diff --git a/create-database.yml b/create-database.yml index ea3ffa9..dfc5c1e 100644 --- a/create-database.yml +++ b/create-database.yml @@ -76,7 +76,7 @@ - debug roles: - - role: connect-postgres + - role: postgres-container ############################################################# # Sending smardigo management message to process diff --git a/create-service.yml b/create-service.yml index 669ed1a..ab03afe 100644 --- a/create-service.yml +++ b/create-service.yml @@ -61,6 +61,9 @@ roles: - role: connect + when: "'connect' in group_names" + - role: wordpress + when: "'wordpress' in group_names" ############################################################# # run provisioning against newly created inventory diff --git a/group_vars/all/plain.yml b/group_vars/all/plain.yml index 2f7630d..d83b5d6 100644 --- a/group_vars/all/plain.yml +++ b/group_vars/all/plain.yml @@ -84,6 +84,7 @@ service_port_keycloak: "8080" service_port_kibana: "5601" service_port_logstash: "5044" service_port_mssql: "1433" +service_port_mysql: "3306" service_port_node_exporter: "9100" service_port_postgres: "5432" service_port_portainer: "9000" diff --git a/group_vars/connect/plain.yml b/group_vars/connect/plain.yml index b101ade..0e7c61a 100644 --- a/group_vars/connect/plain.yml +++ b/group_vars/connect/plain.yml @@ -8,11 +8,13 @@ hetzner_server_type: cx21 hetzner_server_labels: "stage={{ stage }} service={{ service }}" connect_client_id: "{{ cluster_name }}" +connect_client_admin_username: "wordpress-admin" +connect_client_admin_password: "wordpress-admin" current_realm_users: [ { - "username": "connect-admin", - "password": "connect-admin", + "username": "{{ connect_client_admin_username }}", + "password": "{{ connect_client_admin_password }}", } ] diff --git a/group_vars/wordpress/plain.yml b/group_vars/wordpress/plain.yml new file mode 100644 index 0000000..e321734 --- /dev/null +++ b/group_vars/wordpress/plain.yml @@ -0,0 +1,40 @@ +--- + +wordpress_mysql_root_password: "wordpress-mysql-root-password" +wordpress_mysql_database: "wordpress-mysql" +wordpress_mysql_username: "wordpress-mysql-admin" +wordpress_mysql_password: "wordpress-mysql-admin" + +wordpress_domain_external: "{{ http_s }}://{{ stage_server_url_host }}" + +wordpress_client_id: "{{ cluster_name }}" +wordpress_buergerportal_username: "wordpress-admin" +wordpress_buergerportal_password: "wordpress-admin" + +current_realm_users: [ + { + "username": "{{ wordpress_buergerportal_username }}", + "password": "{{ wordpress_buergerportal_password }}", + } +] + +current_realm_clients: [ + { + clientId: "{{ wordpress_client_id }}", + name: '{{ wordpress_client_id }}', + admin_url: '', + root_url: '', + redirect_uris: ' + [ + "https://{{ service_name }}.{{ domain }}/*", + ]', + secret: '{{ cluster_name }}', + web_origins: ' + [ + "https://{{ service_name }}.{{ domain }}/*", + ]', + } +] + +wordpress_oidc_client_id: "{{ wordpress_client_id }}" +wordpress_oidc_client_secret: "{{ cluster_name }}" diff --git a/roles/connect-postgres/defaults/main.yml b/roles/connect-postgres/defaults/main.yml deleted file mode 100644 index c852850..0000000 --- a/roles/connect-postgres/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -connect_postgres_service_name: "{{ service_name }}-connectpostgres" - -connect_postgres_version: "12" diff --git a/roles/connect-postgres/vars/main.yml b/roles/connect-postgres/vars/main.yml deleted file mode 100644 index 2bfd404..0000000 --- a/roles/connect-postgres/vars/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- - -connect_postgres_id: "{{ service_name }}-postgres-connect" - -connect_docker: { - networks: [ - { - name: back-tier, - external: true, - } - ], - volumes: [ - { - name: "{{ connect_postgres_id }}-data" - } - ], - services: [ - { - name: "{{ connect_postgres_id }}", - image_name: "postgres", - image_version: "{{ connect_postgres_version }}", - environment: [ - 'POSTGRES_DB: "{{ connect_postgres_database }}"', - 'POSTGRES_USER: "{{ connect_postgres_admin_username }}"', - 'POSTGRES_PASSWORD: "{{ connect_postgres_admin_password }}"', - ], - volumes: [ - '"{{ connect_postgres_id }}-data:/var/lib/postgresql/data"', - ], - networks: [ - '"back-tier"', - ], - ports: "{{ connect_postgres_ports | default([]) }}", - }, - ], -} diff --git a/roles/connect/defaults/main.yml b/roles/connect/defaults/main.yml index d9fb022..6989dc9 100644 --- a/roles/connect/defaults/main.yml +++ b/roles/connect/defaults/main.yml @@ -1,10 +1,8 @@ --- -connect_service_name: "{{ service_name }}-connect" - connect_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/connect-whitelabel-app" +connect_image_version: 'latest' -connect_version: 'latest' connect_admin_username: "connect-admin" connect_admin_password: "connect-admin" diff --git a/roles/connect/tasks/main.yml b/roles/connect/tasks/main.yml index 64fa82d..70d60ef 100644 --- a/roles/connect/tasks/main.yml +++ b/roles/connect/tasks/main.yml @@ -16,7 +16,7 @@ when: - send_status_messages -- name: "Setup DNS configuration for {{ connect_service_name }}" +- name: "Setup DNS configuration for {{ connect_id }}" include_role: name: _digitalocean tasks_from: domain @@ -24,42 +24,42 @@ record_data: "{{ stage_server_ip }}" record_name: "{{ service_name }}" -- name: "Check if {{ connect_service_name }}/docker-compose.yml exists" +- name: "Check if {{ connect_id }}/docker-compose.yml exists" stat: - path: '{{ service_base_path }}/{{ connect_service_name }}/docker-compose.yml' + path: '{{ service_base_path }}/{{ connect_id }}/docker-compose.yml' register: check_docker_compose_file tags: - update_deployment -- name: "Stop {{ connect_service_name }}" +- name: "Stop {{ connect_id }}" shell: docker-compose down args: - chdir: '{{ service_base_path }}/{{ connect_service_name }}' + chdir: '{{ service_base_path }}/{{ connect_id }}' when: check_docker_compose_file.stat.exists ignore_errors: yes tags: - update_deployment -- name: "Deploy docker templates for {{ connect_service_name }}" +- name: "Deploy docker templates for {{ connect_id }}" include_role: name: _deploy tasks_from: templates vars: current_config: "_docker" current_base_path: "{{ service_base_path }}" - current_destination: "{{ connect_service_name }}" + current_destination: "{{ connect_id }}" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" current_docker: "{{ connect_docker }}" -- name: "Deploy service templates for {{ connect_service_name }}" +- name: "Deploy service templates for {{ connect_id }}" include_role: name: _deploy tasks_from: templates vars: current_config: "connect" current_base_path: "{{ service_base_path }}" - current_destination: "{{ connect_service_name }}" + current_destination: "{{ connect_id }}" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" @@ -70,34 +70,34 @@ vars: current_config: "elastic-certs/certs" current_base_path: "{{ service_base_path }}" - current_destination: "{{ connect_service_name }}/certs" + current_destination: "{{ connect_id }}/certs" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" -- name: "Update {{ connect_service_name }}" +- name: "Update {{ connect_id }}" shell: docker-compose pull args: - chdir: '{{ service_base_path }}/{{ connect_service_name }}' + chdir: '{{ service_base_path }}/{{ connect_id }}' tags: - update_deployment -- name: "Start {{ connect_service_name }}" +- name: "Start {{ connect_id }}" shell: docker-compose up -d args: - chdir: '{{ service_base_path }}/{{ connect_service_name }}' + chdir: '{{ service_base_path }}/{{ connect_id }}' tags: - update_deployment -- name: "Update landing page entries for {{ connect_service_name }}" +- name: "Update landing page entries for {{ connect_id }}" include_role: name: _deploy tasks_from: caddy_landing_page vars: current_services: [ { - current_name: "{{ connect_service_name }}", + current_name: "{{ connect_id }}", current_url: "{{ http_s }}://{{ connect_id }}.{{ domain }}", - current_version: "{{ connect_version }}", + current_version: "{{ connect_image_version }}", current_date: "{{ ansible_date_time.iso8601 }}", management: "{{ http_s }}://{{ connect_id }}.{{ domain }}:{{ monitor_port_service }}/management", }, diff --git a/roles/connect/vars/main.yml b/roles/connect/vars/main.yml index f781d5d..a639711 100644 --- a/roles/connect/vars/main.yml +++ b/roles/connect/vars/main.yml @@ -1,7 +1,7 @@ --- connect_id: "{{ service_name }}-connect" -connect_postgres_id: "{{ service_name }}-postgres-connect" +connect_postgres_id: "{{ service_name }}-postgres_connect" connect_labels: [ '"traefik.enable=true"', @@ -102,7 +102,7 @@ connect_docker: { { name: "{{ connect_id }}", image_name: "{{ connect_image_name }}", - image_version: "{{ connect_version }}", + image_version: "{{ connect_image_version }}", labels: "{{ connect_labels + ( connect_labels_additional | default([])) }}", restart: "{{ connect_service_restart | default('always') }}", environment: "{{ connect_environment + ( connect_environment_additional | default([])) }}", diff --git a/roles/postgres-container/defaults/main.yml b/roles/postgres-container/defaults/main.yml new file mode 100644 index 0000000..b01bd66 --- /dev/null +++ b/roles/postgres-container/defaults/main.yml @@ -0,0 +1,4 @@ +--- + +postgres_image_name: "postgres" +postgres_image_version: "12" diff --git a/roles/connect-postgres/handlers/main.yml b/roles/postgres-container/handlers/main.yml similarity index 100% rename from roles/connect-postgres/handlers/main.yml rename to roles/postgres-container/handlers/main.yml diff --git a/roles/connect-postgres/meta/main.yml b/roles/postgres-container/meta/main.yml similarity index 100% rename from roles/connect-postgres/meta/main.yml rename to roles/postgres-container/meta/main.yml diff --git a/roles/connect-postgres/tasks/main.yml b/roles/postgres-container/tasks/main.yml similarity index 63% rename from roles/connect-postgres/tasks/main.yml rename to roles/postgres-container/tasks/main.yml index cd7a658..03bf25a 100644 --- a/roles/connect-postgres/tasks/main.yml +++ b/roles/postgres-container/tasks/main.yml @@ -16,56 +16,56 @@ when: - send_status_messages -- name: "Check if {{ connect_postgres_service_name }}/docker-compose.yml exists" +- name: "Check if {{ postgres_id }}/docker-compose.yml exists" stat: - path: '{{ service_base_path }}/{{ connect_postgres_service_name }}/docker-compose.yml' + path: '{{ service_base_path }}/{{ postgres_id }}/docker-compose.yml' register: check_docker_compose_file tags: - update_deployment -- name: "Stop {{ connect_postgres_service_name }}" +- name: "Stop {{ postgres_id }}" shell: docker-compose down args: - chdir: '{{ service_base_path }}/{{ connect_postgres_service_name }}' + chdir: '{{ service_base_path }}/{{ postgres_id }}' when: check_docker_compose_file.stat.exists ignore_errors: yes tags: - update_deployment -- name: "Deploy docker templates for {{ connect_postgres_service_name }}" +- name: "Deploy docker templates for {{ postgres_id }}" include_role: name: _deploy tasks_from: templates vars: current_config: "_docker" current_base_path: "{{ service_base_path }}" - current_destination: "{{ connect_postgres_service_name }}" + current_destination: "{{ postgres_id }}" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" - current_docker: "{{ connect_docker }}" + current_docker: "{{ postgres_docker }}" -- name: "Deploy service templates for {{ connect_postgres_service_name }}" +- name: "Deploy service templates for {{ postgres_id }}" include_role: name: _deploy tasks_from: templates vars: current_config: "connect" current_base_path: "{{ service_base_path }}" - current_destination: "{{ connect_postgres_service_name }}" + current_destination: "{{ postgres_id }}" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" -- name: "Update {{ connect_postgres_service_name }}" +- name: "Update {{ postgres_id }}" shell: docker-compose pull args: - chdir: '{{ service_base_path }}/{{ connect_postgres_service_name }}' + chdir: '{{ service_base_path }}/{{ postgres_id }}' tags: - update_deployment -- name: "Start {{ connect_postgres_service_name }}" +- name: "Start {{ postgres_id }}" shell: docker-compose up -d args: - chdir: '{{ service_base_path }}/{{ connect_postgres_service_name }}' + chdir: '{{ service_base_path }}/{{ postgres_id }}' tags: - update_deployment diff --git a/roles/postgres-container/vars/main.yml b/roles/postgres-container/vars/main.yml new file mode 100644 index 0000000..5cc6abb --- /dev/null +++ b/roles/postgres-container/vars/main.yml @@ -0,0 +1,36 @@ +--- + +postgres_id: "{{ service_name }}-postgres_{{ cluster_service }}" + +postgres_docker: { + networks: [ + { + name: back-tier, + external: true, + } + ], + volumes: [ + { + name: "{{ postgres_id }}-data" + } + ], + services: [ + { + name: "{{ postgres_id }}", + image_name: "{{ postgres_image_name }}", + image_version: "{{ postgres_image_version }}", + environment: [ + "POSTGRES_DB: \"{{ hostvars[inventory_hostname][cluster_service + '_postgres_database'] | default('postgres') }}\"", + "POSTGRES_USER: \"{{ hostvars[inventory_hostname][cluster_service + '_postgres_admin_username'] | default('postgres-admin') }}\"", + "POSTGRES_PASSWORD: \"{{ hostvars[inventory_hostname][cluster_service + '_postgres_admin_password'] | default('postgres-admin') }}\"", + ], + volumes: [ + '"{{ postgres_id }}-data:/var/lib/postgresql/data"', + ], + networks: [ + '"back-tier"', + ], + ports: "{{ postgres_ports | default([]) }}", + }, + ], +} diff --git a/roles/wordpress/defaults/main.yml b/roles/wordpress/defaults/main.yml new file mode 100644 index 0000000..823281b --- /dev/null +++ b/roles/wordpress/defaults/main.yml @@ -0,0 +1,10 @@ +--- + +wordpress_image_name: "wordpress" +wordpress_image_version: '5.7.2' + +wordpress_mysql_image_name: "mysql" +wordpress_mysql_image_version: "8.0.22" + +wordpress_admin_username: "wordpress-admin" +wordpress_admin_password: "wordpress-admin" diff --git a/roles/wordpress/handlers/main.yml b/roles/wordpress/handlers/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/wordpress/handlers/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/wordpress/meta/main.yml b/roles/wordpress/meta/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/wordpress/meta/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml new file mode 100644 index 0000000..f3f7045 --- /dev/null +++ b/roles/wordpress/tasks/main.yml @@ -0,0 +1,108 @@ +--- + +### tags: +### update_deployment + +- name: "Send mattermost message" + uri: + url: "{{ mattermost_hook_smardigo }}" + method: POST + body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}" + body_format: json + headers: + Content-Type: "application/json" + delegate_to: 127.0.0.1 + become: false + when: + - send_status_messages + +- name: "Setup DNS configuration for {{ wordpress_id }}" + include_role: + name: _digitalocean + tasks_from: domain + vars: + record_data: "{{ stage_server_ip }}" + record_name: "{{ service_name }}" + +- name: "Check if {{ wordpress_id }}/docker-compose.yml exists" + stat: + path: '{{ service_base_path }}/{{ wordpress_id }}/docker-compose.yml' + register: check_docker_compose_file + tags: + - update_deployment + +- name: "Stop {{ wordpress_id }}" + shell: docker-compose down + args: + chdir: '{{ service_base_path }}/{{ wordpress_id }}' + when: check_docker_compose_file.stat.exists + ignore_errors: yes + tags: + - update_deployment + +- name: "Deploy docker templates for {{ wordpress_id }}" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "_docker" + current_base_path: "{{ service_base_path }}" + current_destination: "{{ wordpress_id }}" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + current_docker: "{{ wordpress_docker }}" + +- name: "Deploy service templates for {{ wordpress_id }}" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "wordpress" + current_base_path: "{{ service_base_path }}" + current_destination: "{{ wordpress_id }}" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + +- name: "Update {{ wordpress_id }}" + shell: docker-compose pull + args: + chdir: '{{ service_base_path }}/{{ wordpress_id }}' + tags: + - update_deployment + +- name: "Start {{ wordpress_id }}" + shell: docker-compose up -d + args: + chdir: '{{ service_base_path }}/{{ wordpress_id }}' + tags: + - update_deployment + +- name: "Update landing page entries for {{ wordpress_id }}" + include_role: + name: _deploy + tasks_from: caddy_landing_page + vars: + current_services: [ + { + current_name: "{{ wordpress_id }}", + current_url: "{{ http_s }}://{{ wordpress_id }}.{{ domain }}", + current_version: "{{ wordpress_image_version }}", + current_date: "{{ ansible_date_time.iso8601 }}", + management: "{{ http_s }}://{{ wordpress_id }}.{{ domain }}:{{ monitor_port_service }}/management", + }, + ] + tags: + - update_deployment + +- name: "Send mattermost messsge" + uri: + url: "{{ mattermost_hook_smardigo }}" + method: POST + body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}" + body_format: json + headers: + Content-Type: "application/json" + delegate_to: 127.0.0.1 + become: false + when: + - send_status_messages diff --git a/roles/wordpress/vars/main.yml b/roles/wordpress/vars/main.yml new file mode 100644 index 0000000..e1b0fec --- /dev/null +++ b/roles/wordpress/vars/main.yml @@ -0,0 +1,88 @@ +--- + +wordpress_id: "{{ service_name }}-wordpress" +wordpress_mysql_id: "{{ service_name }}-mysql_wordpress" + +wordpress_labels: [ + '"traefik.enable=true"', + '"traefik.http.routers.{{ wordpress_id }}.service={{ wordpress_id }}"', + '"traefik.http.routers.{{ wordpress_id }}.rule=Host(`{{ stage_server_url_host }}`)"', + '"traefik.http.routers.{{ wordpress_id }}.entrypoints=websecure"', + '"traefik.http.routers.{{ wordpress_id }}.tls=true"', + '"traefik.http.routers.{{ wordpress_id }}.tls.certresolver=letsencrypt"', + '"traefik.http.services.{{ wordpress_id }}.loadbalancer.server.port=80"', +] + +wordpress_docker: { + networks: [ + { + name: back-tier, + external: true, + }, + { + name: front-tier, + external: true, + }, + ], + volumes: [ + { + name: "{{ wordpress_id }}-content" + }, + { + name: "{{ wordpress_mysql_id }}-data" + } + ], + services: [ + { + name: "{{ wordpress_id }}", + image_name: "{{ wordpress_image_name }}", + image_version: "{{ wordpress_image_version }}", + labels: "{{ wordpress_labels + ( wordpress_labels_additional | default([])) }}", + environment: [ + "WORDPRESS_DB_HOST: \"{{ wordpress_mysql_id }}:{{ service_port_mysql }}\"", + "WORDPRESS_DB_USER: \"{{ wordpress_mysql_username }}\"", + "WORDPRESS_DB_PASSWORD: \"{{ wordpress_mysql_password }}\"", + "WORDPRESS_DB_NAME: \"{{ wordpress_mysql_database }}\"", + "WORDPRESS_DEBUG: \"{{ wordpress_debug | default(1) }}\"", + "WORDPRESS_DOMAIN: \"{{ wordpress_domain_external }}\"", + "WORDPRESS_CONFIG_EXTRA: |", + " define( 'WP_HOME', 'https://dev-sken-test04-01.smardigo.digital' );", + " define( 'WP_SITEURL', 'https://dev-sken-test04-01.smardigo.digital' );", + "AUTH_API: \"{{ http_s }}://{{ shared_service_keycloak_hostname }}\"", + "RESOURCE_API: \"{{ http_s }}://{{ stage_server_url_host }}\"", + "REALM_ID: \"{{ current_realm_name }}\"", + "REGISTRATION_ID: \"{{ wordpress_oidc_client_id }}\"", + "CLIENT_ID: \"{{ wordpress_oidc_client_id }}\"", + "CLIENT_SECRET: \"{{ wordpress_oidc_client_secret }}\"", + "CLIENT_USERNAME: \"{{ wordpress_buergerportal_username }}\"", + "CLIENT_PASSWORD: \"{{ wordpress_buergerportal_password }}\"", + ], + volumes: [ + '"{{ wordpress_id }}-content:/var/www/html/wp-content"', + ], + networks: [ + '"back-tier"', + '"front-tier"', + ], + extra_hosts: "{{ wordpress_extra_hosts | default([]) }}", + }, + { + name: "{{ wordpress_mysql_id }}", + image_name: "{{ wordpress_mysql_image_name }}", + image_version: "{{ wordpress_mysql_image_version }}", + environment: [ + "MYSQL_ROOT_PASSWORD: \"{{ wordpress_mysql_root_password }}\"", + "MYSQL_DATABASE: \"{{ wordpress_mysql_database }}\"", + "MYSQL_USER: \"{{ wordpress_mysql_username }}\"", + "MYSQL_PASSWORD: \"{{ wordpress_mysql_password }}\"", + ], + volumes: [ + '"{{ wordpress_mysql_id }}-data:/var/lib/mysql"', + ], + networks: [ + '"back-tier"', + ], + ports: "{{ wordpress_mysql_ports | default([]) }}", + }, + ], +} \ No newline at end of file diff --git a/templates/wordpress/data/plugins/index.php b/templates/wordpress/data/plugins/index.php new file mode 100644 index 0000000..6220032 --- /dev/null +++ b/templates/wordpress/data/plugins/index.php @@ -0,0 +1,2 @@ +