Dev-997: provisioning galaxy role

3 years ago · 969b4bb54e
parent bbc57dbac5
commit 969b4bb54e
34 changed files with 67 additions and 593 deletions
--- a/README.md
+++ b/README.md
@ -6,7 +6,7 @@
 ## Install needed ansible collections / roles
-    ansible-galaxy install -r galaxy-requirements.yml
+    ansible-galaxy install -r galaxy-requirements.yml -f
 # Setup
 Create/Start servers for stage-dev
--- a/create-server.yml
+++ b/create-server.yml
@ -89,7 +89,7 @@
        - update_networks
  roles:
-    - role: hcloud
+    - role: hetzner-ansible-hcloud
 #############################################################
 #   Provisioning servers for created inventory
--- a/dump-hcloud-ips.yml
+++ b/dump-hcloud-ips.yml
@ -46,7 +46,7 @@
  pre_tasks:
    - name: "Reading current server groups from hetzner"
      include_role:
-        name: hcloud
+        name: hetzner-ansible-hcloud
        tasks_from: _read_server_infos
      with_items: [
        {
@ -59,7 +59,7 @@
    - name: "Reading info about current loadbalancers from hetzner"
      include_role:
-        name: hcloud
+        name: hetzner-ansible-hcloud
        tasks_from: _read_load_balancer_infos
      with_items: [
        {
--- a/evil-remove-server.yml
+++ b/evil-remove-server.yml
@ -35,13 +35,13 @@
    - block:
      - name: "Delete server <{{ inventory_hostname }}>"
        include_role:
-          name: hcloud
+          name: hetzner-ansible-hcloud
          tasks_from: _set_server_state
        vars: 
          - server_state: "absent"
      - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
        include_role:
-          name: dns
+          name: hetzner-ansible-dns
          tasks_from: _remove_dns
        vars:
          record_to_remove: '{{ inventory_hostname }}'
--- a/galaxy-requirements.yml
+++ b/galaxy-requirements.yml
@ -10,6 +10,13 @@ roles:
  version: v3.6.2
  src: https://github.com/Oefenweb/ansible-postfix.git
  scm: git
 - name: hetzner-ansible-dns
  src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-dns-role.git
  scm: git
 - name: hetzner-ansible-hcloud
  src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-hcloud-role.git
  scm: git
 collections:
 - name: hetzner.hcloud
--- a/hcloud_firewall.yml
+++ b/hcloud_firewall.yml
@ -41,7 +41,7 @@
  tasks:
    - name: "Setup base hcloud firewall rules"
      include_role:
-        name: hcloud
+        name: hetzner-ansible-hcloud
        tasks_from: configure-firewall2
      loop: "{{ hcloud_firewall_objects }}"
      loop_control:
@ -67,7 +67,7 @@
      - name: "Setup hcloud firewalls for AWX stuff..."
        include_role:
-          name: hcloud
+          name: hetzner-ansible-hcloud
          tasks_from: configure-firewall2
        loop: "{{ hcloud_firewall_objects_awx }}"
        loop_control:
@ -75,7 +75,7 @@
      - name: "Setup hcloud firewalls for database backup..."
        include_role:
-          name: hcloud
+          name: hetzner-ansible-hcloud
          tasks_from: configure-firewall2
        loop: "{{ hcloud_firewall_objects_backup }}"
        loop_control:
@ -83,7 +83,7 @@
      - name: "Setup hcloud firewalls for gitea..."
        include_role:
-          name: hcloud
+          name: hetzner-ansible-hcloud
          tasks_from: configure-firewall2
        loop: "{{ hcloud_firewall_objects_gitea }}"
        loop_control:
@ -91,7 +91,7 @@
      - name: "Setup hcloud firewalls for keycloak..."
        include_role:
-          name: hcloud
+          name: hetzner-ansible-hcloud
          tasks_from: configure-firewall2
        loop: "{{ hcloud_firewall_objects_keycloak }}"
        loop_control:
@ -99,7 +99,7 @@
      - name: "Setup hcloud firewalls for kibana..."
        include_role:
-          name: hcloud
+          name: hetzner-ansible-hcloud
          tasks_from: configure-firewall2
        loop: "{{ hcloud_firewall_objects_kibana }}"
        loop_control:
@ -107,7 +107,7 @@
      - name: "Setup hcloud firewalls for management..."
        include_role:
-          name: hcloud
+          name: hetzner-ansible-hcloud
          tasks_from: configure-firewall2
        loop: "{{ hcloud_firewall_objects_management }}"
        loop_control:
--- a/provisioning.yml
+++ b/provisioning.yml
@ -51,9 +51,18 @@
        - update_networks
  roles:
-    - role: hcloud
+    - role: hetzner-ansible-hcloud
      when:
        - "'hcloud' in group_names"
    - role: hetzner-ansible-dns
      vars:
        record_data: "{{ stage_server_ip }}"
        record_name: "{{ inventory_hostname }}"
      when:
        - "'hcloud' in group_names"
      tags:
        - update_dns
    - role: hetzner_state
      vars:
--- a/remove-server.yml
+++ b/remove-server.yml
@ -65,14 +65,14 @@
  tasks:
    - name: "Delete server <{{ inventory_hostname }}>"
      include_role:
-        name: hcloud
+        name: hetzner-ansible-hcloud
        tasks_from: _set_server_state
      vars: 
        - server_state: "absent"
    - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
      include_role:
-        name: dns
+        name: hetzner-ansible-dns
        tasks_from: _remove_dns
      vars:
        record_to_remove: '{{ inventory_hostname }}'
--- a/remove-service.yml
+++ b/remove-service.yml
@ -62,7 +62,7 @@
  tasks:
    - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
      include_role:
-        name: dns
+        name: hetzner-ansible-dns
        tasks_from: _remove_dns
      vars:
        record_to_remove: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01-connect'
@ -70,7 +70,7 @@
    - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
      include_role:
-        name: dns
+        name: hetzner-ansible-dns
        tasks_from: _remove_dns
      vars:
        record_to_remove: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01-wordpress'
--- a/restore-remote-database-backup.yml
+++ b/restore-remote-database-backup.yml
@ -66,10 +66,17 @@
  remote_user: root
  roles:
-    - role: hcloud
+    - role: hetzner-ansible-hcloud
      vars:
        sma_digitalocean_ttl: 60 # set it to 60sec to reduce DNS caching problems with internal IT in case of debugging ansible problems ;)
    - role: hetzner-ansible-dns
      vars:
        record_data: "{{ stage_server_ip }}"
        record_name: "{{ inventory_hostname }}"
      tags:
        - update_dns
 #############################################################
 #   Provisioning server(s) for created inventory
 #############################################################
@ -129,7 +136,7 @@
  tasks:
    - name: "Add hcloud firewall rule(s)"
      include_role:
-        name: hcloud
+        name: hetzner-ansible-hcloud
        tasks_from: configure-firewall2
      loop: "{{ hcloud_firewall_objects_backup }}"
      loop_control:
@ -235,14 +242,14 @@
  tasks:
    - name: "Delete server <{{ inventory_hostname }}>"
      include_role:
-        name: hcloud
+        name: hetzner-ansible-hcloud
        tasks_from: _set_server_state
      vars:
        - server_state: "absent"
    - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
      include_role:
-        name: dns
+        name: hetzner-ansible-dns
        tasks_from: _remove_dns
      vars:
        record_to_remove: '{{ inventory_hostname }}'
--- a/roles/connect/tasks/main.yml
+++ b/roles/connect/tasks/main.yml
@ -7,7 +7,7 @@
 - name: "Setup hcloud firewalls for <{{ inventory_hostname }}>"
  include_role:
-    name: hcloud
+    name: hetzner-ansible-hcloud
    tasks_from: configure-firewall2
  loop: "{{ server_hcloud_firewall_objects }}"
  loop_control:
@ -17,7 +17,7 @@
 - name: "Setup DNS configuration for <{{ connect_external_subdomain }}> to <{{ stage_server_ip }}>"
  include_role:
-    name: dns
+    name: hetzner-ansible-dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ connect_external_subdomain }}"
@ -26,7 +26,7 @@
 - name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>"
  include_role:
-    name: dns
+    name: hetzner-ansible-dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ connect_id }}"
--- a/roles/connect_compact/tasks/main.yml
+++ b/roles/connect_compact/tasks/main.yml
@ -2,14 +2,14 @@
 - name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>"
  include_role:
-    name: dns
+    name: hetzner-ansible-dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ connect_id }}"
 - name: "Setup DNS configuration for <{{ connect_external_subdomain }}> to <{{ stage_server_ip }}>"
  include_role:
-    name: dns
+    name: hetzner-ansible-dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ connect_external_subdomain }}"
@ -17,7 +17,7 @@
 - name: "Setup DNS configuration for <{{ kibana_id }}> to <{{ stage_server_ip }}>"
  include_role:
-    name: dns
+    name: hetzner-ansible-dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ kibana_id }}"
--- a/roles/connect_wordpress/tasks/main.yml
+++ b/roles/connect_wordpress/tasks/main.yml
@ -21,7 +21,7 @@
 - name: "Setup DNS configuration for {{ wordpress_id }}"
  include_role:
-    name: dns
+    hetzner-ansible-
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ inventory_hostname }}-wordpress"
--- a/roles/digitalocean/tasks/_create_server.yml
+++ b/roles/digitalocean/tasks/_create_server.yml
@ -62,7 +62,7 @@
  - name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>"
    include_role:
-      name: dns
+      name: hetzner-ansible-dns
    vars:
      record_state: present
      record_data: "{{ stage_server_ip }}"
--- a/roles/dns/tasks/_remove_dns.yml
+++ b/roles/dns/tasks/_remove_dns.yml
@ -1,47 +0,0 @@
 ---
 - name: "Read DNS entry for <{{ record_to_remove }}.{{ domain }}> from digitalocean"
  uri:
    url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records?name={{ record_to_remove }}.{{ domain }}"
    headers:
      accept: application/json
      authorization: "Bearer {{ digitalocean_authentication_token }}"
    return_content: yes
  register: domain_records_response
  delegate_to: 127.0.0.1
  become: false
 - name: "Save DNS entry as variable (fact)"
  set_fact: 
    domain_records_response_json: "{{ domain_records_response.json }}"
  delegate_to: 127.0.0.1
  become: false
 - name: "Parse DNS entry for <{{ record_to_remove }}.{{ domain }}>"
  set_fact:  
    domain_record: "{{ domain_records_response_json.domain_records | json_query(jmesquery) | first | default({'name': '-', 'ip': '-'}) }}"
  vars:
    jmesquery: '[*].{id: id, name: name, ip: data}'
  delegate_to: 127.0.0.1
  become: false
 - name: "Print DNS entry for <{{ record_to_remove }}.{{ domain }}>"
  debug:
    msg: "{{ domain_record }}"
  delegate_to: 127.0.0.1
  become: false
 - name: "Delete DNS entry <{{ record_to_remove }}> for <{{ domain }}>"
  uri:
    method: DELETE
    url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records/{{ domain_record.id }}"
    headers:
      authorization: Bearer {{ digitalocean_authentication_token }}
    return_content: yes
    status_code: 204
  changed_when: true
  when:
        domain_record.ip != '-'
    and record_to_remove != domain_record.ip
  delegate_to: 127.0.0.1
  become: false
--- a/roles/dns/tasks/main.yml
+++ b/roles/dns/tasks/main.yml
@ -1,33 +0,0 @@
 ---
 - name: "Create DO DNS entry for <{{ record_name }}.{{ domain }}> to <{{ record_data }}> if necessary"
  community.digitalocean.digital_ocean_domain_record:
    oauth_token: "{{ digitalocean_authentication_token }}"
    state: "{{ record_state | default('present') }}"
    domain: "{{ domain }}"
    type: A
    name: "{{ record_name }}"
    data: "{{ record_data }}"
    ttl: "{{ dns_ttl | default(1800) }}"
  delegate_to: localhost
  become: false
  when:
    - dns == 'digitalocean'
  tags:
    - update_dns
 - name: "Create Hetzner DNS entry for <{{ record_name }}.{{ domain }}> to <{{ record_data }}> if necessary"
  community.dns.hetzner_dns_record:
    hetzner_token: "{{ hetzner_dns_api_key }}"
    state: "{{ record_state | default('present') }}"
    zone: "{{ domain }}"
    type: A
    record: "{{ record_name }}.{{ domain }}"
    ttl: "{{ sma_digitalocean_ttl | default(1800) }}"
    value: "{{ stage_server_ip }}"
  delegate_to: localhost
  become: false
  when:
    - dns == 'hetzner'
  tags:
    - update_dns
--- a/roles/harbor/tasks/install.yml
+++ b/roles/harbor/tasks/install.yml
@ -4,7 +4,7 @@
 - name: "Setup DNS configuration for {{ inventory_hostname }} harbor"
  include_role:
-    name: dns
+    name: hetzner-ansible-dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ inventory_hostname }}"
--- a/roles/hcloud/defaults/main.yml
+++ b/roles/hcloud/defaults/main.yml
@ -1,9 +0,0 @@
 ---
 server_state: "present"
 max_retries: 15
 retry_delay: 60
 hetzner_networks:
  - name: "{{ stage }}"
    label_selector: "stage={{ stage }}"
--- a/roles/hcloud/tasks/_read_load_balancer_infos.yml
+++ b/roles/hcloud/tasks/_read_load_balancer_infos.yml
@ -1,31 +0,0 @@
 ---
 - name: "Gathering current load_balancer infos from hetzner"
  hetzner.hcloud.hcloud_load_balancer_info:
    api_token: "{{ hetzner_authentication_ansible }}"
    #label_selector: "{{ current_load_balancer_group.label_selector }}"
  register: current_load_balancer_infos
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_config
 - name: "Setting loadbalancer group as fact: load_balancer_group_infos_{{ current_load_balancer_group.name }}"
  set_fact:
    load_balancer_group_infos_{{ current_load_balancer_group.name }}: "{{ current_load_balancer_infos.hcloud_load_balancer_info | json_query(querystr) }}" # noqa var-naming
  vars:
    querystr: "[*].{id: id, name: name, ip: ipv4_address}"
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_config
 - name: "Printing load_balancer infos {{ current_load_balancer_infos }}"
  debug:
    msg: "{{ current_load_balancer_infos }}"
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_config
  when:
   - debug
--- a/roles/hcloud/tasks/_read_server_infos.yml
+++ b/roles/hcloud/tasks/_read_server_infos.yml
@ -1,31 +0,0 @@
 ---
 - name: "Gathering current server infos for group {{ current_server_group.name }} from hetzner"
  hcloud_server_info:
    api_token: "{{ hetzner_authentication_ansible }}"
    label_selector: "{{ current_server_group.label_selector }}"
  register: current_server_infos
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_config
 - name: "Setting server group as fact: server_group_infos_{{ current_server_group.name }}"
  set_fact:
    server_group_infos_{{ current_server_group.name }}: "{{ current_server_infos.hcloud_server_info | json_query(querystr) }}" # noqa var-naming
  vars:
    querystr: "[*].{id: id, name: name, ip: ipv4_address}"
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_config
 - name: "Printing server group {{ current_server_group.name }}"
  debug:
    msg: "{{ lookup('vars', 'server_group_infos_' + current_server_group.name) }}"
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_config
  when:
   - debug
--- a/roles/hcloud/tasks/_read_server_names.yml
+++ b/roles/hcloud/tasks/_read_server_names.yml
@ -1,31 +0,0 @@
 ---
 - name: "Gathering current server infos for group {{ current_server_group.name }} from hetzner"
  hcloud_server_info:
    api_token: "{{ hetzner_authentication_ansible }}"
    label_selector: "{{ current_server_group.label_selector }}"
  register: current_server_infos
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_config
 - name: "Setting server group as fact: server_group_names_{{ current_server_group.name }}"
  set_fact:
    server_group_names_{{ current_server_group.name }}: "{{ current_server_infos.hcloud_server_info | json_query(querystr) }}" # noqa var-naming
  vars:
    querystr: "[*].name"
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_config
 - name: "Printing server group {{ current_server_group.name }}"
  debug:
    msg: "{{ lookup('vars', 'server_group_names_' + current_server_group.name) }}"
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_config
  when:
   - debug
--- a/roles/hcloud/tasks/_set_server_state.yml
+++ b/roles/hcloud/tasks/_set_server_state.yml
@ -1,61 +0,0 @@
 ---
 - name: "Block to handle hetzner server state in case of problems"
  block:
  - name: "Increment the retry count"
    set_fact:
      retry_count: "{{ retry_count | default(0) | int + 1 }}"
  - name: "Checking state for server <{{ inventory_hostname }}> is <{{ server_state }}>"
    hetzner.hcloud.hcloud_server:
      api_token: "{{ hetzner_authentication_ansible }}"
      name: "{{ inventory_hostname }}"
      server_type: "{{ hetzner_server_type }}"
      image: "{{ hetzner_server_image }}"
      ssh_keys: "{{ hetzner_ssh_keys }}"
      labels: "{{ hetzner_server_labels }}"
      location: nbg1
      state: "{{ server_state }}"
    delegate_to: 127.0.0.1
    become: false
    async: 300
    poll: 5
    register: hcloud_response
    ignore_errors: yes
  - name: "Block - DEBUG: hcloud_response"
    debug:
      msg: '{{ hcloud_response.msg }}'
    when:
      - hcloud_response.msg is defined
  - name: "Ensure Server is STARTED when server_state=present"
    hetzner.hcloud.hcloud_server:
      api_token: "{{ hetzner_authentication_ansible }}"
      name: "{{ inventory_hostname }}"
      state: "started"
    delegate_to: 127.0.0.1
    become: false
    async: 150
    poll: 15
    register: hcloud_response
    when:
      - server_state == 'present'
  rescue:
    - name: "RESCUE - fail: Maximum retries reached"
      fail:
        msg: "max_retries of {{ max_retries }} reached. Plz check."
      when: retry_count | int == max_retries | int
    - name: "RESCUE-fail DEBUG: hcloud_response"
      debug:
        msg: '{{ hcloud_response.msg }}'
    - name: "RESCUE: wait_for {{ retry_delay }} sec. between retries"
      wait_for:
        timeout: "{{ retry_delay }}"
      delegate_to: localhost
      become: false
    - name: "Include _set_server one time again => increase retry_count"
      include_tasks: _set_server_state.yml
--- a/roles/hcloud/tasks/configure-firewall2.yml
+++ b/roles/hcloud/tasks/configure-firewall2.yml
@ -1,183 +0,0 @@
 ---
 - name: "Get all existing firewalls"
  uri:
    method: GET
    url: "https://api.hetzner.cloud/v1/firewalls?per_page=1000"
    body_format: json
    headers:
      accept: application/json
      authorization: Bearer {{ hetzner_authentication_ansible }}
    status_code: [200]
  register: hcloud_firewalls_all
  delegate_to: 127.0.0.1
  become: false
 - name: "Setting hetzner firewall pagination count: <{{ hcloud_firewalls_all.json.meta.pagination.last_page }}>"
  set_fact:
    total_server_pages: "{{ hcloud_firewalls_all.json.meta.pagination.last_page }}"
  become: false
  tags:
    - always
 - name: "BLOCK << WITHOUT >> pagination"
  block:
    - name: "Get firewall object from list"
      set_fact:
        lookup_fw_obj: "{{ hcloud_firewalls_all.json.firewalls | community.general.json_query(jsonquery_find_firewall_name) }}"
      vars:
        jsonquery_find_firewall_name: "[?name=='{{ firewall_object.name }}']"
  when:
    - total_server_pages == '1'
 - name: "<< WITH >> pagination"
  block:
    - name: "Get all existing firewalls"
      uri:
        method: GET
        url: "https://api.hetzner.cloud/v1/firewalls?page={{ item }}"
        body_format: json
        headers:
          accept: application/json
          authorization: Bearer {{ hetzner_authentication_ansible }}
        status_code: [200]
      register: hcloud_firewalls_all
      delegate_to: 127.0.0.1
      become: false
    - name: "Get firewall object from list"
      set_fact:
        lookup_fw_obj: "{{ hcloud_firewalls_all.json.results | community.general.json_query(querystr1) | first | community.general.json_query(querystr2) | community.general.json_query(querystr2) }}"
      vars:
        querystr1: "[[*].json.firewalls]"
        querystr2: "[?name=='{{ firewall_object.name }}']"
  when:
    - total_server_pages != '1'
 - name: "Create firewall rule for <<{{ firewall_object.name }}>>"
  uri:
    method: POST
    url: "https://api.hetzner.cloud/v1/firewalls"
    body_format: json
    headers:
      Content-Type: application/json
      authorization: Bearer {{ hetzner_authentication_ansible }}
    body: "{{ firewall_object | to_json }}"
    return_content: yes
    status_code: [201]
  delegate_to: 127.0.0.1
  become: false
  when:
    - firewall_object.state == 'present'
    - lookup_fw_obj | length == 0
 - name: "Update firewall rule for <<{{ firewall_object.name }}>>"
  block:
    - name: "Step_1: update FW rule <<{{ firewall_object.name }}>>"
      uri:
        method: PUT
        url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}"
        body_format: json
        headers:
          Content-Type: application/json
          authorization: Bearer {{ hetzner_authentication_ansible }}
        body: "{{ firewall_object | to_json }}"
        return_content: yes
        status_code: [200]
      register: fw_update_step1
      delegate_to: 127.0.0.1
      become: false
    - name: "Setting VAR"
      set_fact:
        rules_obj:
          rules: "{{ firewall_object.rules }}"
        applyto_obj:
          apply_to: "{{ firewall_object.apply_to }}"
    - name: "Step_2: update FW rule - update rules"
      uri:
        method: POST
        url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}/actions/set_rules"
        body_format: json
        headers:
          Content-Type: application/json
          authorization: Bearer {{ hetzner_authentication_ansible }}
        body: "{{ rules_obj | to_json }}"
        return_content: yes
        status_code: [201]
      register: fw_update_step2
      delegate_to: 127.0.0.1
      become: false
    - name: "Step_3: update FW rule - apply-to-resources"
      uri:
        method: POST
        url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}/actions/apply_to_resources"
        body_format: json
        headers:
          Content-Type: application/json
          authorization: Bearer {{ hetzner_authentication_ansible }}
        body: "{{ applyto_obj | to_json }}"
        return_content: yes
        status_code: [201]
      register: fw_update_step2
      delegate_to: 127.0.0.1
      become: false
  rescue:
    - name: "Rescueing FW-apply-to part "
      debug:
        msg: "Everything fine - FW-apply-to part already applied"
      when:
        - fw_update_step2.status in [422]
        - fw_update_step2.json.error.code == 'firewall_already_applied'
  when:
    - firewall_object.state == 'present'
    - lookup_fw_obj | length > 0
 - name: "Delete firewall rule for <<{{ firewall_object.name }}>>"
  block:
    - name: "Create firewall object for deactivation"
      set_fact:
        deactivate_fw_obj:
          remove_from: "{{ firewall_object.apply_to }}"
    - name: "Step_1: Unset usage of firewall rule <<{{ firewall_object.name }}>>"
      uri:
        method: POST
        url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}/actions/remove_from_resources"
        body_format: json
        headers:
          Content-Type: application/json
          authorization: Bearer {{ hetzner_authentication_ansible }}
        body: "{{ deactivate_fw_obj | to_json }}"
        return_content: yes
        status_code: [201]
      delegate_to: 127.0.0.1
      become: false
    - name: "Step_2: Delete firewall rule for <<{{ firewall_object.name }}>>"
      uri:
        method: DELETE
        url: "https://api.hetzner.cloud/v1/firewalls/{{ lookup_fw_obj.0.id }}"
        body_format: json
        headers:
          Content-Type: application/json
          authorization: Bearer {{ hetzner_authentication_ansible }}
        return_content: yes
        status_code: [204]
      register: cleanup_firewall
      delegate_to: 127.0.0.1
      become: false
      until: cleanup_firewall.status in [204]
      retries: 15
      delay: 10
  when:
    - firewall_object.state == 'absent'
    - lookup_fw_obj | length > 0
--- a/roles/hcloud/tasks/configure-network.yml
+++ b/roles/hcloud/tasks/configure-network.yml
@ -1,45 +0,0 @@
 ---
 - name: "Checking present state for network <{{ current_network_name }}>"
  hcloud_network:
    api_token: "{{ hetzner_authentication_ansible }}"
    name: "{{ current_network_name }}"
    labels: "{{ current_network_labels }}"
    ip_range: "{{ shared_service_network }}"
    state: present
  register: hcloud_result
  delegate_to: 127.0.0.1
  become: false
  delay: 5
  retries: 30
  until: hcloud_result.hcloud_network is defined
 - name: "Checking present state for subnetwork for <{{ current_network_name }}>"
  hcloud_subnetwork:
    api_token: "{{ hetzner_authentication_ansible }}"
    network: "{{ current_network_name }}"
    ip_range: "{{ shared_service_network }}"
    network_zone: eu-central
    type: cloud
    state: present
  register: hcloud_result
  delegate_to: 127.0.0.1
  become: false
  delay: 5
  retries: 30
  until: hcloud_result.hcloud_subnetwork is defined
 - name: "Checking present state for server network <{{ current_network_name }}> on <{{ inventory_hostname }}>"
  hcloud_server_network:
    api_token: "{{ hetzner_authentication_ansible }}"
    network: "{{ current_network_name }}"
    server: "{{ inventory_hostname }}"
    state: present
  register: hcloud_result
  delegate_to: 127.0.0.1
  become: false
  delay: 5
  retries: 30
  until: hcloud_result.hcloud_server_network is defined
  tags:
    - update_networks
--- a/roles/hcloud/tasks/main.yml
+++ b/roles/hcloud/tasks/main.yml
@ -1,81 +0,0 @@
 ---
 ### tags:
 ###   update_dns
 ###   update_networks
 - name: "Checking state of server for <{{ inventory_hostname }}>"
  include_role:
    name: hcloud
    tasks_from: _set_server_state
 - name: "Gathering current server infos from hetzner"
  hcloud_server_info:
    api_token: "{{ hetzner_authentication_ansible }}"
  register: hetzner_server_infos
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_dns
    - update_networks
 - name: "Setting current server infos as fact: hetzner_server_infos_json"
  set_fact: 
    hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}"
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_dns
    - update_networks
 - name: "Reading ip address for {{ inventory_hostname }}"
  set_fact:
    stage_server_ip: "{{ hetzner_server_infos_json | json_query(querystr) | first }}"
  vars:
    querystr: "[?name=='{{ inventory_hostname }}'].ipv4_address"
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_dns
    - update_networks
 - name: "Printing ip address for {{ inventory_hostname }}"
  debug:
    msg: "{{ stage_server_ip }}"
  delegate_to: 127.0.0.1
  become: false
  tags:
    - update_dns
    - update_networks
  when:
   - debug
 - name: "Checking present state for networks: {{ hetzner_networks }}"
  include_tasks: configure-network.yml
  vars:
    current_network_name: '{{ current_network.name }}'
    current_network_labels: 'stage={{ stage }}'
    current_server_label_selector: '{{ current_network.label_selector }}'
  loop: "{{ hetzner_networks }}"
  loop_control:
    loop_var: current_network
  tags:
    - update_networks
 - name: "Checking present state of dns for {{ inventory_hostname }}"
  include_role:
    name: dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ inventory_hostname }}"
  tags:
    - update_dns
 # needed due to some weird hetzner behaviour that some servers need more time to be well provisioned
 - name: "Wait for {{ inventory_hostname }}"
  delegate_to: localhost
  wait_for:
    timeout: 180
    port: 22
    host: '{{ stage_server_ip }}'
    search_regex: OpenSSH
--- a/roles/hcloud/vars/main.yml
+++ b/roles/hcloud/vars/main.yml
@ -1 +0,0 @@
 ---
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@ -6,7 +6,7 @@
 - name: "Setup DNS configuration for {{ inventory_hostname }}"
  include_role:
-    name: dns
+    name: hetzner-ansible-dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ inventory_hostname }}"
--- a/roles/keycloak_compact/tasks/main.yml
+++ b/roles/keycloak_compact/tasks/main.yml
@ -5,14 +5,14 @@
 - name: "Setup DNS configuration for <{{ keycloak_id }}> to <{{ stage_server_ip }}>"
  include_role:
-    name: dns
+    name: hetzner-ansible-dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ keycloak_id }}"
 - name: "Setup DNS configuration for <{{ keycloak_external_subdomain }}> to <{{ stage_server_ip }}>"
  include_role:
-    name: dns
+    name: hetzner-ansible-dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ keycloak_external_subdomain }}"
--- a/roles/kibana/tasks/main.yaml
+++ b/roles/kibana/tasks/main.yaml
@ -7,7 +7,7 @@
 - name: "Setup DNS configuration for {{ kibana_id }}"
  include_role:
-    name: dns
+    name: hetzner-ansible-dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ kibana_id }}"
--- a/roles/pgadmin4/tasks/main.yml
+++ b/roles/pgadmin4/tasks/main.yml
@ -6,7 +6,7 @@
 - name: "Setup DNS configuration for {{ inventory_hostname }} pgadmin4"
  include_role:
-    name: dns
+    name: hetzner-ansible-dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ inventory_hostname }}-pgadmin4"
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@ -17,7 +17,7 @@
 - name: "Setup DNS configuration for <{{ inventory_hostname }}>"
  include_role:
-    name: dns
+    name: hetzner-ansible-dns
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ item }}"
--- a/roles/shared_service/tasks/main.yml
+++ b/roles/shared_service/tasks/main.yml
@ -16,14 +16,14 @@
 - name: "Updating DNS for <{{ current_dns_entry }}> to <{{ current_server_ip }}>"
  include_role:
-    name: dns
+    name: hetzner-ansible-dns
  vars:
    record_data: "{{ current_server_ip }}"
    record_name: "{{ current_dns_entry }}"
 - name: "Updating public DNS for <{{ current_host }}>"
  include_role:
-    name: dns
+    name: hetzner-ansible-dns
  vars:
    record_data: "{{ item.ip }}"
    record_name: "{{ item.name }}"
--- a/4
+++ b/4
@ -59,6 +59,9 @@ dev-devops-iaas-01
 [webdav]
 #dev-webdav-01
 [test]
 dev-test-roles-01
 [kube_control_plane]
 devnso-kube-cpl-01
 devnso-kube-cpl-02
@ -101,6 +104,7 @@ prometheus
 redis
 ubuntu_docker
 webdav
 test
 [all:children]
 stage_dev
--- a/update-ssh-config-file.yml
+++ b/update-ssh-config-file.yml
@ -40,7 +40,7 @@
  pre_tasks:
    - name: "Reading current server groups from hetzner"
      include_role:
-        name: hcloud
+        name: hetzner-ansible-hcloud
        tasks_from: _read_server_infos
      with_items: [
        {