From 969b4bb54ee0f1e4dcab98dad38397a6dfe8fc3c Mon Sep 17 00:00:00 2001 From: Hoan To Date: Wed, 12 Apr 2023 10:01:28 +0000 Subject: [PATCH] Dev-997: provisioning galaxy role --- README.md | 2 +- create-server.yml | 2 +- dump-hcloud-ips.yml | 4 +- evil-remove-server.yml | 4 +- galaxy-requirements.yml | 7 + hcloud_firewall.yml | 14 +- provisioning.yml | 11 +- remove-server.yml | 4 +- remove-service.yml | 4 +- restore-remote-database-backup.yml | 15 +- roles/connect/tasks/main.yml | 6 +- roles/connect_compact/tasks/main.yml | 6 +- roles/connect_wordpress/tasks/main.yml | 2 +- roles/digitalocean/tasks/_create_server.yml | 2 +- roles/dns/tasks/_remove_dns.yml | 47 ----- roles/dns/tasks/main.yml | 33 ---- roles/harbor/tasks/install.yml | 2 +- roles/hcloud/defaults/main.yml | 9 - .../tasks/_read_load_balancer_infos.yml | 31 --- roles/hcloud/tasks/_read_server_infos.yml | 31 --- roles/hcloud/tasks/_read_server_names.yml | 31 --- roles/hcloud/tasks/_set_server_state.yml | 61 ------ roles/hcloud/tasks/configure-firewall2.yml | 183 ------------------ roles/hcloud/tasks/configure-network.yml | 45 ----- roles/hcloud/tasks/main.yml | 81 -------- roles/hcloud/vars/main.yml | 1 - roles/keycloak/tasks/main.yml | 2 +- roles/keycloak_compact/tasks/main.yml | 4 +- roles/kibana/tasks/main.yaml | 2 +- roles/pgadmin4/tasks/main.yml | 2 +- roles/prometheus/tasks/main.yml | 2 +- roles/shared_service/tasks/main.yml | 4 +- stage-dev | 4 + update-ssh-config-file.yml | 2 +- 34 files changed, 67 insertions(+), 593 deletions(-) delete mode 100644 roles/dns/tasks/_remove_dns.yml delete mode 100644 roles/dns/tasks/main.yml delete mode 100644 roles/hcloud/defaults/main.yml delete mode 100644 roles/hcloud/tasks/_read_load_balancer_infos.yml delete mode 100644 roles/hcloud/tasks/_read_server_infos.yml delete mode 100644 roles/hcloud/tasks/_read_server_names.yml delete mode 100644 roles/hcloud/tasks/_set_server_state.yml delete mode 100644 roles/hcloud/tasks/configure-firewall2.yml delete mode 100644 roles/hcloud/tasks/configure-network.yml delete mode 100644 roles/hcloud/tasks/main.yml delete mode 100644 roles/hcloud/vars/main.yml diff --git a/README.md b/README.md index eaf10b6..1d3c1fd 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ ## Install needed ansible collections / roles - ansible-galaxy install -r galaxy-requirements.yml + ansible-galaxy install -r galaxy-requirements.yml -f # Setup Create/Start servers for stage-dev diff --git a/create-server.yml b/create-server.yml index 59a8036..3161331 100644 --- a/create-server.yml +++ b/create-server.yml @@ -89,7 +89,7 @@ - update_networks roles: - - role: hcloud + - role: hetzner-ansible-hcloud ############################################################# # Provisioning servers for created inventory diff --git a/dump-hcloud-ips.yml b/dump-hcloud-ips.yml index aadf22b..8bcb1af 100644 --- a/dump-hcloud-ips.yml +++ b/dump-hcloud-ips.yml @@ -46,7 +46,7 @@ pre_tasks: - name: "Reading current server groups from hetzner" include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: _read_server_infos with_items: [ { @@ -59,7 +59,7 @@ - name: "Reading info about current loadbalancers from hetzner" include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: _read_load_balancer_infos with_items: [ { diff --git a/evil-remove-server.yml b/evil-remove-server.yml index 506f8a8..58f1a39 100644 --- a/evil-remove-server.yml +++ b/evil-remove-server.yml @@ -35,13 +35,13 @@ - block: - name: "Delete server <{{ inventory_hostname }}>" include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: _set_server_state vars: - server_state: "absent" - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>" include_role: - name: dns + name: hetzner-ansible-dns tasks_from: _remove_dns vars: record_to_remove: '{{ inventory_hostname }}' diff --git a/galaxy-requirements.yml b/galaxy-requirements.yml index 5522485..b6009b5 100644 --- a/galaxy-requirements.yml +++ b/galaxy-requirements.yml @@ -10,6 +10,13 @@ roles: version: v3.6.2 src: https://github.com/Oefenweb/ansible-postfix.git scm: git +- name: hetzner-ansible-dns + src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-dns-role.git + scm: git +- name: hetzner-ansible-hcloud + src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-hcloud-role.git + scm: git + collections: - name: hetzner.hcloud diff --git a/hcloud_firewall.yml b/hcloud_firewall.yml index 5c40f4e..46d24b4 100644 --- a/hcloud_firewall.yml +++ b/hcloud_firewall.yml @@ -41,7 +41,7 @@ tasks: - name: "Setup base hcloud firewall rules" include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: configure-firewall2 loop: "{{ hcloud_firewall_objects }}" loop_control: @@ -67,7 +67,7 @@ - name: "Setup hcloud firewalls for AWX stuff..." include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: configure-firewall2 loop: "{{ hcloud_firewall_objects_awx }}" loop_control: @@ -75,7 +75,7 @@ - name: "Setup hcloud firewalls for database backup..." include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: configure-firewall2 loop: "{{ hcloud_firewall_objects_backup }}" loop_control: @@ -83,7 +83,7 @@ - name: "Setup hcloud firewalls for gitea..." include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: configure-firewall2 loop: "{{ hcloud_firewall_objects_gitea }}" loop_control: @@ -91,7 +91,7 @@ - name: "Setup hcloud firewalls for keycloak..." include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: configure-firewall2 loop: "{{ hcloud_firewall_objects_keycloak }}" loop_control: @@ -99,7 +99,7 @@ - name: "Setup hcloud firewalls for kibana..." include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: configure-firewall2 loop: "{{ hcloud_firewall_objects_kibana }}" loop_control: @@ -107,7 +107,7 @@ - name: "Setup hcloud firewalls for management..." include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: configure-firewall2 loop: "{{ hcloud_firewall_objects_management }}" loop_control: diff --git a/provisioning.yml b/provisioning.yml index ea1c7d4..5c892ee 100644 --- a/provisioning.yml +++ b/provisioning.yml @@ -51,9 +51,18 @@ - update_networks roles: - - role: hcloud + - role: hetzner-ansible-hcloud when: - "'hcloud' in group_names" + + - role: hetzner-ansible-dns + vars: + record_data: "{{ stage_server_ip }}" + record_name: "{{ inventory_hostname }}" + when: + - "'hcloud' in group_names" + tags: + - update_dns - role: hetzner_state vars: diff --git a/remove-server.yml b/remove-server.yml index 053e709..248ae3c 100644 --- a/remove-server.yml +++ b/remove-server.yml @@ -65,14 +65,14 @@ tasks: - name: "Delete server <{{ inventory_hostname }}>" include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: _set_server_state vars: - server_state: "absent" - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>" include_role: - name: dns + name: hetzner-ansible-dns tasks_from: _remove_dns vars: record_to_remove: '{{ inventory_hostname }}' diff --git a/remove-service.yml b/remove-service.yml index 3c9cd50..2fc617d 100644 --- a/remove-service.yml +++ b/remove-service.yml @@ -62,7 +62,7 @@ tasks: - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>" include_role: - name: dns + name: hetzner-ansible-dns tasks_from: _remove_dns vars: record_to_remove: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01-connect' @@ -70,7 +70,7 @@ - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>" include_role: - name: dns + name: hetzner-ansible-dns tasks_from: _remove_dns vars: record_to_remove: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01-wordpress' diff --git a/restore-remote-database-backup.yml b/restore-remote-database-backup.yml index 8364c80..979ceed 100644 --- a/restore-remote-database-backup.yml +++ b/restore-remote-database-backup.yml @@ -66,10 +66,17 @@ remote_user: root roles: - - role: hcloud + - role: hetzner-ansible-hcloud vars: sma_digitalocean_ttl: 60 # set it to 60sec to reduce DNS caching problems with internal IT in case of debugging ansible problems ;) + - role: hetzner-ansible-dns + vars: + record_data: "{{ stage_server_ip }}" + record_name: "{{ inventory_hostname }}" + tags: + - update_dns + ############################################################# # Provisioning server(s) for created inventory ############################################################# @@ -129,7 +136,7 @@ tasks: - name: "Add hcloud firewall rule(s)" include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: configure-firewall2 loop: "{{ hcloud_firewall_objects_backup }}" loop_control: @@ -235,14 +242,14 @@ tasks: - name: "Delete server <{{ inventory_hostname }}>" include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: _set_server_state vars: - server_state: "absent" - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>" include_role: - name: dns + name: hetzner-ansible-dns tasks_from: _remove_dns vars: record_to_remove: '{{ inventory_hostname }}' diff --git a/roles/connect/tasks/main.yml b/roles/connect/tasks/main.yml index 423ac6b..1b408b8 100644 --- a/roles/connect/tasks/main.yml +++ b/roles/connect/tasks/main.yml @@ -7,7 +7,7 @@ - name: "Setup hcloud firewalls for <{{ inventory_hostname }}>" include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: configure-firewall2 loop: "{{ server_hcloud_firewall_objects }}" loop_control: @@ -17,7 +17,7 @@ - name: "Setup DNS configuration for <{{ connect_external_subdomain }}> to <{{ stage_server_ip }}>" include_role: - name: dns + name: hetzner-ansible-dns vars: record_data: "{{ stage_server_ip }}" record_name: "{{ connect_external_subdomain }}" @@ -26,7 +26,7 @@ - name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>" include_role: - name: dns + name: hetzner-ansible-dns vars: record_data: "{{ stage_server_ip }}" record_name: "{{ connect_id }}" diff --git a/roles/connect_compact/tasks/main.yml b/roles/connect_compact/tasks/main.yml index 5c955e2..a5653cc 100644 --- a/roles/connect_compact/tasks/main.yml +++ b/roles/connect_compact/tasks/main.yml @@ -2,14 +2,14 @@ - name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>" include_role: - name: dns + name: hetzner-ansible-dns vars: record_data: "{{ stage_server_ip }}" record_name: "{{ connect_id }}" - name: "Setup DNS configuration for <{{ connect_external_subdomain }}> to <{{ stage_server_ip }}>" include_role: - name: dns + name: hetzner-ansible-dns vars: record_data: "{{ stage_server_ip }}" record_name: "{{ connect_external_subdomain }}" @@ -17,7 +17,7 @@ - name: "Setup DNS configuration for <{{ kibana_id }}> to <{{ stage_server_ip }}>" include_role: - name: dns + name: hetzner-ansible-dns vars: record_data: "{{ stage_server_ip }}" record_name: "{{ kibana_id }}" diff --git a/roles/connect_wordpress/tasks/main.yml b/roles/connect_wordpress/tasks/main.yml index 052c243..ea87dab 100644 --- a/roles/connect_wordpress/tasks/main.yml +++ b/roles/connect_wordpress/tasks/main.yml @@ -21,7 +21,7 @@ - name: "Setup DNS configuration for {{ wordpress_id }}" include_role: - name: dns + hetzner-ansible- vars: record_data: "{{ stage_server_ip }}" record_name: "{{ inventory_hostname }}-wordpress" diff --git a/roles/digitalocean/tasks/_create_server.yml b/roles/digitalocean/tasks/_create_server.yml index cfd2f08..7d713d8 100644 --- a/roles/digitalocean/tasks/_create_server.yml +++ b/roles/digitalocean/tasks/_create_server.yml @@ -62,7 +62,7 @@ - name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>" include_role: - name: dns + name: hetzner-ansible-dns vars: record_state: present record_data: "{{ stage_server_ip }}" diff --git a/roles/dns/tasks/_remove_dns.yml b/roles/dns/tasks/_remove_dns.yml deleted file mode 100644 index c9cf001..0000000 --- a/roles/dns/tasks/_remove_dns.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- - -- name: "Read DNS entry for <{{ record_to_remove }}.{{ domain }}> from digitalocean" - uri: - url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records?name={{ record_to_remove }}.{{ domain }}" - headers: - accept: application/json - authorization: "Bearer {{ digitalocean_authentication_token }}" - return_content: yes - register: domain_records_response - delegate_to: 127.0.0.1 - become: false - -- name: "Save DNS entry as variable (fact)" - set_fact: - domain_records_response_json: "{{ domain_records_response.json }}" - delegate_to: 127.0.0.1 - become: false - -- name: "Parse DNS entry for <{{ record_to_remove }}.{{ domain }}>" - set_fact: - domain_record: "{{ domain_records_response_json.domain_records | json_query(jmesquery) | first | default({'name': '-', 'ip': '-'}) }}" - vars: - jmesquery: '[*].{id: id, name: name, ip: data}' - delegate_to: 127.0.0.1 - become: false - -- name: "Print DNS entry for <{{ record_to_remove }}.{{ domain }}>" - debug: - msg: "{{ domain_record }}" - delegate_to: 127.0.0.1 - become: false - -- name: "Delete DNS entry <{{ record_to_remove }}> for <{{ domain }}>" - uri: - method: DELETE - url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records/{{ domain_record.id }}" - headers: - authorization: Bearer {{ digitalocean_authentication_token }} - return_content: yes - status_code: 204 - changed_when: true - when: - domain_record.ip != '-' - and record_to_remove != domain_record.ip - delegate_to: 127.0.0.1 - become: false diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml deleted file mode 100644 index eb046b1..0000000 --- a/roles/dns/tasks/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- - -- name: "Create DO DNS entry for <{{ record_name }}.{{ domain }}> to <{{ record_data }}> if necessary" - community.digitalocean.digital_ocean_domain_record: - oauth_token: "{{ digitalocean_authentication_token }}" - state: "{{ record_state | default('present') }}" - domain: "{{ domain }}" - type: A - name: "{{ record_name }}" - data: "{{ record_data }}" - ttl: "{{ dns_ttl | default(1800) }}" - delegate_to: localhost - become: false - when: - - dns == 'digitalocean' - tags: - - update_dns - -- name: "Create Hetzner DNS entry for <{{ record_name }}.{{ domain }}> to <{{ record_data }}> if necessary" - community.dns.hetzner_dns_record: - hetzner_token: "{{ hetzner_dns_api_key }}" - state: "{{ record_state | default('present') }}" - zone: "{{ domain }}" - type: A - record: "{{ record_name }}.{{ domain }}" - ttl: "{{ sma_digitalocean_ttl | default(1800) }}" - value: "{{ stage_server_ip }}" - delegate_to: localhost - become: false - when: - - dns == 'hetzner' - tags: - - update_dns diff --git a/roles/harbor/tasks/install.yml b/roles/harbor/tasks/install.yml index 9f32d44..c748e36 100644 --- a/roles/harbor/tasks/install.yml +++ b/roles/harbor/tasks/install.yml @@ -4,7 +4,7 @@ - name: "Setup DNS configuration for {{ inventory_hostname }} harbor" include_role: - name: dns + name: hetzner-ansible-dns vars: record_data: "{{ stage_server_ip }}" record_name: "{{ inventory_hostname }}" diff --git a/roles/hcloud/defaults/main.yml b/roles/hcloud/defaults/main.yml deleted file mode 100644 index 0b5ce03..0000000 --- a/roles/hcloud/defaults/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -server_state: "present" -max_retries: 15 -retry_delay: 60 - -hetzner_networks: - - name: "{{ stage }}" - label_selector: "stage={{ stage }}" diff --git a/roles/hcloud/tasks/_read_load_balancer_infos.yml b/roles/hcloud/tasks/_read_load_balancer_infos.yml deleted file mode 100644 index f14c516..0000000 --- a/roles/hcloud/tasks/_read_load_balancer_infos.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- - -- name: "Gathering current load_balancer infos from hetzner" - hetzner.hcloud.hcloud_load_balancer_info: - api_token: "{{ hetzner_authentication_ansible }}" - #label_selector: "{{ current_load_balancer_group.label_selector }}" - register: current_load_balancer_infos - delegate_to: 127.0.0.1 - become: false - tags: - - update_config - -- name: "Setting loadbalancer group as fact: load_balancer_group_infos_{{ current_load_balancer_group.name }}" - set_fact: - load_balancer_group_infos_{{ current_load_balancer_group.name }}: "{{ current_load_balancer_infos.hcloud_load_balancer_info | json_query(querystr) }}" # noqa var-naming - vars: - querystr: "[*].{id: id, name: name, ip: ipv4_address}" - delegate_to: 127.0.0.1 - become: false - tags: - - update_config - -- name: "Printing load_balancer infos {{ current_load_balancer_infos }}" - debug: - msg: "{{ current_load_balancer_infos }}" - delegate_to: 127.0.0.1 - become: false - tags: - - update_config - when: - - debug diff --git a/roles/hcloud/tasks/_read_server_infos.yml b/roles/hcloud/tasks/_read_server_infos.yml deleted file mode 100644 index c72b7c8..0000000 --- a/roles/hcloud/tasks/_read_server_infos.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- - -- name: "Gathering current server infos for group {{ current_server_group.name }} from hetzner" - hcloud_server_info: - api_token: "{{ hetzner_authentication_ansible }}" - label_selector: "{{ current_server_group.label_selector }}" - register: current_server_infos - delegate_to: 127.0.0.1 - become: false - tags: - - update_config - -- name: "Setting server group as fact: server_group_infos_{{ current_server_group.name }}" - set_fact: - server_group_infos_{{ current_server_group.name }}: "{{ current_server_infos.hcloud_server_info | json_query(querystr) }}" # noqa var-naming - vars: - querystr: "[*].{id: id, name: name, ip: ipv4_address}" - delegate_to: 127.0.0.1 - become: false - tags: - - update_config - -- name: "Printing server group {{ current_server_group.name }}" - debug: - msg: "{{ lookup('vars', 'server_group_infos_' + current_server_group.name) }}" - delegate_to: 127.0.0.1 - become: false - tags: - - update_config - when: - - debug diff --git a/roles/hcloud/tasks/_read_server_names.yml b/roles/hcloud/tasks/_read_server_names.yml deleted file mode 100644 index 12c6495..0000000 --- a/roles/hcloud/tasks/_read_server_names.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- - -- name: "Gathering current server infos for group {{ current_server_group.name }} from hetzner" - hcloud_server_info: - api_token: "{{ hetzner_authentication_ansible }}" - label_selector: "{{ current_server_group.label_selector }}" - register: current_server_infos - delegate_to: 127.0.0.1 - become: false - tags: - - update_config - -- name: "Setting server group as fact: server_group_names_{{ current_server_group.name }}" - set_fact: - server_group_names_{{ current_server_group.name }}: "{{ current_server_infos.hcloud_server_info | json_query(querystr) }}" # noqa var-naming - vars: - querystr: "[*].name" - delegate_to: 127.0.0.1 - become: false - tags: - - update_config - -- name: "Printing server group {{ current_server_group.name }}" - debug: - msg: "{{ lookup('vars', 'server_group_names_' + current_server_group.name) }}" - delegate_to: 127.0.0.1 - become: false - tags: - - update_config - when: - - debug diff --git a/roles/hcloud/tasks/_set_server_state.yml b/roles/hcloud/tasks/_set_server_state.yml deleted file mode 100644 index ba674ad..0000000 --- a/roles/hcloud/tasks/_set_server_state.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- -- name: "Block to handle hetzner server state in case of problems" - block: - - name: "Increment the retry count" - set_fact: - retry_count: "{{ retry_count | default(0) | int + 1 }}" - - - name: "Checking state for server <{{ inventory_hostname }}> is <{{ server_state }}>" - hetzner.hcloud.hcloud_server: - api_token: "{{ hetzner_authentication_ansible }}" - name: "{{ inventory_hostname }}" - server_type: "{{ hetzner_server_type }}" - image: "{{ hetzner_server_image }}" - ssh_keys: "{{ hetzner_ssh_keys }}" - labels: "{{ hetzner_server_labels }}" - location: nbg1 - state: "{{ server_state }}" - delegate_to: 127.0.0.1 - become: false - async: 300 - poll: 5 - register: hcloud_response - ignore_errors: yes - - - name: "Block - DEBUG: hcloud_response" - debug: - msg: '{{ hcloud_response.msg }}' - when: - - hcloud_response.msg is defined - - - name: "Ensure Server is STARTED when server_state=present" - hetzner.hcloud.hcloud_server: - api_token: "{{ hetzner_authentication_ansible }}" - name: "{{ inventory_hostname }}" - state: "started" - delegate_to: 127.0.0.1 - become: false - async: 150 - poll: 15 - register: hcloud_response - when: - - server_state == 'present' - - rescue: - - name: "RESCUE - fail: Maximum retries reached" - fail: - msg: "max_retries of {{ max_retries }} reached. Plz check." - when: retry_count | int == max_retries | int - - - name: "RESCUE-fail DEBUG: hcloud_response" - debug: - msg: '{{ hcloud_response.msg }}' - - - name: "RESCUE: wait_for {{ retry_delay }} sec. between retries" - wait_for: - timeout: "{{ retry_delay }}" - delegate_to: localhost - become: false - - - name: "Include _set_server one time again => increase retry_count" - include_tasks: _set_server_state.yml diff --git a/roles/hcloud/tasks/configure-firewall2.yml b/roles/hcloud/tasks/configure-firewall2.yml deleted file mode 100644 index f22c031..0000000 --- a/roles/hcloud/tasks/configure-firewall2.yml +++ /dev/null @@ -1,183 +0,0 @@ ---- -- name: "Get all existing firewalls" - uri: - method: GET - url: "https://api.hetzner.cloud/v1/firewalls?per_page=1000" - body_format: json - headers: - accept: application/json - authorization: Bearer {{ hetzner_authentication_ansible }} - status_code: [200] - register: hcloud_firewalls_all - delegate_to: 127.0.0.1 - become: false - -- name: "Setting hetzner firewall pagination count: <{{ hcloud_firewalls_all.json.meta.pagination.last_page }}>" - set_fact: - total_server_pages: "{{ hcloud_firewalls_all.json.meta.pagination.last_page }}" - become: false - tags: - - always - - -- name: "BLOCK << WITHOUT >> pagination" - block: - - name: "Get firewall object from list" - set_fact: - lookup_fw_obj: "{{ hcloud_firewalls_all.json.firewalls | community.general.json_query(jsonquery_find_firewall_name) }}" - vars: - jsonquery_find_firewall_name: "[?name=='{{ firewall_object.name }}']" - when: - - total_server_pages == '1' - - -- name: "<< WITH >> pagination" - block: - - name: "Get all existing firewalls" - uri: - method: GET - url: "https://api.hetzner.cloud/v1/firewalls?page={{ item }}" - body_format: json - headers: - accept: application/json - authorization: Bearer {{ hetzner_authentication_ansible }} - status_code: [200] - register: hcloud_firewalls_all - delegate_to: 127.0.0.1 - become: false - - - name: "Get firewall object from list" - set_fact: - lookup_fw_obj: "{{ hcloud_firewalls_all.json.results | community.general.json_query(querystr1) | first | community.general.json_query(querystr2) | community.general.json_query(querystr2) }}" - vars: - querystr1: "[[*].json.firewalls]" - querystr2: "[?name=='{{ firewall_object.name }}']" - when: - - total_server_pages != '1' - -- name: "Create firewall rule for <<{{ firewall_object.name }}>>" - uri: - method: POST - url: "https://api.hetzner.cloud/v1/firewalls" - body_format: json - headers: - Content-Type: application/json - authorization: Bearer {{ hetzner_authentication_ansible }} - body: "{{ firewall_object | to_json }}" - return_content: yes - status_code: [201] - delegate_to: 127.0.0.1 - become: false - when: - - firewall_object.state == 'present' - - lookup_fw_obj | length == 0 - -- name: "Update firewall rule for <<{{ firewall_object.name }}>>" - block: - - - name: "Step_1: update FW rule <<{{ firewall_object.name }}>>" - uri: - method: PUT - url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}" - body_format: json - headers: - Content-Type: application/json - authorization: Bearer {{ hetzner_authentication_ansible }} - body: "{{ firewall_object | to_json }}" - return_content: yes - status_code: [200] - register: fw_update_step1 - delegate_to: 127.0.0.1 - become: false - - - name: "Setting VAR" - set_fact: - rules_obj: - rules: "{{ firewall_object.rules }}" - applyto_obj: - apply_to: "{{ firewall_object.apply_to }}" - - - name: "Step_2: update FW rule - update rules" - uri: - method: POST - url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}/actions/set_rules" - body_format: json - headers: - Content-Type: application/json - authorization: Bearer {{ hetzner_authentication_ansible }} - body: "{{ rules_obj | to_json }}" - return_content: yes - status_code: [201] - register: fw_update_step2 - delegate_to: 127.0.0.1 - become: false - - - name: "Step_3: update FW rule - apply-to-resources" - uri: - method: POST - url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}/actions/apply_to_resources" - body_format: json - headers: - Content-Type: application/json - authorization: Bearer {{ hetzner_authentication_ansible }} - body: "{{ applyto_obj | to_json }}" - return_content: yes - status_code: [201] - register: fw_update_step2 - delegate_to: 127.0.0.1 - become: false - - rescue: - - name: "Rescueing FW-apply-to part " - debug: - msg: "Everything fine - FW-apply-to part already applied" - when: - - fw_update_step2.status in [422] - - fw_update_step2.json.error.code == 'firewall_already_applied' - - when: - - firewall_object.state == 'present' - - lookup_fw_obj | length > 0 - -- name: "Delete firewall rule for <<{{ firewall_object.name }}>>" - block: - - - name: "Create firewall object for deactivation" - set_fact: - deactivate_fw_obj: - remove_from: "{{ firewall_object.apply_to }}" - - - name: "Step_1: Unset usage of firewall rule <<{{ firewall_object.name }}>>" - uri: - method: POST - url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}/actions/remove_from_resources" - body_format: json - headers: - Content-Type: application/json - authorization: Bearer {{ hetzner_authentication_ansible }} - body: "{{ deactivate_fw_obj | to_json }}" - return_content: yes - status_code: [201] - delegate_to: 127.0.0.1 - become: false - - - name: "Step_2: Delete firewall rule for <<{{ firewall_object.name }}>>" - uri: - method: DELETE - url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}" - body_format: json - headers: - Content-Type: application/json - authorization: Bearer {{ hetzner_authentication_ansible }} - return_content: yes - status_code: [204] - register: cleanup_firewall - delegate_to: 127.0.0.1 - become: false - until: cleanup_firewall.status in [204] - retries: 15 - delay: 10 - - when: - - firewall_object.state == 'absent' - - lookup_fw_obj | length > 0 diff --git a/roles/hcloud/tasks/configure-network.yml b/roles/hcloud/tasks/configure-network.yml deleted file mode 100644 index 7dda492..0000000 --- a/roles/hcloud/tasks/configure-network.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- - -- name: "Checking present state for network <{{ current_network_name }}>" - hcloud_network: - api_token: "{{ hetzner_authentication_ansible }}" - name: "{{ current_network_name }}" - labels: "{{ current_network_labels }}" - ip_range: "{{ shared_service_network }}" - state: present - register: hcloud_result - delegate_to: 127.0.0.1 - become: false - delay: 5 - retries: 30 - until: hcloud_result.hcloud_network is defined - -- name: "Checking present state for subnetwork for <{{ current_network_name }}>" - hcloud_subnetwork: - api_token: "{{ hetzner_authentication_ansible }}" - network: "{{ current_network_name }}" - ip_range: "{{ shared_service_network }}" - network_zone: eu-central - type: cloud - state: present - register: hcloud_result - delegate_to: 127.0.0.1 - become: false - delay: 5 - retries: 30 - until: hcloud_result.hcloud_subnetwork is defined - -- name: "Checking present state for server network <{{ current_network_name }}> on <{{ inventory_hostname }}>" - hcloud_server_network: - api_token: "{{ hetzner_authentication_ansible }}" - network: "{{ current_network_name }}" - server: "{{ inventory_hostname }}" - state: present - register: hcloud_result - delegate_to: 127.0.0.1 - become: false - delay: 5 - retries: 30 - until: hcloud_result.hcloud_server_network is defined - tags: - - update_networks diff --git a/roles/hcloud/tasks/main.yml b/roles/hcloud/tasks/main.yml deleted file mode 100644 index a9f03f1..0000000 --- a/roles/hcloud/tasks/main.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- - -### tags: -### update_dns -### update_networks - -- name: "Checking state of server for <{{ inventory_hostname }}>" - include_role: - name: hcloud - tasks_from: _set_server_state - -- name: "Gathering current server infos from hetzner" - hcloud_server_info: - api_token: "{{ hetzner_authentication_ansible }}" - register: hetzner_server_infos - delegate_to: 127.0.0.1 - become: false - tags: - - update_dns - - update_networks - -- name: "Setting current server infos as fact: hetzner_server_infos_json" - set_fact: - hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}" - delegate_to: 127.0.0.1 - become: false - tags: - - update_dns - - update_networks - -- name: "Reading ip address for {{ inventory_hostname }}" - set_fact: - stage_server_ip: "{{ hetzner_server_infos_json | json_query(querystr) | first }}" - vars: - querystr: "[?name=='{{ inventory_hostname }}'].ipv4_address" - delegate_to: 127.0.0.1 - become: false - tags: - - update_dns - - update_networks - -- name: "Printing ip address for {{ inventory_hostname }}" - debug: - msg: "{{ stage_server_ip }}" - delegate_to: 127.0.0.1 - become: false - tags: - - update_dns - - update_networks - when: - - debug - -- name: "Checking present state for networks: {{ hetzner_networks }}" - include_tasks: configure-network.yml - vars: - current_network_name: '{{ current_network.name }}' - current_network_labels: 'stage={{ stage }}' - current_server_label_selector: '{{ current_network.label_selector }}' - loop: "{{ hetzner_networks }}" - loop_control: - loop_var: current_network - tags: - - update_networks - -- name: "Checking present state of dns for {{ inventory_hostname }}" - include_role: - name: dns - vars: - record_data: "{{ stage_server_ip }}" - record_name: "{{ inventory_hostname }}" - tags: - - update_dns - -# needed due to some weird hetzner behaviour that some servers need more time to be well provisioned -- name: "Wait for {{ inventory_hostname }}" - delegate_to: localhost - wait_for: - timeout: 180 - port: 22 - host: '{{ stage_server_ip }}' - search_regex: OpenSSH diff --git a/roles/hcloud/vars/main.yml b/roles/hcloud/vars/main.yml deleted file mode 100644 index ed97d53..0000000 --- a/roles/hcloud/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index 9a9be29..885031e 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -6,7 +6,7 @@ - name: "Setup DNS configuration for {{ inventory_hostname }}" include_role: - name: dns + name: hetzner-ansible-dns vars: record_data: "{{ stage_server_ip }}" record_name: "{{ inventory_hostname }}" diff --git a/roles/keycloak_compact/tasks/main.yml b/roles/keycloak_compact/tasks/main.yml index a3a5ce5..0641213 100644 --- a/roles/keycloak_compact/tasks/main.yml +++ b/roles/keycloak_compact/tasks/main.yml @@ -5,14 +5,14 @@ - name: "Setup DNS configuration for <{{ keycloak_id }}> to <{{ stage_server_ip }}>" include_role: - name: dns + name: hetzner-ansible-dns vars: record_data: "{{ stage_server_ip }}" record_name: "{{ keycloak_id }}" - name: "Setup DNS configuration for <{{ keycloak_external_subdomain }}> to <{{ stage_server_ip }}>" include_role: - name: dns + name: hetzner-ansible-dns vars: record_data: "{{ stage_server_ip }}" record_name: "{{ keycloak_external_subdomain }}" diff --git a/roles/kibana/tasks/main.yaml b/roles/kibana/tasks/main.yaml index 4963ec4..3d3f716 100644 --- a/roles/kibana/tasks/main.yaml +++ b/roles/kibana/tasks/main.yaml @@ -7,7 +7,7 @@ - name: "Setup DNS configuration for {{ kibana_id }}" include_role: - name: dns + name: hetzner-ansible-dns vars: record_data: "{{ stage_server_ip }}" record_name: "{{ kibana_id }}" diff --git a/roles/pgadmin4/tasks/main.yml b/roles/pgadmin4/tasks/main.yml index 43ce0c3..014081c 100644 --- a/roles/pgadmin4/tasks/main.yml +++ b/roles/pgadmin4/tasks/main.yml @@ -6,7 +6,7 @@ - name: "Setup DNS configuration for {{ inventory_hostname }} pgadmin4" include_role: - name: dns + name: hetzner-ansible-dns vars: record_data: "{{ stage_server_ip }}" record_name: "{{ inventory_hostname }}-pgadmin4" diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index c163adf..ecd8dba 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -17,7 +17,7 @@ - name: "Setup DNS configuration for <{{ inventory_hostname }}>" include_role: - name: dns + name: hetzner-ansible-dns vars: record_data: "{{ stage_server_ip }}" record_name: "{{ item }}" diff --git a/roles/shared_service/tasks/main.yml b/roles/shared_service/tasks/main.yml index cc548b2..5cb295a 100644 --- a/roles/shared_service/tasks/main.yml +++ b/roles/shared_service/tasks/main.yml @@ -16,14 +16,14 @@ - name: "Updating DNS for <{{ current_dns_entry }}> to <{{ current_server_ip }}>" include_role: - name: dns + name: hetzner-ansible-dns vars: record_data: "{{ current_server_ip }}" record_name: "{{ current_dns_entry }}" - name: "Updating public DNS for <{{ current_host }}>" include_role: - name: dns + name: hetzner-ansible-dns vars: record_data: "{{ item.ip }}" record_name: "{{ item.name }}" diff --git a/stage-dev b/stage-dev index 30471e6..fad65ee 100644 --- a/stage-dev +++ b/stage-dev @@ -59,6 +59,9 @@ dev-devops-iaas-01 [webdav] #dev-webdav-01 +[test] +dev-test-roles-01 + [kube_control_plane] devnso-kube-cpl-01 devnso-kube-cpl-02 @@ -101,6 +104,7 @@ prometheus redis ubuntu_docker webdav +test [all:children] stage_dev diff --git a/update-ssh-config-file.yml b/update-ssh-config-file.yml index 7b76a9c..ff5a715 100644 --- a/update-ssh-config-file.yml +++ b/update-ssh-config-file.yml @@ -40,7 +40,7 @@ pre_tasks: - name: "Reading current server groups from hetzner" include_role: - name: hcloud + name: hetzner-ansible-hcloud tasks_from: _read_server_infos with_items: [ {