feat: provisioning playbook with dynamic inventory (wip)

dynamic-provisioning.yml

@@ -76,7 +76,7 @@
 
 - hosts: "stage_{{ stage }}"
   serial: "{{ serial_number | default(1) }}"
-  remote_user: root
+  gather_facts: false
 
   pre_tasks:
     - name: "Gather current server infos"

group_vars/connect/play.yml

@@ -0,0 +1,9 @@
+---
+
+service: "connect"
+
+connect_jwt_enabled: true
+connect_jwt_secret: 908ae14462d049d3be84964ef379c7c6
+
+#connect_csrf_token_name: "< see vault >"
+#connect_csrf_token_value: "< see vault >"

group_vars/connect/vault.yml

@@ -0,0 +1,12 @@
+$ANSIBLE_VAULT;1.1;AES256
+35343338393434626631656438613164383339323831393664363466326561346661393934323933
+3134353738386564613330666632353738346566326664360a343538336665363532323430616533
+30653239663863653862633065373133363666613564333062663833643733663563636265383366
+3864346266366137610a366662643934643437306564633366363634666639353866616363396134
+37626530303530383562626661333833623131643939326466353637643534336162353065643565
+65333463393762663732333831663638366666353935353361633434633062386362396463366462
+30616263653932396231383239663437656664316139326437363939393764373166646531623462
+33356636663233653431623031306264303964616631646335393535643330323636393563333462
+64313264323435663664383730303332316436626430383062323633313936626235646435653135
+36343064373330323031633138336235656662643962643737353431646564643633323637633633
+363364333532656161363761313436616364

group_vars/dynamic_connect.yml

@@ -1,13 +1,14 @@
 ---
 
-hetzner_server_labels: "stage={{ stage }} service=connect"
+hetzner_server_type: cx21
+hetzner_server_labels: "stage={{ stage }} service={{ service }}"
 
+# TODO create realm/client for tenant and service
 connect_auth_module: oidc
 connect_oidc_client_id: connect-01
 connect_oidc_client_secret: 9e234965-1041-4653-8a0e-db964c04bc26
 connect_oidc_registration_id: connect-01
 connect_oidc_issuer_uri: https://{{ keycloak_hostname }}/auth/realms/smardigo-01
-
 connect_password_change_url: https://{{ keycloak_hostname }}/auth/realms/smardigo-01/account/password
 connect_iam_user_management_url: https://{{ keycloak_hostname }}/auth/admin/smardigo-01/console
 

host_vars/dev-ansible-01.yml

@@ -0,0 +1,5 @@
+---
+
+hetzner_server_labels: "stage={{ stage }} service=ansible"
+
+hetzner_server_type: cx31

host_vars/dev-sken-01.yml

@@ -0,0 +1,20 @@
+---
+
+#############################################################################
+### only for testing purposes -> copy of dynamic_connect
+#############################################################################
+
+hetzner_server_type: cx21
+hetzner_server_labels: "stage={{ stage }} service={{ service }}"
+
+# TODO create realm/client for tenant and service
+connect_auth_module: oidc
+connect_oidc_client_id: connect-01
+connect_oidc_client_secret: 9e234965-1041-4653-8a0e-db964c04bc26
+connect_oidc_registration_id: connect-01
+connect_oidc_issuer_uri: https://{{ keycloak_hostname }}/auth/realms/smardigo-01
+connect_password_change_url: https://{{ keycloak_hostname }}/auth/realms/smardigo-01/account/password
+connect_iam_user_management_url: https://{{ keycloak_hostname }}/auth/admin/smardigo-01/console
+
+spring_profiles_include_suffix: ",{{ inventory_hostname }}"
+ribbon_display_on_active_profiles: "{{ inventory_hostname }}"

host_vars/dev-sken-02.yml

@@ -0,0 +1,20 @@
+---
+
+#############################################################################
+### only for testing purposes -> copy of dynamic_connect
+#############################################################################
+
+hetzner_server_type: cx21
+hetzner_server_labels: "stage={{ stage }} service={{ service }}"
+
+# TODO create realm/client for tenant and service
+connect_auth_module: oidc
+connect_oidc_client_id: connect-01
+connect_oidc_client_secret: 9e234965-1041-4653-8a0e-db964c04bc26
+connect_oidc_registration_id: connect-01
+connect_oidc_issuer_uri: https://{{ keycloak_hostname }}/auth/realms/smardigo-01
+connect_password_change_url: https://{{ keycloak_hostname }}/auth/realms/smardigo-01/account/password
+connect_iam_user_management_url: https://{{ keycloak_hostname }}/auth/admin/smardigo-01/console
+
+spring_profiles_include_suffix: ",{{ inventory_hostname }}"
+ribbon_display_on_active_profiles: "{{ inventory_hostname }}"

roles/_docker/tasks/networks.yml

@@ -3,6 +3,7 @@
 - name: "Register variable for docker networks"
   shell: docker network ls
   register: docker_networks
+  changed_when: false
 
 - name: "Docker network create back-tier"
   shell: docker network create back-tier

roles/common/tasks/main.yml

@@ -49,6 +49,7 @@
 - name: "Read current users"
   shell: "getent passwd | awk -F: '$3 > 999 {print $1}'"
   register: current_users
+  changed_when: false
   tags:
     - users
 

roles/connect/vars/main.yml

@@ -30,6 +30,53 @@ connect_labels: [
   '"traefik.http.routers.{{ connect_id }}-monitor.tls.certresolver=letsencrypt"',
 ]
 
+connect_environment: [
+  "ADMIN_LOGIN: \"{{ connect_admin_username }}\"",
+  "ADMIN_PASSWORD: \"{{ connect_admin_password }}\"",
+
+  "DATASOURCE_URL: \"jdbc:postgresql://{{ connect_postgres_id }}:{{ service_port_postgres }}/{{ connect_postgres_database }}\"",
+  "DATASOURCE_USERNAME: \"{{ connect_postgres_admin_username }}\"",
+  "DATASOURCE_PASSWORD: \"{{ connect_postgres_admin_password }}\"",
+  "FILE_WHITELIST_URL: \"{{ connect_whitelist_url | default('') }}\"",
+
+  "MAIL_PROTOCOL: \"{{ connect_mail_protocol | default('smtp') }}\"",
+  "MAIL_HOST: \"{{ connect_mail_host | default('smtp.tolina.local') }}\"",
+  "MAIL_PORT: \"{{ connect_mail_port | default('25') }}\"",
+  "MAIL_USER: \"{{ connect_mail_user | default('') }}\"",
+  "MAIL_PASSWORD: \"{{ connect_mail_password | default('') }}\"",
+  "MAIL_PROPERTIES_SIMULATION: \"{{ connect_mail_properties_simulation | default('true') }}\"",
+  "MAIL_PROPERTIES_BASE_URL: \"{{ connect_mail_properties_base_url }}\"",
+  "MAIL_PROPERTIES_BASE_URL_EXTERN: \"{{ connect_mail_properties_base_url_extern }}\"",
+  "MAIL_PROPERTIES_SENDER: \"{{ connect_mail_properties_sender | default('noreply-connect@arxes-tolina.de') }}\"",
+  "MAIL_PROPERTIES_SENDER_ALIAS: \"{{ connect_mail_properties_sender_alias | default('noreply-connect') }}\"",
+
+  "AUTH_MODULE: \"{{ connect_auth_module | default('preauth') }}\"",
+  "OIDC_CLIENT_ID: \"{{ connect_oidc_client_id | default('oidc_config_not_found') }}\"",
+  "OIDC_CLIENT_SECRET: \"{{ connect_oidc_client_secret | default('oidc_config_not_found') }}\"",
+  "OIDC_REGISTRATION_ID: \"{{ connect_oidc_registration_id | default('oidc_config_not_found') }}\"",
+  "OIDC_ISSUER_URI: \"{{ connect_oidc_issuer_uri | default('oidc_config_not_found') }}\"",
+  "PASSWORD_CHANGE_URL: \"{{ connect_password_change_url | default('') }}\"",
+  "USER_MANAGEMENT_URL: \"{{ connect_iam_user_management_url | default('') }}\"",
+
+  "IAM_MODULE: \"{{ connect_iam_module | default('embedded') }}\"",
+  "IAM_CLIENT_ENABLED: \"{{ smardigo_iam_client_enabled | default('false') }}\"",
+  "EXTERNAL_IAM_SERVER_URL: \"{{ smardigo_iam_client_server_url | default('') }}\"",
+
+  "SPRING_PROFILES_INCLUDE: \"{{ spring_profiles_include | default('swagger') }}\"",
+  "RIBBON_DISPLAY_ON_ACTIVE_PROFILES: \"{{ ribbon_display_on_active_profiles | default('dev') }}\"",
+
+  "SMA_JWT_ENABLED: \"{{ connect_jwt_enabled | default('false') }}\"",
+  "SMA_JWT_SECRET: \"{{ connect_jwt_secret | default('') }}\"",
+  "SMA_CSRF_TOKEN_NAME: \"{{ connect_csrf_token_name | default('') }}\"",
+  "SMA_CSRF_TOKEN_VALUE: \"{{ connect_csrf_token_value | default('') }}\"",
+
+  "ELASTIC_HOST: \"{{ connect_elastic_host | default('') }}\"",
+  "ELASTIC_USERNAME: \"{{ connect_elastic_username | default('') }}\"",
+  "ELASTIC_PASSWORD:  \"{{ connect_elastic_password | default('') }}\"",
+  "SEARCH_ELASTIC_INDEX:  \"{{ connect_elastic_index | default('') }}\"",
+  "ANALYSIS_ELASTIC_INDEX:  \"{{ connect_elastic_analysis_index | default('') }}\"",
+]
+
 connect_docker: {
   networks: [
     {
@@ -53,45 +100,7 @@ connect_docker: {
       image_version: "{{ connect_version }}",
       labels: "{{ connect_labels + ( connect_labels_additional | default([])) }}",
       restart: "{{ connect_service_restart | default('always') }}",
-      environment: [
+      environment: "{{ connect_environment + ( connect_environment_additional | default([])) }}",
-        "ADMIN_LOGIN: \"{{ connect_admin_username }}\"",
-        "ADMIN_PASSWORD: \"{{ connect_admin_password }}\"",
-
-        "DATASOURCE_URL: \"jdbc:postgresql://{{ connect_postgres_id }}:{{ service_port_postgres }}/{{ connect_postgres_database }}\"",
-        "DATASOURCE_USERNAME: \"{{ connect_postgres_admin_username }}\"",
-        "DATASOURCE_PASSWORD: \"{{ connect_postgres_admin_password }}\"",
-
-        "MAIL_PROTOCOL: \"{{ connect_mail_protocol | default('smtp') }}\"",
-        "MAIL_HOST: \"{{ connect_mail_host | default('smtp.tolina.local') }}\"",
-        "MAIL_PORT: \"{{ connect_mail_port | default('25') }}\"",
-        "MAIL_USER: \"{{ connect_mail_user | default('') }}\"",
-        "MAIL_PASSWORD: \"{{ connect_mail_password | default('') }}\"",
-        "MAIL_PROPERTIES_SIMULATION: \"{{ connect_mail_properties_simulation | default('true') }}\"",
-        "MAIL_PROPERTIES_BASE_URL: \"{{ connect_mail_properties_base_url }}\"",
-        "MAIL_PROPERTIES_BASE_URL_EXTERN: \"{{ connect_mail_properties_base_url_extern }}\"",
-        "MAIL_PROPERTIES_SENDER: \"{{ connect_mail_properties_sender | default('noreply-connect@arxes-tolina.de') }}\"",
-        "MAIL_PROPERTIES_SENDER_ALIAS: \"{{ connect_mail_properties_sender_alias | default('noreply-connect') }}\"",
-
-        "AUTH_MODULE: \"{{ connect_auth_module | default('preauth') }}\"",
-        "OIDC_CLIENT_ID: \"{{ connect_oidc_client_id | default('oidc_config_not_found') }}\"",
-        "OIDC_CLIENT_SECRET: \"{{ connect_oidc_client_secret | default('oidc_config_not_found') }}\"",
-        "OIDC_REGISTRATION_ID: \"{{ connect_oidc_registration_id | default('oidc_config_not_found') }}\"",
-        "OIDC_ISSUER_URI: \"{{ connect_oidc_issuer_uri | default('oidc_config_not_found') }}\"",
-        "PASSWORD_CHANGE_URL: \"{{ connect_password_change_url | default('') }}\"",
-        "USER_MANAGEMENT_URL: \"{{ connect_iam_user_management_url | default('') }}\"",
-
-        "IAM_MODULE: \"{{ connect_iam_module | default('embedded') }}\"",
-        "IAM_CLIENT_ENABLED: \"{{ smardigo_iam_client_enabled | default('false') }}\"",
-        "EXTERNAL_IAM_SERVER_URL: \"{{ smardigo_iam_client_server_url | default('') }}\"",
-
-        "SMA_API_TOKEN_SECRET: \"{{ connect_api_token_secret | default('') }}\"",
-
-        "SMA_CSRF_TOKEN_NAME: \"{{ connect_csrf_token_name | default('') }}\"",
-        "SMA_CSRF_TOKEN_VALUE: \"{{ connect_csrf_token_value | default('') }}\"",
-
-        "SPRING_PROFILES_INCLUDE: \"{{ spring_profiles_include | default('swagger') }}\"",
-        "RIBBON_DISPLAY_ON_ACTIVE_PROFILES: \"{{ ribbon_display_on_active_profiles | default('dev') }}\"",
-      ],
       networks: [
         '"back-tier"',
         '"front-tier"',

stage-dev

@@ -1,3 +1,6 @@
+[ansible]
+dev-ansible-01
+
 [connect]
 # <stage>-<tenant>-<name>-<node>
 dev-management-smardigo-01
@@ -5,6 +8,10 @@ dev-connect-01
 dev-connect-02
 dev-connect-03
 
+# only for testing purposes -> dynamic-provisioning
+dev-sken-01
+dev-sken-02
+
 [harbor]
 dev-docker-registry-01
 
@@ -23,6 +30,7 @@ dev-mail-01
 dev-prometheus-01
 
 [stage_dev:children]
+ansible
 connect
 elastic
 harbor