From 7f4b3384777fee049f5fa9e7c303d50175bc5a8e Mon Sep 17 00:00:00 2001 From: Sven Ketelsen Date: Fri, 27 Aug 2021 15:31:20 +0200 Subject: [PATCH] SMARCH-89: feat: added setup for connect wordpress with database dump --- create-db-import.yml | 77 +++++++++++++++++++ create-service.yml | 6 +- group_vars/all/plain.yml | 3 + group_vars/connect_wordpress/plain.yml | 45 +++++++++++ group_vars/maria/plain.yml | 6 +- group_vars/wordpress/plain.yml | 40 ---------- .../connect-wordpress-maria/defaults/main.yml | 3 +- roles/connect-wordpress-maria/tasks/main.yml | 2 +- roles/connect-wordpress/defaults/main.yml | 3 + .../handlers/main.yml | 0 .../meta/main.yml | 0 .../tasks/main.yml | 2 +- .../vars/main.yml | 49 ++++-------- roles/import-maria-database/defaults/main.yml | 3 + roles/import-maria-database/handlers/main.yml | 1 + roles/import-maria-database/meta/main.yml | 1 + roles/import-maria-database/tasks/main.yml | 42 ++++++++++ roles/import-maria-database/vars/main.yml | 2 + roles/upload-local-file/defaults/main.yml | 3 + roles/upload-local-file/handlers/main.yml | 1 + roles/upload-local-file/meta/main.yml | 1 + roles/upload-local-file/tasks/main.yml | 33 ++++++++ roles/upload-local-file/vars/main.yml | 2 + roles/wordpress/defaults/main.yml | 10 --- 24 files changed, 243 insertions(+), 92 deletions(-) create mode 100644 create-db-import.yml delete mode 100644 group_vars/wordpress/plain.yml create mode 100644 roles/connect-wordpress/defaults/main.yml rename roles/{wordpress => connect-wordpress}/handlers/main.yml (100%) rename roles/{wordpress => connect-wordpress}/meta/main.yml (100%) rename roles/{wordpress => connect-wordpress}/tasks/main.yml (98%) rename roles/{wordpress => connect-wordpress}/vars/main.yml (55%) create mode 100644 roles/import-maria-database/defaults/main.yml create mode 100644 roles/import-maria-database/handlers/main.yml create mode 100644 roles/import-maria-database/meta/main.yml create mode 100644 roles/import-maria-database/tasks/main.yml create mode 100644 roles/import-maria-database/vars/main.yml create mode 100644 roles/upload-local-file/defaults/main.yml create mode 100644 roles/upload-local-file/handlers/main.yml create mode 100644 roles/upload-local-file/meta/main.yml create mode 100644 roles/upload-local-file/tasks/main.yml create mode 100644 roles/upload-local-file/vars/main.yml delete mode 100644 roles/wordpress/defaults/main.yml diff --git a/create-db-import.yml b/create-db-import.yml new file mode 100644 index 0000000..d76d622 --- /dev/null +++ b/create-db-import.yml @@ -0,0 +1,77 @@ +--- +# Example call: +# poetry run ansible-playbook create-db-import.yml --ask-vault-pass -e "cluster_name='maria' cluster_size='1' stage='dev' upload_file='dumps/import.sql' uploaded_file='import.sql' target_database=test01" + +# How this stuff works: +# If `upload_file` is defined the upload role save the binary to `upload_directory` (default /tmp) +# If `uploaded_file` and `target_database` are defined the import role imports from file basename `uploaded_file` to `target_database` +# If both role conditions match the upload role trigger first. + + +############################################################# +# Creating inventory dynamically for given parameters +############################################################# + +- hosts: localhost + connection: local + gather_facts: false + + pre_tasks: + - name: "Check if ansible version is at least 2.10.x" + assert: + that: + - ansible_version.major >= 2 + - ansible_version.minor >= 10 + msg: "The ansible version has to be at least ({{ ansible_version.full }})" + + tasks: + - name: Add hosts + add_host: + name: "{{ stage }}-{{ cluster_name }}-{{ '%02d' | format(item|int) }}" + groups: + - "stage_{{ stage }}" + - "upload_local_file" + - "import_maria_database" + with_sequence: start=1 end={{ cluster_size | default(1) }} + changed_when: False + + +############################################################# +# Setup services for created inventory +############################################################# + +- hosts: "stage_{{ stage }}" + serial: "{{ serial_number | default(1) }}" + remote_user: root + + pre_tasks: + - name: "Gathering current server infos from hetzner" + hcloud_server_info: + api_token: "{{ hetzner_authentication_token }}" + register: hetzner_server_infos + delegate_to: 127.0.0.1 + + - name: "Setting current server infos as fact: hetzner_server_infos_json" + set_fact: + hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}" + delegate_to: 127.0.0.1 + + - name: "Reading ip address for {{ inventory_hostname }}" + set_fact: + stage_server_ip: "{{ hetzner_server_infos_json | json_query(querystr) | first }}" + vars: + querystr: "[?name=='{{ inventory_hostname }}'].ipv4_address" + delegate_to: 127.0.0.1 + + - name: "Printing ip address for {{ inventory_hostname }}" + debug: + msg: "{{ stage_server_ip }}" + delegate_to: 127.0.0.1 + when: + - debug + + roles: + - role: upload-local-file + when: "'upload_local_file' in group_names and upload_file is defined" + - role: import-maria-database + when: "'import_maria_database' in group_names and target_database is defined and uploaded_file is defined" diff --git a/create-service.yml b/create-service.yml index de522a8..f6b0a2f 100644 --- a/create-service.yml +++ b/create-service.yml @@ -42,7 +42,7 @@ delegate_to: 127.0.0.1 - name: "Setting current server infos as fact: hetzner_server_infos_json" - set_fact: + set_fact: hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}" delegate_to: 127.0.0.1 @@ -63,8 +63,8 @@ roles: - role: connect when: "'connect' in group_names" - - role: wordpress - when: "'wordpress' in group_names" + - role: connect-wordpress + when: "'connect_wordpress' in group_names" ############################################################# # run provisioning against newly created inventory diff --git a/group_vars/all/plain.yml b/group_vars/all/plain.yml index 3c3bc22..87be667 100644 --- a/group_vars/all/plain.yml +++ b/group_vars/all/plain.yml @@ -144,3 +144,6 @@ hetzner_ssh_keys: #vault_ansible_password: "< see vault >" #vault_replicator_user_password: "< see vault >" + +mysql_root_username: "root" +mysql_root_password: "maria-admin" diff --git a/group_vars/connect_wordpress/plain.yml b/group_vars/connect_wordpress/plain.yml index f3c0e64..7bb3500 100644 --- a/group_vars/connect_wordpress/plain.yml +++ b/group_vars/connect_wordpress/plain.yml @@ -3,3 +3,48 @@ connect_wordpress_maria_database_name: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_{{ cluster_service }}" connect_wordpress_maria_username: "{{ connect_wordpress_maria_database_name }}" connect_wordpress_maria_password: "connect-wordpress-maria-admin" + +connect_wordpress_maria_host: "{{ shared_service_maria_hostname }}" +connect_wordpress_maria_database_name: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_{{ cluster_service }}" +connect_wordpress_maria_username: "{{ connect_wordpress_maria_database_name }}" +connect_wordpress_maria_password: "connect-wordpress-maria-admin" + +wordpress_domain_external: "https://{{ stage_server_url_host }}" +wordpress_client_id: "{{ cluster_name }}" +wordpress_buergerportal_username: "wordpress-admin" +wordpress_buergerportal_password: "wordpress-admin" + +current_realm_users: [ + { + "username": "{{ wordpress_buergerportal_username }}", + "password": "{{ wordpress_buergerportal_password }}", + } +] + +current_realm_clients: [ + { + clientId: "{{ wordpress_client_id }}", + name: '{{ wordpress_client_id }}', + admin_url: '', + root_url: '', + redirect_uris: ' + [ + "https://{{ service_name }}.{{ domain }}/*", + ]', + secret: '{{ cluster_name }}', + web_origins: ' + [ + "https://{{ service_name }}.{{ domain }}/*", + ]', + } +] + +wordpress_oidc_client_id: "{{ wordpress_client_id }}" +wordpress_oidc_client_secret: "{{ cluster_name }}" + +sk_nrw_issuer: "idc" +sk_nrw_provider_url: "idc" +sk_nrw_client_id: "idc" +sk_nrw_client_secret: "idc" +smardigo_auth_token_name: "idc" +smardigo_auth_token_value: "idc" diff --git a/group_vars/maria/plain.yml b/group_vars/maria/plain.yml index 0c338b4..7f21636 100644 --- a/group_vars/maria/plain.yml +++ b/group_vars/maria/plain.yml @@ -2,9 +2,7 @@ hetzner_server_type: cpx11 hetzner_server_labels: "stage={{ stage }} service=maria" -mysql_databases: [] -mysql_users: [] - - +mysql_databases: [] +mysql_users: [] diff --git a/group_vars/wordpress/plain.yml b/group_vars/wordpress/plain.yml deleted file mode 100644 index e321734..0000000 --- a/group_vars/wordpress/plain.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- - -wordpress_mysql_root_password: "wordpress-mysql-root-password" -wordpress_mysql_database: "wordpress-mysql" -wordpress_mysql_username: "wordpress-mysql-admin" -wordpress_mysql_password: "wordpress-mysql-admin" - -wordpress_domain_external: "{{ http_s }}://{{ stage_server_url_host }}" - -wordpress_client_id: "{{ cluster_name }}" -wordpress_buergerportal_username: "wordpress-admin" -wordpress_buergerportal_password: "wordpress-admin" - -current_realm_users: [ - { - "username": "{{ wordpress_buergerportal_username }}", - "password": "{{ wordpress_buergerportal_password }}", - } -] - -current_realm_clients: [ - { - clientId: "{{ wordpress_client_id }}", - name: '{{ wordpress_client_id }}', - admin_url: '', - root_url: '', - redirect_uris: ' - [ - "https://{{ service_name }}.{{ domain }}/*", - ]', - secret: '{{ cluster_name }}', - web_origins: ' - [ - "https://{{ service_name }}.{{ domain }}/*", - ]', - } -] - -wordpress_oidc_client_id: "{{ wordpress_client_id }}" -wordpress_oidc_client_secret: "{{ cluster_name }}" diff --git a/roles/connect-wordpress-maria/defaults/main.yml b/roles/connect-wordpress-maria/defaults/main.yml index 3933735..abb2be4 100644 --- a/roles/connect-wordpress-maria/defaults/main.yml +++ b/roles/connect-wordpress-maria/defaults/main.yml @@ -15,4 +15,5 @@ mysql_users: [ password: "{{ connect_wordpress_maria_password }}", priv: "{{ connect_wordpress_maria_database_name }}.*:ALL", } -] +] + \ No newline at end of file diff --git a/roles/connect-wordpress-maria/tasks/main.yml b/roles/connect-wordpress-maria/tasks/main.yml index 32d195e..f0d31bd 100644 --- a/roles/connect-wordpress-maria/tasks/main.yml +++ b/roles/connect-wordpress-maria/tasks/main.yml @@ -29,4 +29,4 @@ delegate_to: 127.0.0.1 become: false when: - - send_status_messages + - send_status_messages diff --git a/roles/connect-wordpress/defaults/main.yml b/roles/connect-wordpress/defaults/main.yml new file mode 100644 index 0000000..fb246fa --- /dev/null +++ b/roles/connect-wordpress/defaults/main.yml @@ -0,0 +1,3 @@ +--- +wordpress_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/wordpress" +wordpress_image_version: '1.3.0' diff --git a/roles/wordpress/handlers/main.yml b/roles/connect-wordpress/handlers/main.yml similarity index 100% rename from roles/wordpress/handlers/main.yml rename to roles/connect-wordpress/handlers/main.yml diff --git a/roles/wordpress/meta/main.yml b/roles/connect-wordpress/meta/main.yml similarity index 100% rename from roles/wordpress/meta/main.yml rename to roles/connect-wordpress/meta/main.yml diff --git a/roles/wordpress/tasks/main.yml b/roles/connect-wordpress/tasks/main.yml similarity index 98% rename from roles/wordpress/tasks/main.yml rename to roles/connect-wordpress/tasks/main.yml index f3f7045..f6b924a 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/connect-wordpress/tasks/main.yml @@ -22,7 +22,7 @@ tasks_from: domain vars: record_data: "{{ stage_server_ip }}" - record_name: "{{ service_name }}" + record_name: "{{ service_name }}-wordpress" - name: "Check if {{ wordpress_id }}/docker-compose.yml exists" stat: diff --git a/roles/wordpress/vars/main.yml b/roles/connect-wordpress/vars/main.yml similarity index 55% rename from roles/wordpress/vars/main.yml rename to roles/connect-wordpress/vars/main.yml index e1b0fec..3e8cb8e 100644 --- a/roles/wordpress/vars/main.yml +++ b/roles/connect-wordpress/vars/main.yml @@ -1,12 +1,12 @@ --- wordpress_id: "{{ service_name }}-wordpress" -wordpress_mysql_id: "{{ service_name }}-mysql_wordpress" +wordpress_base_url: "{{ stage_server_hostname }}-wordpress.{{ domain }}" wordpress_labels: [ '"traefik.enable=true"', '"traefik.http.routers.{{ wordpress_id }}.service={{ wordpress_id }}"', - '"traefik.http.routers.{{ wordpress_id }}.rule=Host(`{{ stage_server_url_host }}`)"', + '"traefik.http.routers.{{ wordpress_id }}.rule=Host(`{{ wordpress_base_url }}`)"', '"traefik.http.routers.{{ wordpress_id }}.entrypoints=websecure"', '"traefik.http.routers.{{ wordpress_id }}.tls=true"', '"traefik.http.routers.{{ wordpress_id }}.tls.certresolver=letsencrypt"', @@ -28,9 +28,6 @@ wordpress_docker: { { name: "{{ wordpress_id }}-content" }, - { - name: "{{ wordpress_mysql_id }}-data" - } ], services: [ { @@ -39,23 +36,29 @@ wordpress_docker: { image_version: "{{ wordpress_image_version }}", labels: "{{ wordpress_labels + ( wordpress_labels_additional | default([])) }}", environment: [ - "WORDPRESS_DB_HOST: \"{{ wordpress_mysql_id }}:{{ service_port_mysql }}\"", - "WORDPRESS_DB_USER: \"{{ wordpress_mysql_username }}\"", - "WORDPRESS_DB_PASSWORD: \"{{ wordpress_mysql_password }}\"", - "WORDPRESS_DB_NAME: \"{{ wordpress_mysql_database }}\"", + "WORDPRESS_DB_HOST: \"{{ connect_wordpress_maria_host }}:{{ wordpress_mysql_port | default('3306') }}\"", + "WORDPRESS_DB_USER: \"{{ connect_wordpress_maria_username }}\"", + "WORDPRESS_DB_PASSWORD: \"{{ connect_wordpress_maria_password }}\"", + "WORDPRESS_DB_NAME: \"{{ connect_wordpress_maria_database_name }}\"", "WORDPRESS_DEBUG: \"{{ wordpress_debug | default(1) }}\"", "WORDPRESS_DOMAIN: \"{{ wordpress_domain_external }}\"", "WORDPRESS_CONFIG_EXTRA: |", - " define( 'WP_HOME', 'https://dev-sken-test04-01.smardigo.digital' );", - " define( 'WP_SITEURL', 'https://dev-sken-test04-01.smardigo.digital' );", - "AUTH_API: \"{{ http_s }}://{{ shared_service_keycloak_hostname }}\"", - "RESOURCE_API: \"{{ http_s }}://{{ stage_server_url_host }}\"", + " define( 'WP_HOME', 'https://{{ wordpress_base_url }}' );", + " define( 'WP_SITEURL', 'https://{{ wordpress_base_url }}' );", + "AUTH_API: \"https://{{ shared_service_keycloak_hostname }}\"", + "RESOURCE_API: \"https://{{ stage_server_url_host }}\"", "REALM_ID: \"{{ current_realm_name }}\"", "REGISTRATION_ID: \"{{ wordpress_oidc_client_id }}\"", "CLIENT_ID: \"{{ wordpress_oidc_client_id }}\"", "CLIENT_SECRET: \"{{ wordpress_oidc_client_secret }}\"", "CLIENT_USERNAME: \"{{ wordpress_buergerportal_username }}\"", "CLIENT_PASSWORD: \"{{ wordpress_buergerportal_password }}\"", + "SK_NRW_ISSUER: \"{{ sk_nrw_issuer }}\"", + "SK_NRW_PROVIDER_URL: \"{{ sk_nrw_provider_url }}\"", + "SK_NRW_CLIENT_ID: \"{{ sk_nrw_client_id }}\"", + "SK_NRW_CLIENT_SECRET: \"{{ sk_nrw_client_secret }}\"", + "SMARDIGO_AUTH_TOKEN_NAME: \"{{ smardigo_auth_token_name }}\"", + "SMARDIGO_AUTH_TOKEN_VALUE: \"{{ smardigo_auth_token_value }}\"", ], volumes: [ '"{{ wordpress_id }}-content:/var/www/html/wp-content"', @@ -66,23 +69,5 @@ wordpress_docker: { ], extra_hosts: "{{ wordpress_extra_hosts | default([]) }}", }, - { - name: "{{ wordpress_mysql_id }}", - image_name: "{{ wordpress_mysql_image_name }}", - image_version: "{{ wordpress_mysql_image_version }}", - environment: [ - "MYSQL_ROOT_PASSWORD: \"{{ wordpress_mysql_root_password }}\"", - "MYSQL_DATABASE: \"{{ wordpress_mysql_database }}\"", - "MYSQL_USER: \"{{ wordpress_mysql_username }}\"", - "MYSQL_PASSWORD: \"{{ wordpress_mysql_password }}\"", - ], - volumes: [ - '"{{ wordpress_mysql_id }}-data:/var/lib/mysql"', - ], - networks: [ - '"back-tier"', - ], - ports: "{{ wordpress_mysql_ports | default([]) }}", - }, ], -} \ No newline at end of file +} diff --git a/roles/import-maria-database/defaults/main.yml b/roles/import-maria-database/defaults/main.yml new file mode 100644 index 0000000..de54568 --- /dev/null +++ b/roles/import-maria-database/defaults/main.yml @@ -0,0 +1,3 @@ +--- +upload_directory: /tmp + diff --git a/roles/import-maria-database/handlers/main.yml b/roles/import-maria-database/handlers/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/import-maria-database/handlers/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/import-maria-database/meta/main.yml b/roles/import-maria-database/meta/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/import-maria-database/meta/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/import-maria-database/tasks/main.yml b/roles/import-maria-database/tasks/main.yml new file mode 100644 index 0000000..afcd4f7 --- /dev/null +++ b/roles/import-maria-database/tasks/main.yml @@ -0,0 +1,42 @@ +--- + +- name: "Send mattermost message" + uri: + url: "{{ mattermost_hook_smardigo }}" + method: POST + body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}" + body_format: json + headers: + Content-Type: "application/json" + delegate_to: 127.0.0.1 + become: false + when: + - send_status_messages # TODO: Message Refactor :') + +- name: "Destroy {{ target_database }}" + community.mysql.mysql_db: + name: "{{ target_database }}" + state: absent + config_file: "/etc/mysql/mariadb.conf.d/50-client.cnf" + login_password: "{{ mysql_root_password }}" + +- name: "Import database from {{ upload_directory }}/{{ uploaded_file }} to {{ target_database }}" + community.mysql.mysql_db: + name: "{{ target_database }}" + state: import + target: "/tmp/{{ uploaded_file }}" + config_file: "/etc/mysql/mariadb.conf.d/50-client.cnf" + login_password: "{{ mysql_root_password }}" + +- name: "Send mattermost message" + uri: + url: "{{ mattermost_hook_smardigo }}" + method: POST + body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}" + body_format: json + headers: + Content-Type: "application/json" + delegate_to: 127.0.0.1 + become: false + when: + - send_status_messages # TODO: Message Refactor :') diff --git a/roles/import-maria-database/vars/main.yml b/roles/import-maria-database/vars/main.yml new file mode 100644 index 0000000..cd21505 --- /dev/null +++ b/roles/import-maria-database/vars/main.yml @@ -0,0 +1,2 @@ +--- + diff --git a/roles/upload-local-file/defaults/main.yml b/roles/upload-local-file/defaults/main.yml new file mode 100644 index 0000000..de54568 --- /dev/null +++ b/roles/upload-local-file/defaults/main.yml @@ -0,0 +1,3 @@ +--- +upload_directory: /tmp + diff --git a/roles/upload-local-file/handlers/main.yml b/roles/upload-local-file/handlers/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/upload-local-file/handlers/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/upload-local-file/meta/main.yml b/roles/upload-local-file/meta/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/upload-local-file/meta/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/upload-local-file/tasks/main.yml b/roles/upload-local-file/tasks/main.yml new file mode 100644 index 0000000..301b885 --- /dev/null +++ b/roles/upload-local-file/tasks/main.yml @@ -0,0 +1,33 @@ +--- + +- name: "Send mattermost message" + uri: + url: "{{ mattermost_hook_smardigo }}" + method: POST + body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}" + body_format: json + headers: + Content-Type: "application/json" + delegate_to: 127.0.0.1 + become: false + when: + - send_status_messages # TODO: Message Refactor :') + +- name: "Copy file to remote locations {{ upload_directory }}/{{ upload_file | basename }}" + copy: + src: "{{ upload_file }}" + dest: "{{ upload_directory }}/{{ upload_file | basename }}" + mode: 0644 + +- name: "Send mattermost message" + uri: + url: "{{ mattermost_hook_smardigo }}" + method: POST + body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}" + body_format: json + headers: + Content-Type: "application/json" + delegate_to: 127.0.0.1 + become: false + when: + - send_status_messages # TODO: Message Refactor :') diff --git a/roles/upload-local-file/vars/main.yml b/roles/upload-local-file/vars/main.yml new file mode 100644 index 0000000..cd21505 --- /dev/null +++ b/roles/upload-local-file/vars/main.yml @@ -0,0 +1,2 @@ +--- + diff --git a/roles/wordpress/defaults/main.yml b/roles/wordpress/defaults/main.yml deleted file mode 100644 index 823281b..0000000 --- a/roles/wordpress/defaults/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -wordpress_image_name: "wordpress" -wordpress_image_version: '5.7.2' - -wordpress_mysql_image_name: "mysql" -wordpress_mysql_image_version: "8.0.22" - -wordpress_admin_username: "wordpress-admin" -wordpress_admin_password: "wordpress-admin"