chore: cleanup

group_vars/stage_dev/plain.yml

@@ -25,10 +25,21 @@ filebeat_extra_hosts: [
 
 # TODO read configuration with hetzner rest api
 keycloak_hostname: "dev-keycloak-01.smardigo.digital"
+mail_hostname: "dev-mail-01.smardigo.digital"
 connect_extra_hosts: [
   {
     hostname: "{{ keycloak_hostname }}",
     ip: 10.1.0.2,
+  },
+  {
+    hostname: "{{ mail_hostname }}",
+    ip: 10.2.0.2,
+  }
+]
+keycloak_extra_hosts: [
+  {
+    hostname: "{{ mail_hostname }}",
+    ip: 10.2.0.2,
   }
 ]
 

roles/connect/defaults/main.yml

@@ -13,121 +13,3 @@ connect_postgres_admin_password: "connect-postgres-admin"
 
 connect_mail_properties_base_url: "{{ http_s }}://{{ connect_id }}.{{ domain }}"
 connect_mail_properties_base_url_extern: "{{ http_s }}://{{ connect_id }}.{{ domain }}"
-
-connect_id: "{{ service_name }}-connect"
-connect_postgres_id: "{{ service_name }}-postgres-connect"
-
-connect_labels: [
-  '"traefik.enable=true"',
-  '"traefik.http.routers.{{ connect_id }}.service={{ connect_id }}"',
-  '"traefik.http.routers.{{ connect_id }}.rule=Host(`{{ stage_server_url_host }}`)"',
-  '"traefik.http.routers.{{ connect_id }}.entrypoints=websecure"',
-  '"traefik.http.routers.{{ connect_id }}.tls=true"',
-  '"traefik.http.routers.{{ connect_id }}.tls.certresolver=letsencrypt"',
-  '"traefik.http.services.{{ connect_id }}.loadbalancer.server.port={{ service_port }}"',
-
-  '"traefik.http.routers.{{ connect_id }}-admin.service={{ connect_id }}-admin"',
-  '"traefik.http.routers.{{ connect_id }}-admin.rule=Host(`{{ stage_server_url_host }}`)"',
-  '"traefik.http.routers.{{ connect_id }}-admin.entrypoints=admin-service"',
-  '"traefik.http.routers.{{ connect_id }}-admin.tls=true"',
-  '"traefik.http.routers.{{ connect_id }}-admin.tls.certresolver=letsencrypt"',
-  '"traefik.http.routers.{{ connect_id }}-admin.middlewares={{ connect_id }}-admin-cors"',
-  '"traefik.http.middlewares.{{ connect_id }}-admin-cors.headers.accesscontrolallowmethods=GET,OPTIONS"',
-  '"traefik.http.middlewares.{{ connect_id }}-admin-cors.headers.accesscontrolalloworigin=*"',
-  '"traefik.http.middlewares.{{ connect_id }}-admin-cors.headers.accesscontrolallowheaders=SMA_USER"',
-  '"traefik.http.services.{{ connect_id }}-admin.loadbalancer.server.port={{ management_port }}"',
-
-  '"traefik.http.routers.{{ connect_id }}-monitor.service={{ service_name }}-node-exporter"',
-  '"traefik.http.routers.{{ connect_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"',
-  '"traefik.http.routers.{{ connect_id }}-monitor.entrypoints=admin-system"',
-  '"traefik.http.routers.{{ connect_id }}-monitor.tls=true"',
-  '"traefik.http.routers.{{ connect_id }}-monitor.tls.certresolver=letsencrypt"',
-]
-
-connect_docker: {
-  networks: [
-    {
-      name: back-tier,
-      external: true,
-    },
-    {
-      name: front-tier,
-      external: true,
-    },
-  ],
-  volumes: [
-    {
-      name: "{{ connect_postgres_id }}-data"
-    }
-  ],
-  services: [
-    {
-      name: "{{ connect_id }}",
-      image_name: "{{ connect_image_name }}",
-      image_version: "{{ connect_version }}",
-      labels: "{{ connect_labels + ( connect_labels_additional | default([])) }}",
-      restart: "{{ connect_service_restart | default('always') }}",
-      environment: [
-        "ADMIN_LOGIN: \"{{ connect_admin_username }}\"",
-        "ADMIN_PASSWORD: \"{{ connect_admin_password }}\"",
-
-        "DATASOURCE_URL: \"jdbc:postgresql://{{ connect_postgres_id }}:{{ service_port_postgres }}/{{ connect_postgres_database }}\"",
-        "DATASOURCE_USERNAME: \"{{ connect_postgres_admin_username }}\"",
-        "DATASOURCE_PASSWORD: \"{{ connect_postgres_admin_password }}\"",
-
-        "MAIL_PROTOCOL: \"{{ connect_mail_protocol | default('smtp') }}\"",
-        "MAIL_HOST: \"{{ connect_mail_host | default('smtp.tolina.local') }}\"",
-        "MAIL_PORT: \"{{ connect_mail_port | default('25') }}\"",
-        "MAIL_USER: \"{{ connect_mail_user | default('') }}\"",
-        "MAIL_PASSWORD: \"{{ connect_mail_password | default('') }}\"",
-        "MAIL_PROPERTIES_SIMULATION: \"{{ connect_mail_properties_simulation | default('true') }}\"",
-        "MAIL_PROPERTIES_BASE_URL: \"{{ connect_mail_properties_base_url }}\"",
-        "MAIL_PROPERTIES_BASE_URL_EXTERN: \"{{ connect_mail_properties_base_url_extern }}\"",
-        "MAIL_PROPERTIES_SENDER: \"{{ connect_mail_properties_sender | default('noreply-connect@arxes-tolina.de') }}\"",
-        "MAIL_PROPERTIES_SENDER_ALIAS: \"{{ connect_mail_properties_sender_alias | default('noreply-connect') }}\"",
-
-        "AUTH_MODULE: \"{{ connect_auth_module | default('preauth') }}\"",
-        "OIDC_CLIENT_ID: \"{{ connect_oidc_client_id | default('oidc_config_not_found') }}\"",
-        "OIDC_CLIENT_SECRET: \"{{ connect_oidc_client_secret | default('oidc_config_not_found') }}\"",
-        "OIDC_REGISTRATION_ID: \"{{ connect_oidc_registration_id | default('oidc_config_not_found') }}\"",
-        "OIDC_ISSUER_URI: \"{{ connect_oidc_issuer_uri | default('oidc_config_not_found') }}\"",
-        "PASSWORD_CHANGE_URL: \"{{ connect_password_change_url | default('') }}\"",
-        "USER_MANAGEMENT_URL: \"{{ connect_iam_user_management_url | default('') }}\"",
-
-        "IAM_MODULE: \"{{ connect_iam_module | default('embedded') }}\"",
-        "IAM_CLIENT_ENABLED: \"{{ smardigo_iam_client_enabled | default('false') }}\"",
-        "EXTERNAL_IAM_SERVER_URL: \"{{ smardigo_iam_client_server_url | default('') }}\"",
-
-        "SMA_API_TOKEN_SECRET: \"{{ connect_api_token_secret | default('') }}\"",
-
-        "SMA_CSRF_TOKEN_NAME: \"{{ connect_csrf_token_name | default('') }}\"",
-        "SMA_CSRF_TOKEN_VALUE: \"{{ connect_csrf_token_value | default('') }}\"",
-
-        "SPRING_PROFILES_INCLUDE: \"{{ spring_profiles_include | default('swagger') }}\"",
-        "RIBBON_DISPLAY_ON_ACTIVE_PROFILES: \"{{ ribbon_display_on_active_profiles | default('dev') }}\"",
-      ],
-      networks: [
-        '"back-tier"',
-        '"front-tier"',
-      ],
-      extra_hosts: "{{ connect_extra_hosts | default([]) }}",
-    },
-    {
-      name: "{{ connect_postgres_id }}",
-      image_name: "postgres",
-      image_version: "{{ connect_postgres_version }}",
-      environment: [
-        'POSTGRES_DB: "{{ connect_postgres_database }}"',
-        'POSTGRES_USER: "{{ connect_postgres_admin_username }}"',
-        'POSTGRES_PASSWORD: "{{ connect_postgres_admin_password }}"',
-      ],
-      volumes: [
-        '"{{ connect_postgres_id }}-data:/var/lib/postgresql/data"',
-      ],
-      networks: [
-        '"back-tier"',
-      ],
-      ports: "{{ connect_postgres_ports | default([]) }}",
-    },
-  ],
-}

roles/connect/vars/main.yml

@@ -1 +1,119 @@
 ---
+
+connect_id: "{{ service_name }}-connect"
+connect_postgres_id: "{{ service_name }}-postgres-connect"
+
+connect_labels: [
+  '"traefik.enable=true"',
+  '"traefik.http.routers.{{ connect_id }}.service={{ connect_id }}"',
+  '"traefik.http.routers.{{ connect_id }}.rule=Host(`{{ stage_server_url_host }}`)"',
+  '"traefik.http.routers.{{ connect_id }}.entrypoints=websecure"',
+  '"traefik.http.routers.{{ connect_id }}.tls=true"',
+  '"traefik.http.routers.{{ connect_id }}.tls.certresolver=letsencrypt"',
+  '"traefik.http.services.{{ connect_id }}.loadbalancer.server.port={{ service_port }}"',
+
+  '"traefik.http.routers.{{ connect_id }}-admin.service={{ connect_id }}-admin"',
+  '"traefik.http.routers.{{ connect_id }}-admin.rule=Host(`{{ stage_server_url_host }}`)"',
+  '"traefik.http.routers.{{ connect_id }}-admin.entrypoints=admin-service"',
+  '"traefik.http.routers.{{ connect_id }}-admin.tls=true"',
+  '"traefik.http.routers.{{ connect_id }}-admin.tls.certresolver=letsencrypt"',
+  '"traefik.http.routers.{{ connect_id }}-admin.middlewares={{ connect_id }}-admin-cors"',
+  '"traefik.http.middlewares.{{ connect_id }}-admin-cors.headers.accesscontrolallowmethods=GET,OPTIONS"',
+  '"traefik.http.middlewares.{{ connect_id }}-admin-cors.headers.accesscontrolalloworigin=*"',
+  '"traefik.http.middlewares.{{ connect_id }}-admin-cors.headers.accesscontrolallowheaders=SMA_USER"',
+  '"traefik.http.services.{{ connect_id }}-admin.loadbalancer.server.port={{ management_port }}"',
+
+  '"traefik.http.routers.{{ connect_id }}-monitor.service={{ service_name }}-node-exporter"',
+  '"traefik.http.routers.{{ connect_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"',
+  '"traefik.http.routers.{{ connect_id }}-monitor.entrypoints=admin-system"',
+  '"traefik.http.routers.{{ connect_id }}-monitor.tls=true"',
+  '"traefik.http.routers.{{ connect_id }}-monitor.tls.certresolver=letsencrypt"',
+]
+
+connect_docker: {
+  networks: [
+    {
+      name: back-tier,
+      external: true,
+    },
+    {
+      name: front-tier,
+      external: true,
+    },
+  ],
+  volumes: [
+    {
+      name: "{{ connect_postgres_id }}-data"
+    }
+  ],
+  services: [
+    {
+      name: "{{ connect_id }}",
+      image_name: "{{ connect_image_name }}",
+      image_version: "{{ connect_version }}",
+      labels: "{{ connect_labels + ( connect_labels_additional | default([])) }}",
+      restart: "{{ connect_service_restart | default('always') }}",
+      environment: [
+        "ADMIN_LOGIN: \"{{ connect_admin_username }}\"",
+        "ADMIN_PASSWORD: \"{{ connect_admin_password }}\"",
+
+        "DATASOURCE_URL: \"jdbc:postgresql://{{ connect_postgres_id }}:{{ service_port_postgres }}/{{ connect_postgres_database }}\"",
+        "DATASOURCE_USERNAME: \"{{ connect_postgres_admin_username }}\"",
+        "DATASOURCE_PASSWORD: \"{{ connect_postgres_admin_password }}\"",
+
+        "MAIL_PROTOCOL: \"{{ connect_mail_protocol | default('smtp') }}\"",
+        "MAIL_HOST: \"{{ connect_mail_host | default('smtp.tolina.local') }}\"",
+        "MAIL_PORT: \"{{ connect_mail_port | default('25') }}\"",
+        "MAIL_USER: \"{{ connect_mail_user | default('') }}\"",
+        "MAIL_PASSWORD: \"{{ connect_mail_password | default('') }}\"",
+        "MAIL_PROPERTIES_SIMULATION: \"{{ connect_mail_properties_simulation | default('true') }}\"",
+        "MAIL_PROPERTIES_BASE_URL: \"{{ connect_mail_properties_base_url }}\"",
+        "MAIL_PROPERTIES_BASE_URL_EXTERN: \"{{ connect_mail_properties_base_url_extern }}\"",
+        "MAIL_PROPERTIES_SENDER: \"{{ connect_mail_properties_sender | default('noreply-connect@arxes-tolina.de') }}\"",
+        "MAIL_PROPERTIES_SENDER_ALIAS: \"{{ connect_mail_properties_sender_alias | default('noreply-connect') }}\"",
+
+        "AUTH_MODULE: \"{{ connect_auth_module | default('preauth') }}\"",
+        "OIDC_CLIENT_ID: \"{{ connect_oidc_client_id | default('oidc_config_not_found') }}\"",
+        "OIDC_CLIENT_SECRET: \"{{ connect_oidc_client_secret | default('oidc_config_not_found') }}\"",
+        "OIDC_REGISTRATION_ID: \"{{ connect_oidc_registration_id | default('oidc_config_not_found') }}\"",
+        "OIDC_ISSUER_URI: \"{{ connect_oidc_issuer_uri | default('oidc_config_not_found') }}\"",
+        "PASSWORD_CHANGE_URL: \"{{ connect_password_change_url | default('') }}\"",
+        "USER_MANAGEMENT_URL: \"{{ connect_iam_user_management_url | default('') }}\"",
+
+        "IAM_MODULE: \"{{ connect_iam_module | default('embedded') }}\"",
+        "IAM_CLIENT_ENABLED: \"{{ smardigo_iam_client_enabled | default('false') }}\"",
+        "EXTERNAL_IAM_SERVER_URL: \"{{ smardigo_iam_client_server_url | default('') }}\"",
+
+        "SMA_API_TOKEN_SECRET: \"{{ connect_api_token_secret | default('') }}\"",
+
+        "SMA_CSRF_TOKEN_NAME: \"{{ connect_csrf_token_name | default('') }}\"",
+        "SMA_CSRF_TOKEN_VALUE: \"{{ connect_csrf_token_value | default('') }}\"",
+
+        "SPRING_PROFILES_INCLUDE: \"{{ spring_profiles_include | default('swagger') }}\"",
+        "RIBBON_DISPLAY_ON_ACTIVE_PROFILES: \"{{ ribbon_display_on_active_profiles | default('dev') }}\"",
+      ],
+      networks: [
+        '"back-tier"',
+        '"front-tier"',
+      ],
+      extra_hosts: "{{ connect_extra_hosts | default([]) }}",
+    },
+    {
+      name: "{{ connect_postgres_id }}",
+      image_name: "postgres",
+      image_version: "{{ connect_postgres_version }}",
+      environment: [
+        'POSTGRES_DB: "{{ connect_postgres_database }}"',
+        'POSTGRES_USER: "{{ connect_postgres_admin_username }}"',
+        'POSTGRES_PASSWORD: "{{ connect_postgres_admin_password }}"',
+      ],
+      volumes: [
+        '"{{ connect_postgres_id }}-data:/var/lib/postgresql/data"',
+      ],
+      networks: [
+        '"back-tier"',
+      ],
+      ports: "{{ connect_postgres_ports | default([]) }}",
+    },
+  ],
+}

roles/elasticsearch-exporter/defaults/main.yml

@@ -1,47 +1,4 @@
 ---
 
-elasticsearch_exporter_id: "{{ service_name }}-elasticsearch-exporter"
-
 elasticsearch_exporter_image_name: "justwatch/elasticsearch_exporter"
 elasticsearch_exporter_image_version: "latest"
-
-elasticsearch_exporter_docker: {
-  networks: [
-    {
-      name: back-tier,
-      external: true,
-    },
-    {
-      name: front-tier,
-      external: true,
-    },
-  ],
-  services: [
-    {
-      name: "{{ elasticsearch_exporter_id }}",
-      image_name: "{{ elasticsearch_exporter_image_name }}",
-      image_version: "{{ elasticsearch_exporter_image_version }}",
-      command: [
-        '"--es.ca=/certificates/ca.crt"',
-        '"--es.uri=https://logstash-ingest:tH1iSiSas3cREt.Passw0rt@es-dev-elastic-stack-01:9200"',
-      ],
-      labels: [
-        '"traefik.enable=true"',
-        '"traefik.http.routers.{{ elasticsearch_exporter_id }}.service={{ elasticsearch_exporter_id }}"',
-        '"traefik.http.routers.{{ elasticsearch_exporter_id }}.rule=Host(`{{ service_name }}.{{ domain }}`)"',
-        '"traefik.http.routers.{{ elasticsearch_exporter_id }}.entrypoints=admin-docker"',
-        '"traefik.http.routers.{{ elasticsearch_exporter_id }}.tls=true"',
-        '"traefik.http.routers.{{ elasticsearch_exporter_id }}.tls.certresolver=letsencrypt"',
-        '"traefik.http.services.{{ elasticsearch_exporter_id }}.loadbalancer.server.port=9114"',
-      ],
-      volumes: [
-        '"./certs:/certificates:ro"',
-      ],
-      networks: [
-        '"back-tier"',
-        '"front-tier"',
-      ],
-      extra_hosts: "{{ elasticsearch_extra_hosts | default([]) }}",
-    }
-  ]
-}

roles/elasticsearch-exporter/vars/main.yml

@@ -1 +1,44 @@
 ---
+
+elasticsearch_exporter_id: "{{ service_name }}-elasticsearch-exporter"
+
+elasticsearch_exporter_docker: {
+  networks: [
+    {
+      name: back-tier,
+      external: true,
+    },
+    {
+      name: front-tier,
+      external: true,
+    },
+  ],
+  services: [
+    {
+      name: "{{ elasticsearch_exporter_id }}",
+      image_name: "{{ elasticsearch_exporter_image_name }}",
+      image_version: "{{ elasticsearch_exporter_image_version }}",
+      command: [
+        '"--es.ca=/certificates/ca.crt"',
+        '"--es.uri=https://logstash-ingest:tH1iSiSas3cREt.Passw0rt@es-dev-elastic-stack-01:9200"',
+      ],
+      labels: [
+        '"traefik.enable=true"',
+        '"traefik.http.routers.{{ elasticsearch_exporter_id }}.service={{ elasticsearch_exporter_id }}"',
+        '"traefik.http.routers.{{ elasticsearch_exporter_id }}.rule=Host(`{{ service_name }}.{{ domain }}`)"',
+        '"traefik.http.routers.{{ elasticsearch_exporter_id }}.entrypoints=admin-docker"',
+        '"traefik.http.routers.{{ elasticsearch_exporter_id }}.tls=true"',
+        '"traefik.http.routers.{{ elasticsearch_exporter_id }}.tls.certresolver=letsencrypt"',
+        '"traefik.http.services.{{ elasticsearch_exporter_id }}.loadbalancer.server.port=9114"',
+      ],
+      volumes: [
+        '"./certs:/certificates:ro"',
+      ],
+      networks: [
+        '"back-tier"',
+        '"front-tier"',
+      ],
+      extra_hosts: "{{ elasticsearch_extra_hosts | default([]) }}",
+    }
+  ]
+}

roles/filebeat/defaults/main.yaml

@@ -2,27 +2,3 @@
 
 filebeat_image_name: "docker.elastic.co/beats/filebeat"
 filebeat_image_version: "7.12.0"
-
-filebeat_id: "{{ service_name }}-filebeat"
-
-filebeat_docker: {
-  services: [
-    {
-      name: "{{ filebeat_id }}",
-      image_name: "{{ filebeat_image_name }}",
-      image_version: "{{ filebeat_image_version }}",
-      user: root,
-      environment: [
-        "node.name: \"{{ filebeat_id }}\"",
-      ],
-      volumes: [
-        '"./config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro"',
-        '"/var/lib/docker/containers/:/var/lib/docker/containers/:ro"',
-        '"/var/run/docker.sock:/var/run/docker.sock:ro"',
-        '"/var/log/:/var/log/:ro"',
-        '"./certs:/usr/share/filebeat/config/certificates:ro"',
-      ],
-      extra_hosts: "{{ filebeat_extra_hosts | default([]) }}",
-    },
-  ],
-}

roles/filebeat/vars/main.yml

@@ -0,0 +1,25 @@
+---
+
+filebeat_id: "{{ service_name }}-filebeat"
+
+filebeat_docker: {
+  services: [
+    {
+      name: "{{ filebeat_id }}",
+      image_name: "{{ filebeat_image_name }}",
+      image_version: "{{ filebeat_image_version }}",
+      user: root,
+      environment: [
+        "node.name: \"{{ filebeat_id }}\"",
+      ],
+      volumes: [
+        '"./config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro"',
+        '"/var/lib/docker/containers/:/var/lib/docker/containers/:ro"',
+        '"/var/run/docker.sock:/var/run/docker.sock:ro"',
+        '"/var/log/:/var/log/:ro"',
+        '"./certs:/usr/share/filebeat/config/certificates:ro"',
+      ],
+      extra_hosts: "{{ filebeat_extra_hosts | default([]) }}",
+    },
+  ],
+}

roles/hcloud/tasks/main.yml

@@ -22,6 +22,7 @@
   with_items:
     - 'default'
     - 'kibana'
+    - 'mail'
     - 'monitoring'
   loop_control:
     loop_var: current_firewall

roles/hcloud/templates/firewall-default.json.j2

@@ -50,6 +50,5 @@
       "destination_ips": [
       ]
     }
-  ],
+  ]
-  "applied_to": "{{ firewall_default_servers | default([]) }}"
 }

roles/hcloud/templates/firewall-kibana.json.j2

@@ -15,6 +15,5 @@
       "destination_ips": [
       ]
     }
-  ],
+  ]
-  "applied_to": "{{ firewall_kibana_servers | default([]) }}"
 }

roles/hcloud/templates/firewall-mail.json.j2

@@ -13,6 +13,5 @@
       "destination_ips": [
       ]
     }
-  ],
+  ]
-  "applied_to": "{{ firewall_mail_servers | default([]) }}"
 }

roles/hcloud/templates/firewall-monitoring.json.j2

@@ -15,6 +15,5 @@
       "destination_ips": [
       ]
     }
-  ],
+  ]
-  "applied_to": "{{ firewall_monitoring_servers | default([]) }}"
 }

roles/keycloak/defaults/main.yml

@@ -11,94 +11,3 @@ keycloak_postgres_version: "12"
 keycloak_postgres_database: "keycloak-postgres"
 keycloak_postgres_admin_username: "keycloak-postgres-admin"
 keycloak_postgres_admin_password: "keycloak-postgres-admin"
-
-keycloak_id: "{{ service_name }}-keycloak"
-keycloak_postgres_id: "{{ service_name }}-postgres-keycloak"
-
-keycloak_labels: [
-  '"traefik.enable=true"',
-  '"traefik.http.routers.{{ keycloak_id }}.service={{ keycloak_id }}"',
-  '"traefik.http.routers.{{ keycloak_id }}.rule=Host(`{{ stage_server_url_host }}`)"',
-  '"traefik.http.routers.{{ keycloak_id }}.entrypoints=websecure"',
-  '"traefik.http.routers.{{ keycloak_id }}.tls=true"',
-  '"traefik.http.routers.{{ keycloak_id }}.tls.certresolver=letsencrypt"',
-  '"traefik.http.services.{{ keycloak_id }}.loadbalancer.server.port={{ service_port }}"',
-
-  '"traefik.http.routers.{{ keycloak_id }}-monitor.service={{ service_name }}-node-exporter"',
-  '"traefik.http.routers.{{ keycloak_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"',
-  '"traefik.http.routers.{{ keycloak_id }}-monitor.entrypoints=admin-system"',
-  '"traefik.http.routers.{{ keycloak_id }}-monitor.tls=true"',
-  '"traefik.http.routers.{{ keycloak_id }}-monitor.tls.certresolver=letsencrypt"',
-]
-
-keycloak_docker: {
-  networks: [
-    {
-      name: back-tier,
-      external: true,
-    },
-    {
-      name: front-tier,
-      external: true,
-    },
-  ],
-  volumes: [
-    {
-      name: "{{ keycloak_postgres_id }}-data"
-    }
-  ],
-  services: [
-    {
-      name: "{{ keycloak_id }}",
-      image_name: "jboss/keycloak",
-      image_version: "{{ keycloak_version }}",
-      labels: "{{ keycloak_labels + ( keycloak_labels_additional | default([])) }}",
-      environment: [
-        "PROXY_ADDRESS_FORWARDING: \"true\"",
-
-        "KEYCLOAK_USER: \"{{ keycloak_admin_username }}\"",
-        "KEYCLOAK_PASSWORD: \"{{ keycloak_admin_password }}\"",
-
-        "DB_VENDOR: postgres",
-        "DB_DATABASE: \"{{ keycloak_postgres_database }}\"",
-        "DB_USER: \"{{ keycloak_postgres_admin_username }}\"",
-        "DB_PASSWORD: \"{{ keycloak_postgres_admin_password }}\"",
-        "DB_ADDR: \"{{ keycloak_postgres_id }}\"",
-
-        "JAVA_OPTS_APPEND: \"-Dkeycloak.profile.feature.docker=enabled\"",
-      ],
-      volumes: [
-        '"./eden-theme:/opt/jboss/keycloak/themes/eden-theme:ro"',
-        '"./smardigo-theme:/opt/jboss/keycloak/themes/smardigo-theme:ro"',
-      ],
-      networks: [
-        '"back-tier"',
-        '"front-tier"',
-      ],
-      ports: [
-        {
-          external: "{{ service_port_keycloak_external }}",
-          internal: "{{ service_port_keycloak }}",
-        },
-      ],
-      extra_hosts: "{{ keycloak_extra_hosts | default([]) }}",
-    },
-    {
-      name: "{{ keycloak_postgres_id }}",
-      image_name: "postgres",
-      image_version: "{{ keycloak_postgres_version }}",
-      environment: [
-        'POSTGRES_DB: "{{ keycloak_postgres_database }}"',
-        'POSTGRES_USER: "{{ keycloak_postgres_admin_username }}"',
-        'POSTGRES_PASSWORD: "{{ keycloak_postgres_admin_password }}"',
-      ],
-      volumes: [
-        '"{{ keycloak_postgres_id }}-data:/var/lib/postgresql/data"',
-      ],
-      networks: [
-        '"back-tier"',
-      ],
-      ports: "{{ keycloak_postgres_ports | default([]) }}",
-    },
-  ],
-}

roles/keycloak/vars/main.yml

@@ -1 +1,92 @@
 ---
+
+keycloak_id: "{{ service_name }}-keycloak"
+keycloak_postgres_id: "{{ service_name }}-postgres-keycloak"
+
+keycloak_labels: [
+  '"traefik.enable=true"',
+  '"traefik.http.routers.{{ keycloak_id }}.service={{ keycloak_id }}"',
+  '"traefik.http.routers.{{ keycloak_id }}.rule=Host(`{{ stage_server_url_host }}`)"',
+  '"traefik.http.routers.{{ keycloak_id }}.entrypoints=websecure"',
+  '"traefik.http.routers.{{ keycloak_id }}.tls=true"',
+  '"traefik.http.routers.{{ keycloak_id }}.tls.certresolver=letsencrypt"',
+  '"traefik.http.services.{{ keycloak_id }}.loadbalancer.server.port={{ service_port }}"',
+
+  '"traefik.http.routers.{{ keycloak_id }}-monitor.service={{ service_name }}-node-exporter"',
+  '"traefik.http.routers.{{ keycloak_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"',
+  '"traefik.http.routers.{{ keycloak_id }}-monitor.entrypoints=admin-system"',
+  '"traefik.http.routers.{{ keycloak_id }}-monitor.tls=true"',
+  '"traefik.http.routers.{{ keycloak_id }}-monitor.tls.certresolver=letsencrypt"',
+]
+
+keycloak_docker: {
+  networks: [
+    {
+      name: back-tier,
+      external: true,
+    },
+    {
+      name: front-tier,
+      external: true,
+    },
+  ],
+  volumes: [
+    {
+      name: "{{ keycloak_postgres_id }}-data"
+    }
+  ],
+  services: [
+    {
+      name: "{{ keycloak_id }}",
+      image_name: "jboss/keycloak",
+      image_version: "{{ keycloak_version }}",
+      labels: "{{ keycloak_labels + ( keycloak_labels_additional | default([])) }}",
+      environment: [
+        "PROXY_ADDRESS_FORWARDING: \"true\"",
+
+        "KEYCLOAK_USER: \"{{ keycloak_admin_username }}\"",
+        "KEYCLOAK_PASSWORD: \"{{ keycloak_admin_password }}\"",
+
+        "DB_VENDOR: postgres",
+        "DB_DATABASE: \"{{ keycloak_postgres_database }}\"",
+        "DB_USER: \"{{ keycloak_postgres_admin_username }}\"",
+        "DB_PASSWORD: \"{{ keycloak_postgres_admin_password }}\"",
+        "DB_ADDR: \"{{ keycloak_postgres_id }}\"",
+
+        "JAVA_OPTS_APPEND: \"-Dkeycloak.profile.feature.docker=enabled\"",
+      ],
+      volumes: [
+        '"./eden-theme:/opt/jboss/keycloak/themes/eden-theme:ro"',
+        '"./smardigo-theme:/opt/jboss/keycloak/themes/smardigo-theme:ro"',
+      ],
+      networks: [
+        '"back-tier"',
+        '"front-tier"',
+      ],
+      ports: [
+        {
+          external: "{{ service_port_keycloak_external }}",
+          internal: "{{ service_port_keycloak }}",
+        },
+      ],
+      extra_hosts: "{{ keycloak_extra_hosts | default([]) }}",
+    },
+    {
+      name: "{{ keycloak_postgres_id }}",
+      image_name: "postgres",
+      image_version: "{{ keycloak_postgres_version }}",
+      environment: [
+        'POSTGRES_DB: "{{ keycloak_postgres_database }}"',
+        'POSTGRES_USER: "{{ keycloak_postgres_admin_username }}"',
+        'POSTGRES_PASSWORD: "{{ keycloak_postgres_admin_password }}"',
+      ],
+      volumes: [
+        '"{{ keycloak_postgres_id }}-data:/var/lib/postgresql/data"',
+      ],
+      networks: [
+        '"back-tier"',
+      ],
+      ports: "{{ keycloak_postgres_ports | default([]) }}",
+    },
+  ],
+}

roles/node-exporter/vars/main.yml

@@ -1 +1,65 @@
 ---
+
+node_exporter_id: "{{ service_name }}-node-exporter"
+
+node_exporter_docker: {
+  networks: [
+    {
+      name: front-tier,
+      external: true,
+    },
+  ],
+  services: [
+    {
+      name: "{{ node_exporter_id }}",
+      image_name: "{{ node_exporter_image_name }}",
+      image_version: "{{ node_exporter_image_version }}",
+      command: [
+        '"--path.procfs=/host/proc"',
+        '"--path.sysfs=/host/sys"',
+        '"--no-collector.systemd"',
+        '"--no-collector.logind"',
+        '"--no-collector.ntp"',
+        '"--no-collector.bonding"',
+        '"--no-collector.bcache"',
+        '"--no-collector.arp"',
+        '"--no-collector.edac"',
+        '"--no-collector.infiniband"',
+        '"--no-collector.ipvs"',
+        '"--no-collector.mdadm"',
+        '"--no-collector.nfs"',
+        '"--no-collector.nfsd"',
+        '"--no-collector.wifi"',
+        '"--no-collector.hwmon"',
+        '"--no-collector.conntrack"',
+        '"--no-collector.timex"',
+        '"--no-collector.zfs"',
+        '"--collector.tcpstat"',
+        '"--collector.interrupts"',
+        '"--collector.meminfo_numa"',
+        '"--collector.processes"',
+        '"--collector.textfile"',
+        '"--collector.textfile.directory=/rootfs/textfiles"',
+        '"--collector.filesystem.ignored-mount-points"',
+        '"^/(sys|proc|dev|host|etc|run|run/lock|boot|var/lib/docker|run/docker/netns|var/lib/docker/aufs)($$|/)"',
+      ],
+      labels: [
+        '"traefik.enable=true"',
+        '"traefik.http.routers.{{ node_exporter_id }}.service={{ node_exporter_id }}"',
+        '"traefik.http.routers.{{ node_exporter_id }}.rule=Host(`{{ service_name }}.{{ domain }}`)"',
+        '"traefik.http.routers.{{ node_exporter_id }}.entrypoints=admin-system"',
+        '"traefik.http.routers.{{ node_exporter_id }}.tls=true"',
+        '"traefik.http.routers.{{ node_exporter_id }}.tls.certresolver=letsencrypt"',
+        '"traefik.http.services.{{ node_exporter_id }}.loadbalancer.server.port={{ service_port_node_exporter }}"',
+      ],
+      volumes: [
+        '"/proc:/host/proc:ro"',
+        '"/sys:/host/sys:ro"',
+        '"/:/rootfs:ro"',
+      ],
+      networks: [
+        '"front-tier"'
+      ]
+    }
+  ]
+}

roles/prometheus/defaults/main.yml

@@ -5,128 +5,3 @@ prometheus_version: "v2.19.2"
 alertmanager_version: "v0.21.0"
 blackbox_exporter_version: "v0.17.0"
 postgres_exporter_version: "v0.8.0"
-
-service_port_grafana: 3000
-service_port_prometheus: 9090
-service_port_alertmanager: 9093
-service_port_blackbox_exporter: 9115
-service_port_postgres_exporter: 9187
-
-prometheus_id: "{{ service_name }}-prometheus"
-alertmanager_id: "{{ service_name }}-alertmanager"
-grafana_id: "{{ service_name }}-grafana"
-
-prometheus_docker: {
-  networks: [
-    {
-      name: back-tier,
-      external: true,
-    },
-    {
-      name: front-tier,
-      external: true,
-    },
-  ],
-  volumes: [
-    {
-      name: "{{ prometheus_id }}-data"
-    },
-    {
-      name: "{{ alertmanager_id }}-data"
-    },
-    {
-      name: "{{ grafana_id }}-data"
-    },
-  ],
-  services: [
-    {
-      name: "{{ prometheus_id }}",
-      image_name: "prom/prometheus",
-      image_version: "{{ prometheus_version }}",
-      labels: [
-        '"traefik.enable=true"',
-        '"traefik.http.routers.{{ prometheus_id }}.service={{ prometheus_id }}"',
-        '"traefik.http.routers.{{ prometheus_id }}.rule=Host(`{{ service_name }}-prometheus.{{ domain }}`)"',
-        '"traefik.http.routers.{{ prometheus_id }}.entrypoints=websecure"',
-        '"traefik.http.routers.{{ prometheus_id }}.tls=true"',
-        '"traefik.http.routers.{{ prometheus_id }}.tls.certresolver=letsencrypt"',
-        '"traefik.http.services.{{ prometheus_id }}.loadbalancer.server.port={{ service_port_prometheus }}"',
-      ],
-      command: [
-        '"--config.file=/etc/prometheus/prometheus.yml"',
-        '"--storage.tsdb.path=/prometheus"',
-        '"--web.console.libraries=/usr/share/prometheus/console_libraries"',
-        '"--web.console.templates=/usr/share/prometheus/consoles"',
-        '"--web.external-url={{ http_s}}://{{ service_name }}-prometheus.{{ domain }}"',
-        '"--web.enable-lifecycle"',
-        '"--storage.tsdb.retention.time=15w"',
-      ],
-      volumes: [
-        '"./config/prometheus/:/etc/prometheus/:ro"',
-        '"{{ prometheus_id }}-data:/prometheus"',
-      ],
-      networks: [
-        '"back-tier"',
-        '"front-tier"',
-      ],
-      extra_hosts: "{{ prometheus_extra_hosts | default([]) }}",
-    },
-    {
-      name: "{{ alertmanager_id }}",
-      image_name: "prom/alertmanager",
-      image_version: "{{ alertmanager_version }}",
-      labels: [
-        '"traefik.enable=true"',
-        '"traefik.http.routers.{{ alertmanager_id }}.service={{ alertmanager_id }}"',
-        '"traefik.http.routers.{{ alertmanager_id }}.rule=Host(`{{ service_name }}-alertmanager.{{ domain }}`)"',
-        '"traefik.http.routers.{{ alertmanager_id }}.entrypoints=websecure"',
-        '"traefik.http.routers.{{ alertmanager_id }}.tls=true"',
-        '"traefik.http.routers.{{ alertmanager_id }}.tls.certresolver=letsencrypt"',
-        '"traefik.http.services.{{ alertmanager_id }}.loadbalancer.server.port={{ service_port_alertmanager }}"',
-      ],
-      command: [
-        '"--config.file=/etc/alertmanager/config.yml"',
-        '"--storage.path=/alertmanager"',
-        '"--web.external-url={{ http_s}}://{{ service_name }}-alertmanager.{{ domain }}"',
-      ],
-      environment: [
-        'LS_JAVA_OPTS: "-Xmx1G -Xms1G"',
-      ],
-      volumes: [
-        '"./config/alertmanager/:/etc/alertmanager/:ro"',
-        '"{{ alertmanager_id }}-data:/alertmanager"',
-      ],
-      networks: [
-        '"back-tier"',
-        '"front-tier"',
-      ],
-    },
-    {
-      name: "{{ grafana_id }}",
-      image_name: "grafana/grafana",
-      image_version: "{{ grafana_version }}",
-      user: '"472"',
-      labels: [
-        '"traefik.enable=true"',
-        '"traefik.http.routers.{{ grafana_id }}.service={{ grafana_id }}"',
-        '"traefik.http.routers.{{ grafana_id }}.rule=Host(`{{ service_name }}-grafana.{{ domain }}`)"',
-        '"traefik.http.routers.{{ grafana_id }}.entrypoints=websecure"',
-        '"traefik.http.routers.{{ grafana_id }}.tls=true"',
-        '"traefik.http.routers.{{ grafana_id }}.tls.certresolver=letsencrypt"',
-        '"traefik.http.services.{{ grafana_id }}.loadbalancer.server.port={{ service_port_grafana }}"',
-      ],
-      volumes: [
-        '"./config/grafana/provisioning/:/etc/grafana/provisioning/"',
-        '"./config/grafana/conf/defaults.ini:/usr/share/grafana/conf/defaults.ini"',
-        '"{{ grafana_id }}-data:/var/lib/grafana"',
-      ],
-      networks: [
-        '"back-tier"',
-        '"front-tier"',
-      ],
-      env_file: [
-        '"./config/grafana/config.monitoring"',
-      ],
-    }
-  ],
-}

roles/prometheus/vars/main.yml

@@ -1 +1,124 @@
 ---
+
+service_port_grafana: 3000
+service_port_prometheus: 9090
+service_port_alertmanager: 9093
+
+prometheus_id: "{{ service_name }}-prometheus"
+alertmanager_id: "{{ service_name }}-alertmanager"
+grafana_id: "{{ service_name }}-grafana"
+
+prometheus_docker: {
+  networks: [
+    {
+      name: back-tier,
+      external: true,
+    },
+    {
+      name: front-tier,
+      external: true,
+    },
+  ],
+  volumes: [
+    {
+      name: "{{ prometheus_id }}-data"
+    },
+    {
+      name: "{{ alertmanager_id }}-data"
+    },
+    {
+      name: "{{ grafana_id }}-data"
+    },
+  ],
+  services: [
+    {
+      name: "{{ prometheus_id }}",
+      image_name: "prom/prometheus",
+      image_version: "{{ prometheus_version }}",
+      labels: [
+        '"traefik.enable=true"',
+        '"traefik.http.routers.{{ prometheus_id }}.service={{ prometheus_id }}"',
+        '"traefik.http.routers.{{ prometheus_id }}.rule=Host(`{{ service_name }}-prometheus.{{ domain }}`)"',
+        '"traefik.http.routers.{{ prometheus_id }}.entrypoints=websecure"',
+        '"traefik.http.routers.{{ prometheus_id }}.tls=true"',
+        '"traefik.http.routers.{{ prometheus_id }}.tls.certresolver=letsencrypt"',
+        '"traefik.http.services.{{ prometheus_id }}.loadbalancer.server.port={{ service_port_prometheus }}"',
+      ],
+      command: [
+        '"--config.file=/etc/prometheus/prometheus.yml"',
+        '"--storage.tsdb.path=/prometheus"',
+        '"--web.console.libraries=/usr/share/prometheus/console_libraries"',
+        '"--web.console.templates=/usr/share/prometheus/consoles"',
+        '"--web.external-url={{ http_s}}://{{ service_name }}-prometheus.{{ domain }}"',
+        '"--web.enable-lifecycle"',
+        '"--storage.tsdb.retention.time=15w"',
+      ],
+      volumes: [
+        '"./config/prometheus/:/etc/prometheus/:ro"',
+        '"{{ prometheus_id }}-data:/prometheus"',
+      ],
+      networks: [
+        '"back-tier"',
+        '"front-tier"',
+      ],
+      extra_hosts: "{{ prometheus_extra_hosts | default([]) }}",
+    },
+    {
+      name: "{{ alertmanager_id }}",
+      image_name: "prom/alertmanager",
+      image_version: "{{ alertmanager_version }}",
+      labels: [
+        '"traefik.enable=true"',
+        '"traefik.http.routers.{{ alertmanager_id }}.service={{ alertmanager_id }}"',
+        '"traefik.http.routers.{{ alertmanager_id }}.rule=Host(`{{ service_name }}-alertmanager.{{ domain }}`)"',
+        '"traefik.http.routers.{{ alertmanager_id }}.entrypoints=websecure"',
+        '"traefik.http.routers.{{ alertmanager_id }}.tls=true"',
+        '"traefik.http.routers.{{ alertmanager_id }}.tls.certresolver=letsencrypt"',
+        '"traefik.http.services.{{ alertmanager_id }}.loadbalancer.server.port={{ service_port_alertmanager }}"',
+      ],
+      command: [
+        '"--config.file=/etc/alertmanager/config.yml"',
+        '"--storage.path=/alertmanager"',
+        '"--web.external-url={{ http_s}}://{{ service_name }}-alertmanager.{{ domain }}"',
+      ],
+      environment: [
+        'LS_JAVA_OPTS: "-Xmx1G -Xms1G"',
+      ],
+      volumes: [
+        '"./config/alertmanager/:/etc/alertmanager/:ro"',
+        '"{{ alertmanager_id }}-data:/alertmanager"',
+      ],
+      networks: [
+        '"back-tier"',
+        '"front-tier"',
+      ],
+    },
+    {
+      name: "{{ grafana_id }}",
+      image_name: "grafana/grafana",
+      image_version: "{{ grafana_version }}",
+      user: '"472"',
+      labels: [
+        '"traefik.enable=true"',
+        '"traefik.http.routers.{{ grafana_id }}.service={{ grafana_id }}"',
+        '"traefik.http.routers.{{ grafana_id }}.rule=Host(`{{ service_name }}-grafana.{{ domain }}`)"',
+        '"traefik.http.routers.{{ grafana_id }}.entrypoints=websecure"',
+        '"traefik.http.routers.{{ grafana_id }}.tls=true"',
+        '"traefik.http.routers.{{ grafana_id }}.tls.certresolver=letsencrypt"',
+        '"traefik.http.services.{{ grafana_id }}.loadbalancer.server.port={{ service_port_grafana }}"',
+      ],
+      volumes: [
+        '"./config/grafana/provisioning/:/etc/grafana/provisioning/"',
+        '"./config/grafana/conf/defaults.ini:/usr/share/grafana/conf/defaults.ini"',
+        '"{{ grafana_id }}-data:/var/lib/grafana"',
+      ],
+      networks: [
+        '"back-tier"',
+        '"front-tier"',
+      ],
+      env_file: [
+        '"./config/grafana/config.monitoring"',
+      ],
+    }
+  ],
+}

roles/traefik/defaults/main.yml

@@ -1,77 +1,4 @@
 ---
 
-traefik_id: "{{ service_name }}-traefik"
-
 traefik_image_name: "traefik"
 traefik_image_version: "v2.4"
-
-caddy_docker: {
-  networks: [
-    {
-      name: front-tier,
-      external: 'true',
-    },
-  ],
-  services: [
-    {
-      name: "{{ traefik_id }}",
-      image_name: "{{ traefik_image_name }}",
-      image_version: "{{ traefik_image_version }}",
-      environment: [
-        'DO_AUTH_TOKEN: "{{ digitalocean_authentication_token }}"',
-      ],
-      volumes: [
-        '"./acme.json:/acme.json"',
-        '"./traefik.toml:/traefik.toml:ro"',
-        '"./traefik_dynamic.toml:/traefik_dynamic.toml:ro"',
-        '"/var/run/docker.sock:/var/run/docker.sock:ro"',
-        '"./config/static_files:/var/www/static_files:ro"',
-      ],
-      networks: [
-        '"front-tier"'
-      ],
-      ports: [
-        {
-          external: "0.0.0.0:{{ http_port }}",
-          internal: "{{ http_port }}"
-        },
-        {
-          external: "0.0.0.0:{{ https_port }}",
-          internal: "{{ https_port }}"
-        },
-        {
-          external: "0.0.0.0:{{ service_port_portainer }}",
-          internal: "{{ service_port_portainer }}"
-        },
-        {
-          external: "0.0.0.0:{{ service_port_pgadmin }}",
-          internal: "{{ service_port_pgadmin }}"
-        },
-        {
-          external: "0.0.0.0:{{ service_port_phpmyadmin }}",
-          internal: "{{ service_port_phpmyadmin }}"
-        },
-        {
-          external: "0.0.0.0:{{ admin_port_traefik }}",
-          internal: "{{ admin_port_traefik }}"
-        },
-        {
-          external: "0.0.0.0:{{ monitor_port_service }}",
-          internal: "{{ monitor_port_service }}"
-        },
-        {
-          external: "0.0.0.0:{{ monitor_port_system }}",
-          internal: "{{ monitor_port_system }}"
-        },
-        {
-          external: "0.0.0.0:{{ monitor_port_docker }}",
-          internal: "{{ monitor_port_docker }}"
-        },
-      ],
-      dns: [
-        '"8.8.8.8"',
-        '"8.8.8.4"',
-      ],
-    }
-  ]
-}

roles/traefik/vars/main.yml

@@ -1 +1,74 @@
 ---
+
+traefik_id: "{{ service_name }}-traefik"
+
+caddy_docker: {
+  networks: [
+    {
+      name: front-tier,
+      external: 'true',
+    },
+  ],
+  services: [
+    {
+      name: "{{ traefik_id }}",
+      image_name: "{{ traefik_image_name }}",
+      image_version: "{{ traefik_image_version }}",
+      environment: [
+        'DO_AUTH_TOKEN: "{{ digitalocean_authentication_token }}"',
+      ],
+      volumes: [
+        '"./acme.json:/acme.json"',
+        '"./traefik.toml:/traefik.toml:ro"',
+        '"./traefik_dynamic.toml:/traefik_dynamic.toml:ro"',
+        '"/var/run/docker.sock:/var/run/docker.sock:ro"',
+        '"./config/static_files:/var/www/static_files:ro"',
+      ],
+      networks: [
+        '"front-tier"'
+      ],
+      ports: [
+        {
+          external: "0.0.0.0:{{ http_port }}",
+          internal: "{{ http_port }}"
+        },
+        {
+          external: "0.0.0.0:{{ https_port }}",
+          internal: "{{ https_port }}"
+        },
+        {
+          external: "0.0.0.0:{{ service_port_portainer }}",
+          internal: "{{ service_port_portainer }}"
+        },
+        {
+          external: "0.0.0.0:{{ service_port_pgadmin }}",
+          internal: "{{ service_port_pgadmin }}"
+        },
+        {
+          external: "0.0.0.0:{{ service_port_phpmyadmin }}",
+          internal: "{{ service_port_phpmyadmin }}"
+        },
+        {
+          external: "0.0.0.0:{{ admin_port_traefik }}",
+          internal: "{{ admin_port_traefik }}"
+        },
+        {
+          external: "0.0.0.0:{{ monitor_port_service }}",
+          internal: "{{ monitor_port_service }}"
+        },
+        {
+          external: "0.0.0.0:{{ monitor_port_system }}",
+          internal: "{{ monitor_port_system }}"
+        },
+        {
+          external: "0.0.0.0:{{ monitor_port_docker }}",
+          internal: "{{ monitor_port_docker }}"
+        },
+      ],
+      dns: [
+        '"8.8.8.8"',
+        '"8.8.8.4"',
+      ],
+    }
+  ]
+}