653530633537643163386632313537616535646431353332326535633835323331396336613764
65336138636332626266346137303566376336313032636431333730396130303533316534373538
32363333313232623335383632336564316138346634646563623932656339393135373266663830
39353733623265653030646232653831613835343262613764316531666339643235653735383838
61353939383563353334316437613136373164663236633036383633373265653434363231363265
31336261303234343861383063386233626232363638313535313137376239303031336139663832
34333365373961313535343664386464613362653361346266616130633632333832663433623930
66616561346337306464353635636666646537666330313161336333306335333162646636323239
65333062333032333938353666386639663261353033663261323761393764653232653838616665
35343138356139393764666637306666623937343539393338373833303165306561373861373433
35313630386661383331336633396333313136323365366163376330623237666164356438653136
65616264343730343261316266316633356262653063636266306637643864353333366330376336
38303333623439646634386536616362376263363738316134653366613564396263363036643862
64383438663361643937356530613034363131303232316338663064383631663336366364303063
62343438353035633763646365343838653835633663386163613136313230636162353330633932
36653465393032343937653964646133376663386264653634616563313363633339653531386136
39316665363537376339316338363335343231653030333864366538303235323736616266616465
65316165643034653837613565363966316233366234636539333430306562633266363562303063
65336530616361363130343233653736356238386233363736623331326466383132336236303539
33613538383438363332326436633361616437373533393738656461633633333661323863653137
33366637643830633939633334613932343936356531373835393930616232623033343861663737
30646634383234653938353062396662323566303962393565323639363365383034306633633738
66633438616536623737343635323564343538363537346130326239376335386266643465383163
65333737643538636439363037626163323733393538313561333738393661373066666538633337
37663161393264356265303035376262336665333433376239333830626132353161386665643963
31653138613139643264353634636639376666336439643064303131373861373666313464623764
39636334383963626137373839633435643132306638316565343134623165333464643032653032
30366432326364376337623363313964396331633833316433666239343639313363616335376532
30366365316632376662376435636332386464663462333938373235323661663662306531373236
35646635363962343635623366336466313435396639393336303761306631663939663362643735
32366663626333663163393830356531366161643064316233393832343238613865646564666335
37323934373361663862316430363735343336343432323561363033643235653638316335353134
39643165346265343564366261366139626166353466313832646336643634623665383862663635
31626633613134616439383366656130396230643764656462363763396663353130373464303532
35646261633936323662373636313933633563313338656334353665323633623331393665333566
39653463353661366362666530373830663938643861386633303137343938646263656636363037
32626231623938656532323466656162666636343738363730663866623963333433393831373636
32343561613162333361626632343130316137353666623336663139373761393262393934373030
37306237623632343233663536363836616431636433356539616534363939623331303165333361
61326264343233356539633435386531623437656462623537303935323633383435633663386333
65666635373564623137656635663636323338643930356133383539333762656664386364356263
37313463303430666338326634366664386561633563376464393738643235303062346564316662
61656666663537366166303737316566313530353030343237373366346563363333363838323263
37313234643437613637623039333366643233323431376534653463646238613133326161663639
64626665346638636239353136386538313336336332613762376337626438636166396431643066
66636532633038643230326334393262366564643063613961353866306531303535646231303335
32366230656231633832333630616562363934303332376562333034353030333537393237656566
33333161326430393930356634383364336665393665616334613438326365356166653561643436
30353737393535353635396131626661653531623863313866653337373434613039323033636630
33303231353566383138383264623736626532313535323963353863613161356238393835316166
63303932643939373465386130643061393638313037623966396562663333336164336339326331
62383233323766383435396164666436356561313937343630646365333239646639343731333330
36343363633130656236336466306638343666343031353437636631343630303937643037636233
66346162356634646363623161386236643265366331363732386165366561393336313039323336
38316332653232643134333430343363653537323965633064313066623635653130613432613931
61363238316434336664653461636432363931333933613038306335353463396136626666313163
33323565383930363632316135353262663864373935646535313838353561376134323130383937
34363736626235613233386634363536323563353363313736346231646131643062636536363032
33636234333935646634363338393166383139363039613164636332353938373436663566343663
37316664386162383862366136313764663232353435373265643435333935343634386536356535
38633937633939653764313065613034316439343837326332316634323634336433316465616538
34616566616334656136303837663138353165623332313230633234616161313962306661333566
36613135343835316361653964383630336161633965396334663632353432666162306166313566
35316630346561313336353166316138396330336637653532383032663432346462663636356632
36383061666134376133616463333965383062383934663763616336303561306461626164633136
61636364323439353531373937333364326432653866303530383636366636396364646537663566
32656330376334363433353734333135373735363739303039623164623064386137623930626466
38663533373662333034373962653661323766653966383336383566363864376233303965393465
63343535646534666234633366323832633830376132613839383264306337323036326261663363
64653035653433343531633230363762313536303232666632643535316539623330383738626432
35343836386533313961666639643930326236343262616462383863396336393161633435633065
30333262363636613931666630623134396363366337633739363963363462363862656132386265
31373862376164343134666235396366313538323837373763663162623634313338373232383030
35376331616439653031666334363639336633306432316334303061373432393439333234613664
64653162633535623931393665333464656530656630363432383533393033313036373062393365
32356331336636383037653630396333623262653232376565643135316162656632346235616665
66336430363837386337316464373263373436666338643661666334313363323638656532356437
61666432356466666634376666373932643939376430643564353835613432346264373138656336
61323834343438363962386432363032333261356665373765383864636466366131386234376437
62306633363435386233303534313034346438393465333963323035363030346430343035393162
31376138343035313666616333646161396464663261366363323165366265343566653362303361
34356636393532396436373466306339316232343933663239623331633534383334336261396464
36346330643261396636383337343038656363386163336533643037313862396435623333313232
37333736303637393465343130306663336165663430313961373438336138393533613034636463
63643966366161313538653063383130303335306439636637306465363030346463373064313630
66303037363538366138363037376365646664626532306237326636636665303862313234363532
65653039343266626438393961626631323032346238356564303431303737623334383032373930
30376263316634343936626134306634616438666264336234376261363237653337613934636532
32613464383265343230643537626334643361336264613232643963386237636130613836363037
32623037373562323031653632363832346235366133663530303439343232353831616461633933
37303565343463623663643565616238636239363764333234303438366262376563343033643465
38363432366135333334646461626163386235666461383861656333376331643838373631653563
35326536366562336332366430613435666164366666313230363431653739393664373565326162
63393433616232356539386566353665643538323434323563393436646437666531623361623762
38393534653537313764613139353761363432643234333164386561323065656132316161666163
34626131376437336562363036396432653637663361373538313334633666376430393562633164
64363931343734323733343639386334353935323139383037323532396637653333663531613465
63316331653930353165633034326638383161326334633066363763363531353833663736636137
35386232353833326132313762613866343836346339376131643430663735363535613734663633
65643035303736316463656663663736666566383534363739623737396530323564326365373432
63643863313362393138376232626434366563316431613135626534633130636264346562656532
36393939323336313235313632386539646133386434623232653332366537396266343462363564
64643438323032656461616365346164343039316264616565313430653930666461656430663438
34626530343163306433313561393435393266346134663865373464356630633166323066346637
36306563666461623563633764316364666332376132376330313766653033616261666331363134
33363630353835346237396639383132353738323534333764306462346462373531326138396632
66653762326231326665323438316536386166326231393838313161396632336135616431346434
31623361373637366133393364383233376436623266386562363237343039663236363066656566
65346563323037643563356538623461663864343662326237366439356161306538303131643862
39633232326165383334353735643364333365316264376661313438396635646630303462646164
37616261326461653935363265356465343063393464373331663066326163333533643130343033
61363639623736643031323165303764323762353137663364393831636163303430333632663932
64313933346538383764373937366464363562366339663832656263616164616634363961626536
37353738643039653332636634373038326130373836306562623466396138316265616531343331
64346535346661323864646535383061356561333932333935393563346534666263626561323434
32366161623631343733623861336539653439333931623439303061326564383263386339623832
33383039666363646165383736323130316563623938306231353238356631656131313739623663
64623365313563343632656166366638663435616633656534383339303938313562333238343330
34306231363438393833613634373738326461306437323331313432663135323037333231393366
34653864376536633337383834383935343761626338303165376336393138363961353039656430
66303266613164393163366632663666373166393335396139353031633865343438636331623137
62636533366431393435323135383332333439346131666235376332653763353833373238386264
36373136663266373733613365313836383937666131313732363963366133363063313533643237
39366462646134333166613465626261653761303131653361323838343966626633313763303632
62353639663030326666643266313262333336333261316333343663653238373662356231383866
30613961346561333062363363636635646162393534616133336463396232346435333538393332
31663230636262636137346131306366626666663161386533303639353639643332303961633735
34316137616238376261393932656134313333616438643533336530383835303961333866376330
66613964343031303362386163393763393837313536383463393265626661363532343932386333
32663761373465643338366165663337356530373536396135346539353632326166633139643038
37303232326332613264396134663865323633306162333266306665343765346564316239306161
64656265346162643034303462323864366666353537376434626135623461663564396632663361
62643635303539353830343035636430646166633535326338316463366538666639613766643033
39346631353435623163633539656331363533303737366438346234376662373331373636613636
36646166633833396437353630643735376166393030356666653962616130623536336536633936
34653137316430333961383737633239323565356137666534333861356238616331616635663761
37393363333833353334656132613961316137663261633834306332363735623439623237616331
64393539646466663238396361333439663633336162386462656566646237333235383833386132
37323661633762333464336464616237353138666333346565313636353038346630333632626231
66626261663961333531336137313066313039363537373364313363326166626361383832363637
33393963313138373934366638656635316664346534316239373634396161306363623736303034
66386163313039623137386665363936646166396661306665623062383263343737336632303039
38363930353536326238363134306533363164386562346231363837633939343635366636663436
63326135396665333539646130386434313036386437346264396534303762613832666134646435
31396364396461303865643064643035666565366331663836663436643164626333353338393335
32666339666431656464373263353332613861646637346230643637376234333762313262376537
66646536393861626365376635336436386235646238326237363834306633323036326666326161
61666663303562363636663065316262333833373432626435646431313866653236643132303639
39303336313061363131346131656439623264636664383962623832313531346562356231356631
34313862613631333438656362613861613239346630373234616334613834343835646565316334
37303332643138396330323337613665353664623166386361316635653164643438343466326634
33343634626634386435636161633534666361623366343237646433633866333031376238383933
64336331383762626638656339306263646363376465326462303431353039646532643136616632
30653333306565623462383235356266643532653565346164373864366537653838636263326436
34353232643836313064306133376434323530613566303032386636363966646138316232313364
33386266316536363330313566623664313738646565363563303231386533386337633462623238
35306162646130613238653437643833396234633066303833363330346564386531393735373864
373837666536633866393537393332316531
35613439643036366262653161636232346233336339346132326466613161343263393632323037
3765626461663264316537306566383338636230613236370a393239616432343131353237646261
39633237333735313464613064373763326266313139366238656637386362376539643438336264
3063633030643630370a643761373766363036363165666139396362323135383332323833393865
34353530353261323338303863313131333362336466356638366635623865366564346164633334
32393830363935336232313466646535623233313939313235656532373239386262323363636337
34643032316666326630373561613865643834623737333263303965613733366430303230303536
32653839666433626363313035646266616362383366656666636137643635313331306431396335
61633238303136363665646533353065373238643863303337663437616666346265326331633038
32613630656264643261616535616534303339646333316537353262366463663663393434333330
61316134353536336266613939353932613532643135383536343539353535393663653139373164
32356237316237646638373863313665306365316361336536653730653631313839633030343735
37633661336432333037656636633530643631396131643364343938316336346665636530366662
36653137353062326434623033383639356630623764653336356139343038313934316436396332
32653633613335333937663233316639623438373633313837646463636363623439666330383232
38313535663832383564363236376664303534393335666562373563376564346233306230613635
66623639323561353831383631363863616233336234666132613939316264303231636537633161
37323064313664393161663339656466616333363533353230646131636139633838366537373637
31303637623462326236303335323562666462616239383239306636356663636337313135376332
30363036306164656433353735333131383336633335323833393966306130613164323931316237
36313362373535616535303161623166323134613662383862656265303632613261356563366630
64303436303038346238666430626335313830396635393631383661323265663966626635356337
33623361333066393232303061313361386634353733386238383266323836373564623239356566
31653834386530353066636233653039663339303432303364313630323231623533313839393666
32626364636538393734623133346430626265346536643431306639386639373036306234623065
65353338303739643561386266356432303362326436373864646330313039643763356634353462
37643764386563393736383633323431323765666562663965366531333735393931653032653730
37353536653832376237303765393862316335656534336466396461626530646163613431376534
36333536373062346662666664646563316162313835343431373165633766386663666464333564
30303136646131313430666330383964623837656534323939666631656234386564626562353232
37616439303761613434623361323534393737653439353565646365616231306565353066656430
38346332363461383864303163656335323237376461353934363930353032343163316661396532
37346430336564323237366261313330316131363166626366643463373830303935333339303239
31353332383361643563623765646236396335656236323131346362373332376438376362656435
64623735333330323930366462306631386466643537363063623865323161313262316235333835
36396636666263616330626565373732323238336465333934396432653661653031333835303939
36333636363564363638353734643439626632623962333037656131613937643062336338316163
33373131653338343835343930613263353035666137393065613061613931303533366435643638
38663431323034383933303166323635656465333935383066353538316332653436393234336433
65376331306365363762643164316439326135393865643438653565616266616534373162376661
32346431333130323533333831613538373533353738306238623064396235343234346531623862
30623162373035363734316130393230646439353461323062303461393232373037373736353337
30656463653837363139636536633735663030333465306565303636323036383566636537633033
62373365643262363661383936353136613032323632323161396161303336333263613735313938
38653733633535646637653337386363316331326135346535333838323331373738333366333738
35343965616236333231646631353536633062323533663134623531303736323864353334373766
63376635346137323632373034656339663530663637323230633361366164366361653735373963
61306633373330376663613236346636323837366161633032336634646239326561643430633334
61643839363530663139623332383832623561633836333264386264626432306333323935663561
32303463663838366434646264623230383239353639613335653261383161383730646334613162
65363430356338343462653131333666346536353264333237303363643737393230646236626363
37346261636165656166313464323931643561323863663064323435363064393866393564393632
32356439316333653230333431383764336565306362326339393332653734383533356633326366
31363237666330363734303261376536336632613664333630386137383830646539666137336664
34653231346639313833623530613531376165343035326539326530386338366138363462613430
63656539626637303932313339323566623332396465343233353261393234393537633631396665
34363964353261303734343530353930326230333166633135653437626666376238613062666339
62386663646231663563323861616564633862326164323638383637333739636434633038653235
33313564393965646333343336343762643362326165323166393066626334646537306438656164
63373834366438326433366236333836386236623937303434643762333532613764663039383235
36323034353064623338663239346431393965646462636633646163623337383865373063333737
30646237366635326532626238313864623732336664323061646435653466643765323064303134
36386266313865366266396166366134383130663536313334383631356132353335303130366366
38363865646337383330316464353439386232393033393034303732373466336237613038356236
31386263643031303265366661306163393161643634353638633535656530333633613363646635
65333439613030393235366437653361303066613035333966313635316234386266366430376664
62343664646661376435633334396261616230303466373934633766343132333966383033306337
32366431653032643531616365663839623432623132643362376538663462656536653530323832
34373936643038616266373932323734396338306364626637366131353861616433656135303963
33626538336438383233646635383164386365616638663565336232376133306434343538663563
64326366626631636231623636653662306365626432326665353037616239616630306137633538
31316133643964366666326465303337343466663064616431376161623133356465366263613337
34643334393534313235363531663066336137306533323630653533353834313466323332363735
62336134373031666135663966646630326431663534386435383536306133353931346361383834
65313339396461643164353639373135333733623334366664396236336531383637646336643935
66353934353063663935313937373230353135363766656134346463623032373733336465303635
35643965653539336230323435396462626437353238393064363934643866306264306231373266
61623537326531383664323830386265613034313632303664633461333137353936363664636264
61336433393134326237636136613766333938323736323831613863313538623137363330353037
63363437393736623261396165373233316163386364613733386632306362376535343937323937
32656431396435393663383063356162646534353831643161373130633135366365313965376131
38323830303133346139636338313837303030376364333034643466336436396432343136303862
33363333346139613636316662353363376433373931356264643734316138323835323430343831
32343438336266323763333432653865366333626533393034376665393032623331316139366464
35636562383962363131356130386139323364346662393434323861633136393534643534663434
39343833616438343233656365646331363863336366396431346161623662646465623363633036
64653439396232616164383538333763636366623463666561636262666562393831373036663333
61336163353133316233353134383830633032386534303533393437333136616563613131643261
36356538633733656631363637656362343732626461383237303664323130646634666562303465
65313337383265316636333837623263643138626237373563383765356563316466383165343435
38316432373433323036363230396231383565616632663737333965313034613136656562383966
65363639346161333738373038323065313638383261626161323738326431643131323064376664
65353964326434313438666536393431393034333537623366656364343534616439396430316562
66313465306563373236396539623931373166306662616565653636303632393435663638626664
37326566353863383230323733313164646561326666353837356235393130363337626361323833
33393639393930653666393862636235353035306238643463643231366434366232396366383665
61323234336534363534306431613331613232626533663736633063313462306666336236666365
36613737623534353162376264626266313730663962663961393061346163656531643362373864
61373032613861656330303964623330376332353463663066613865623931336138306336643437
36616361663461653639616463623462376433303433656361356565356135376362366563373039
64333633653563323039343932353136633664633735613363613834353131386239393133653932
35396437396566656138363339613230353263623330343430346530313330646632613834656233
33646531333536336436343234343235363064386363643837333062623331336439616330333461
35383335396365643037356362346231313737663632306436303136623763346666613735656439
32626261303635653165356236366631616637626165343135336238633164376364303861313033
31646435613639313464323338336237633435393130353466366265306462326632316466643462
64646438353064326161353538626239646463623139626130326438623265623935313035313338
62656431636135636535393133636563353266373336656335373337386435303338326666383862
61353930633632306564373239656330373566363935303663633530616238316139373865616339
39346431383238356434316231633033343937323031656665653738636465643436323335386434
64376165653537383633356237313965646237363435666238336664303139303933363865333630
63636434656661336432643639386664356437653131383830353236313239623965356139633166
63306364663831646365383964663263626265303331373733626466306335333264373438316333
31613963623562336131666537336665306662343331336164623037326633663532656333303235
66366134393431303062356135376339363035333762333965643336363130313433393530393462
64366266363264626161613830643966613461666565306362623033303432323532366438326639
36656461613165383733363761376662313261613632333336323232333932316534613234653230
39646265376364396361376630623763626337386236646463393030356161373163306333386630
63616433306130313065613065366339373863386638363338323337303138626338663861343530
65663631316563306666396335353164343830613635646465663037366238373666303537303338
33333931353362363834303666343932333965646363643061393434646635623637353936343931
35393035623331366230316564353433316463366165643864633334626439643265323432313131
37316161613036333963636538623739666463353466316463653430313938353438613533663464
66616535316437316130613931323332386666306530396361616235343963333065353436633461
32363839336435313639346265663762383530383335313066633865323366393734343638316238
61623038613966613330356132663330376636613837313264613030393832646339373630353637
61326266303733393531383966333765336637333866636433636436653836643334343963383364
39343931663534336363663363313262666264643839326334343261343834663938363038373132
35346564393366383562653862393938343537333162656131623762353830636330323336626363
32376536633539306262386530313464313834303964643230613162393335656565346638373933
61376666343039623965656335663066623136623061306234666664333335306465383834303764
37656164373164653261333236323530653865373831303932323532623234613039623532653963
39363630336262626433313862386464363138643937353433656634323762383336323662333266
62306435316531633962333736376532356435353935356635353665303762393138646261383363
33353062303739363231396232343830623666376462663564346432343439653764386234656337
33373038363462613234356131666165383837396661396461353163383435366133313062623138
39316664376363303335653138656638383133383364336661316166376564346363356462626463
66343135306166323064653562663737656635376639636334393863643432646233376466386238
39333233646231633633623033323139313461366436373362343731376466346664366439316132
32323866383138356261313533666535373038376632303139396266333537336135663064303331
38663731366366313965313362366532383232336333336139646431373739386361626333376464
65353139653661313365396237343233363865333030326361373336326532366334343832373764
37316266356536653862383862646539316436336163623537663163373032633931336566643166
35363134663634383735626135663664303764633338326133613036353830393134323439306565
34333531356335656639393737663366616166313430303637306464353138356437333133626234
63613637656463333437396363376638356530636665646262386637613030613637613534396138
30306364386266616566616565306533343233333663383836613332366136623735623134623338
61316137333761373130383230663039623434316637613161383465346264393762643038646638
62643439323339656265353063343334613462346434306462313339393965336563656662373961
62623163626335626363626562653437616330616130393637353033323865343533386337343933
39636438376266333233343265623330303164666566363666363736326236373231363662613632
63626566396566303839623637303931373139356638633161396239633431333863396639616231
33383161366363356139656463616532383233653763303836636365306436633735353932363861
31633730626461313733393964653433356330323262366434323833383732653065326232393962
61396634616138623135626138623566313531346562663830356635306663363163333537333766
36303264386235653034313934333736383239666431623730323432666432313834633264653631
37646461306462623664303134316633303632636162333938373634636331353336643033623938
66646266393262623062636365366261386565656136323432336636613838656531353964666563
36316262393564313034373261623132333234646164323235316531663638373337613130376364
62616662333365376565383837626566356438653631313235356536643034373434393463303935
31363231626431363465333964323139323830663363653431366334303036373833386333363264
37613134353732313061623734616161316537366162343938313963323735313864663166326237
38663436646535323166643130393966386332323062366333613862613939353733653862616665
65346332363962636536313937313938613335366132613464646162653361323361643766646439
66373137336531306363353532383865613064613333373435616264323635373631363734343166
31623363646566396139313966353539656265353636316133663635633839336333313232313639
33336131623865663764653638663237623831363034396661303534373838376166623836326538
64646236376337313039663335366163353437386333373161383164613666343233373731326164
37316464316139316166663132393466396237366632343263363962613235393137666365303961
64633735646335323438623835353564313334313464306462616436343765333335306365663733
65393530643633373662663762663563376163316562376435396661383739363331663062373166
64663030636561366562363437663438353031393931303563326338643361336338393630316534
35316335646465326464386630663262616335343766633930346466623465366238356365663063
32653931386630336166383431626664343538663565396536646136633935356338386665393230
38333933623237366337336365353935623030623666393837353232616433666632396636316133
33316237393531643131333261313630373338336437306335353932663462353133333235353435
35653432626239633565666365623139636230323263663435343165623634633938376133323039
35663231323563343366306564363830623934646334386461623134623532393534346237323538
35333936333166373037613036346233666239633236393265663065313265636534376561666436
35343035376430663466663535393962313739313763303230653961346566356134633361636532
65353839653435376261626161343531396636333361633431363236616137323863646232376465
31666137653534313439313737376162393765326537643632363338366139313763356363613838
38633932363063643662383930663833346432313135666134633933363466633965316431623539
65626261636666623866633930386537666338313664636264666363333736636437346463323539
65383464346634306230626139303739646566356131333830333865343661666564366131646230
37306665656562653138316333396530393263386166623534393333363565646664656162633161
66303863373236353738383034656531363532666132356166383139666561383464396163353334
66316566383136343230393437323731663761636533643738616463613432656663636430323932
33366432663337316537383735663735316232376335393563306330653535623138346166363763
37326632363162383463353462336663363333613831353466313433366339343635356437653532
31363065393066303433313264656339316265663533316434363233326131326431376263643432
33626133393735313466323465363534376338343162636632656334623964316236613432343066
37663331653935663930623738383131353363393462396130623131326133623934326535656532
33643839626233663361643337393131343438333538396431303766336634303466353037646335
36343536393138303135346662636233313766373961386239393636313838356334643432303935
38333662396333643861396233313332386662376464653337623935663337393762363331303833
31663765633533613561386233356532363031366462333663376139323665336231653533613737
66633765633361323732336330613634643064363731366661303231393631636435616633323538
34393037373064373062643466616561656661356365663336623364366531366234613865336530
31666534636263343761353364306638636230353734346334396435653866613764366362613661
64373962373335356166373165386230323734386133373238306635646637353765633434653538
62333339613132663634656430656564633465353339333063633466376534636339333930616162
32623337393666626334313037336163633332633330643766633031653331646631343566363865
39643537323563366239626130376263623631333935623565316232623335663234636262323761
62323637623064323663393163383562363262303332353738363133623665303535316165383238
62653338316232336663386463396633666663663363653333663239616332656438613664396463
38323762313435346263636437323833656531333765663636363833633636303837396166393539
36303832623436323637373064316535313734643034643033356135303663383264303730313936
32363362386131656536316363663535333133653137373564633939386435633631663032336662
66316565636639343030326263643930326631343033333564636562623532363639653366333139
32333064636666313663643638663765326263666538373765636131346232336637323938656364
30303735613466333434386330626435353833636139613035356639373939633265313833356162
31363764633937653936643136303136343039383830666334623461373335326638346236303536
34643836633032663539613635323433363565326138393930646434653064653339626332396139
30353936316263396461376530333061626635363765373036646265356366343266323961393236
31623334643233623062323633653864343531396461643637333561386534633066393435383766
33633465646530393333656264383639366637623139386361666535323334373866383836303035
65333833333838346363333531643134343865383061333865646435326631653130633333383663
39623634623335363537646531386566666434303533663437643637633466363035663566393665
31643065303263356533343335613161666533303536383762313663323463313332343564623231
39373536336363343938386237633334616533323835363031373436383631356331626238373662
39313564656634663836313936636237643831376433663861366535383364333365623134323662
64363964656137313365333165393935643465326535653537363237643034356535333866646231
33393965393761396336653437623037643833653162626335653832376238363336633430623032
33636335626662663663323034333035373939373665613138323939663766363962303233393636
36306564383961653833626561383361346662313936663336656666326366313530613637613438
31636332656134386531663730326162666436333133653766353861646434633433306138396365
65623032656435663233633239663835323938613533366666393634393831623233613363386536
32623637363363363237383465396430396462343135346135396465303439303033356331353863
63636463343062333437643330373462346466356334366565323466313531343666383338366138
65373838653261316364316664616464626466343937613339363735626531326136376134313362
31666666303139313433353335333263633033363437356563653334366330366632663535363861
31623934666430646663303636323434383263653632396666646532383138346430396332633337
33613862393533313337383931353130313135303833633935376664643265353536366638613561
33626637376639313661643732336662633134353536313432333232333762336165326263323934
30316362613730633730393832663365633164653035326536343163346333653432653663633134
65613832356535376337356331343037373933383232626133373538666538653363313838333065
34356464353662313136316331333034343738323934326638613230336233613637313162633166
66343336383331316335386166323930326565303766376539353462336236353638656133353632
62363432323863306163353866343663353839373935396339373861363831373166376262653934
34376166663262303166303437383937366230366538643666303663303032376666393737623166
38323731346665303536663333656331336662386639346661376462633864656632383338376335
39623964376361396338643037636464313032626363386662303234616437373965303532643639
39396135326239633031386331383463306438666362336636616161623933626233316131353730
33393461386666656565633731303530343338636238666531306263383030653533613931343534
30393032623333666465616330623932383232653033663939636239383566316362353963663763
37633134316164613730316630633864303664626465306566353934636364323539663339636632
64623839313932323239353264643130363764376234656639373366323730313833396561336132
39386462313037376466343031653535343965653631343030323138363535653537336464616264
38346535656365373734363232656530653832383961376530653734336666653339383661613031
31633039393664373931323061636533363433356535623732396339356630353537373362313337
31333935363739303035613038373563303061643863343831663166336635663832356265373239
39653938366434656234613863313533643665336131613735333732323233353431333934353938
37323430623730313239376565373766383662316133646638633830346334353732616366326662
65323363613234376364393838356637643664333563393663656537323162303362323933663666
31333831616631646561363438653534656532326638656364333334306633656665626433343137
65663132373434313432303139393961356237323765656661336462613439356331393032353035
39303231303635353634333937633038626633616634633965623666646232333137623261636139
30646537633933373261633739633333346362346430616161663362343066306161313464343635
31616561643261356633393931626137613034646161336634313435346364373131316234333838
34616637316462346131333439343434646331336637313362346661373835396135333530643337
38393232663734353235363230626262653930393664383362613937396430353130653235383631
34663963663733306333663361653332363036333365646665643165353864643766393930653234
36666462333364363063393831373435363631336565653132366561386137343034666632313162
30646566313133313438396233313532326439366331363432376461366534663062383835373839
65626430306430303039623063353530306262666565373163366236616339353764633639323235
37346336636134326132613836383562323164316666373032363733383063356262376165373637
63626130663335343237303138313261356235323065303637623464613737303533656339313031
66373362353764313834386437306533653665363731623635633665376232656462653361643064
62616363393936643061393039636564356437356136613337653532656337666337316134376333
30336162303833393036623266346161653665356534636634396335663562626231613336313537
33323735636235326362373239643537346630343938366665633837663266393861353030353737
34666436393039663730346638363935316163393562333532666331646130376236666139366333
35363531366665353134303031343632643034363836306135336262306630353763393165303764
323530613234336162356635353634373264

11
group_vars/stage_qa/plain.yml
Unescape Escape View File

@ -260,8 +260,11 @@ elastic_stack_network: {
qa-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}",
}
harbor_oidc_realm: "docker"
harbor_oidc_realm: "harbor"
harbor_oidc_client_id: "harbor"
harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
harbor_oidc_admin_username: "harbor-admin"
harbor_oidc_admin_password: "{{ harbor_oidc_admin_password_vault }}"
postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'"
@ -302,9 +305,6 @@ pgadmin4_admin_password: "{{ pgadmin4_admin_password_vault }}"
awx_admin_username: "awx-admin"
awx_admin_password: "{{ awx_admin_password_vault }}"
docker_admin_username: "docker-admin"
docker_admin_password: "{{ docker_admin_password_vault }}"
management_admin_username: "management-admin"
management_admin_password: "{{ management_admin_password_vault }}"
management_realm_admin_username: "management-realm-admin"
@ -338,9 +338,10 @@ argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}"
netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}"
netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"
harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}"
# smardigo automation QA gpg key
# pub part => https://dev-gitea-01.smardigo.digital/gitea-admin/communication-keys/
gpg_key_smardigo_automation__private: '{{ gpg_key_smardigo_automation__private__vault }}'
hetzner_server_type_kube_node: cpx31

1234
group_vars/stage_qa/vault.yml
View File

File diff suppressed because it is too large Load Diff

5
import-database.yml
Unescape Escape View File

@ -62,7 +62,10 @@
pre_tasks:
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
roles:
- role: import_maria_database

7
info.yml
Unescape Escape View File

@ -12,8 +12,10 @@
- ansible_version.major >= 2
- ansible_version.minor >= 10
msg: "The ansible version has to be at least ({{ ansible_version.full }})"
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
@ -21,14 +23,17 @@
debug:
msg: "{{ ansible_distribution }}"
delegate_to: 127.0.0.1
- name: "Variable <group_names>"
debug:
msg: "{{ group_names }}"
delegate_to: 127.0.0.1
- name: "Printing ip addresses for {{ inventory_hostname }}"
debug:
msg: "{{ stage_server_ip }} / {{ stage_private_server_ip }}"
delegate_to: 127.0.0.1
- name: "Printing stage_server_infos"
debug:
msg: "{{ stage_server_infos }}"

15
kubernetes.yml
Unescape Escape View File

@ -13,19 +13,20 @@
msg: "The ansible version has to be at least ({{ ansible_version.full }})"
delegate_to: 127.0.0.1
become: false
# TODO run only once (> argo-cd uses stage_server_infos)
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
roles:
- { role: kubernetes/base }
- { role: kubernetes/namespace }
# DEV-243 is waiting for hetzner support << Ticket#2021110303010972 RE: Anderes Problem (Server: #15275628) >>
- { role: kubernetes/cloud-controller-manager }
- { role: kubernetes/container-storage-interface }
- { role: kubernetes/cert-manager }
- { role: kubernetes/external-dns }
- { role: kubernetes/ingress-controller }
- { role: kubernetes/apps }
# TODO setup prometheus operator here
- { role: kubernetes/cert-manager } # TODO depends on prometheus
- { role: kubernetes/external-dns } # TODO depends on prometheus
- { role: kubernetes/ingress-controller } # TODO depends on prometheus
- { role: kubernetes/apps } # TODO depends on prometheus (argo-cd)

2
kubespray

@ -1 +1 @@
Subproject commit eeeca4a1d0334efebcf732d08bffc7e10240fc9c
Subproject commit 92f25bf267ffd3393f6caffa588169d3a44a799c

21
patchday.yml
Unescape Escape View File

@ -29,7 +29,7 @@
- name: "Smardigo Patchday: rebooting <{{ inventory_hostname }}>"
ansible.builtin.reboot:
post_reboot_delay: 30
reboot_timeout: 60
reboot_timeout: 300
- name: "Smardigo Patchday: wait_for host after reboot"
delegate_to: localhost
@ -82,7 +82,7 @@
- name: "Smardigo Patchday: rebooting <{{ inventory_hostname }}>"
ansible.builtin.reboot:
post_reboot_delay: 30
reboot_timeout: 60
reboot_timeout: 300
- name: "Smardigo Patchday: wait_for host after reboot"
delegate_to: localhost
@ -124,7 +124,7 @@
- name: "Smardigo Patchday: rebooting <{{ inventory_hostname }}>"
ansible.builtin.reboot:
post_reboot_delay: 30
reboot_timeout: 60
reboot_timeout: 300
- name: "Smardigo Patchday: wait_for host after reboot"
delegate_to: localhost
@ -146,7 +146,10 @@
vars:
k8s_basic_services:
- kubelet
# TODO check if docker or containerd is used
- docker
- containerd
tasks:
# draining the hard way
# due to force( delete static pods) + relative short terminate_grace_period +
@ -169,18 +172,19 @@
name: '{{ item }}'
state: stopped
loop: '{{ k8s_basic_services }}'
ignore_errors: true
- name: "Smardigo Patchday: update pkgs"
ansible.builtin.apt:
upgrade: yes
update_cache: yes
autoremove: yes
autoclean: yes
autoremove: yes
update_cache: yes
upgrade: yes
- name: "Smardigo Patchday: rebooting <{{ inventory_hostname }}>"
ansible.builtin.reboot:
post_reboot_delay: 30
reboot_timeout: 60
reboot_timeout: 300
- name: "Smardigo Patchday: wait_for host after reboot"
delegate_to: localhost
@ -196,13 +200,14 @@
name: '{{ item }}'
state: started
loop: '{{ k8s_basic_services }}'
ignore_errors: true
- name: "Smardigo Patchday: wait for node readiness"
delegate_to: "{{ groups['kube_control_plane'][0] }}"
kubernetes.core.k8s:
kind: Node
state: present
name: '{{ stage_server_ip }}'
name: '{{ inventory_hostname | lower }}'
wait_condition:
reason: KubeletReady
type: Ready

5
remove-database.yml
Unescape Escape View File

@ -75,7 +75,10 @@
pre_tasks:
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
roles:
- role: connect_postgres

5
remove-realm.yml
Unescape Escape View File

@ -65,7 +65,10 @@
pre_tasks:
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
tasks:
- name: "Delete client in realm <{{ current_realm_name }}>"

5
remove-service.yml
Unescape Escape View File

@ -55,7 +55,10 @@
pre_tasks:
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
tasks:
- name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"

12
roles/common/tasks/main.yml
Unescape Escape View File

@ -64,7 +64,7 @@
- users
- name: "Create users"
user:
ansible.builtin.user:
name: '{{ item }}'
groups: '{{ sudo_group }}'
shell: '/bin/bash'
@ -76,6 +76,16 @@
tags:
- users
- name: "Enable passwordless sudo"
ansible.builtin.lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
tags:
- users
# TODO check usage of key_options "no-agent-forwarding, no-agent-forwarding, no-X11-forwarding"
- name: "Set up authorized users"
ansible.posix.authorized_key:

9
roles/connect_realm/defaults/main.yml
Unescape Escape View File

@ -46,9 +46,6 @@ current_realm_users: >-
[{{ current_realm_users_base }}]
{%- endif -%}
current_realm_admin_users: [
{
"username": "{{ connect_realm_admin_username }}",
"password": "{{ connect_realm_admin_password }}",
}
]
current_realm_admin_user:
username: "{{ connect_realm_admin_username }}"
password: "{{ connect_realm_admin_password }}"

9
roles/gitea_realm/defaults/main.yml
Unescape Escape View File

@ -24,9 +24,6 @@ current_realm_users: [
"password": "{{ gitea_admin_password }}",
}
]
current_realm_admin_users: [
{
"username": "{{ gitea_realm_admin_username }}",
"password": "{{ gitea_realm_admin_password }}",
}
]
current_realm_admin_user:
username: "{{ gitea_realm_admin_username }}"
password: "{{ gitea_realm_admin_password }}"

6
roles/harbor/defaults/main.yml
Unescape Escape View File

@ -47,13 +47,15 @@ harbor_base_configuration:
email_insecure: true
auth_mode: oidc_auth
oidc_name: "{{ harbor_oidc_realm }}"
oidc_endpoint: 'https://{{ shared_service_keycloak_hostname }}/auth/realms/docker'
oidc_endpoint: 'https://{{ shared_service_keycloak_hostname }}/auth/realms/{{ harbor_oidc_realm }}'
oidc_client_id: "{{ harbor_oidc_client_id }}"
oidc_client_secret: "{{ harbor_oidc_client_secret }}"
oidc_groups_claim: groups
oidc_scope: openid
oidc_verify_cert: true
oidc_auto_onboard: true
oidc_admin_group: 'admin'
oidc_user_claim: 'sub'
scan_all_policy:
parameter:
daily_time: 0
@ -79,7 +81,7 @@ harbor_projects: []
harbor_robot_tokens:
-
# secret_refresh: True
secret_refresh: true
# token_state: present
name: ansible
level: system

8
roles/harbor/tasks/configure.yml
Unescape Escape View File

@ -1,5 +1,9 @@
---
### tags:
### harbor-configure-base
### harbor-configure-robots
- name: "Check if harbor is up and running"
delegate_to: 127.0.0.1
become: false
@ -20,6 +24,8 @@
include_tasks: configure_base_config.yml
vars:
base_configuration: '{{ harbor_base_configuration }}'
tags:
- harbor-configure-base
args:
apply:
tags:
@ -45,6 +51,8 @@
loop: '{{ harbor_robot_tokens }}'
loop_control:
loop_var: robot_token
tags:
- harbor-configure-robots
- name: "CRUD - scanall schedule"
include_tasks: configure_scanall_schedule.yml

2
roles/harbor/tasks/configure_base_config.yml
Unescape Escape View File

@ -1,5 +1,4 @@
---
- name: "Add harbor base configuration via API"
delegate_to: 127.0.0.1
become: false
@ -18,3 +17,4 @@
delay: 10
retries: 10
until: base_setting.status in [200]
no_log: true

7
roles/harbor/tasks/configure_robot_tokens.yml
Unescape Escape View File

@ -2,21 +2,28 @@
- name: "Initialze VARs"
set_fact:
tok_obj: {}
tags:
- harbor-configure-robots
- name: "DEBUG"
debug:
msg: "DEBUGGING - robot_token: {{ robot_token }}"
when:
- debug
- harbor-configure-robots
- name: "Drop token_state from dict to avoid rejecting object by harbor API due to unknown field"
set_fact:
tok_obj: "{{ tok_obj | combine( { item.key: item.value } ) }}"
when: item.key not in ['token_state']
with_dict: "{{ robot_token }}"
tags:
- harbor-configure-robots
- name:
include_tasks: configure_robot_tokens_crud.yml
vars:
token_state: "{{ robot_token.token_state | default('present') }}"
token_object: "{{ tok_obj }}"
tags:
- harbor-configure-robots

32
roles/harbor/tasks/configure_robot_tokens_crud.yml
Unescape Escape View File

@ -1,7 +1,13 @@
---
### tags:
### harbor-configure-base
- name: "Initialze VARs"
set_fact:
token_object_combined: {}
tags:
- harbor-configure-robots
- name: "Get all robot tokens"
delegate_to: 127.0.0.1
@ -19,6 +25,9 @@
register: all_robot_tokens
delay: 10
retries: 3
no_log: true
tags:
- harbor-configure-robots
- name: "Create robot token"
delegate_to: 127.0.0.1
@ -41,6 +50,8 @@
when:
- all_robot_tokens.json | selectattr('name','contains',token_object.name) | list | length == 0
- token_state == 'present'
tags:
- harbor-configure-robots
- name: "Set VARs if current robot token object already exists"
set_fact:
@ -50,6 +61,8 @@
token_object_dropped: {}
when:
- all_robot_tokens.json | selectattr('name','contains',token_object.name) | list | length == 1
tags:
- harbor-configure-robots
- name: "Refresh the robot secret"
delegate_to: 127.0.0.1
@ -81,6 +94,9 @@
- token_state == 'present'
- token_object.secret_refresh is defined
- token_object.secret_refresh
no_log: true
tags:
- harbor-configure-robots
- name: "Block to Update robot token data"
block:
@ -89,6 +105,8 @@
msg: "DEBUGGING before dropping - combined token_object_combined: {{ token_object_combined }}"
when:
- debug
tags:
- harbor-configure-robots
# unknown param/key in object robot-token will result in errors with harbor API
# therefore we drop $keys from dict
@ -98,6 +116,8 @@
with_dict: "{{ token_object_combined }}"
when:
- item.key not in ['secret','secret_refresh']
tags:
- harbor-configure-robots
# harbor API behaviour:
# in case of initial creation for robot token objects, harbor creates a name for this
@ -113,10 +133,15 @@
set_fact:
robot_token_name_cleaned:
name: 'robot${{ token_object_dropped.name }}'
tags:
- harbor-configure-robots
# part 2: override name with new defined name of object
- name: "Set fact"
set_fact:
token_object_finished: '{{ token_object_dropped | combine(robot_token_name_cleaned, recursive=True) }}'
tags:
- harbor-configure-robots
- name: "DEBUG"
debug:
@ -152,11 +177,16 @@
delay: 10
retries: 3
until: update.status in [200]
no_log: true
tags:
- harbor-configure-robots
# when - part of BLOCK-statement
when:
- all_robot_tokens.json | selectattr('name','contains',token_object.name) | list | length == 1
- token_state == 'present'
tags:
- harbor-configure-robots
# end of BLOCK to Update robot token data
- name: "Delete robot token"

18
roles/harbor/tasks/main.yml
Unescape Escape View File

@ -1,15 +1,19 @@
---
- name: "Create realm for <{{ inventory_hostname }}> if necessary"
include_role:
name: harbor_realm
vars:
current_realm_name: "harbor"
current_realm_display_name: "harbor"
tags:
- always
- name: "Install harbor"
include_tasks: install.yml
args:
apply:
tags:
- harbor-install
- name: "Configure harbor"
include_tasks: configure.yml
args:
apply:
tags:
- harbor-configure
- harbor-configure-base
- harbor-configure-robots

59
roles/harbor_realm/defaults/main.yml
Unescape Escape View File

@ -0,0 +1,59 @@
---
current_realm_clients: [
{
name: "{{ harbor_oidc_client_id }}",
clientId: "{{ harbor_oidc_client_id }}",
admin_url: "{{ http_s }}://{{ shared_service_harbor_hostname }}",
root_url: "{{ http_s }}://{{ shared_service_harbor_hostname }}",
redirect_uris: [
"{{ http_s }}://{{ shared_service_harbor_hostname }}/*"
],
secret: "{{ harbor_oidc_client_secret }}",
web_origins: [
"{{ http_s }}://{{ shared_service_harbor_hostname }}"
]
}
]
current_realm_groups: [
{
"name": "awx",
},
{
"name": "admin",
},
{
"name": "smardigo",
},
]
current_realm_users: [
{
"username": "{{ harbor_oidc_admin_username }}",
"password": "{{ harbor_oidc_admin_password }}",
"email": "{{ harbor_oidc_admin_email }}",
"requiredActions": []
}
]
current_realm_admin_user:
username: "{{ harbor_oidc_admin_username }}"
password: "{{ harbor_oidc_admin_password }}"
email: "{{ harbor_oidc_admin_email }}"
requiredActions: []
current_user_groupmembership: [
{
"username": "{{ harbor_oidc_admin_username }}",
"destination_group": "awx",
},
{
"username": "{{ harbor_oidc_admin_username }}",
"destination_group": "admin",
},
{
"username": "{{ harbor_oidc_admin_username }}",
"destination_group": "smardigo",
}
]

39
roles/harbor_realm/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,39 @@
---
- name: "Setup realm for {{ inventory_hostname }}"
include_role:
name: keycloak
tasks_from: _authenticate
- name: "Setup realm for {{ inventory_hostname }}"
include_role:
name: keycloak
tasks_from: _configure_realm
- name: "Create realm users"
include_role:
name: keycloak
tasks_from: _create_realm_groups
- name: "Create realm users"
include_role:
name: keycloak
tasks_from: _create_realm_users
- name: "Create realm admin"
include_role:
name: keycloak
tasks_from: _create_realm_admin
- name: "Create user group mappings"
include_role:
name: keycloak
tasks_from: _configure_user_groupmembership_crud
vars:
realm_name: '{{ current_realm_name }}'
bearer_token: '{{ access_token }}'
username: '{{ item.username }}'
destination_group: '{{ item.destination_group }}'
loop: "{{ current_user_groupmembership }}"
loop_control:
label: "{{ item.username }} >> {{ item.destination_group }}"

1
roles/harbor_realm/vars/main.yml
Unescape Escape View File

@ -0,0 +1 @@
---

1
roles/keycloak/tasks/_authenticate.yml
Unescape Escape View File

@ -1,5 +1,4 @@
---
- name: "Authenticating with keycloak server"
uri:
url: "{{ keycloak_server_url }}/auth/realms/master/protocol/openid-connect/token"

1
roles/keycloak/tasks/_configure_client.yml
Unescape Escape View File

@ -1,5 +1,4 @@
---
- name: Print client {{ client_id }} for realm {{ realm_name }}
debug:
msg: "{{ lookup('template','keycloak-realm-create-client.json.j2') }}"

2
roles/keycloak/tasks/_configure_client_crud.yml
Unescape Escape View File

@ -1,5 +1,5 @@
---
- name: "GETTING all clients for realm <<{{ realm_name }}>>"
- name: "GETTING all clients for realm <{{ realm_name }}>"
delegate_to: 127.0.0.1
become: false
uri:

188
roles/keycloak/tasks/_configure_realm.yml
Unescape Escape View File

@ -1,96 +1,100 @@
---
- name: "Creating realm <{{ current_realm_name }}>"
community.general.keycloak_realm:
enabled: true
id: "{{ current_realm_name }}"
realm: "{{ current_realm_name }}"
display_name: "{{ current_realm_display_name }}"
auth_realm: "master"
auth_client_id: "admin-cli"
auth_username: "{{ keycloak_admin_username }}"
auth_password: "{{ keycloak_admin_password }}"
auth_keycloak_url: "{{ keycloak_server_url }}/auth"
account_theme: "smardigo-theme"
admin_theme: "smardigo-theme"
login_theme: "smardigo-theme"
registration_allowed: no
reset_password_allowed: yes
login_with_email_allowed: no
duplicate_emails_allowed: yes
internationalization_enabled: yes
default_locale: "de"
supported_locales:
- "de"
- "en"
events_enabled: yes
events_expiration: 604800
admin_events_enabled: yes
smtp_server:
host: "{{ shared_service_mail_hostname }}"
from: "{{ keycloak_id }}@smardigo.digital"
events_listeners:
- "jboss-logging"
- "metrics-listener"
state: present
tags:
- update_realms
- name: Read realms
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms"
method: GET
headers:
Authorization: "Bearer {{ access_token }}"
status_code: [200]
register: realms
delegate_to: 127.0.0.1
become: false
- name: Save realms as variable (fact)
set_fact:
realms_json: "{{ realms.json }}"
delegate_to: 127.0.0.1
become: false
- name: Read realm ids
set_fact:
realm_ids: "{{ realms_json | json_query(jmesquery) }}"
vars:
jmesquery: '[*].id'
delegate_to: 127.0.0.1
become: false
- name: "Printing realm ids"
debug:
msg: "{{ realm_ids }}"
delegate_to: 127.0.0.1
become: false
when:
- debug
- name: Create realm {{ current_realm_name }}
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms"
method: POST
body_format: json
body: "{{ lookup('template','keycloak-realm-create.json.j2') }}"
headers:
Authorization: "Bearer {{ access_token }}"
status_code: [201]
when: current_realm_name not in realm_ids
delegate_to: 127.0.0.1
become: false
- name: Read clients from realm {{ current_realm_name }}
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients"
method: GET
headers:
Authorization: "Bearer {{ access_token }}"
status_code: [200]
register: realm_clients
delegate_to: 127.0.0.1
become: false
- name: Save clients from realm as variable (fact)
set_fact:
realm_clients_json: "{{ realm_clients.json }}"
delegate_to: 127.0.0.1
become: false
- name: "Save client ids from realm {{ current_realm_name }}"
set_fact:
realm_client_ids: "{{ realm_clients_json | json_query(jmesquery) }}"
vars:
jmesquery: '[*].{id: id, clientId: clientId}'
delegate_to: 127.0.0.1
become: false
- name: "Printing client ids from realm {{ current_realm_name }}"
debug:
msg: "{{ realm_client_ids }}"
delegate_to: 127.0.0.1
become: false
when:
- debug
- name: "Create clients from realm {{ current_realm_name }}"
include_tasks: _configure_client.yml
vars:
realm_name: '{{ current_realm_name }}'
client_id: '{{ client.clientId }}'
client_name: '{{ client.name }}'
admin_url: '{{ client.admin_url }}'
root_url: '{{ client.root_url }}'
redirect_uris: '{{ client.redirect_uris }}'
secret: '{{ client.secret }}'
web_origins: '{{ client.web_origins }}'
with_items: "{{ current_realm_clients }}"
- name: "Creating client <{{ client.clientId }}> in realm <{{ current_realm_name }}>"
community.general.keycloak_client:
auth_realm: "master"
auth_client_id: "admin-cli"
auth_username: "{{ keycloak_admin_username }}"
auth_password: "{{ keycloak_admin_password }}"
auth_keycloak_url: "{{ keycloak_server_url }}/auth"
state: present
realm: "{{ current_realm_name }}"
client_id: "{{ client.clientId }}"
id: "{{ client.clientId }}"
name: "{{ client.name }}"
root_url: "{{ client.root_url }}"
admin_url: "{{ client.admin_url }}"
secret: "{{ client.secret }}"
redirect_uris: "{{ client.redirect_uris }}"
web_origins: "{{ client.web_origins }}"
bearer_only: false
consent_required: false
standard_flow_enabled: true
implicit_flow_enabled: false
service_accounts_enabled: true
authorization_services_enabled: true
public_client: false
frontchannel_logout: false
protocol: openid-connect
full_scope_allowed: true
node_re_registration_timeout: -1
surrogate_auth_required: false
attributes:
saml.authnstatement: false
saml.client.signature: false
saml.force.post.binding: false
saml.server.signature: false
saml_force_name_id_format: false
user.info.response.signature.alg: unsigned
request.object.signature.alg: none
protocol_mappers:
- name: "username"
consentRequired: false
protocol: openid-connect
protocolMapper: oidc-usermodel-property-mapper
config:
claim.name: "sub"
user.attribute: "username"
id.token.claim: true
access.token.claim: true
userinfo.token.claim: true
jsonType.label: String
- name: "groups"
protocol: openid-connect
protocolMapper: oidc-group-membership-mapper
consentRequired: false
config:
claim.name: "groups"
full.path: false
id.token.claim: true
access.token.claim: true
userinfo.token.claim: true
jsonType.label: String
with_items: "{{ current_realm_clients | default([]) }}"
loop_control:
loop_var: client
when: create_client | default('True') | bool

1
roles/keycloak/tasks/_configure_realm_admin_users.yml
Unescape Escape View File

@ -1,5 +1,4 @@
---
- name: "Reading users of realm {{ current_realm_name }}"
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users"

8
roles/keycloak/tasks/_configure_user_groupmembership_crud.yml
Unescape Escape View File

@ -1,5 +1,5 @@
---
- name: "GETTING all groups for realm <<{{ realm_name }}>>"
- name: "GETTING all groups for realm <{{ realm_name }}>"
delegate_to: 127.0.0.1
become: false
uri:
@ -10,7 +10,7 @@
status_code: [200]
register: get_all_groups
- name: "GETTING all users for realm <<{{ realm_name }}>>"
- name: "GETTING all users for realm <{{ realm_name }}>"
delegate_to: 127.0.0.1
become: false
uri:
@ -26,7 +26,7 @@
group_id: '{{ ( get_all_groups.json | selectattr("name","equalto",destination_group) | first ).id }}'
user_id: '{{ ( get_all_users.json | selectattr("username","equalto",username) | first ).id }}'
- name: "GETTING all group for user <<{{ username }}>> in realm<<{{ realm_name }}>>"
- name: "GETTING all group for user <{{ username }}> in realm <{{ realm_name }}>"
delegate_to: 127.0.0.1
become: false
uri:
@ -37,7 +37,7 @@
status_code: [200]
register: get_all_groups_for_current_user
- name: "ADDING USER <{{ client_id }}> for realm <{{ realm_name }}> to Group <<{{ destination_group }}>>"
- name: "ADDING USER <{{ username }}> for realm <{{ realm_name }}> to Group <{{ destination_group }}>"
delegate_to: 127.0.0.1
become: false
uri:

9
roles/keycloak/tasks/_create_realm_admin.yml
Unescape Escape View File

@ -58,16 +58,13 @@
Content-Type: "application/json"
Authorization: "Bearer {{ access_token }}"
status_code: [201]
with_items: "{{ current_realm_admin_users }}"
when: current_realm_user.username not in realm_user_usernames
changed_when: True
loop: "[{{ current_realm_admin_user }}]"
loop_control:
loop_var: current_realm_user
when: current_realm_user.username not in realm_user_usernames
changed_when: True
delegate_to: 127.0.0.1
become: false
- name: "Adding admin users from realm {{ current_realm_name }}"
include_tasks: _configure_realm_admin_users.yml
with_items: "{{ current_realm_admin_users }}"
loop_control:
loop_var: current_realm_admin_user

1
roles/keycloak/tasks/create_realm_groups.yml → roles/keycloak/tasks/_create_realm_groups.yml
Unescape Escape View File

@ -1,5 +1,4 @@
---
- name: Read groups of realm {{ current_realm_name }}
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/groups"

1
roles/keycloak/tasks/_create_realm_users.yml
Unescape Escape View File

@ -1,5 +1,4 @@
---
- name: "Reading users of realm {{ current_realm_name }}"
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users"

23
roles/keycloak/tasks/configure_client.yml
Unescape Escape View File

@ -1,23 +0,0 @@
---
- name: Print client {{ client_id }} for realm {{ realm_name }}
debug:
msg: "{{ lookup('template','keycloak-realm-create-client.json.j2') }}"
tags:
- always
when:
- debug
- realm_client_ids | selectattr('clientId', 'equalto', client_id) | list | length == 0
- name: Create client {{ client_id }} for realm {{ realm_name }}
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/clients"
method: POST
body_format: json
body: "{{ lookup('template','keycloak-realm-create-client.json.j2') }}"
headers:
Authorization: "Bearer {{ access_token }} "
status_code: [201]
when: realm_client_ids | selectattr('clientId', 'equalto', client_id) | list | length == 0
tags:
- update_realms

90
roles/keycloak/tasks/configure_realm.yml
Unescape Escape View File

@ -1,90 +0,0 @@
---
- name: Read realms
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms"
method: GET
headers:
Authorization: "Bearer {{ access_token }}"
status_code: [200]
register: realms
tags:
- update_realms
- name: Save realms as variable (fact)
set_fact:
realms_json: "{{ realms.json }}"
tags:
- update_realms
- name: Read realm ids
set_fact:
realm_ids: "{{ realms_json | json_query(jmesquery) }}"
vars:
jmesquery: '[*].id'
tags:
- update_realms
- name: Create realm {{ current_realm_name }}
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms"
method: POST
body_format: json
body: "{{ lookup('template','keycloak-realm-create.json.j2') }}"
headers:
Authorization: "Bearer {{ access_token }}"
status_code: [201]
when: current_realm_name not in realm_ids
tags:
- update_realms
- name: Read clients from realm {{ current_realm_name }}
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients"
method: GET
headers:
Authorization: "Bearer {{ access_token }}"
status_code: [200]
register: realm_clients
tags:
- update_realms
- name: Save clients from realm as variable (fact)
set_fact:
realm_clients_json: "{{ realm_clients.json }}"
tags:
- update_realms
- name: Save client ids from realm {{ current_realm_name }}
set_fact:
realm_client_ids: "{{ realm_clients_json | json_query(jmesquery) }}"
vars:
jmesquery: '[*].{id: id, clientId: clientId}'
tags:
- update_realms
- name: Print client ids
debug:
msg: "{{ realm_client_ids }}"
tags:
- always
when:
- debug
- name: Create clients from realm {{ current_realm_name }}
include_tasks: configure_client.yml
vars:
realm_name: '{{ current_realm_name }}'
client_id: '{{ client.clientId }}'
client_name: '{{ client.name }}'
admin_url: '{{ client.admin_url }}'
root_url: '{{ client.root_url }}'
redirect_uris: '{{ client.redirect_uris }}'
secret: '{{ client.secret }}'
web_origins: '{{ client.web_origins }}'
access_token: '{{ keycloak_authentication.json.access_token }}'
with_items: "{{ current_realm_clients }}"
loop_control:
loop_var: client
tags:
- update_realms

63
roles/keycloak/tasks/create_realm_users.yml
Unescape Escape View File

@ -1,63 +0,0 @@
---
- name: Read users of realm {{ current_realm_name }}
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users"
method: GET
headers:
Authorization: "Bearer {{ access_token }} "
status_code: [200]
register: realm_users
tags:
- create_users
- update_realms
- name: Print realm users
debug:
msg: "{{ realm_users }}"
tags:
- always
when:
- debug
- name: Save realm users as variable (fact)
set_fact:
realm_users_json: "{{ realm_users.json }}"
tags:
- create_users
- update_realms
- name: Read realm user ids
set_fact:
realm_user_usernames: "{{ realm_users_json | json_query(jmesquery) }}"
vars:
jmesquery: '[*].username'
tags:
- create_users
- update_realms
- name: Print realm usernames
debug:
msg: "{{ realm_user_usernames }}"
tags:
- always
when:
- debug
- name: "Create users for realm {{ current_realm_name }}"
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users"
method: POST
body_format: json
body: "{{ lookup('template','keycloak-realm-create-user.json.j2') }}"
headers:
Content-Type: "application/json"
Authorization: "Bearer {{ access_token }}"
status_code: [201]
with_items: "{{ current_realm_users }}"
when: current_realm_user.username not in realm_user_usernames
loop_control:
loop_var: current_realm_user
tags:
- create_users
- update_realms

42
roles/keycloak/tasks/main.yml
Unescape Escape View File

@ -1,11 +1,8 @@
---
### tags:
### create_users
### create_groups
### update_realms
### update_deployment
### configure_container
### update_realms
- name: "Setup DNS configuration for {{ inventory_hostname }}"
include_role:
@ -82,8 +79,6 @@
delay: 5
register: keycloak_authentication
tags:
- create_users
- create_groups
- update_realms
- name: "Printing master realm access_token"
@ -127,38 +122,3 @@
state: present
tags:
- update_realms
- name: "Setup realms"
include_tasks: configure_realm.yml
vars:
current_realm_name: '{{ current_realm.name }}'
current_realm_display_name: '{{ current_realm.display_name }}'
current_realm_clients: '{{ current_realm.clients | default([]) }}'
access_token: "{{ keycloak_authentication.json.access_token }}"
with_items: "{{ keycloak.realms }}"
loop_control:
loop_var: current_realm
tags:
- update_realms
- name: "Create realm users"
include_tasks: create_realm_users.yml
vars:
current_realm_name: "{{ item.name }}"
current_realm_users: "{{ item.users | default([]) }}"
access_token: "{{ keycloak_authentication.json.access_token }}"
with_items: "{{ keycloak.realms }}"
tags:
- create_users
- update_realms
- name: "Create realm groups"
include_tasks: create_realm_groups.yml
vars:
current_realm_name: "{{ item.name }}"
current_realm_groups: "{{ item.groups | default([]) }}"
access_token: "{{ keycloak_authentication.json.access_token }}"
with_items: "{{ keycloak.realms }}"
tags:
- create_groups
- update_realms

76
roles/keycloak/templates/keycloak-realm-create-client.json.j2
Unescape Escape View File

@ -1,76 +0,0 @@
{
"adminUrl": "{{ admin_url }}",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"authorizationServicesEnabled": true,
"bearerOnly": false,
"clientAuthenticatorType": "client-secret",
"clientId": "{{ client_id }}",
"consentRequired": false,
"defaultClientScopes": [
"role_list",
"profile",
"roles",
"email"
],
"directAccessGrantsEnabled": true,
"enabled": true,
"frontchannelLogout": false,
"fullScopeAllowed": true,
"implicitFlowEnabled": false,
"name": "{{ client_name }}",
"nodeReRegistrationTimeout": -1,
"notBefore": 0,
"optionalClientScopes": [],
"protocol" : "{{ protocol | default('openid-connect') }}",
"protocolMappers": [
{
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "username",
"claim.name": "sub",
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true"
}
},
{
"name": "groups",
"protocol": "openid-connect",
"protocolMapper": "oidc-group-membership-mapper",
"consentRequired": false,
"config": {
"full.path": "false",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "groups",
"userinfo.token.claim": "true"
}
}
],
"publicClient": false,
"redirectUris": {{ redirect_uris }},
"rootUrl": "{{ root_url }}",
"secret": "{{ secret }}",
"serviceAccountsEnabled": true,
"standardFlowEnabled": true,
"surrogateAuthRequired": false,
"webOrigins": {{ web_origins }}
}

6
roles/keycloak/templates/keycloak-realm-create-user.json.j2
Unescape Escape View File

@ -4,11 +4,7 @@
"lastName": "{{ current_realm_user.lastName | default('') }}",
"email": "{{ current_realm_user.email | default('') }}",
"enabled": true,
"requiredActions": [
"UPDATE_PASSWORD",
"UPDATE_PROFILE",
"VERIFY_EMAIL"
],
"requiredActions": {{ current_realm_user.requiredActions | default(["UPDATE_PASSWORD","UPDATE_PROFILE","VERIFY_EMAIL"]) }},
"credentials" : [{
"type": "password",
"value": "{{ current_realm_user.password }}",

135
roles/keycloak/templates/keycloak-realm-create.json.j2
Unescape Escape View File

@ -1,135 +0,0 @@
{
"id": "{{ current_realm_name }}",
"realm": "{{ current_realm_name }}",
"displayName": "{{ current_realm_display_name }}",
"displayNameHtml": "",
"notBefore": 0,
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 60,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"clientOfflineSessionIdleTimeout": 0,
"clientOfflineSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"enabled": true,
"sslRequired": "none",
"registrationAllowed": true,
"registrationEmailAsUsername": false,
"rememberMe": true,
"verifyEmail": true,
"loginWithEmailAllowed": false,
"duplicateEmailsAllowed": true,
"resetPasswordAllowed": true,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"defaultRoles": [
"offline_access",
"uma_authorization"
],
"requiredCredentials": [
"password"
],
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"otpSupportedApplications": [
"FreeOTP",
"Google Authenticator"
],
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicySignatureAlgorithms": [
"ES256"
],
"webAuthnPolicyRpId": "",
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"webAuthnPolicyCreateTimeout": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyAcceptableAaguids": [
],
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms": [
"ES256"
],
"webAuthnPolicyPasswordlessRpId": "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
"webAuthnPolicyPasswordlessCreateTimeout": 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyPasswordlessAcceptableAaguids": [
],
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
"xContentTypeOptions": "nosniff",
"xRobotsTag": "none",
"xFrameOptions": "SAMEORIGIN",
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"xXSSProtection": "1; mode=block",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {
"host": "{{ shared_service_mail_hostname }}",
"from": "{{ current_realm_name }}.{{ inventory_hostname }}@{{ domain }}"
},
"loginTheme": "smardigo-theme",
"accountTheme": "smardigo-theme",
"adminTheme": "smardigo-theme",
"eventsEnabled": false,
"eventsListeners": [
"jboss-logging"
],
"enabledEventTypes": [
],
"adminEventsEnabled": false,
"adminEventsDetailsEnabled": false,
"identityProviders": [
],
"identityProviderMappers": [
],
"internationalizationEnabled": true,
"supportedLocales": [
"de",
"en"
],
"defaultLocale": "de",
"browserFlow": "browser",
"registrationFlow": "registration",
"directGrantFlow": "direct grant",
"resetCredentialsFlow": "reset credentials",
"clientAuthenticationFlow": "clients",
"dockerAuthenticationFlow": "docker auth",
"attributes": {
"clientOfflineSessionMaxLifespan": "0",
"clientSessionIdleTimeout": "0",
"clientSessionMaxLifespan": "0",
"clientOfflineSessionIdleTimeout": "0"
},
"userManagedAccessAllowed": false
}

34
roles/kubernetes/apps/tasks/argocd.yml
Unescape Escape View File

@ -1,10 +1,4 @@
---
# I tried to create a realm via community.general.keycloak_realm
# but every request failed with HTTP 500
# but creating a group via community.general.keycloak_group
# was successfully
# ¯\_(ツ)_/¯
#
- name: "Login with keycloak-admin"
include_role:
name: keycloak
@ -22,17 +16,14 @@
- inventory_hostname == groups['kube_control_plane'][0]
- name: "Create a Keycloak group, authentication with credentials"
delegate_to: localhost
become: False
community.general.keycloak_group:
auth_keycloak_url: "{{ keycloak_server_url }}/auth"
auth_client_id: admin-cli
auth_realm: 'master'
auth_username: "{{ keycloak_admin_username }}"
auth_password: "{{ keycloak_admin_password }}"
name: '{{ argo_realm_group }}'
realm: '{{ argo_realm_name }}'
state: present
include_role:
name: keycloak
tasks_from: _create_realm_groups
vars:
current_realm_name: '{{ argo_realm_name }}'
current_realm_display_name: '{{ argo_realm_display_name }}'
current_realm_groups:
- name: "{{ argo_realm_group }}"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@ -157,6 +148,13 @@
- debug
- inventory_hostname == groups['kube_control_plane'][0]
- name: "Create namespace <{{ k8s_argocd_helm__release_namespace }}>"
kubernetes.core.k8s:
name: "{{ k8s_argocd_helm__release_namespace }}"
api_version: v1
kind: Namespace
state: present
- name: "Create a k8s Secret containing GPG key"
kubernetes.core.k8s:
state: present
@ -196,8 +194,8 @@
- name: Deploy argo-cd inside argo-cd namespace
kubernetes.core.helm:
name: "{{ k8s_argocd_helm__name }}"
chart_repo_url: "{{ k8s_argocd_helm__chart_repo_url | default('https://argoproj.github.io/argo-helm') }}"
chart_ref: "{{ k8s_argocd_helm__chart_ref | default('argo-cd') }}"
chart_repo_url: "{{ k8s_argocd_helm__chart_repo_url | default('https://argoproj.github.io/argo-helm') }}"
release_namespace: "{{ k8s_argocd_helm__release_namespace }}"
create_namespace: yes
release_values: "{{ combined_helm__release_values }}"

1
roles/kubernetes/cert-manager/defaults/main.yml
Unescape Escape View File

@ -4,7 +4,6 @@ k8s_prometheus_helm__name: "prometheus"
k8s_certmanager_helm__chart_ref: cert-manager
k8s_certmanager_helm__chart_repo_url: https://charts.jetstack.io
k8s_certmanager_helm__chart_version: v1.5.4
k8s_certmanager_helm__release_namespace: cert-manager
k8s_certmanager_helm__release_values:

1
roles/kubernetes/cert-manager/tasks/main.yml
Unescape Escape View File

@ -8,7 +8,6 @@
name: cert-manager
chart_ref: "{{ k8s_certmanager_helm__chart_ref }}"
chart_repo_url: "{{ k8s_certmanager_helm__chart_repo_url }}"
chart_version: "{{ k8s_certmanager_helm__chart_version }}"
release_namespace: "{{ k8s_certmanager_helm__release_namespace }}"
create_namespace: yes
release_values: "{{ k8s_certmanager_helm__release_values }}"

2
roles/kubernetes/container-storage-interface/defaults/main.yml
Unescape Escape View File

@ -1,3 +1,3 @@
---
k8s_csi__template: "hcloud-csi.v1.5.1.yaml.j2"
k8s_csi__template: "hcloud-csi.v1.6.0.yaml.j2"

77
roles/kubernetes/container-storage-interface/templates/hcloud-csi.v1.5.1.yaml.j2 → roles/kubernetes/container-storage-interface/templates/hcloud-csi.v1.6.0.yaml.j2
Unescape Escape View File

@ -1,5 +1,5 @@
---
apiVersion: storage.k8s.io/v1beta1
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: csi.hetzner.cloud
@ -47,6 +47,9 @@ rules:
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["patch"]
# provisioner
- apiGroups: [""]
resources: ["secrets"]
@ -69,6 +72,10 @@ rules:
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["get", "list"]
# resizer
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
# node
- apiGroups: [""]
resources: ["events"]
@ -106,54 +113,48 @@ spec:
serviceAccount: hcloud-csi
containers:
- name: csi-attacher
image: quay.io/k8scsi/csi-attacher:v2.2.0
args:
- --csi-address=/var/lib/csi/sockets/pluginproxy/csi.sock
- --v=5
image: k8s.gcr.io/sig-storage/csi-attacher:v3.2.1
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
mountPath: /run/csi
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
- name: csi-resizer
image: quay.io/k8scsi/csi-resizer:v0.3.0
args:
- --csi-address=/var/lib/csi/sockets/pluginproxy/csi.sock
- --v=5
image: k8s.gcr.io/sig-storage/csi-resizer:v1.2.0
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
mountPath: /run/csi
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
- name: csi-provisioner
image: quay.io/k8scsi/csi-provisioner:v1.6.0
image: k8s.gcr.io/sig-storage/csi-provisioner:v2.2.2
args:
- --provisioner=csi.hetzner.cloud
- --csi-address=/var/lib/csi/sockets/pluginproxy/csi.sock
- --feature-gates=Topology=true
- --v=5
- --default-fstype=ext4
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
mountPath: /run/csi
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
- name: hcloud-csi-driver
image: hetznercloud/hcloud-csi-driver:1.5.1
image: hetznercloud/hcloud-csi-driver:1.6.0
imagePullPolicy: Always
env:
- name: CSI_ENDPOINT
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
value: unix:///run/csi/socket
- name: METRICS_ENDPOINT
value: 0.0.0.0:9189
- name: ENABLE_METRICS
value: "true"
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
@ -166,7 +167,7 @@ spec:
key: token
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
mountPath: /run/csi
ports:
- containerPort: 9189
name: metrics
@ -188,11 +189,9 @@ spec:
allowPrivilegeEscalation: true
- name: liveness-probe
imagePullPolicy: Always
image: quay.io/k8scsi/livenessprobe:v1.1.0
args:
- --csi-address=/var/lib/csi/sockets/pluginproxy/csi.sock
image: k8s.gcr.io/sig-storage/livenessprobe:v2.3.0
volumeMounts:
- mountPath: /var/lib/csi/sockets/pluginproxy/
- mountPath: /run/csi
name: socket-dir
volumes:
- name: socket-dir
@ -221,14 +220,21 @@ spec:
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "instance.hetzner.cloud/is-root-server"
operator: NotIn
values:
- "true"
serviceAccount: hcloud-csi
containers:
- name: csi-node-driver-registrar
image: quay.io/k8scsi/csi-node-driver-registrar:v1.3.0
image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.2.0
args:
- --v=5
- --csi-address=/csi/csi.sock
- --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/csi.sock
- --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket
env:
- name: KUBE_NODE_NAME
valueFrom:
@ -237,19 +243,21 @@ spec:
fieldPath: spec.nodeName
volumeMounts:
- name: plugin-dir
mountPath: /csi
mountPath: /run/csi
- name: registration-dir
mountPath: /registration
securityContext:
privileged: true
- name: hcloud-csi-driver
image: hetznercloud/hcloud-csi-driver:1.5.1
image: hetznercloud/hcloud-csi-driver:1.6.0
imagePullPolicy: Always
env:
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
value: unix:///run/csi/socket
- name: METRICS_ENDPOINT
value: 0.0.0.0:9189
- name: ENABLE_METRICS
value: "true"
- name: HCLOUD_TOKEN
valueFrom:
secretKeyRef:
@ -265,7 +273,7 @@ spec:
mountPath: /var/lib/kubelet
mountPropagation: "Bidirectional"
- name: plugin-dir
mountPath: /csi
mountPath: /run/csi
- name: device-dir
mountPath: /dev
securityContext:
@ -286,11 +294,9 @@ spec:
periodSeconds: 2
- name: liveness-probe
imagePullPolicy: Always
image: quay.io/k8scsi/livenessprobe:v1.1.0
args:
- --csi-address=/csi/csi.sock
image: k8s.gcr.io/sig-storage/livenessprobe:v2.3.0
volumeMounts:
- mountPath: /csi
- mountPath: /run/csi
name: plugin-dir
volumes:
- name: kubelet-dir
@ -324,6 +330,7 @@ spec:
- port: 9189
name: metrics
targetPort: metrics
---
apiVersion: v1
kind: Service

1
roles/kubernetes/external-dns/defaults/main.yml
Unescape Escape View File

@ -4,7 +4,6 @@ k8s_prometheus_helm__name: "prometheus"
k8s_externaldns_helm__chart_ref: external-dns
k8s_externaldns_helm__chart_repo_url: https://kubernetes-sigs.github.io/external-dns/
k8s_externaldns_helm__chart_version: v1.6.0
k8s_externaldns_helm__release_namespace: external-dns
k8s_externaldns_helm__release_values:

1
roles/kubernetes/external-dns/tasks/main.yml
Unescape Escape View File

@ -8,7 +8,6 @@
name: external-dns
chart_ref: "{{ k8s_externaldns_helm__chart_ref }}"
chart_repo_url: "{{ k8s_externaldns_helm__chart_repo_url }}"
chart_version: "{{ k8s_externaldns_helm__chart_version }}"
release_namespace: "{{ k8s_externaldns_helm__release_namespace }}"
create_namespace: yes
release_values: "{{ k8s_externaldns_helm__release_values }}"

1
roles/kubernetes/ingress-controller/tasks/main.yml
Unescape Escape View File

@ -8,7 +8,6 @@
name: ingress
chart_repo_url: "{{ k8s_ingress_helm__chart_repo_url | default('https://kubernetes.github.io/ingress-nginx') }}"
chart_ref: "{{ k8s_ingress_helm__chart_ref | default('ingress-nginx') }}"
chart_version: "{{ k8s_ingress_helm__chart_version | default('4.0.6') }}"
release_namespace: "{{ k8s_ingress_helm__release_namespace }}"
create_namespace: yes
release_values: "{{ k8s_ingress_helm__release_values }}"

9
roles/workflow_proxy_realm/defaults/main.yml
Unescape Escape View File

@ -30,9 +30,6 @@ current_realm_users: [
"password": "{{ connect_client_admin_password }}",
}
]
current_realm_admin_users: [
{
"username": "{{ connect_realm_admin_username }}",
"password": "{{ connect_realm_admin_password }}",
}
]
current_realm_admin_user:
username: "{{ connect_realm_admin_username }}"
password: "{{ connect_realm_admin_password }}"

3
setup.yml
Unescape Escape View File

@ -49,7 +49,8 @@
- install
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always

3
smardigo.yml
Unescape Escape View File

@ -18,7 +18,8 @@
become: false
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always

6
stage-dev
Unescape Escape View File

@ -20,7 +20,7 @@ dev-harbor-01
[iam]
dev-iam-01
dev-iam-02 # sensw / workflow cats
dev-iam-02 # sensw/workflow cats
[keycloak]
dev-keycloak-01
@ -51,10 +51,10 @@ dev-postgres-02
dev-prometheus-01
[redis]
dev-redis-01
#dev-redis-01
[webdav]
dev-webdav-01
#dev-webdav-01
[kube_control_plane]
dev-kube-master-01

36
stage-prodnso
Unescape Escape View File

@ -4,11 +4,17 @@ prodnso-awx-01
[connect]
prodnso-management-01
[pdns]
#prodnso-pdns-01
[elastic]
prodnso-elastic-stack-elastic-01
prodnso-elastic-stack-elastic-02
prodnso-elastic-stack-elastic-03
[gitea]
#prodnso-gitea-01
[harbor]
prodnso-harbor-01
@ -43,12 +49,40 @@ prodnso-postgres-02
[prometheus]
prodnso-prometheus-01
[redis]
#prodnso-redis-01
[webdav]
#prodnso-webdav-01
[kube_control_plane]
#prodnso-kube-master-01
#prodnso-kube-master-02
#prodnso-kube-master-03
[etcd]
#prodnso-kube-master-01
#prodnso-kube-master-02
#prodnso-kube-master-03
[kube_node]
#prodnso-kube-node-01
#prodnso-kube-node-02
#prodnso-kube-node-03
[k8s_cluster:children]
kube_control_plane
kube_node
[stage_prodnso:children]
awx
connect
elastic
pdns
gitea
harbor
iam
k8s_cluster
keycloak
kibana
logstash
@ -58,6 +92,8 @@ pgadmin4
postfix
postgres
prometheus
redis
webdav
[all:children]
stage_prodnso

4
stage-qa
Unescape Escape View File

@ -50,10 +50,10 @@ qa-postgres-02
qa-prometheus-01
[redis]
qa-redis-01
#qa-redis-01
[webdav]
qa-webdav-01
#qa-webdav-01
[kube_control_plane]
qa-kube-master-01

16
stage-qa-netgo-hcloud.yml
Unescape Escape View File

@ -15,11 +15,11 @@ label_selector: "stage=qa"
api_token: !vault |
$ANSIBLE_VAULT;1.1;AES256
36326436363431623035633730393332623665663439613835373436636637393838333865646564
6461343366393765383332323662326339623836336566660a666462633333613236663362643835
39313166323139616162353366303839346664386237306562306363333731626338316134396561
3435316335343534620a396432353430396138343933663866613730333564646639323935366134
37653935313437313263366462643033316662363366353866663664633835376661623737336363
32393431666138303538356138663163303965623339343063353234643664363933663330356237
32386139363033656538646236323237333631626161383966663839303666373266633039363337
64313830353765633865
38623731356563643239636338623835356561616237386164396637313063386366323734383163
3661333761616165636238316165633934313835643063650a326434656336333165366464383237
32306538643733643635346132306630393562643632356135353937396566636563613963323137
6564626233323139330a396661656364653562666461316666616531336631363965636130313232
32366263623739313538323336613434653338396236303439663432363735623362396161666536
30323735326133626633646333366166613238303465313833396137313839623561313632346366
30616636613964643832383534323561633761653839643637373331363239353363346462643632
35346162656666366438

16
tasks/autodiscover_pre_tasks.yml
Unescape Escape View File

@ -8,21 +8,18 @@
authorization: Bearer {{ hetzner_authentication_ansible }}
register: hetzner_servers_result
delegate_to: 127.0.0.1
become: false
tags:
- always
- name: "Setting hetzner server pagination count: <{{ hetzner_servers_result.json.meta.pagination.last_page }}>"
set_fact:
total_server_pages: "{{ hetzner_servers_result.json.meta.pagination.last_page }}"
become: false
tags:
- always
- name: "Reading hetzner server infos for stage <{{ stage }}> without pagination"
set_fact:
hetzner_servers: "{{ hetzner_servers_result.json.servers }}"
become: false
tags:
- always
when:
@ -39,7 +36,6 @@
register: hetzner_servers_results
with_sequence: start=1 end={{ total_server_pages }}
delegate_to: 127.0.0.1
become: false
- name: "Reading hetzner server infos for stage <{{ stage }}> with pagination"
set_fact:
@ -48,7 +44,6 @@
querystr1: "[[*].json.servers]"
querystr2: "[]"
delegate_to: 127.0.0.1
become: false
when:
- total_server_pages != '1'
tags:
@ -58,7 +53,6 @@
debug:
msg: "{{ hetzner_servers }}"
delegate_to: 127.0.0.1
become: false
tags:
- always
when:
@ -72,7 +66,6 @@
authorization: Bearer {{ hetzner_authentication_ansible }}
register: hetzner_networks
delegate_to: 127.0.0.1
become: false
tags:
- always
@ -80,7 +73,6 @@
debug:
msg: "{{ hetzner_networks.json.networks }}"
delegate_to: 127.0.0.1
become: false
tags:
- always
when:
@ -90,7 +82,6 @@
set_fact:
stage_private_network_id: "{{ hetzner_networks.json.networks | map(attribute='id') | first }}"
delegate_to: 127.0.0.1
become: false
tags:
- always
@ -98,7 +89,6 @@
debug:
msg: "{{ stage_private_network_id }}"
delegate_to: 127.0.0.1
become: false
tags:
- always
when:
@ -117,7 +107,6 @@
{% endfor %}\
{{ list|list }}"
delegate_to: 127.0.0.1
become: false
tags:
- always
@ -125,7 +114,6 @@
debug:
msg: "{{ stage_server_infos }}"
delegate_to: 127.0.0.1
become: false
tags:
- always
when:
@ -143,7 +131,6 @@
{% endif %}\
{% endfor %}"
delegate_to: 127.0.0.1
become: false
tags:
- always
@ -153,7 +140,6 @@
vars:
querystr: "[?name=='{{ inventory_hostname }}'].public_net.ipv4.ip"
delegate_to: 127.0.0.1
become: false
tags:
- always
@ -161,7 +147,6 @@
debug:
msg: "{{ stage_server_ip }} / {{ stage_private_server_ip }}"
delegate_to: 127.0.0.1
become: false
tags:
- always
# when:
@ -171,7 +156,6 @@
debug:
msg: "{{ group_names }}"
delegate_to: 127.0.0.1
become: false
tags:
- always
# when:

5
update-monitoring.yml
Unescape Escape View File

@ -45,7 +45,10 @@
pre_tasks:
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
tasks:
- name: "Add all servers for stage {{ stage }} to inventory"

5
update-service-state.yml
Unescape Escape View File

@ -57,7 +57,10 @@
pre_tasks:
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
roles:
- role: service_state

5
upload-database-dumb.yml
Unescape Escape View File

@ -53,7 +53,10 @@
pre_tasks:
- name: "Import autodiscover pre-tasks"
include_tasks: tasks/autodiscover_pre_tasks.yml
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
roles:
- role: upload_local_file

2
users/friedrich.goerz/ssh.pub
Unescape Escape View File

@ -1 +1 @@
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFRlmqgkIJxBC45cbVX25P1Uam/+Ct7XFvgMm60TDOWkQiTuVp5vd1sHq2HCRRfGxPrsKmwSQS5wMYIjeiclTag= friedrich@friedrich-HP-ZBook
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFRlmqgkIJxBC45cbVX25P1Uam/+Ct7XFvgMm60TDOWkQiTuVp5vd1sHq2HCRRfGxPrsKmwSQS5wMYIjeiclTag= friedrich.goerz@netgo.de

Write Preview
Loading…
Cancel
Save