SMARCH-46: smardigo self service portal (wip)

5 years ago · 7f7054244b
parent 2c9a9029ad
commit 7f7054244b
41 changed files with 560 additions and 368 deletions
--- a/create-database.yml
+++ b/create-database.yml
@ -30,35 +30,38 @@
 #############################################################
 - hosts: "stage_{{ stage }}"
-  serial: "{{ serial_number | default(5) }}"
+  serial: "{{ serial_number | default(1) }}"
  remote_user: root
  pre_tasks:
-    - name: "Gather current server infos"
+    - name: "Gathering current server infos from hetzner"
      hcloud_server_info:
        api_token: "{{ hetzner_authentication_token }}"
      register: hetzner_server_infos
      delegate_to: 127.0.0.1
      become: false
-    - name: "Set current server infos as fact: hetzner_server_infos_json"
+    - name: "Setting current server infos as fact: hetzner_server_infos_json"
      set_fact: 
        hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}"
      delegate_to: 127.0.0.1
      become: false
-    - name: "Read ip address for {{ inventory_hostname }}"
+    - name: "Reading ip address for {{ inventory_hostname }}"
      set_fact:
-        stage_server_ip: "{{ item.ipv4_address }}"
+        stage_server_ip: "{{ hetzner_server_infos_json | json_query(querystr) | first }}"
-      when: item.name == inventory_hostname
+      vars:
-      with_items: "{{ hetzner_server_infos_json }}"
+        querystr: "[?name=='{{ inventory_hostname }}'].ipv4_address"
      delegate_to: 127.0.0.1
      become: false
-#    - name: Print the gathered infos
+    - name: "Printing ip address for {{ inventory_hostname }}"
-#      debug:
+      debug:
-#        var: stage_server_ip
+        msg: "{{ stage_server_ip }}"
-#      delegate_to: 127.0.0.1
+      delegate_to: 127.0.0.1
      become: false
      when:
       - debug
  roles:
    - role: connect-postgres
--- a/create-realm.yml
+++ b/create-realm.yml
@ -30,33 +30,35 @@
 #############################################################
 - hosts: "stage_{{ stage }}"
-  serial: "{{ serial_number | default(5) }}"
+  serial: "{{ serial_number | default(1) }}"
  become: false
  gather_facts: false
  become: false
  pre_tasks:
-    - name: "Gather current server infos"
+    - name: "Gathering current server infos from hetzner"
      hcloud_server_info:
        api_token: "{{ hetzner_authentication_token }}"
      register: hetzner_server_infos
      delegate_to: 127.0.0.1
-    - name: "Set current server infos as fact: hetzner_server_infos_json"
+    - name: "Setting current server infos as fact: hetzner_server_infos_json"
      set_fact: 
        hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}"
      delegate_to: 127.0.0.1
-    - name: "Read ip address for {{ inventory_hostname }}"
+    - name: "Reading ip address for {{ inventory_hostname }}"
      set_fact:
-        stage_server_ip: "{{ item.ipv4_address }}"
+        stage_server_ip: "{{ hetzner_server_infos_json | json_query(querystr)| first }}"
-      when: item.name == inventory_hostname
+      vars:
-      with_items: "{{ hetzner_server_infos_json }}"
+        querystr: "[?name=='{{ inventory_hostname }}'].ipv4_address"
      delegate_to: 127.0.0.1
-    - name: Print the gathered infos
+    - name: "Printing ip address for {{ inventory_hostname }}"
      debug:
-        var: stage_server_ip
+        msg: "{{ stage_server_ip }}"
      delegate_to: 127.0.0.1
      when:
       - debug
  roles:
    - role: connect-realm
--- a/create-server.yml
+++ b/create-server.yml
@ -74,7 +74,7 @@
 #############################################################
 - hosts: "stage_{{ stage }}"
-  serial: "{{ serial_number | default(5) }}"
+  serial: "{{ serial_number | default(1) }}"
  remote_user: root
  pre_tasks:
@ -94,31 +94,30 @@
        state: 'absent'
      when: ansible_distribution == "Ubuntu"
-    - name: "Gather current server infos"
+    - name: "Gathering current server infos from hetzner"
      hcloud_server_info:
        api_token: "{{ hetzner_authentication_token }}"
      register: hetzner_server_infos
      delegate_to: 127.0.0.1
      become: false
-    - name: "Set current server infos as fact: hetzner_server_infos_json"
+    - name: "Setting current server infos as fact: hetzner_server_infos_json"
      set_fact: 
        hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}"
      delegate_to: 127.0.0.1
      become: false
-    - name: "Read ip address for {{ inventory_hostname }}"
+    - name: "Reading ip address for {{ inventory_hostname }}"
      set_fact:
-        stage_server_ip: "{{ item.ipv4_address }}"
+        stage_server_ip: "{{ hetzner_server_infos_json | json_query(querystr) | first }}"
-      when: item.name == inventory_hostname
+      vars:
-      with_items: "{{ hetzner_server_infos_json }}"
+        querystr: "[?name=='{{ inventory_hostname }}'].ipv4_address"
      delegate_to: 127.0.0.1
      become: false
-#    - name: Print the gathered infos
+    - name: "Printing ip address for {{ inventory_hostname }}"
-#      debug:
+      debug:
-#        var: stage_server_ip
+        msg: "{{ stage_server_ip }}"
-#      delegate_to: 127.0.0.1
+      delegate_to: 127.0.0.1
      when:
       - debug
  roles:
    - role: ansible-role-docker
--- a/create-service.yml
+++ b/create-service.yml
@ -30,32 +30,34 @@
 #############################################################
 - hosts: "stage_{{ stage }}"
-  serial: "{{ serial_number | default(5) }}"
+  serial: "{{ serial_number | default(1) }}"
  remote_user: root
  pre_tasks:
-    - name: "Gather current server infos"
+    - name: "Gathering current server infos from hetzner"
      hcloud_server_info:
        api_token: "{{ hetzner_authentication_token }}"
      register: hetzner_server_infos
      delegate_to: 127.0.0.1
-    - name: "Set current server infos as fact: hetzner_server_infos_json"
+    - name: "Setting current server infos as fact: hetzner_server_infos_json"
      set_fact: 
        hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}"
      delegate_to: 127.0.0.1
-    - name: "Read ip address for {{ inventory_hostname }}"
+    - name: "Reading ip address for {{ inventory_hostname }}"
      set_fact:
-        stage_server_ip: "{{ item.ipv4_address }}"
+        stage_server_ip: "{{ hetzner_server_infos_json | json_query(querystr) | first }}"
-      when: item.name == inventory_hostname
+      vars:
-      with_items: "{{ hetzner_server_infos_json }}"
+        querystr: "[?name=='{{ inventory_hostname }}'].ipv4_address"
      delegate_to: 127.0.0.1
-    - name: Print the gathered infos
+    - name: "Printing ip address for {{ inventory_hostname }}"
      debug:
-        var: stage_server_ip
+        msg: "{{ stage_server_ip }}"
      delegate_to: 127.0.0.1
      when:
       - debug
  roles:
    - role: connect
--- a/group_vars/all/plain.yml
+++ b/group_vars/all/plain.yml
@ -1,5 +1,7 @@
 ---
 debug: false
 send_status_messages: false
 domain: smardigo.digital
--- a/group_vars/connect/plain.yml
+++ b/group_vars/connect/plain.yml
@ -5,17 +5,19 @@ service: "connect"
 hetzner_server_type: cx21
 hetzner_server_labels: "stage={{ stage }} service={{ service }}"
-connect_jwt_enabled: true
+connect_client_id: "{{ cluster_name }}"
 connect_jwt_secret: 908ae14462d049d3be84964ef379c7c6
-connect_postgres_database: "connect-postgres"
+current_realm_users: [
-connect_postgres_admin_username: "connect-postgres-admin"
+  {
-connect_postgres_admin_password: "connect-postgres-admin"
+    "username": "connect-admin",
    "password": "connect-admin",
  }
 ]
 current_realm_clients: [
  {
-    clientId: 'connect',
+    clientId: "{{ connect_client_id }}",
-    name: 'connect',
+    name: '{{ connect_client_id }}',
    admin_url: '',
    root_url: '',
    redirect_uris: '
@ -30,5 +32,25 @@ current_realm_clients: [
  }
 ]
 connect_iam_module: external
 smardigo_iam_client_enabled: 'true'
 smardigo_iam_client_server_url: https://dev-iam-01.smardigo.digital
 connect_auth_module: "oidc"
 connect_oidc_client_id: "{{ connect_client_id }}"
 connect_oidc_client_secret: "{{ cluster_name }}"
 connect_oidc_registration_id: "{{ connect_client_id }}"
 connect_oidc_issuer_uri: "https://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}"
 connect_password_change_url: "https://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}/account/password"
 connect_iam_user_management_url: "https://{{ shared_service_keycloak_hostname }}/auth/admin/{{ current_realm_name }}/console"
 connect_postgres_database: "connect-postgres"
 connect_postgres_admin_username: "connect-postgres-admin"
 connect_postgres_admin_password: "connect-postgres-admin"
 connect_jwt_enabled: true
 connect_jwt_secret: 908ae14462d049d3be84964ef379c7c6
 #connect_csrf_token_name: "< see vault >"
 #connect_csrf_token_value: "< see vault >"
--- a/group_vars/stage_dev/plain.yml
+++ b/group_vars/stage_dev/plain.yml
@ -2,88 +2,120 @@
 stage: "dev"
-keycloak_server_url: "https://dev-keycloak-01.smardigo.digital"
+alertmanager_channel_smardigo: "#monitoring-qa"
 # TODO read configuration with hetzner rest api
 shared_service_elastic_01: "10.0.0.2"
 shared_service_elastic_02: "10.0.0.3"
 shared_service_elastic_03: "10.0.0.4"
 shared_service_prometheus_ip: "10.0.0.5"
 shared_service_keycloak_ip: "10.0.0.6"
 shared_service_mail_ip: "10.0.0.8"
 shared_service_iam_ip: "10.0.0.13"
 shared_service_iam_hostname: "dev-iam-01.smardigo.digital"
 shared_service_keycloak_hostname: "dev-keycloak-01.smardigo.digital"
 shared_service_mail_hostname: "dev-mail-01.smardigo.digital"
 keycloak_server_url: "https://{{ shared_service_keycloak_hostname }}"
 docker_registry: dev-docker-registry-01.smardigo.digital
 docker_registry_username: "< see vault >"
 docker_registry_token: "< see vault >"
 alertmanager_channel_smardigo: "#monitoring-qa"
 filebeat_certificate: "dev-elastic-stack-filebeat"
 logstash_certificate: "dev-elastic-stack-logstash"
 # TODO read configuration with hetzner rest api
 elastic_stack_network: {
-  dev-elastic-stack-01: 10.0.0.2,
+  dev-elastic-stack-01: "{{ shared_service_elastic_01 }}",
-  dev-elastic-stack-02: 10.0.0.3,
+  dev-elastic-stack-02: "{{ shared_service_elastic_02 }}",
-  dev-elastic-stack-03: 10.0.0.4,
+  dev-elastic-stack-03: "{{ shared_service_elastic_03 }}",
 }
 # TODO read configuration with hetzner rest api
 logstash_hostname: "dev-elastic-stack-01-logstash"
 elastic_extra_hosts: [
  {
    hostname: dev-elastic-stack-01-elastic,
-    ip: "{{ elastic_stack_network['dev-elastic-stack-01'] }}",
+    ip: "{{ shared_service_elastic_01 }}",
  },
  {
    hostname: dev-elastic-stack-02-elastic,
-    ip: "{{ elastic_stack_network['dev-elastic-stack-02'] }}",
+    ip: "{{ shared_service_elastic_02 }}",
  },
  {
    hostname: dev-elastic-stack-03-elastic,
-    ip: "{{ elastic_stack_network['dev-elastic-stack-03'] }}",
+    ip: "{{ shared_service_elastic_03 }}",
  },
 ]
 filebeat_extra_hosts: [
  {
    hostname: dev-elastic-stack-01-logstash,
-    ip: "{{ elastic_stack_network['dev-elastic-stack-01'] }}",
+    ip: "{{ shared_service_elastic_01 }}",
  },
  {
    hostname: dev-elastic-stack-02-logstash,
-    ip: "{{ elastic_stack_network['dev-elastic-stack-02'] }}",
+    ip: "{{ shared_service_elastic_02 }}",
  },
  {
    hostname: dev-elastic-stack-03-logstash,
-    ip: "{{ elastic_stack_network['dev-elastic-stack-03'] }}",
+    ip: "{{ shared_service_elastic_03 }}",
  },
 ]
 kibana_extra_hosts: [
  {
    hostname: dev-elastic-stack-01-kibana,
-    ip: "{{ elastic_stack_network['dev-elastic-stack-01'] }}",
+    ip: "{{ shared_service_elastic_01 }}",
  },
  {
    hostname: dev-elastic-stack-02-kibana,
-    ip: "{{ elastic_stack_network['dev-elastic-stack-02'] }}",
+    ip: "{{ shared_service_elastic_02 }}",
  },
  {
    hostname: dev-elastic-stack-03-kibana,
-    ip: "{{ elastic_stack_network['dev-elastic-stack-03'] }}",
+    ip: "{{ shared_service_elastic_03 }}",
  },
 ]
-
+prometheus_extra_hosts: [
-# TODO read configuration with hetzner rest api
+  {
-keycloak_hostname: "dev-keycloak-01.smardigo.digital"
+    hostname: "{{ shared_service_mail_hostname }}",
-mail_hostname: "dev-mail-01.smardigo.digital"
+    ip: "{{ shared_service_mail_ip }}",
  }
 ]
 connect_extra_hosts: [
  {
-    hostname: "{{ keycloak_hostname }}",
+    hostname: "{{ shared_service_iam_hostname }}",
-    ip: 10.1.0.2,
+    ip: "{{ shared_service_iam_ip }}",
  },
  {
    hostname: "{{ shared_service_keycloak_hostname }}",
    ip: "{{ shared_service_keycloak_ip }}",
  },
  {
-    hostname: "{{ mail_hostname }}",
+    hostname: "{{ shared_service_mail_hostname }}",
-    ip: 10.2.0.2,
+    ip: "{{ shared_service_mail_ip }}",
  }
 ]
 keycloak_extra_hosts: [
  {
-    hostname: "{{ mail_hostname }}",
+    hostname: "{{ shared_service_iam_hostname }}",
-    ip: 10.2.0.2,
+    ip: "{{ shared_service_iam_ip }}",
  },
  {
    hostname: "{{ shared_service_mail_hostname }}",
    ip: "{{ shared_service_mail_ip }}",
  }
 ]
 iam_extra_hosts: [
  {
    hostname: "{{ shared_service_keycloak_hostname }}",
    ip: "{{ shared_service_keycloak_ip }}",
  },
  {
    hostname: "{{ shared_service_mail_hostname }}",
    ip: "{{ shared_service_mail_ip }}",
  }
 ]
-smardigo_management_url: "http://localhost:8080/api/v1/scopes/{{ scope_id }}/processes/{{ process_instance_id }}/messages"
+smardigo_management_url: "https://dev-management-smardigo-01.smardigo.digital/api/v1/scopes/{{ scope_id }}/processes/{{ process_instance_id }}/messages"
-smardigo_management_token: "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..xiS4DrBqSprqYdR94ACbUw.OHRxU9nmP25JiGlJMyw9XaSB2Q3GZ4yiG7I7UZlbv9k.q5I2KulPbvhN5yO08bGqfw"
+smardigo_management_token: "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..JgixZcmsSyvovabQvREAjw.Fk7aNYwOjzMhLCqF_9unl5yrWTey26z4scZBeVZjhpE.fnovrqn0MUjM_TA8zVhXdQ"
--- a/host_vars/dev-ansible-01.yml
+++ b/host_vars/dev-ansible-01.yml
@ -1,5 +0,0 @@
 ---
 hetzner_server_labels: "stage={{ stage }} service=ansible"
 hetzner_server_type: cx31
--- a/host_vars/dev-connect-01.yml
+++ b/host_vars/dev-connect-01.yml
@ -1,15 +0,0 @@
 ---
 hetzner_server_labels: "stage={{ stage }} service=connect"
 connect_auth_module: oidc
 connect_oidc_client_id: connect-01
 connect_oidc_client_secret: 9e234965-1041-4653-8a0e-db964c04bc26
 connect_oidc_registration_id: connect-01
 connect_oidc_issuer_uri: https://{{ keycloak_hostname }}/auth/realms/smardigo-01
 connect_password_change_url: https://{{ keycloak_hostname }}/auth/realms/smardigo-01/account/password
 connect_iam_user_management_url: https://{{ keycloak_hostname }}/auth/admin/smardigo-01/console
 spring_profiles_include_suffix: ",hetzner"
 ribbon_display_on_active_profiles: "hetzner"
--- a/host_vars/dev-connect-02.yml
+++ b/host_vars/dev-connect-02.yml
@ -1,15 +0,0 @@
 ---
 hetzner_server_labels: "stage={{ stage }} service=connect"
 connect_auth_module: oidc
 connect_oidc_client_id: connect-02
 connect_oidc_client_secret: 9e234965-1041-4653-8a0e-db964c04bc26
 connect_oidc_registration_id: connect-02
 connect_oidc_issuer_uri: https://{{ keycloak_hostname }}/auth/realms/smardigo-01
 connect_password_change_url: https://{{ keycloak_hostname }}/auth/realms/smardigo-01/account/password
 connect_iam_user_management_url: https://{{ keycloak_hostname }}/auth/admin/smardigo-01/console
 spring_profiles_include_suffix: ",hetzner"
 ribbon_display_on_active_profiles: "hetzner"
--- a/host_vars/dev-iam-01.yml
+++ b/host_vars/dev-iam-01.yml
@ -0,0 +1,4 @@
 ---
 hetzner_server_type: cx21
 hetzner_server_labels: "stage={{ stage }} service=iam"
--- a/host_vars/dev-management-smardigo-01.yml
+++ b/host_vars/dev-management-smardigo-01.yml
@ -1,17 +1,10 @@
 ---
 hetzner_server_labels: "stage={{ stage }} service=connect"
 hetzner_server_type: cpx21
 connect_auth_module: oidc
 connect_oidc_client_id: management-smardigo
 connect_oidc_client_secret: f1f852b4-2e75-889a-2453-3c55d53ce405
 connect_oidc_registration_id: management-smardigo
-connect_oidc_issuer_uri: https://{{ keycloak_hostname }}/auth/realms/smardigo
+connect_oidc_issuer_uri: https://{{ shared_service_keycloak_hostname }}/auth/realms/smardigo
 connect_password_change_url: https://{{ keycloak_hostname }}/auth/realms/smardigo/account/password
 connect_iam_user_management_url: https://{{ keycloak_hostname }}/auth/admin/smardigo/console
-spring_profiles_include_suffix: ",hetzner"
+connect_password_change_url: https://{{ shared_service_keycloak_hostname }}/auth/realms/smardigo/account/password
-ribbon_display_on_active_profiles: "hetzner"
+connect_iam_user_management_url: https://{{ shared_service_keycloak_hostname }}/auth/admin/smardigo/console
--- a/host_vars/dev-sken-01.yml
+++ b/host_vars/dev-sken-01.yml
@ -1,20 +0,0 @@
 ---
 #############################################################################
 ### only for testing purposes -> copy of dynamic_connect
 #############################################################################
 hetzner_server_type: cx21
 hetzner_server_labels: "stage={{ stage }} service={{ service }}"
 # TODO create realm/client for tenant and service
 connect_auth_module: oidc
 connect_oidc_client_id: connect-01
 connect_oidc_client_secret: 9e234965-1041-4653-8a0e-db964c04bc26
 connect_oidc_registration_id: connect-01
 connect_oidc_issuer_uri: https://{{ keycloak_hostname }}/auth/realms/smardigo-01
 connect_password_change_url: https://{{ keycloak_hostname }}/auth/realms/smardigo-01/account/password
 connect_iam_user_management_url: https://{{ keycloak_hostname }}/auth/admin/smardigo-01/console
 spring_profiles_include_suffix: ",{{ inventory_hostname }}"
 ribbon_display_on_active_profiles: "{{ inventory_hostname }}"
--- a/host_vars/dev-sken-02.yml
+++ b/host_vars/dev-sken-02.yml
@ -1,20 +0,0 @@
 ---
 #############################################################################
 ### only for testing purposes -> copy of dynamic_connect
 #############################################################################
 hetzner_server_type: cx21
 hetzner_server_labels: "stage={{ stage }} service={{ service }}"
 # TODO create realm/client for tenant and service
 connect_auth_module: oidc
 connect_oidc_client_id: connect-01
 connect_oidc_client_secret: 9e234965-1041-4653-8a0e-db964c04bc26
 connect_oidc_registration_id: connect-01
 connect_oidc_issuer_uri: https://{{ keycloak_hostname }}/auth/realms/smardigo-01
 connect_password_change_url: https://{{ keycloak_hostname }}/auth/realms/smardigo-01/account/password
 connect_iam_user_management_url: https://{{ keycloak_hostname }}/auth/admin/smardigo-01/console
 spring_profiles_include_suffix: ",{{ inventory_hostname }}"
 ribbon_display_on_active_profiles: "{{ inventory_hostname }}"
--- a/networks.yml
+++ b/networks.yml
@ -1,21 +0,0 @@
 ---
 - name: 'apply setup to {{ host | default("all") }}'
  hosts: '{{ host | default("all") }}'
  serial: "{{ serial_number | default(1) }}"
  gather_facts: no
  become: no
  pre_tasks:
    - name: "Check if ansible version is at least 2.10.x"
      assert:
        that:
          - ansible_version.major >= 2
          - ansible_version.minor >= 10
        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
  roles:
    - role: hetzner-network
      vars:
        hetzner_state: 'started'
      when: "'hcloud' in group_names"
--- a/provisioning.yml
+++ b/provisioning.yml
@ -7,14 +7,14 @@
  become: no
  pre_tasks:
-    - name: "Check if ansible version is at least 2.10.x"
+    - name: "Checking ansible version is at least 2.10.x"
      assert:
        that:
          - ansible_version.major >= 2
          - ansible_version.minor >= 10
        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
-    - name: Get all Firewalls from Hetzner
+    - name: "Getting all firewalls from hetzner"
      uri:
        url: "https://api.hetzner.cloud/v1/firewalls"
        headers:
@ -23,14 +23,12 @@
        return_content: yes
      register: hetzner_firewalls_response
      delegate_to: 127.0.0.1
      run_once: true
      tags:
        - update_networks
-    - name: Save firewall entries as variable (fact)
+    - name: "Saving firewall entries as fact: hetzner_firewalls_response_json"
      set_fact: 
        hetzner_firewalls_response_json: "{{ hetzner_firewalls_response.json }}"
      run_once: true
      tags:
        - update_networks
@ -39,17 +37,24 @@
        firewall_records: "{{ hetzner_firewalls_response_json.firewalls | json_query(jmesquery) }}"
      vars:
        jmesquery: '[*].{id: id, name: name}'
      run_once: true
      tags:
        - update_networks
-    - name: Print firewall entries
+    - name: "Printing firewall entries"
      debug:
        msg: "{{ firewall_records }}"
-      run_once: true
+      delegate_to: 127.0.0.1
      when:
       - debug
      tags:
        - update_networks
  roles:
    - role: hcloud
      when: "'hcloud' in group_names"
 - name: 'Apply setup to {{ host | default("all") }}'
  hosts: '{{ host | default("all") }}'
  serial: "{{ serial_number | default(1) }}"
  gather_facts: no
  become: no
--- a/roles/_digitalocean/tasks/domain.yml
+++ b/roles/_digitalocean/tasks/domain.yml
@ -39,7 +39,7 @@
  tags:
    - update_dns
- name: Delete DNS entry for <{{ record_name }}> if necessary
+- name: Delete DNS entry for <{{ record_data }}:{{ record_name }}> if necessary
  uri:
    method: DELETE
    url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records/{{ domain_record.id }}"
--- a/roles/connect-realm/tasks/main.yml
+++ b/roles/connect-realm/tasks/main.yml
@ -26,6 +26,11 @@
    name: keycloak
    tasks_from: _configure_realm
 - name: "Create realm users"
  include_role:
    name: keycloak
    tasks_from: _create_realm_users
 - name: "Send mattermost messsge"
  uri:
    url: "{{ mattermost_hook_smardigo }}"
--- a/roles/connect/defaults/main.yml
+++ b/roles/connect/defaults/main.yml
@ -10,4 +10,3 @@ connect_admin_password: "connect-admin"
 connect_mail_properties_base_url: "{{ http_s }}://{{ connect_id }}.{{ domain }}"
 connect_mail_properties_base_url_extern: "{{ http_s }}://{{ connect_id }}.{{ domain }}"
--- a/roles/connect/tasks/main.yml
+++ b/roles/connect/tasks/main.yml
@ -22,7 +22,7 @@
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
-    record_name: "{{ connect_service_name }}"
+    record_name: "{{ service_name }}"
 - name: "Check if {{ connect_service_name }}/docker-compose.yml exists"
  stat:
--- a/roles/connect/templates/create-new-user.json.j2
+++ b/roles/connect/templates/create-new-user.json.j2
@ -1,5 +0,0 @@
 {
  "id": "{{ current_user.userId }}",
  "firstName": "{{ current_user.firstName | default('null') }}",
  "lastName": "{{ current_user.lastName | default('null') }}"
 }
--- a/roles/hcloud/tasks/configure-firewall.yml
+++ b/roles/hcloud/tasks/configure-firewall.yml
@ -2,19 +2,21 @@
 ### tags:
- name: Read firewall entry for <{{ current_firewall_name }}>
+- name: "Reading firewall entry for <{{ current_firewall_name }}>"
  set_fact:  
    firewall_record: "{{ firewall_records | selectattr('name', 'equalto', current_firewall_name) | list | first | default({'name': '-', 'id': '-'}) }}"
  tags:
    - update_networks
- name: Print firewall entry for <{{ current_firewall_name }}>
+- name: "Printing firewall entry for <{{ current_firewall_name }}>"
  debug:
    msg: "{{ firewall_record }}"
  when:
   - debug
  tags:
    - update_networks
- name: Save firewall entry <{{ current_firewall_name }}>
+- name: "Creating new firewall entry <{{ current_firewall_name }}>"
  uri:
    method: POST
    url: "https://api.hetzner.cloud/v1/firewalls"
@ -31,7 +33,7 @@
    - update_networks
 # TODO port changes are not written corectly
- name: Update firewall entry <{{ current_firewall_name }}>
+- name: "Updating firewall entry <{{ current_firewall_name }}>"
  uri:
    method: PUT
    url: "https://api.hetzner.cloud/v1/firewalls/{{ firewall_record.id }}"
--- a/roles/hcloud/tasks/configure-network.yml
+++ b/roles/hcloud/tasks/configure-network.yml
@ -1,45 +1,91 @@
 ---
- name: "Gather current server infos for network <{{ current_network_name }}>"
+#- name: "Gathering current server infos for network <{{ current_network_name }}>"
-  hcloud_server_info:
+#  hcloud_server_info:
 #    api_token: "{{ hetzner_authentication_token }}"
 #    label_selector: "{{ current_server_label_selector }}"
 #  register: network_hetzner_server_infos
 #  delegate_to: 127.0.0.1
 #  become: false
 #  tags:
 #    - update_networks
 #- name: "Setting current server infos for network <{{ current_network_name }}> as fact: network_hetzner_server_infos_json"
 #  set_fact: 
 #    network_hetzner_server_infos_json: "{{ network_hetzner_server_infos.hcloud_server_info }}"
 #  delegate_to: 127.0.0.1
 #  become: false
 #  tags:
 #    - update_networks
 #- name: "Printing current server infos for network <{{ current_network_name }}>"
 #  debug:
 #    var: network_hetzner_server_infos_json
 #  delegate_to: 127.0.0.1
 #  become: false
 #  when:
 #   - debug
 #  tags:
 #    - update_networks
 #- name: "Setting nerwork server names as fact: network_server_names"
 #  set_fact:  
 #    network_server_names: "{{ network_hetzner_server_infos_json | json_query(jmesquery) }}"
 #  vars:
 #    jmesquery: '[*].{name: name}'
 #  tags:
 #    - update_networks
 #- name: "Printing nerwork server names"
 #  debug:
 #    var: network_server_names
 #  delegate_to: 127.0.0.1
 #  become: false
 #  when:
 #   - debug
 #  tags:
 #    - update_networks
 - name: "Checking present state for network <{{ current_network_name }}>"
  hcloud_network:
    api_token: "{{ hetzner_authentication_token }}"
-    label_selector: "{{ current_server_label_selector }}"
+    name: "{{ current_network_name }}"
-  register: network_hetzner_server_infos
+    labels: "{{ current_network_labels }}"
    ip_range: 10.0.0.0/16
    state: present
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_networks
- name: "Set current server infos for network <{{ current_network_name }}> as fact: network_hetzner_server_infos_json"
+- name: "Checking present state for subnetwork for <{{ current_network_name }}>"
-  set_fact: 
+  hcloud_subnetwork:
-    network_hetzner_server_infos_json: "{{ network_hetzner_server_infos.hcloud_server_info }}"
+    api_token: "{{ hetzner_authentication_token }}"
    network: "{{ current_network_name }}"
    ip_range: 10.0.0.0/16
    network_zone: eu-central
    type: cloud
    state: present
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_networks
-#- name: "Print the gathered infos for network <{{ current_network_name }}>"
+#- name: "Checking present state for network servers"
-#  debug:
+#  hcloud_server_network:
-#    var: network_hetzner_server_infos_json
+#    api_token: "{{ hetzner_authentication_token }}"
 #    network: "{{ current_network_name }}"
 #    server: "{{ item.name }}"
 #    state: present
 #  with_items: "{{ network_server_names }}"
 #  delegate_to: 127.0.0.1
 #  become: false
 #  tags:
 #    - update_networks
- name: "Set nerwork server names as fact: network_server_names"
+- name: "Checking present state for network servers"
  set_fact:  
    network_server_names: "{{ network_hetzner_server_infos_json | json_query(jmesquery) }}"
  vars:
    jmesquery: '[*].{name: name}'
  tags:
    - update_networks
 - name: "Create network <{{ current_network_name }}>"
  hcloud_server_network:
    api_token: "{{ hetzner_authentication_token }}"
    network: "{{ current_network_name }}"
-    server: "{{ item.name }}"
+    server: "{{ inventory_hostname }}"
    state: present
  with_items: "{{ network_server_names }}"
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_networks
--- a/roles/hcloud/tasks/main.yml
+++ b/roles/hcloud/tasks/main.yml
@ -4,7 +4,7 @@
 ###   update_dns
 ###   update_networks
- name: Create new server {{ inventory_hostname }}
+- name: "Checking present state for server {{ inventory_hostname }}"
  hetzner.hcloud.hcloud_server:
    api_token: "{{ hetzner_authentication_token }}"
    name: "{{ inventory_hostname }}"
@ -15,8 +15,9 @@
    location: nbg1
    state: present
  delegate_to: 127.0.0.1
  become: false
- name: "Gather current server infos"
+- name: "Gathering current server infos from hetzner"
  hcloud_server_info:
    api_token: "{{ hetzner_authentication_token }}"
  register: hetzner_server_infos
@ -26,7 +27,7 @@
    - update_dns
    - update_networks
- name: "Set current server infos as fact: hetzner_server_infos_json"
+- name: "Setting current server infos as fact: hetzner_server_infos_json"
  set_fact: 
    hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}"
  delegate_to: 127.0.0.1
@ -35,40 +36,29 @@
    - update_dns
    - update_networks
-#- name: Print the gathered infos
+- name: "Reading ip address for {{ inventory_hostname }}"
-#  debug:
+  set_fact:
-#    var: hetzner_server_infos_json
+    stage_server_ip: "{{ hetzner_server_infos_json | json_query(querystr) | first }}"
 #  delegate_to: 127.0.0.1
 #  tags:
 #    - update_dns
 #    - update_networks
 - name: "Set current server ips as fact: stage_server_ips"
  set_fact:  
    stage_server_ips: "{{ hetzner_server_infos_json | json_query(jmesquery) }}"
  vars:
-    jmesquery: '[*].{name: name, ipv4: ipv4_address}'
+    querystr: "[?name=='{{ inventory_hostname }}'].ipv4_address"
-  tags:
+  delegate_to: 127.0.0.1
-    - update_dns
+  become: false
 - name: Read ip for {{ inventory_hostname }}
  set_fact:  
    stage_server_ip: "{{ stage_server_ips
      | selectattr('name', 'equalto', inventory_hostname)
      | map(attribute='ipv4') 
      | list
      | first }}"
  tags:
    - update_dns
    - update_networks
- name: Print the gathered ip for {{ inventory_hostname }}
+- name: "Printing ip address for {{ inventory_hostname }}"
  debug:
-    var: stage_server_ip
+    msg: "{{ stage_server_ip }}"
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_dns
    - update_networks
  when:
   - debug
- name: "Setup firewalls"
+- name: "Checking present state for firewalls"
  include_tasks: configure-firewall.yml
  vars:
    current_firewall_name: '{{ current_firewall }}'
@ -83,31 +73,24 @@
  tags:
    - update_networks
- name: "Setup networks"
+- name: "Checking present state for networks"
  include_tasks: configure-network.yml
  vars:
    current_network_name: '{{ current_network.name }}'
    current_network_labels: 'stage={{ stage }}'
    current_server_label_selector: '{{ current_network.label_selector }}'
  with_items: [
    {
-      "name": "{{ stage }}-mail",
+      "name": "{{ stage }}",
      "label_selector": "stage={{ stage }}",
    },
    {
      "name": "{{ stage }}-keycloak",
      "label_selector": "stage={{ stage }}",
    },
    {
      "name": "{{ stage }}-elastic-stack",
      "label_selector": "stage={{ stage }}",
-    },
+    }
  ]
  loop_control:
    loop_var: current_network
  tags:
    - update_networks
- name: "Setup DNS configuration for {{ inventory_hostname }}"
+- name: "Checking present state of dns for {{ inventory_hostname }}"
  include_role:
    name: _digitalocean
    tasks_from: domain
--- a/roles/hetzner-network/meta/main.yml
+++ b/roles/hetzner-network/meta/main.yml
@ -1 +0,0 @@
 ---
--- a/roles/hetzner-network/tasks/main.yml
+++ b/roles/hetzner-network/tasks/main.yml
@ -1,61 +0,0 @@
 ---
 ### tags:
 # TODO remove static ip configuration
 - name: Create a server network and specify the ip address
  hcloud_server_network:
    api_token: "{{ hetzner_authentication_token }}"
    network: dev-elastic-stack
    server: dev-elastic-stack-01
    ip: 10.0.0.2
    state: present
  delegate_to: 127.0.0.1
 # TODO remove static ip configuration
 - name: Create a server network and specify the ip address
  hcloud_server_network:
    api_token: "{{ hetzner_authentication_token }}"
    network: dev-elastic-stack
    server: dev-elastic-stack-02
    ip: 10.0.0.3
    state: present
  delegate_to: 127.0.0.1
 # TODO remove static ip configuration
 - name: Create a server network and specify the ip address
  hcloud_server_network:
    api_token: "{{ hetzner_authentication_token }}"
    network: dev-elastic-stack
    server: dev-elastic-stack-03
    ip: 10.0.0.4
    state: present
  delegate_to: 127.0.0.1
 - name: Create a server network and specify the ip address
  hcloud_server_network:
    api_token: "{{ hetzner_authentication_token }}"
    network: dev-elastic-stack
    server: "{{ item }}"
    state: present
  with_items: "{{ groups['hcloud'] | difference(groups['elastic']) }}"
  delegate_to: 127.0.0.1
 # TODO remove static ip configuration
 - name: Create a server network and specify the ip address
  hcloud_server_network:
    api_token: "{{ hetzner_authentication_token }}"
    network: dev-keycloak
    server: dev-keycloak-01
    ip: 10.1.0.2
    state: present
  delegate_to: 127.0.0.1
 - name: Create a server network and specify the ip address
  hcloud_server_network:
    api_token: "{{ hetzner_authentication_token }}"
    network: dev-keycloak
    server: "{{ item }}"
    state: present
  with_items: "{{ groups['connect'] }}"
  delegate_to: 127.0.0.1
--- a/roles/hetzner-network/vars/main.yml
+++ b/roles/hetzner-network/vars/main.yml
@ -1 +0,0 @@
 ---
--- a/roles/iam/defaults/main.yml
+++ b/roles/iam/defaults/main.yml
@ -0,0 +1,5 @@
 ---
 iam_image_name: 'dev-docker-registry-01.smardigo.digital/smardigo/iam-app'
 iam_version: '8.1.0-SNAPSHOT'
--- a/roles/hetzner-network/defaults/main.yml
+++ b/roles/hetzner-network/defaults/main.yml
--- a/roles/hetzner-network/handlers/main.yml
+++ b/roles/hetzner-network/handlers/main.yml
--- a/roles/iam/tasks/main.yml
+++ b/roles/iam/tasks/main.yml
@ -0,0 +1,123 @@
 ---
 ### tags:
 ###   create_users
 ###   update_deployment
 - name: "Send mattermost messsge"
  uri:
    url: "{{ mattermost_hook_smardigo }}"
    method: POST
    body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}"
    body_format: json
    headers:
      Content-Type: "application/json"
  delegate_to: 127.0.0.1
  become: false
  when:
    - send_status_messages
 - name: "Setup DNS configuration for {{ service_name }}"
  include_role:
    name: _digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ service_name }}"
 - name: "Setup public DNS configuration for {{ service_name }}"
  include_role:
    name: _digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ item.ip }}"
    record_name: "{{ item.name }}"
  loop: "{{ iam_public_dns_entries }}"
  when: iam_public_dns_entries is defined
 - name: "Check docker networks"
  include_role:
    name: _docker
    tasks_from: networks
 - name: "Check if {{ service_name }}/docker-compose.yml exists"
  stat:
    path: '{{ service_base_path }}/{{ service_name }}/docker-compose.yml'
  register: check_docker_compose_file
  tags:
    - update_deployment
 - name: "Stop {{ service_name }}"
  shell: docker-compose down
  args:
    chdir: '{{ service_base_path }}/{{ service_name }}'
  when: check_docker_compose_file.stat.exists
  ignore_errors: yes
  tags:
    - update_deployment
 - name: "Deploy docker templates for {{ service_name }}"
  include_role:
    name: _deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
    current_base_path: "{{ service_base_path }}"
    current_destination: "{{ service_name }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"
    current_docker: "{{ iam_docker }}"
 - name: "Deploy service templates for {{ service_name }}"
  include_role:
    name: _deploy
    tasks_from: templates
  vars:
    current_config: "iam"
    current_base_path: "{{ service_base_path }}"
    current_destination: "{{ service_name }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"
 - name: "Update {{ service_name }}"
  shell: docker-compose pull
  args:
    chdir: '{{ service_base_path }}/{{ service_name }}'
  tags:
    - update_deployment
 - name: "Start {{ service_name }}"
  shell: docker-compose up -d
  args:
    chdir: '{{ service_base_path }}/{{ service_name }}'
  tags:
    - update_deployment
 - name: "Update landing page for {{ service_name }}"
  include_role:
    name: _deploy
    tasks_from: caddy_landing_page
  vars:
    current_services: [
      {
        current_name: "{{ service_name }}",
        current_url: "{{ http_s }}://{{ iam_id }}.{{ domain }}",
        current_version: "{{ iam_version }}",
        current_date: "{{ ansible_date_time.iso8601 }}",
      },
    ]
  tags:
    - update_deployment
 - name: "Send mattermost messsge"
  uri:
    url: "{{ mattermost_hook_smardigo }}"
    method: POST
    body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}"
    body_format: json
    headers:
      Content-Type: "application/json"
  delegate_to: 127.0.0.1
  become: false
  when:
    - send_status_messages
--- a/roles/iam/vars/main.yml
+++ b/roles/iam/vars/main.yml
@ -0,0 +1,72 @@
 ---
 iam_id: "{{ service_name }}-iam"
 iam_cache_timeout: 600s
 iam_keycloak_auth_server_url: "https://{{ shared_service_keycloak_hostname }}/auth"
 iam_keycloak_admin_user: "{{ keycloak_admin_username }}"
 iam_keycloak_admin_password: "{{ keycloak_admin_password }}"
 iam_labels: [
  '"traefik.enable=true"',
  '"traefik.http.routers.{{ iam_id }}.service={{ iam_id }}"',
  '"traefik.http.routers.{{ iam_id }}.rule=Host(`{{ stage_server_url_host }}`)"',
  '"traefik.http.routers.{{ iam_id }}.entrypoints=websecure"',
  '"traefik.http.routers.{{ iam_id }}.tls=true"',
  '"traefik.http.routers.{{ iam_id }}.tls.certresolver=letsencrypt"',
  '"traefik.http.services.{{ iam_id }}.loadbalancer.server.port={{ service_port }}"',
  '"traefik.http.routers.{{ iam_id }}-admin.service={{ iam_id }}-admin"',
  '"traefik.http.routers.{{ iam_id }}-admin.rule=Host(`{{ stage_server_url_host }}`)"',
  '"traefik.http.routers.{{ iam_id }}-admin.entrypoints=admin-service"',
  '"traefik.http.routers.{{ iam_id }}-admin.tls=true"',
  '"traefik.http.routers.{{ iam_id }}-admin.tls.certresolver=letsencrypt"',
  '"traefik.http.routers.{{ iam_id }}-admin.middlewares={{ iam_id }}-admin-cors"',
  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolallowmethods=GET,OPTIONS"',
  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolalloworigin=*"',
  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolallowheaders=SMA_USER"',
  '"traefik.http.services.{{ iam_id }}-admin.loadbalancer.server.port={{ management_port }}"',
  '"traefik.http.routers.{{ iam_id }}-monitor.service={{ service_name }}-node-exporter"',
  '"traefik.http.routers.{{ iam_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"',
  '"traefik.http.routers.{{ iam_id }}-monitor.entrypoints=monitoring-system"',
  '"traefik.http.routers.{{ iam_id }}-monitor.tls=true"',
  '"traefik.http.routers.{{ iam_id }}-monitor.tls.certresolver=letsencrypt"',
 ]
 iam_docker: {
  networks: [
    {
      name: back-tier,
      external: true,
    },
    {
      name: front-tier,
      external: true,
    },
  ],
  services: [
    {
      name: "{{ iam_id }}",
      image_name: "{{ iam_image_name }}",
      image_version: "{{ iam_version }}",
      labels: "{{ iam_labels + ( iam_labels_additional | default([])) }}",
      restart: "{{ iam_service_restart | default('always') }}",
      environment: [
        "SERVER_PORT: \"{{ service_port }}\"",
        "ADMIN_PORT: \"{{ management_port }}\"",
        "SERVER_ERROR_INCLUDE_MESSAGE: \"always\"",
        "SPRING_CACHE_CAFFEINE_SPEC: \"expireAfterAccess={{ iam_cache_timeout }}\"",
        "IAM_KEYCLOAK_AUTH_SERVER_URL: \"{{ iam_keycloak_auth_server_url }}\"",
        "IAM_KEYCLOAK_ADMIN_USER: \"{{ iam_keycloak_admin_user }}\"",
        "IAM_KEYCLOAK_ADMIN_PASSWORD: \"{{ iam_keycloak_admin_password }}\""
      ],
      networks: [
        '"back-tier"',
        '"front-tier"',
      ],
      extra_hosts: "{{ iam_extra_hosts | default([]) }}",
    }
  ],
 }
--- a/roles/keycloak/tasks/_authenticate.yml
+++ b/roles/keycloak/tasks/_authenticate.yml
@ -1,6 +1,6 @@
 ---
- name: "Authenticate with Keycloak server"
+- name: "Authenticating with keycloak server"
  uri:
    url: "{{ keycloak_server_url }}/auth/realms/master/protocol/openid-connect/token"
    method: POST
@ -11,12 +11,14 @@
  retries: 5
  delay: 5
- name: Save access_token as variable (fact)
+- name: "Saving access_token as variable (fact)"
  set_fact: 
    access_token: "{{ keycloak_authentication.json.access_token }}"
  delegate_to: 127.0.0.1
- name: Print keycloak access_token
+- name: "Printing access_token for keycloak server"
  debug:
    msg: "{{ access_token }}"
-  delegate_to: 127.0.0.1
+  delegate_to: 127.0.0.1
  when:
   - debug
--- a/roles/keycloak/tasks/_configure_client.yml
+++ b/roles/keycloak/tasks/_configure_client.yml
@ -1,10 +1,11 @@
 ---
-#- name: Print client {{ client_id }} for realm {{ realm_name }}
+- name: Print client {{ client_id }} for realm {{ realm_name }}
-#  debug:
+  debug:
-#    msg: "{{ lookup('template','keycloak-realm-create-client.json.j2') }}"
+    msg: "{{ lookup('template','keycloak-realm-create-client.json.j2') }}"
-#  when: realm_client_ids | selectattr('clientId', 'equalto', client_id) | list | length == 0
+  when:
-#  delegate_to: 127.0.0.1
+   - debug
  delegate_to: 127.0.0.1
 - name: Create client {{ client_id }} for realm {{ realm_name }}
  uri:
--- a/roles/keycloak/tasks/_configure_realm.yml
+++ b/roles/keycloak/tasks/_configure_realm.yml
@ -22,6 +22,13 @@
    jmesquery: '[*].id'
  delegate_to: 127.0.0.1
 - name: "Printing realm ids"
  debug:
    msg: "{{ realm_ids }}"
  delegate_to: 127.0.0.1
  when:
   - debug
 - name: Create realm {{ current_realm_name }}
  uri:
    url: "{{ keycloak_server_url }}/auth/admin/realms"
@ -56,10 +63,12 @@
    jmesquery: '[*].{id: id, clientId: clientId}'
  delegate_to: 127.0.0.1
- name: Print client ids
+- name: "Printing client ids from realm {{ current_realm_name }}"
  debug:
    msg: "{{ realm_client_ids }}"
  delegate_to: 127.0.0.1
  when:
   - debug
 - name: "Create clients from realm {{ current_realm_name }}"
  include_tasks: _configure_client.yml
--- a/roles/keycloak/tasks/_create_realm_users.yml
+++ b/roles/keycloak/tasks/_create_realm_users.yml
@ -0,0 +1,53 @@
 ---
 - name: "Reading users of realm {{ current_realm_name }}"
  uri:
    url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users"
    method: GET
    headers:
      Authorization: "Bearer {{ access_token}} "
    status_code: [200]
  register: realm_users
  delegate_to: 127.0.0.1
 - name: "Printing realm users"
  debug:
    msg: "{{ realm_users }}"
  delegate_to: 127.0.0.1
  when:
   - debug
 - name: "Saving users of realm {{ current_realm_name }} as variable (fact)"
  set_fact: 
    realm_users_json: "{{ realm_users.json }}"
  delegate_to: 127.0.0.1
 - name: "Reading user ids of realm {{ current_realm_name }}"
  set_fact:  
    realm_user_usernames:  "{{ realm_users_json | json_query(jmesquery) }}"
  vars:
    jmesquery: '[*].username'
  delegate_to: 127.0.0.1
 - name: "Printing usernames of realm {{ current_realm_name }}"
  debug:
    msg: "{{ realm_user_usernames }}"
  delegate_to: 127.0.0.1
  when:
   - debug
 - name: "Creating users for realm {{ current_realm_name }}"
  uri:
    url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users"
    method: POST
    body_format: json
    body: "{{ lookup('template','keycloak-realm-create-user.json.j2') }}"
    headers:
      Content-Type: "application/json"
      Authorization: "Bearer {{ access_token }}"
    status_code: [201]
  with_items: "{{ current_realm_users }}"
  when: current_realm_user.username not in realm_user_usernames
  loop_control:
    loop_var: current_realm_user
  delegate_to: 127.0.0.1
--- a/roles/keycloak/vars/main.yml
+++ b/roles/keycloak/vars/main.yml
@ -14,7 +14,7 @@ keycloak_labels: [
  '"traefik.http.routers.{{ keycloak_id }}-monitor.service={{ service_name }}-node-exporter"',
  '"traefik.http.routers.{{ keycloak_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"',
-  '"traefik.http.routers.{{ keycloak_id }}-monitor.entrypoints=admin-system"',
+  '"traefik.http.routers.{{ keycloak_id }}-monitor.entrypoints=monitoring-system"',
  '"traefik.http.routers.{{ keycloak_id }}-monitor.tls=true"',
  '"traefik.http.routers.{{ keycloak_id }}-monitor.tls.certresolver=letsencrypt"',
 ]
--- a/smardigo.yml
+++ b/smardigo.yml
@ -50,15 +50,19 @@
        - update_networks
  roles:
    - role: connect
      when: "'connect' in group_names"
    - role: keycloak
      when: "'keycloak' in group_names"
    - role: postfix
      when: "'postfix' in group_names"
    - role: keycloak
      when: "'keycloak' in group_names"
    - role: harbor
      when: "'harbor' in group_names"
    - role: elastic
      when: "'elastic' in group_names"
    - role: prometheus
      when: "'prometheus' in group_names"
    - role: iam
      when: "'iam' in group_names"
    - role: connect
      when: "'connect' in group_names"
--- a/smardigo/provisioning/form/tenant.json
+++ b/smardigo/provisioning/form/tenant.json
@ -31,7 +31,7 @@
      "eq" : ""
    },
    "data" : {
-      "url" : "http://localhost:8080/api/v1/scopes/{{context.scopeId}}/tags/{{context.scopeTag}}/datasources/tenants/query?id={{data.tenant_id}}",
+      "url" : "api/v1/scopes/{{context.scopeId}}/tags/{{context.scopeTag}}/datasources/tenants/query?id={{data.tenant_id}}",
      "method" : "GET",
      "values" : [ { } ]
    },
--- a/smardigo/provisioning/process/simple-connect.bpmn
+++ b/smardigo/provisioning/process/simple-connect.bpmn
@ -500,11 +500,6 @@ Keycloak Realm mit Administrator Account
    <bpmn2:sequenceFlow id="Flow_0gcsmj7" sourceRef="Event_0tax83l" targetRef="Activity_136brby" />
    <bpmn2:sequenceFlow id="Flow_01qpec5" sourceRef="Activity_1elfmkh" targetRef="Activity_0r5wmiv" />
    <bpmn2:startEvent id="Event_02kqmmg" camunda:formKey="simple-connect-create">
      <bpmn2:extensionElements>
        <camunda:executionListener event="end">
          <camunda:script scriptFormat="groovy" resource="ansible-start.groovy" />
        </camunda:executionListener>
      </bpmn2:extensionElements>
      <bpmn2:outgoing>Flow_13nom3k</bpmn2:outgoing>
    </bpmn2:startEvent>
    <bpmn2:scriptTask id="Activity_1elfmkh" name="ansible-start.groovy" scriptFormat="groovy" camunda:resultVariable="ansibleCommand" camunda:resource="ansible-start.groovy">
--- a/21
+++ b/21
@ -1,25 +1,18 @@
 [ansible]
 dev-ansible-01
 [connect]
 # <stage>-<tenant>-<name>-<node>
 dev-management-smardigo-01
 dev-connect-01
 dev-connect-02
 dev-connect-03
 # only for testing purposes -> dynamic-provisioning
 dev-sken-01
 dev-sken-02
 [harbor]
 dev-docker-registry-01
 [elastic]
 dev-elastic-stack-01
 dev-elastic-stack-02
 dev-elastic-stack-03
 [harbor]
 dev-docker-registry-01
 [iam]
 dev-iam-01
 [keycloak]
 dev-keycloak-01
@ -30,10 +23,10 @@ dev-mail-01
 dev-prometheus-01
 [stage_dev:children]
 ansible
 connect
 elastic
 harbor
 iam
 keycloak
 postfix
 prometheus
`@ -10,4 +10,3 @@ connect_admin_password: "connect-admin"`

	`connect_mail_properties_base_url: "{{ http_s }}://{{ connect_id }}.{{ domain }}"`	`connect_mail_properties_base_url: "{{ http_s }}://{{ connect_id }}.{{ domain }}"`
	`connect_mail_properties_base_url_extern: "{{ http_s }}://{{ connect_id }}.{{ domain }}"`	`connect_mail_properties_base_url_extern: "{{ http_s }}://{{ connect_id }}.{{ domain }}"`