From 896bd7faab09b7037602956de6a9a36bce87f749 Mon Sep 17 00:00:00 2001 From: Sven Ketelsen Date: Mon, 10 May 2021 19:38:27 +0200 Subject: [PATCH] chore: cleanup --- group_vars/stage_dev/plain.yml | 11 ++ roles/connect/defaults/main.yml | 118 ----------------- roles/connect/vars/main.yml | 118 +++++++++++++++++ .../elasticsearch-exporter/defaults/main.yml | 43 ------ roles/elasticsearch-exporter/vars/main.yml | 43 ++++++ roles/filebeat/defaults/main.yaml | 24 ---- roles/filebeat/vars/main.yml | 25 ++++ roles/hcloud/tasks/main.yml | 1 + .../hcloud/templates/firewall-default.json.j2 | 3 +- .../hcloud/templates/firewall-kibana.json.j2 | 3 +- roles/hcloud/templates/firewall-mail.json.j2 | 3 +- .../templates/firewall-monitoring.json.j2 | 3 +- roles/keycloak/defaults/main.yml | 91 ------------- roles/keycloak/vars/main.yml | 91 +++++++++++++ roles/node-exporter/vars/main.yml | 64 +++++++++ roles/prometheus/defaults/main.yml | 125 ------------------ roles/prometheus/vars/main.yml | 123 +++++++++++++++++ roles/traefik/defaults/main.yml | 73 ---------- roles/traefik/vars/main.yml | 73 ++++++++++ 19 files changed, 553 insertions(+), 482 deletions(-) create mode 100644 roles/filebeat/vars/main.yml diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml index decd4bb..3e417b3 100644 --- a/group_vars/stage_dev/plain.yml +++ b/group_vars/stage_dev/plain.yml @@ -25,10 +25,21 @@ filebeat_extra_hosts: [ # TODO read configuration with hetzner rest api keycloak_hostname: "dev-keycloak-01.smardigo.digital" +mail_hostname: "dev-mail-01.smardigo.digital" connect_extra_hosts: [ { hostname: "{{ keycloak_hostname }}", ip: 10.1.0.2, + }, + { + hostname: "{{ mail_hostname }}", + ip: 10.2.0.2, + } +] +keycloak_extra_hosts: [ + { + hostname: "{{ mail_hostname }}", + ip: 10.2.0.2, } ] diff --git a/roles/connect/defaults/main.yml b/roles/connect/defaults/main.yml index 3ced9de..74581fd 100644 --- a/roles/connect/defaults/main.yml +++ b/roles/connect/defaults/main.yml @@ -13,121 +13,3 @@ connect_postgres_admin_password: "connect-postgres-admin" connect_mail_properties_base_url: "{{ http_s }}://{{ connect_id }}.{{ domain }}" connect_mail_properties_base_url_extern: "{{ http_s }}://{{ connect_id }}.{{ domain }}" - -connect_id: "{{ service_name }}-connect" -connect_postgres_id: "{{ service_name }}-postgres-connect" - -connect_labels: [ - '"traefik.enable=true"', - '"traefik.http.routers.{{ connect_id }}.service={{ connect_id }}"', - '"traefik.http.routers.{{ connect_id }}.rule=Host(`{{ stage_server_url_host }}`)"', - '"traefik.http.routers.{{ connect_id }}.entrypoints=websecure"', - '"traefik.http.routers.{{ connect_id }}.tls=true"', - '"traefik.http.routers.{{ connect_id }}.tls.certresolver=letsencrypt"', - '"traefik.http.services.{{ connect_id }}.loadbalancer.server.port={{ service_port }}"', - - '"traefik.http.routers.{{ connect_id }}-admin.service={{ connect_id }}-admin"', - '"traefik.http.routers.{{ connect_id }}-admin.rule=Host(`{{ stage_server_url_host }}`)"', - '"traefik.http.routers.{{ connect_id }}-admin.entrypoints=admin-service"', - '"traefik.http.routers.{{ connect_id }}-admin.tls=true"', - '"traefik.http.routers.{{ connect_id }}-admin.tls.certresolver=letsencrypt"', - '"traefik.http.routers.{{ connect_id }}-admin.middlewares={{ connect_id }}-admin-cors"', - '"traefik.http.middlewares.{{ connect_id }}-admin-cors.headers.accesscontrolallowmethods=GET,OPTIONS"', - '"traefik.http.middlewares.{{ connect_id }}-admin-cors.headers.accesscontrolalloworigin=*"', - '"traefik.http.middlewares.{{ connect_id }}-admin-cors.headers.accesscontrolallowheaders=SMA_USER"', - '"traefik.http.services.{{ connect_id }}-admin.loadbalancer.server.port={{ management_port }}"', - - '"traefik.http.routers.{{ connect_id }}-monitor.service={{ service_name }}-node-exporter"', - '"traefik.http.routers.{{ connect_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"', - '"traefik.http.routers.{{ connect_id }}-monitor.entrypoints=admin-system"', - '"traefik.http.routers.{{ connect_id }}-monitor.tls=true"', - '"traefik.http.routers.{{ connect_id }}-monitor.tls.certresolver=letsencrypt"', -] - -connect_docker: { - networks: [ - { - name: back-tier, - external: true, - }, - { - name: front-tier, - external: true, - }, - ], - volumes: [ - { - name: "{{ connect_postgres_id }}-data" - } - ], - services: [ - { - name: "{{ connect_id }}", - image_name: "{{ connect_image_name }}", - image_version: "{{ connect_version }}", - labels: "{{ connect_labels + ( connect_labels_additional | default([])) }}", - restart: "{{ connect_service_restart | default('always') }}", - environment: [ - "ADMIN_LOGIN: \"{{ connect_admin_username }}\"", - "ADMIN_PASSWORD: \"{{ connect_admin_password }}\"", - - "DATASOURCE_URL: \"jdbc:postgresql://{{ connect_postgres_id }}:{{ service_port_postgres }}/{{ connect_postgres_database }}\"", - "DATASOURCE_USERNAME: \"{{ connect_postgres_admin_username }}\"", - "DATASOURCE_PASSWORD: \"{{ connect_postgres_admin_password }}\"", - - "MAIL_PROTOCOL: \"{{ connect_mail_protocol | default('smtp') }}\"", - "MAIL_HOST: \"{{ connect_mail_host | default('smtp.tolina.local') }}\"", - "MAIL_PORT: \"{{ connect_mail_port | default('25') }}\"", - "MAIL_USER: \"{{ connect_mail_user | default('') }}\"", - "MAIL_PASSWORD: \"{{ connect_mail_password | default('') }}\"", - "MAIL_PROPERTIES_SIMULATION: \"{{ connect_mail_properties_simulation | default('true') }}\"", - "MAIL_PROPERTIES_BASE_URL: \"{{ connect_mail_properties_base_url }}\"", - "MAIL_PROPERTIES_BASE_URL_EXTERN: \"{{ connect_mail_properties_base_url_extern }}\"", - "MAIL_PROPERTIES_SENDER: \"{{ connect_mail_properties_sender | default('noreply-connect@arxes-tolina.de') }}\"", - "MAIL_PROPERTIES_SENDER_ALIAS: \"{{ connect_mail_properties_sender_alias | default('noreply-connect') }}\"", - - "AUTH_MODULE: \"{{ connect_auth_module | default('preauth') }}\"", - "OIDC_CLIENT_ID: \"{{ connect_oidc_client_id | default('oidc_config_not_found') }}\"", - "OIDC_CLIENT_SECRET: \"{{ connect_oidc_client_secret | default('oidc_config_not_found') }}\"", - "OIDC_REGISTRATION_ID: \"{{ connect_oidc_registration_id | default('oidc_config_not_found') }}\"", - "OIDC_ISSUER_URI: \"{{ connect_oidc_issuer_uri | default('oidc_config_not_found') }}\"", - "PASSWORD_CHANGE_URL: \"{{ connect_password_change_url | default('') }}\"", - "USER_MANAGEMENT_URL: \"{{ connect_iam_user_management_url | default('') }}\"", - - "IAM_MODULE: \"{{ connect_iam_module | default('embedded') }}\"", - "IAM_CLIENT_ENABLED: \"{{ smardigo_iam_client_enabled | default('false') }}\"", - "EXTERNAL_IAM_SERVER_URL: \"{{ smardigo_iam_client_server_url | default('') }}\"", - - "SMA_API_TOKEN_SECRET: \"{{ connect_api_token_secret | default('') }}\"", - - "SMA_CSRF_TOKEN_NAME: \"{{ connect_csrf_token_name | default('') }}\"", - "SMA_CSRF_TOKEN_VALUE: \"{{ connect_csrf_token_value | default('') }}\"", - - "SPRING_PROFILES_INCLUDE: \"{{ spring_profiles_include | default('swagger') }}\"", - "RIBBON_DISPLAY_ON_ACTIVE_PROFILES: \"{{ ribbon_display_on_active_profiles | default('dev') }}\"", - ], - networks: [ - '"back-tier"', - '"front-tier"', - ], - extra_hosts: "{{ connect_extra_hosts | default([]) }}", - }, - { - name: "{{ connect_postgres_id }}", - image_name: "postgres", - image_version: "{{ connect_postgres_version }}", - environment: [ - 'POSTGRES_DB: "{{ connect_postgres_database }}"', - 'POSTGRES_USER: "{{ connect_postgres_admin_username }}"', - 'POSTGRES_PASSWORD: "{{ connect_postgres_admin_password }}"', - ], - volumes: [ - '"{{ connect_postgres_id }}-data:/var/lib/postgresql/data"', - ], - networks: [ - '"back-tier"', - ], - ports: "{{ connect_postgres_ports | default([]) }}", - }, - ], -} diff --git a/roles/connect/vars/main.yml b/roles/connect/vars/main.yml index ed97d53..bb9f664 100644 --- a/roles/connect/vars/main.yml +++ b/roles/connect/vars/main.yml @@ -1 +1,119 @@ --- + +connect_id: "{{ service_name }}-connect" +connect_postgres_id: "{{ service_name }}-postgres-connect" + +connect_labels: [ + '"traefik.enable=true"', + '"traefik.http.routers.{{ connect_id }}.service={{ connect_id }}"', + '"traefik.http.routers.{{ connect_id }}.rule=Host(`{{ stage_server_url_host }}`)"', + '"traefik.http.routers.{{ connect_id }}.entrypoints=websecure"', + '"traefik.http.routers.{{ connect_id }}.tls=true"', + '"traefik.http.routers.{{ connect_id }}.tls.certresolver=letsencrypt"', + '"traefik.http.services.{{ connect_id }}.loadbalancer.server.port={{ service_port }}"', + + '"traefik.http.routers.{{ connect_id }}-admin.service={{ connect_id }}-admin"', + '"traefik.http.routers.{{ connect_id }}-admin.rule=Host(`{{ stage_server_url_host }}`)"', + '"traefik.http.routers.{{ connect_id }}-admin.entrypoints=admin-service"', + '"traefik.http.routers.{{ connect_id }}-admin.tls=true"', + '"traefik.http.routers.{{ connect_id }}-admin.tls.certresolver=letsencrypt"', + '"traefik.http.routers.{{ connect_id }}-admin.middlewares={{ connect_id }}-admin-cors"', + '"traefik.http.middlewares.{{ connect_id }}-admin-cors.headers.accesscontrolallowmethods=GET,OPTIONS"', + '"traefik.http.middlewares.{{ connect_id }}-admin-cors.headers.accesscontrolalloworigin=*"', + '"traefik.http.middlewares.{{ connect_id }}-admin-cors.headers.accesscontrolallowheaders=SMA_USER"', + '"traefik.http.services.{{ connect_id }}-admin.loadbalancer.server.port={{ management_port }}"', + + '"traefik.http.routers.{{ connect_id }}-monitor.service={{ service_name }}-node-exporter"', + '"traefik.http.routers.{{ connect_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"', + '"traefik.http.routers.{{ connect_id }}-monitor.entrypoints=admin-system"', + '"traefik.http.routers.{{ connect_id }}-monitor.tls=true"', + '"traefik.http.routers.{{ connect_id }}-monitor.tls.certresolver=letsencrypt"', +] + +connect_docker: { + networks: [ + { + name: back-tier, + external: true, + }, + { + name: front-tier, + external: true, + }, + ], + volumes: [ + { + name: "{{ connect_postgres_id }}-data" + } + ], + services: [ + { + name: "{{ connect_id }}", + image_name: "{{ connect_image_name }}", + image_version: "{{ connect_version }}", + labels: "{{ connect_labels + ( connect_labels_additional | default([])) }}", + restart: "{{ connect_service_restart | default('always') }}", + environment: [ + "ADMIN_LOGIN: \"{{ connect_admin_username }}\"", + "ADMIN_PASSWORD: \"{{ connect_admin_password }}\"", + + "DATASOURCE_URL: \"jdbc:postgresql://{{ connect_postgres_id }}:{{ service_port_postgres }}/{{ connect_postgres_database }}\"", + "DATASOURCE_USERNAME: \"{{ connect_postgres_admin_username }}\"", + "DATASOURCE_PASSWORD: \"{{ connect_postgres_admin_password }}\"", + + "MAIL_PROTOCOL: \"{{ connect_mail_protocol | default('smtp') }}\"", + "MAIL_HOST: \"{{ connect_mail_host | default('smtp.tolina.local') }}\"", + "MAIL_PORT: \"{{ connect_mail_port | default('25') }}\"", + "MAIL_USER: \"{{ connect_mail_user | default('') }}\"", + "MAIL_PASSWORD: \"{{ connect_mail_password | default('') }}\"", + "MAIL_PROPERTIES_SIMULATION: \"{{ connect_mail_properties_simulation | default('true') }}\"", + "MAIL_PROPERTIES_BASE_URL: \"{{ connect_mail_properties_base_url }}\"", + "MAIL_PROPERTIES_BASE_URL_EXTERN: \"{{ connect_mail_properties_base_url_extern }}\"", + "MAIL_PROPERTIES_SENDER: \"{{ connect_mail_properties_sender | default('noreply-connect@arxes-tolina.de') }}\"", + "MAIL_PROPERTIES_SENDER_ALIAS: \"{{ connect_mail_properties_sender_alias | default('noreply-connect') }}\"", + + "AUTH_MODULE: \"{{ connect_auth_module | default('preauth') }}\"", + "OIDC_CLIENT_ID: \"{{ connect_oidc_client_id | default('oidc_config_not_found') }}\"", + "OIDC_CLIENT_SECRET: \"{{ connect_oidc_client_secret | default('oidc_config_not_found') }}\"", + "OIDC_REGISTRATION_ID: \"{{ connect_oidc_registration_id | default('oidc_config_not_found') }}\"", + "OIDC_ISSUER_URI: \"{{ connect_oidc_issuer_uri | default('oidc_config_not_found') }}\"", + "PASSWORD_CHANGE_URL: \"{{ connect_password_change_url | default('') }}\"", + "USER_MANAGEMENT_URL: \"{{ connect_iam_user_management_url | default('') }}\"", + + "IAM_MODULE: \"{{ connect_iam_module | default('embedded') }}\"", + "IAM_CLIENT_ENABLED: \"{{ smardigo_iam_client_enabled | default('false') }}\"", + "EXTERNAL_IAM_SERVER_URL: \"{{ smardigo_iam_client_server_url | default('') }}\"", + + "SMA_API_TOKEN_SECRET: \"{{ connect_api_token_secret | default('') }}\"", + + "SMA_CSRF_TOKEN_NAME: \"{{ connect_csrf_token_name | default('') }}\"", + "SMA_CSRF_TOKEN_VALUE: \"{{ connect_csrf_token_value | default('') }}\"", + + "SPRING_PROFILES_INCLUDE: \"{{ spring_profiles_include | default('swagger') }}\"", + "RIBBON_DISPLAY_ON_ACTIVE_PROFILES: \"{{ ribbon_display_on_active_profiles | default('dev') }}\"", + ], + networks: [ + '"back-tier"', + '"front-tier"', + ], + extra_hosts: "{{ connect_extra_hosts | default([]) }}", + }, + { + name: "{{ connect_postgres_id }}", + image_name: "postgres", + image_version: "{{ connect_postgres_version }}", + environment: [ + 'POSTGRES_DB: "{{ connect_postgres_database }}"', + 'POSTGRES_USER: "{{ connect_postgres_admin_username }}"', + 'POSTGRES_PASSWORD: "{{ connect_postgres_admin_password }}"', + ], + volumes: [ + '"{{ connect_postgres_id }}-data:/var/lib/postgresql/data"', + ], + networks: [ + '"back-tier"', + ], + ports: "{{ connect_postgres_ports | default([]) }}", + }, + ], +} diff --git a/roles/elasticsearch-exporter/defaults/main.yml b/roles/elasticsearch-exporter/defaults/main.yml index 5e58d73..a403cc7 100644 --- a/roles/elasticsearch-exporter/defaults/main.yml +++ b/roles/elasticsearch-exporter/defaults/main.yml @@ -1,47 +1,4 @@ --- -elasticsearch_exporter_id: "{{ service_name }}-elasticsearch-exporter" - elasticsearch_exporter_image_name: "justwatch/elasticsearch_exporter" elasticsearch_exporter_image_version: "latest" - -elasticsearch_exporter_docker: { - networks: [ - { - name: back-tier, - external: true, - }, - { - name: front-tier, - external: true, - }, - ], - services: [ - { - name: "{{ elasticsearch_exporter_id }}", - image_name: "{{ elasticsearch_exporter_image_name }}", - image_version: "{{ elasticsearch_exporter_image_version }}", - command: [ - '"--es.ca=/certificates/ca.crt"', - '"--es.uri=https://logstash-ingest:tH1iSiSas3cREt.Passw0rt@es-dev-elastic-stack-01:9200"', - ], - labels: [ - '"traefik.enable=true"', - '"traefik.http.routers.{{ elasticsearch_exporter_id }}.service={{ elasticsearch_exporter_id }}"', - '"traefik.http.routers.{{ elasticsearch_exporter_id }}.rule=Host(`{{ service_name }}.{{ domain }}`)"', - '"traefik.http.routers.{{ elasticsearch_exporter_id }}.entrypoints=admin-docker"', - '"traefik.http.routers.{{ elasticsearch_exporter_id }}.tls=true"', - '"traefik.http.routers.{{ elasticsearch_exporter_id }}.tls.certresolver=letsencrypt"', - '"traefik.http.services.{{ elasticsearch_exporter_id }}.loadbalancer.server.port=9114"', - ], - volumes: [ - '"./certs:/certificates:ro"', - ], - networks: [ - '"back-tier"', - '"front-tier"', - ], - extra_hosts: "{{ elasticsearch_extra_hosts | default([]) }}", - } - ] -} diff --git a/roles/elasticsearch-exporter/vars/main.yml b/roles/elasticsearch-exporter/vars/main.yml index ed97d53..0986d49 100644 --- a/roles/elasticsearch-exporter/vars/main.yml +++ b/roles/elasticsearch-exporter/vars/main.yml @@ -1 +1,44 @@ --- + +elasticsearch_exporter_id: "{{ service_name }}-elasticsearch-exporter" + +elasticsearch_exporter_docker: { + networks: [ + { + name: back-tier, + external: true, + }, + { + name: front-tier, + external: true, + }, + ], + services: [ + { + name: "{{ elasticsearch_exporter_id }}", + image_name: "{{ elasticsearch_exporter_image_name }}", + image_version: "{{ elasticsearch_exporter_image_version }}", + command: [ + '"--es.ca=/certificates/ca.crt"', + '"--es.uri=https://logstash-ingest:tH1iSiSas3cREt.Passw0rt@es-dev-elastic-stack-01:9200"', + ], + labels: [ + '"traefik.enable=true"', + '"traefik.http.routers.{{ elasticsearch_exporter_id }}.service={{ elasticsearch_exporter_id }}"', + '"traefik.http.routers.{{ elasticsearch_exporter_id }}.rule=Host(`{{ service_name }}.{{ domain }}`)"', + '"traefik.http.routers.{{ elasticsearch_exporter_id }}.entrypoints=admin-docker"', + '"traefik.http.routers.{{ elasticsearch_exporter_id }}.tls=true"', + '"traefik.http.routers.{{ elasticsearch_exporter_id }}.tls.certresolver=letsencrypt"', + '"traefik.http.services.{{ elasticsearch_exporter_id }}.loadbalancer.server.port=9114"', + ], + volumes: [ + '"./certs:/certificates:ro"', + ], + networks: [ + '"back-tier"', + '"front-tier"', + ], + extra_hosts: "{{ elasticsearch_extra_hosts | default([]) }}", + } + ] +} diff --git a/roles/filebeat/defaults/main.yaml b/roles/filebeat/defaults/main.yaml index b673f27..822aed8 100644 --- a/roles/filebeat/defaults/main.yaml +++ b/roles/filebeat/defaults/main.yaml @@ -2,27 +2,3 @@ filebeat_image_name: "docker.elastic.co/beats/filebeat" filebeat_image_version: "7.12.0" - -filebeat_id: "{{ service_name }}-filebeat" - -filebeat_docker: { - services: [ - { - name: "{{ filebeat_id }}", - image_name: "{{ filebeat_image_name }}", - image_version: "{{ filebeat_image_version }}", - user: root, - environment: [ - "node.name: \"{{ filebeat_id }}\"", - ], - volumes: [ - '"./config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro"', - '"/var/lib/docker/containers/:/var/lib/docker/containers/:ro"', - '"/var/run/docker.sock:/var/run/docker.sock:ro"', - '"/var/log/:/var/log/:ro"', - '"./certs:/usr/share/filebeat/config/certificates:ro"', - ], - extra_hosts: "{{ filebeat_extra_hosts | default([]) }}", - }, - ], -} \ No newline at end of file diff --git a/roles/filebeat/vars/main.yml b/roles/filebeat/vars/main.yml new file mode 100644 index 0000000..5a83b65 --- /dev/null +++ b/roles/filebeat/vars/main.yml @@ -0,0 +1,25 @@ +--- + +filebeat_id: "{{ service_name }}-filebeat" + +filebeat_docker: { + services: [ + { + name: "{{ filebeat_id }}", + image_name: "{{ filebeat_image_name }}", + image_version: "{{ filebeat_image_version }}", + user: root, + environment: [ + "node.name: \"{{ filebeat_id }}\"", + ], + volumes: [ + '"./config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro"', + '"/var/lib/docker/containers/:/var/lib/docker/containers/:ro"', + '"/var/run/docker.sock:/var/run/docker.sock:ro"', + '"/var/log/:/var/log/:ro"', + '"./certs:/usr/share/filebeat/config/certificates:ro"', + ], + extra_hosts: "{{ filebeat_extra_hosts | default([]) }}", + }, + ], +} diff --git a/roles/hcloud/tasks/main.yml b/roles/hcloud/tasks/main.yml index 3500af6..dc85520 100644 --- a/roles/hcloud/tasks/main.yml +++ b/roles/hcloud/tasks/main.yml @@ -22,6 +22,7 @@ with_items: - 'default' - 'kibana' + - 'mail' - 'monitoring' loop_control: loop_var: current_firewall diff --git a/roles/hcloud/templates/firewall-default.json.j2 b/roles/hcloud/templates/firewall-default.json.j2 index 9877e34..e11840b 100644 --- a/roles/hcloud/templates/firewall-default.json.j2 +++ b/roles/hcloud/templates/firewall-default.json.j2 @@ -50,6 +50,5 @@ "destination_ips": [ ] } - ], - "applied_to": "{{ firewall_default_servers | default([]) }}" + ] } diff --git a/roles/hcloud/templates/firewall-kibana.json.j2 b/roles/hcloud/templates/firewall-kibana.json.j2 index 6f09ece..d71b4b1 100644 --- a/roles/hcloud/templates/firewall-kibana.json.j2 +++ b/roles/hcloud/templates/firewall-kibana.json.j2 @@ -15,6 +15,5 @@ "destination_ips": [ ] } - ], - "applied_to": "{{ firewall_kibana_servers | default([]) }}" + ] } diff --git a/roles/hcloud/templates/firewall-mail.json.j2 b/roles/hcloud/templates/firewall-mail.json.j2 index 55ca334..321ec16 100644 --- a/roles/hcloud/templates/firewall-mail.json.j2 +++ b/roles/hcloud/templates/firewall-mail.json.j2 @@ -13,6 +13,5 @@ "destination_ips": [ ] } - ], - "applied_to": "{{ firewall_mail_servers | default([]) }}" + ] } diff --git a/roles/hcloud/templates/firewall-monitoring.json.j2 b/roles/hcloud/templates/firewall-monitoring.json.j2 index 1580bb2..8c63277 100644 --- a/roles/hcloud/templates/firewall-monitoring.json.j2 +++ b/roles/hcloud/templates/firewall-monitoring.json.j2 @@ -15,6 +15,5 @@ "destination_ips": [ ] } - ], - "applied_to": "{{ firewall_monitoring_servers | default([]) }}" + ] } diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index 271d1dc..addc6b0 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -11,94 +11,3 @@ keycloak_postgres_version: "12" keycloak_postgres_database: "keycloak-postgres" keycloak_postgres_admin_username: "keycloak-postgres-admin" keycloak_postgres_admin_password: "keycloak-postgres-admin" - -keycloak_id: "{{ service_name }}-keycloak" -keycloak_postgres_id: "{{ service_name }}-postgres-keycloak" - -keycloak_labels: [ - '"traefik.enable=true"', - '"traefik.http.routers.{{ keycloak_id }}.service={{ keycloak_id }}"', - '"traefik.http.routers.{{ keycloak_id }}.rule=Host(`{{ stage_server_url_host }}`)"', - '"traefik.http.routers.{{ keycloak_id }}.entrypoints=websecure"', - '"traefik.http.routers.{{ keycloak_id }}.tls=true"', - '"traefik.http.routers.{{ keycloak_id }}.tls.certresolver=letsencrypt"', - '"traefik.http.services.{{ keycloak_id }}.loadbalancer.server.port={{ service_port }}"', - - '"traefik.http.routers.{{ keycloak_id }}-monitor.service={{ service_name }}-node-exporter"', - '"traefik.http.routers.{{ keycloak_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"', - '"traefik.http.routers.{{ keycloak_id }}-monitor.entrypoints=admin-system"', - '"traefik.http.routers.{{ keycloak_id }}-monitor.tls=true"', - '"traefik.http.routers.{{ keycloak_id }}-monitor.tls.certresolver=letsencrypt"', -] - -keycloak_docker: { - networks: [ - { - name: back-tier, - external: true, - }, - { - name: front-tier, - external: true, - }, - ], - volumes: [ - { - name: "{{ keycloak_postgres_id }}-data" - } - ], - services: [ - { - name: "{{ keycloak_id }}", - image_name: "jboss/keycloak", - image_version: "{{ keycloak_version }}", - labels: "{{ keycloak_labels + ( keycloak_labels_additional | default([])) }}", - environment: [ - "PROXY_ADDRESS_FORWARDING: \"true\"", - - "KEYCLOAK_USER: \"{{ keycloak_admin_username }}\"", - "KEYCLOAK_PASSWORD: \"{{ keycloak_admin_password }}\"", - - "DB_VENDOR: postgres", - "DB_DATABASE: \"{{ keycloak_postgres_database }}\"", - "DB_USER: \"{{ keycloak_postgres_admin_username }}\"", - "DB_PASSWORD: \"{{ keycloak_postgres_admin_password }}\"", - "DB_ADDR: \"{{ keycloak_postgres_id }}\"", - - "JAVA_OPTS_APPEND: \"-Dkeycloak.profile.feature.docker=enabled\"", - ], - volumes: [ - '"./eden-theme:/opt/jboss/keycloak/themes/eden-theme:ro"', - '"./smardigo-theme:/opt/jboss/keycloak/themes/smardigo-theme:ro"', - ], - networks: [ - '"back-tier"', - '"front-tier"', - ], - ports: [ - { - external: "{{ service_port_keycloak_external }}", - internal: "{{ service_port_keycloak }}", - }, - ], - extra_hosts: "{{ keycloak_extra_hosts | default([]) }}", - }, - { - name: "{{ keycloak_postgres_id }}", - image_name: "postgres", - image_version: "{{ keycloak_postgres_version }}", - environment: [ - 'POSTGRES_DB: "{{ keycloak_postgres_database }}"', - 'POSTGRES_USER: "{{ keycloak_postgres_admin_username }}"', - 'POSTGRES_PASSWORD: "{{ keycloak_postgres_admin_password }}"', - ], - volumes: [ - '"{{ keycloak_postgres_id }}-data:/var/lib/postgresql/data"', - ], - networks: [ - '"back-tier"', - ], - ports: "{{ keycloak_postgres_ports | default([]) }}", - }, - ], -} \ No newline at end of file diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml index ed97d53..f622f2c 100644 --- a/roles/keycloak/vars/main.yml +++ b/roles/keycloak/vars/main.yml @@ -1 +1,92 @@ --- + +keycloak_id: "{{ service_name }}-keycloak" +keycloak_postgres_id: "{{ service_name }}-postgres-keycloak" + +keycloak_labels: [ + '"traefik.enable=true"', + '"traefik.http.routers.{{ keycloak_id }}.service={{ keycloak_id }}"', + '"traefik.http.routers.{{ keycloak_id }}.rule=Host(`{{ stage_server_url_host }}`)"', + '"traefik.http.routers.{{ keycloak_id }}.entrypoints=websecure"', + '"traefik.http.routers.{{ keycloak_id }}.tls=true"', + '"traefik.http.routers.{{ keycloak_id }}.tls.certresolver=letsencrypt"', + '"traefik.http.services.{{ keycloak_id }}.loadbalancer.server.port={{ service_port }}"', + + '"traefik.http.routers.{{ keycloak_id }}-monitor.service={{ service_name }}-node-exporter"', + '"traefik.http.routers.{{ keycloak_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"', + '"traefik.http.routers.{{ keycloak_id }}-monitor.entrypoints=admin-system"', + '"traefik.http.routers.{{ keycloak_id }}-monitor.tls=true"', + '"traefik.http.routers.{{ keycloak_id }}-monitor.tls.certresolver=letsencrypt"', +] + +keycloak_docker: { + networks: [ + { + name: back-tier, + external: true, + }, + { + name: front-tier, + external: true, + }, + ], + volumes: [ + { + name: "{{ keycloak_postgres_id }}-data" + } + ], + services: [ + { + name: "{{ keycloak_id }}", + image_name: "jboss/keycloak", + image_version: "{{ keycloak_version }}", + labels: "{{ keycloak_labels + ( keycloak_labels_additional | default([])) }}", + environment: [ + "PROXY_ADDRESS_FORWARDING: \"true\"", + + "KEYCLOAK_USER: \"{{ keycloak_admin_username }}\"", + "KEYCLOAK_PASSWORD: \"{{ keycloak_admin_password }}\"", + + "DB_VENDOR: postgres", + "DB_DATABASE: \"{{ keycloak_postgres_database }}\"", + "DB_USER: \"{{ keycloak_postgres_admin_username }}\"", + "DB_PASSWORD: \"{{ keycloak_postgres_admin_password }}\"", + "DB_ADDR: \"{{ keycloak_postgres_id }}\"", + + "JAVA_OPTS_APPEND: \"-Dkeycloak.profile.feature.docker=enabled\"", + ], + volumes: [ + '"./eden-theme:/opt/jboss/keycloak/themes/eden-theme:ro"', + '"./smardigo-theme:/opt/jboss/keycloak/themes/smardigo-theme:ro"', + ], + networks: [ + '"back-tier"', + '"front-tier"', + ], + ports: [ + { + external: "{{ service_port_keycloak_external }}", + internal: "{{ service_port_keycloak }}", + }, + ], + extra_hosts: "{{ keycloak_extra_hosts | default([]) }}", + }, + { + name: "{{ keycloak_postgres_id }}", + image_name: "postgres", + image_version: "{{ keycloak_postgres_version }}", + environment: [ + 'POSTGRES_DB: "{{ keycloak_postgres_database }}"', + 'POSTGRES_USER: "{{ keycloak_postgres_admin_username }}"', + 'POSTGRES_PASSWORD: "{{ keycloak_postgres_admin_password }}"', + ], + volumes: [ + '"{{ keycloak_postgres_id }}-data:/var/lib/postgresql/data"', + ], + networks: [ + '"back-tier"', + ], + ports: "{{ keycloak_postgres_ports | default([]) }}", + }, + ], +} \ No newline at end of file diff --git a/roles/node-exporter/vars/main.yml b/roles/node-exporter/vars/main.yml index ed97d53..dfc778f 100644 --- a/roles/node-exporter/vars/main.yml +++ b/roles/node-exporter/vars/main.yml @@ -1 +1,65 @@ --- + +node_exporter_id: "{{ service_name }}-node-exporter" + +node_exporter_docker: { + networks: [ + { + name: front-tier, + external: true, + }, + ], + services: [ + { + name: "{{ node_exporter_id }}", + image_name: "{{ node_exporter_image_name }}", + image_version: "{{ node_exporter_image_version }}", + command: [ + '"--path.procfs=/host/proc"', + '"--path.sysfs=/host/sys"', + '"--no-collector.systemd"', + '"--no-collector.logind"', + '"--no-collector.ntp"', + '"--no-collector.bonding"', + '"--no-collector.bcache"', + '"--no-collector.arp"', + '"--no-collector.edac"', + '"--no-collector.infiniband"', + '"--no-collector.ipvs"', + '"--no-collector.mdadm"', + '"--no-collector.nfs"', + '"--no-collector.nfsd"', + '"--no-collector.wifi"', + '"--no-collector.hwmon"', + '"--no-collector.conntrack"', + '"--no-collector.timex"', + '"--no-collector.zfs"', + '"--collector.tcpstat"', + '"--collector.interrupts"', + '"--collector.meminfo_numa"', + '"--collector.processes"', + '"--collector.textfile"', + '"--collector.textfile.directory=/rootfs/textfiles"', + '"--collector.filesystem.ignored-mount-points"', + '"^/(sys|proc|dev|host|etc|run|run/lock|boot|var/lib/docker|run/docker/netns|var/lib/docker/aufs)($$|/)"', + ], + labels: [ + '"traefik.enable=true"', + '"traefik.http.routers.{{ node_exporter_id }}.service={{ node_exporter_id }}"', + '"traefik.http.routers.{{ node_exporter_id }}.rule=Host(`{{ service_name }}.{{ domain }}`)"', + '"traefik.http.routers.{{ node_exporter_id }}.entrypoints=admin-system"', + '"traefik.http.routers.{{ node_exporter_id }}.tls=true"', + '"traefik.http.routers.{{ node_exporter_id }}.tls.certresolver=letsencrypt"', + '"traefik.http.services.{{ node_exporter_id }}.loadbalancer.server.port={{ service_port_node_exporter }}"', + ], + volumes: [ + '"/proc:/host/proc:ro"', + '"/sys:/host/sys:ro"', + '"/:/rootfs:ro"', + ], + networks: [ + '"front-tier"' + ] + } + ] +} diff --git a/roles/prometheus/defaults/main.yml b/roles/prometheus/defaults/main.yml index 2b0be54..48bfa1f 100644 --- a/roles/prometheus/defaults/main.yml +++ b/roles/prometheus/defaults/main.yml @@ -5,128 +5,3 @@ prometheus_version: "v2.19.2" alertmanager_version: "v0.21.0" blackbox_exporter_version: "v0.17.0" postgres_exporter_version: "v0.8.0" - -service_port_grafana: 3000 -service_port_prometheus: 9090 -service_port_alertmanager: 9093 -service_port_blackbox_exporter: 9115 -service_port_postgres_exporter: 9187 - -prometheus_id: "{{ service_name }}-prometheus" -alertmanager_id: "{{ service_name }}-alertmanager" -grafana_id: "{{ service_name }}-grafana" - -prometheus_docker: { - networks: [ - { - name: back-tier, - external: true, - }, - { - name: front-tier, - external: true, - }, - ], - volumes: [ - { - name: "{{ prometheus_id }}-data" - }, - { - name: "{{ alertmanager_id }}-data" - }, - { - name: "{{ grafana_id }}-data" - }, - ], - services: [ - { - name: "{{ prometheus_id }}", - image_name: "prom/prometheus", - image_version: "{{ prometheus_version }}", - labels: [ - '"traefik.enable=true"', - '"traefik.http.routers.{{ prometheus_id }}.service={{ prometheus_id }}"', - '"traefik.http.routers.{{ prometheus_id }}.rule=Host(`{{ service_name }}-prometheus.{{ domain }}`)"', - '"traefik.http.routers.{{ prometheus_id }}.entrypoints=websecure"', - '"traefik.http.routers.{{ prometheus_id }}.tls=true"', - '"traefik.http.routers.{{ prometheus_id }}.tls.certresolver=letsencrypt"', - '"traefik.http.services.{{ prometheus_id }}.loadbalancer.server.port={{ service_port_prometheus }}"', - ], - command: [ - '"--config.file=/etc/prometheus/prometheus.yml"', - '"--storage.tsdb.path=/prometheus"', - '"--web.console.libraries=/usr/share/prometheus/console_libraries"', - '"--web.console.templates=/usr/share/prometheus/consoles"', - '"--web.external-url={{ http_s}}://{{ service_name }}-prometheus.{{ domain }}"', - '"--web.enable-lifecycle"', - '"--storage.tsdb.retention.time=15w"', - ], - volumes: [ - '"./config/prometheus/:/etc/prometheus/:ro"', - '"{{ prometheus_id }}-data:/prometheus"', - ], - networks: [ - '"back-tier"', - '"front-tier"', - ], - extra_hosts: "{{ prometheus_extra_hosts | default([]) }}", - }, - { - name: "{{ alertmanager_id }}", - image_name: "prom/alertmanager", - image_version: "{{ alertmanager_version }}", - labels: [ - '"traefik.enable=true"', - '"traefik.http.routers.{{ alertmanager_id }}.service={{ alertmanager_id }}"', - '"traefik.http.routers.{{ alertmanager_id }}.rule=Host(`{{ service_name }}-alertmanager.{{ domain }}`)"', - '"traefik.http.routers.{{ alertmanager_id }}.entrypoints=websecure"', - '"traefik.http.routers.{{ alertmanager_id }}.tls=true"', - '"traefik.http.routers.{{ alertmanager_id }}.tls.certresolver=letsencrypt"', - '"traefik.http.services.{{ alertmanager_id }}.loadbalancer.server.port={{ service_port_alertmanager }}"', - ], - command: [ - '"--config.file=/etc/alertmanager/config.yml"', - '"--storage.path=/alertmanager"', - '"--web.external-url={{ http_s}}://{{ service_name }}-alertmanager.{{ domain }}"', - ], - environment: [ - 'LS_JAVA_OPTS: "-Xmx1G -Xms1G"', - ], - volumes: [ - '"./config/alertmanager/:/etc/alertmanager/:ro"', - '"{{ alertmanager_id }}-data:/alertmanager"', - ], - networks: [ - '"back-tier"', - '"front-tier"', - ], - }, - { - name: "{{ grafana_id }}", - image_name: "grafana/grafana", - image_version: "{{ grafana_version }}", - user: '"472"', - labels: [ - '"traefik.enable=true"', - '"traefik.http.routers.{{ grafana_id }}.service={{ grafana_id }}"', - '"traefik.http.routers.{{ grafana_id }}.rule=Host(`{{ service_name }}-grafana.{{ domain }}`)"', - '"traefik.http.routers.{{ grafana_id }}.entrypoints=websecure"', - '"traefik.http.routers.{{ grafana_id }}.tls=true"', - '"traefik.http.routers.{{ grafana_id }}.tls.certresolver=letsencrypt"', - '"traefik.http.services.{{ grafana_id }}.loadbalancer.server.port={{ service_port_grafana }}"', - ], - volumes: [ - '"./config/grafana/provisioning/:/etc/grafana/provisioning/"', - '"./config/grafana/conf/defaults.ini:/usr/share/grafana/conf/defaults.ini"', - '"{{ grafana_id }}-data:/var/lib/grafana"', - ], - networks: [ - '"back-tier"', - '"front-tier"', - ], - env_file: [ - '"./config/grafana/config.monitoring"', - ], - } - ], -} diff --git a/roles/prometheus/vars/main.yml b/roles/prometheus/vars/main.yml index ed97d53..3d8d121 100644 --- a/roles/prometheus/vars/main.yml +++ b/roles/prometheus/vars/main.yml @@ -1 +1,124 @@ --- + +service_port_grafana: 3000 +service_port_prometheus: 9090 +service_port_alertmanager: 9093 + +prometheus_id: "{{ service_name }}-prometheus" +alertmanager_id: "{{ service_name }}-alertmanager" +grafana_id: "{{ service_name }}-grafana" + +prometheus_docker: { + networks: [ + { + name: back-tier, + external: true, + }, + { + name: front-tier, + external: true, + }, + ], + volumes: [ + { + name: "{{ prometheus_id }}-data" + }, + { + name: "{{ alertmanager_id }}-data" + }, + { + name: "{{ grafana_id }}-data" + }, + ], + services: [ + { + name: "{{ prometheus_id }}", + image_name: "prom/prometheus", + image_version: "{{ prometheus_version }}", + labels: [ + '"traefik.enable=true"', + '"traefik.http.routers.{{ prometheus_id }}.service={{ prometheus_id }}"', + '"traefik.http.routers.{{ prometheus_id }}.rule=Host(`{{ service_name }}-prometheus.{{ domain }}`)"', + '"traefik.http.routers.{{ prometheus_id }}.entrypoints=websecure"', + '"traefik.http.routers.{{ prometheus_id }}.tls=true"', + '"traefik.http.routers.{{ prometheus_id }}.tls.certresolver=letsencrypt"', + '"traefik.http.services.{{ prometheus_id }}.loadbalancer.server.port={{ service_port_prometheus }}"', + ], + command: [ + '"--config.file=/etc/prometheus/prometheus.yml"', + '"--storage.tsdb.path=/prometheus"', + '"--web.console.libraries=/usr/share/prometheus/console_libraries"', + '"--web.console.templates=/usr/share/prometheus/consoles"', + '"--web.external-url={{ http_s}}://{{ service_name }}-prometheus.{{ domain }}"', + '"--web.enable-lifecycle"', + '"--storage.tsdb.retention.time=15w"', + ], + volumes: [ + '"./config/prometheus/:/etc/prometheus/:ro"', + '"{{ prometheus_id }}-data:/prometheus"', + ], + networks: [ + '"back-tier"', + '"front-tier"', + ], + extra_hosts: "{{ prometheus_extra_hosts | default([]) }}", + }, + { + name: "{{ alertmanager_id }}", + image_name: "prom/alertmanager", + image_version: "{{ alertmanager_version }}", + labels: [ + '"traefik.enable=true"', + '"traefik.http.routers.{{ alertmanager_id }}.service={{ alertmanager_id }}"', + '"traefik.http.routers.{{ alertmanager_id }}.rule=Host(`{{ service_name }}-alertmanager.{{ domain }}`)"', + '"traefik.http.routers.{{ alertmanager_id }}.entrypoints=websecure"', + '"traefik.http.routers.{{ alertmanager_id }}.tls=true"', + '"traefik.http.routers.{{ alertmanager_id }}.tls.certresolver=letsencrypt"', + '"traefik.http.services.{{ alertmanager_id }}.loadbalancer.server.port={{ service_port_alertmanager }}"', + ], + command: [ + '"--config.file=/etc/alertmanager/config.yml"', + '"--storage.path=/alertmanager"', + '"--web.external-url={{ http_s}}://{{ service_name }}-alertmanager.{{ domain }}"', + ], + environment: [ + 'LS_JAVA_OPTS: "-Xmx1G -Xms1G"', + ], + volumes: [ + '"./config/alertmanager/:/etc/alertmanager/:ro"', + '"{{ alertmanager_id }}-data:/alertmanager"', + ], + networks: [ + '"back-tier"', + '"front-tier"', + ], + }, + { + name: "{{ grafana_id }}", + image_name: "grafana/grafana", + image_version: "{{ grafana_version }}", + user: '"472"', + labels: [ + '"traefik.enable=true"', + '"traefik.http.routers.{{ grafana_id }}.service={{ grafana_id }}"', + '"traefik.http.routers.{{ grafana_id }}.rule=Host(`{{ service_name }}-grafana.{{ domain }}`)"', + '"traefik.http.routers.{{ grafana_id }}.entrypoints=websecure"', + '"traefik.http.routers.{{ grafana_id }}.tls=true"', + '"traefik.http.routers.{{ grafana_id }}.tls.certresolver=letsencrypt"', + '"traefik.http.services.{{ grafana_id }}.loadbalancer.server.port={{ service_port_grafana }}"', + ], + volumes: [ + '"./config/grafana/provisioning/:/etc/grafana/provisioning/"', + '"./config/grafana/conf/defaults.ini:/usr/share/grafana/conf/defaults.ini"', + '"{{ grafana_id }}-data:/var/lib/grafana"', + ], + networks: [ + '"back-tier"', + '"front-tier"', + ], + env_file: [ + '"./config/grafana/config.monitoring"', + ], + } + ], +} diff --git a/roles/traefik/defaults/main.yml b/roles/traefik/defaults/main.yml index 3c3c6c8..a9a79d0 100644 --- a/roles/traefik/defaults/main.yml +++ b/roles/traefik/defaults/main.yml @@ -1,77 +1,4 @@ --- -traefik_id: "{{ service_name }}-traefik" - traefik_image_name: "traefik" traefik_image_version: "v2.4" - -caddy_docker: { - networks: [ - { - name: front-tier, - external: 'true', - }, - ], - services: [ - { - name: "{{ traefik_id }}", - image_name: "{{ traefik_image_name }}", - image_version: "{{ traefik_image_version }}", - environment: [ - 'DO_AUTH_TOKEN: "{{ digitalocean_authentication_token }}"', - ], - volumes: [ - '"./acme.json:/acme.json"', - '"./traefik.toml:/traefik.toml:ro"', - '"./traefik_dynamic.toml:/traefik_dynamic.toml:ro"', - '"/var/run/docker.sock:/var/run/docker.sock:ro"', - '"./config/static_files:/var/www/static_files:ro"', - ], - networks: [ - '"front-tier"' - ], - ports: [ - { - external: "0.0.0.0:{{ http_port }}", - internal: "{{ http_port }}" - }, - { - external: "0.0.0.0:{{ https_port }}", - internal: "{{ https_port }}" - }, - { - external: "0.0.0.0:{{ service_port_portainer }}", - internal: "{{ service_port_portainer }}" - }, - { - external: "0.0.0.0:{{ service_port_pgadmin }}", - internal: "{{ service_port_pgadmin }}" - }, - { - external: "0.0.0.0:{{ service_port_phpmyadmin }}", - internal: "{{ service_port_phpmyadmin }}" - }, - { - external: "0.0.0.0:{{ admin_port_traefik }}", - internal: "{{ admin_port_traefik }}" - }, - { - external: "0.0.0.0:{{ monitor_port_service }}", - internal: "{{ monitor_port_service }}" - }, - { - external: "0.0.0.0:{{ monitor_port_system }}", - internal: "{{ monitor_port_system }}" - }, - { - external: "0.0.0.0:{{ monitor_port_docker }}", - internal: "{{ monitor_port_docker }}" - }, - ], - dns: [ - '"8.8.8.8"', - '"8.8.8.4"', - ], - } - ] -} \ No newline at end of file diff --git a/roles/traefik/vars/main.yml b/roles/traefik/vars/main.yml index ed97d53..ac8291f 100644 --- a/roles/traefik/vars/main.yml +++ b/roles/traefik/vars/main.yml @@ -1 +1,74 @@ --- + +traefik_id: "{{ service_name }}-traefik" + +caddy_docker: { + networks: [ + { + name: front-tier, + external: 'true', + }, + ], + services: [ + { + name: "{{ traefik_id }}", + image_name: "{{ traefik_image_name }}", + image_version: "{{ traefik_image_version }}", + environment: [ + 'DO_AUTH_TOKEN: "{{ digitalocean_authentication_token }}"', + ], + volumes: [ + '"./acme.json:/acme.json"', + '"./traefik.toml:/traefik.toml:ro"', + '"./traefik_dynamic.toml:/traefik_dynamic.toml:ro"', + '"/var/run/docker.sock:/var/run/docker.sock:ro"', + '"./config/static_files:/var/www/static_files:ro"', + ], + networks: [ + '"front-tier"' + ], + ports: [ + { + external: "0.0.0.0:{{ http_port }}", + internal: "{{ http_port }}" + }, + { + external: "0.0.0.0:{{ https_port }}", + internal: "{{ https_port }}" + }, + { + external: "0.0.0.0:{{ service_port_portainer }}", + internal: "{{ service_port_portainer }}" + }, + { + external: "0.0.0.0:{{ service_port_pgadmin }}", + internal: "{{ service_port_pgadmin }}" + }, + { + external: "0.0.0.0:{{ service_port_phpmyadmin }}", + internal: "{{ service_port_phpmyadmin }}" + }, + { + external: "0.0.0.0:{{ admin_port_traefik }}", + internal: "{{ admin_port_traefik }}" + }, + { + external: "0.0.0.0:{{ monitor_port_service }}", + internal: "{{ monitor_port_service }}" + }, + { + external: "0.0.0.0:{{ monitor_port_system }}", + internal: "{{ monitor_port_system }}" + }, + { + external: "0.0.0.0:{{ monitor_port_docker }}", + internal: "{{ monitor_port_docker }}" + }, + ], + dns: [ + '"8.8.8.8"', + '"8.8.8.4"', + ], + } + ] +} \ No newline at end of file