feat: provisioning playbook with dynamic inventory (wip)

5 years ago · 7b290611e7
parent b27511ea53
commit 7b290611e7
11 changed files with 128 additions and 42 deletions
--- a/dynamic-provisioning.yml
+++ b/dynamic-provisioning.yml
@ -76,7 +76,7 @@
 - hosts: "stage_{{ stage }}"
  serial: "{{ serial_number | default(1) }}"
-  remote_user: root
+  gather_facts: false
  pre_tasks:
    - name: "Gather current server infos"
--- a/group_vars/connect/play.yml
+++ b/group_vars/connect/play.yml
@ -0,0 +1,9 @@
 ---
 service: "connect"
 connect_jwt_enabled: true
 connect_jwt_secret: 908ae14462d049d3be84964ef379c7c6
 #connect_csrf_token_name: "< see vault >"
 #connect_csrf_token_value: "< see vault >"
--- a/group_vars/connect/vault.yml
+++ b/group_vars/connect/vault.yml
@ -0,0 +1,12 @@
 $ANSIBLE_VAULT;1.1;AES256
 35343338393434626631656438613164383339323831393664363466326561346661393934323933
 3134353738386564613330666632353738346566326664360a343538336665363532323430616533
 30653239663863653862633065373133363666613564333062663833643733663563636265383366
 3864346266366137610a366662643934643437306564633366363634666639353866616363396134
 37626530303530383562626661333833623131643939326466353637643534336162353065643565
 65333463393762663732333831663638366666353935353361633434633062386362396463366462
 30616263653932396231383239663437656664316139326437363939393764373166646531623462
 33356636663233653431623031306264303964616631646335393535643330323636393563333462
 64313264323435663664383730303332316436626430383062323633313936626235646435653135
 36343064373330323031633138336235656662643962643737353431646564643633323637633633
 363364333532656161363761313436616364
--- a/group_vars/dynamic_connect.yml
+++ b/group_vars/dynamic_connect.yml
@ -1,13 +1,14 @@
 ---
-hetzner_server_labels: "stage={{ stage }} service=connect"
+hetzner_server_type: cx21
 hetzner_server_labels: "stage={{ stage }} service={{ service }}"
 # TODO create realm/client for tenant and service
 connect_auth_module: oidc
 connect_oidc_client_id: connect-01
 connect_oidc_client_secret: 9e234965-1041-4653-8a0e-db964c04bc26
 connect_oidc_registration_id: connect-01
 connect_oidc_issuer_uri: https://{{ keycloak_hostname }}/auth/realms/smardigo-01
 connect_password_change_url: https://{{ keycloak_hostname }}/auth/realms/smardigo-01/account/password
 connect_iam_user_management_url: https://{{ keycloak_hostname }}/auth/admin/smardigo-01/console
--- a/host_vars/dev-ansible-01.yml
+++ b/host_vars/dev-ansible-01.yml
@ -0,0 +1,5 @@
 ---
 hetzner_server_labels: "stage={{ stage }} service=ansible"
 hetzner_server_type: cx31
--- a/host_vars/dev-sken-01.yml
+++ b/host_vars/dev-sken-01.yml
@ -0,0 +1,20 @@
 ---
 #############################################################################
 ### only for testing purposes -> copy of dynamic_connect
 #############################################################################
 hetzner_server_type: cx21
 hetzner_server_labels: "stage={{ stage }} service={{ service }}"
 # TODO create realm/client for tenant and service
 connect_auth_module: oidc
 connect_oidc_client_id: connect-01
 connect_oidc_client_secret: 9e234965-1041-4653-8a0e-db964c04bc26
 connect_oidc_registration_id: connect-01
 connect_oidc_issuer_uri: https://{{ keycloak_hostname }}/auth/realms/smardigo-01
 connect_password_change_url: https://{{ keycloak_hostname }}/auth/realms/smardigo-01/account/password
 connect_iam_user_management_url: https://{{ keycloak_hostname }}/auth/admin/smardigo-01/console
 spring_profiles_include_suffix: ",{{ inventory_hostname }}"
 ribbon_display_on_active_profiles: "{{ inventory_hostname }}"
--- a/host_vars/dev-sken-02.yml
+++ b/host_vars/dev-sken-02.yml
@ -0,0 +1,20 @@
 ---
 #############################################################################
 ### only for testing purposes -> copy of dynamic_connect
 #############################################################################
 hetzner_server_type: cx21
 hetzner_server_labels: "stage={{ stage }} service={{ service }}"
 # TODO create realm/client for tenant and service
 connect_auth_module: oidc
 connect_oidc_client_id: connect-01
 connect_oidc_client_secret: 9e234965-1041-4653-8a0e-db964c04bc26
 connect_oidc_registration_id: connect-01
 connect_oidc_issuer_uri: https://{{ keycloak_hostname }}/auth/realms/smardigo-01
 connect_password_change_url: https://{{ keycloak_hostname }}/auth/realms/smardigo-01/account/password
 connect_iam_user_management_url: https://{{ keycloak_hostname }}/auth/admin/smardigo-01/console
 spring_profiles_include_suffix: ",{{ inventory_hostname }}"
 ribbon_display_on_active_profiles: "{{ inventory_hostname }}"
--- a/roles/_docker/tasks/networks.yml
+++ b/roles/_docker/tasks/networks.yml
@ -3,6 +3,7 @@
 - name: "Register variable for docker networks"
  shell: docker network ls
  register: docker_networks
  changed_when: false
 - name: "Docker network create back-tier"
  shell: docker network create back-tier
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -49,6 +49,7 @@
 - name: "Read current users"
  shell: "getent passwd | awk -F: '$3 > 999 {print $1}'"
  register: current_users
  changed_when: false
  tags:
    - users
--- a/roles/connect/vars/main.yml
+++ b/roles/connect/vars/main.yml
@ -30,36 +30,14 @@ connect_labels: [
  '"traefik.http.routers.{{ connect_id }}-monitor.tls.certresolver=letsencrypt"',
 ]
-connect_docker: {
+connect_environment: [
  networks: [
    {
      name: back-tier,
      external: true,
    },
    {
      name: front-tier,
      external: true,
    },
  ],
  volumes: [
    {
      name: "{{ connect_postgres_id }}-data"
    }
  ],
  services: [
    {
      name: "{{ connect_id }}",
      image_name: "{{ connect_image_name }}",
      image_version: "{{ connect_version }}",
      labels: "{{ connect_labels + ( connect_labels_additional | default([])) }}",
      restart: "{{ connect_service_restart | default('always') }}",
      environment: [
  "ADMIN_LOGIN: \"{{ connect_admin_username }}\"",
  "ADMIN_PASSWORD: \"{{ connect_admin_password }}\"",
  "DATASOURCE_URL: \"jdbc:postgresql://{{ connect_postgres_id }}:{{ service_port_postgres }}/{{ connect_postgres_database }}\"",
  "DATASOURCE_USERNAME: \"{{ connect_postgres_admin_username }}\"",
  "DATASOURCE_PASSWORD: \"{{ connect_postgres_admin_password }}\"",
  "FILE_WHITELIST_URL: \"{{ connect_whitelist_url | default('') }}\"",
  "MAIL_PROTOCOL: \"{{ connect_mail_protocol | default('smtp') }}\"",
  "MAIL_HOST: \"{{ connect_mail_host | default('smtp.tolina.local') }}\"",
@ -84,14 +62,45 @@ connect_docker: {
  "IAM_CLIENT_ENABLED: \"{{ smardigo_iam_client_enabled | default('false') }}\"",
  "EXTERNAL_IAM_SERVER_URL: \"{{ smardigo_iam_client_server_url | default('') }}\"",
-        "SMA_API_TOKEN_SECRET: \"{{ connect_api_token_secret | default('') }}\"",
+  "SPRING_PROFILES_INCLUDE: \"{{ spring_profiles_include | default('swagger') }}\"",
  "RIBBON_DISPLAY_ON_ACTIVE_PROFILES: \"{{ ribbon_display_on_active_profiles | default('dev') }}\"",
  "SMA_JWT_ENABLED: \"{{ connect_jwt_enabled | default('false') }}\"",
  "SMA_JWT_SECRET: \"{{ connect_jwt_secret | default('') }}\"",
  "SMA_CSRF_TOKEN_NAME: \"{{ connect_csrf_token_name | default('') }}\"",
  "SMA_CSRF_TOKEN_VALUE: \"{{ connect_csrf_token_value | default('') }}\"",
-        "SPRING_PROFILES_INCLUDE: \"{{ spring_profiles_include | default('swagger') }}\"",
+  "ELASTIC_HOST: \"{{ connect_elastic_host | default('') }}\"",
-        "RIBBON_DISPLAY_ON_ACTIVE_PROFILES: \"{{ ribbon_display_on_active_profiles | default('dev') }}\"",
+  "ELASTIC_USERNAME: \"{{ connect_elastic_username | default('') }}\"",
  "ELASTIC_PASSWORD:  \"{{ connect_elastic_password | default('') }}\"",
  "SEARCH_ELASTIC_INDEX:  \"{{ connect_elastic_index | default('') }}\"",
  "ANALYSIS_ELASTIC_INDEX:  \"{{ connect_elastic_analysis_index | default('') }}\"",
 ]
 connect_docker: {
  networks: [
    {
      name: back-tier,
      external: true,
    },
    {
      name: front-tier,
      external: true,
    },
  ],
  volumes: [
    {
      name: "{{ connect_postgres_id }}-data"
    }
  ],
  services: [
    {
      name: "{{ connect_id }}",
      image_name: "{{ connect_image_name }}",
      image_version: "{{ connect_version }}",
      labels: "{{ connect_labels + ( connect_labels_additional | default([])) }}",
      restart: "{{ connect_service_restart | default('always') }}",
      environment: "{{ connect_environment + ( connect_environment_additional | default([])) }}",
      networks: [
        '"back-tier"',
        '"front-tier"',
--- a/8
+++ b/8
@ -1,3 +1,6 @@
 [ansible]
 dev-ansible-01
 [connect]
 # <stage>-<tenant>-<name>-<node>
 dev-management-smardigo-01
@ -5,6 +8,10 @@ dev-connect-01
 dev-connect-02
 dev-connect-03
 # only for testing purposes -> dynamic-provisioning
 dev-sken-01
 dev-sken-02
 [harbor]
 dev-docker-registry-01
@ -23,6 +30,7 @@ dev-mail-01
 dev-prometheus-01
 [stage_dev:children]
 ansible
 connect
 elastic
 harbor