gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Revert "DEV-647 added hetzner domain smardigo.dev"

Browse Source
feature/DEV-655
Görz, Friedrich 3 years ago
parent 7cdc602534
commit a9c0e86f36
32 changed files with 734 additions and 731 deletions
Show Stats Download Patch File Download Diff File

2
evil-remove-server.yml
Unescape Escape View File

@ -42,7 +42,7 @@
- server_state: "absent"
- name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
include_role:
name: dns
name: sma_digitalocean
tasks_from: _remove_dns
vars:
record_to_remove: '{{ inventory_hostname }}'

8
group_vars/all/dns.yml
Unescape Escape View File

@ -1,8 +0,0 @@
---
dns: digitalocean
domain: "smardigo.digital"
traefik_letsencrypt_provider: "digitalocean"
hetzner_dns_api_key: '{{ hetzner_dns_api_key_vault }}'
digitalocean_authentication_token: '{{ digitalocean_authentication_token_vault }}'

2
group_vars/all/plain.yml
Unescape Escape View File

@ -47,11 +47,11 @@ common_apt_dependencies:
common_pip_dependencies:
- docker-compose
- requests
- passlib
use_ssl: true
http_s: "http{{ use_ssl | ternary('s', '', omit) }}"
domain: "smardigo.digital"
stage_server_domain: "{{ inventory_hostname }}.{{ domain }}"
stage_server_url: "{{ http_s }}://{{ stage_server_domain }}"

45
group_vars/stage_dev/plain.yml
Unescape Escape View File

@ -147,30 +147,27 @@ shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03"
shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01"
shared_service_elastic_stack_kibana_01_hostname: "{{ stage }}-elastic-stack-kibana-01"
# TODO use {{ domain }} agai when moved to smardigo.dev
kube_master_01_hostname: "{{ stage }}-kube-master-01.smardigo.digital"
kube_master_02_hostname: "{{ stage }}-kube-master-02.smardigo.digital"
kube_master_03_hostname: "{{ stage }}-kube-master-03.smardigo.digital"
kube_node_01_hostname: "{{ stage }}-kube-node-01.smardigo.digital"
kube_node_02_hostname: "{{ stage }}-kube-node-02.smardigo.digital"
kube_node_03_hostname: "{{ stage }}-kube-node-03.smardigo.digital"
# TODO use {{ domain }} agai when moved to smardigo.dev
shared_service_iam_hostname: "{{ stage }}-iam-01.smardigo.digital"
shared_service_mail_hostname: "{{ stage }}-mail-01.smardigo.digital"
shared_service_gitea_hostname: "{{ stage }}-gitea-01.smardigo.digital"
shared_service_redis_hostname: "{{ stage }}-redis-01.smardigo.digital"
shared_service_kube_argocd_hostname: "{{ stage }}-kube-argocd.smardigo.digital"
shared_service_kube_awx_hostname: "{{ stage }}-kube-awx.smardigo.digital"
shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.smardigo.digital"
shared_service_kube_jaeger_collector_hostname: "{{ stage }}-kube-jaeger-collector.smardigo.digital"
shared_service_pdns_hostname: "{{ stage }}-pdns-01.smardigo.digital"
shared_service_webdav_hostname: "{{ stage }}-webdav-01.smardigo.digital"
shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.smardigo.digital"
shared_service_harbor_hostname: "{{ stage }}-harbor-01.smardigo.digital"
# TODO use {{ domain }} agai when moved to smardigo.dev
management_service_connect_hostname: "{{ stage }}-management-01-connect.smardigo.digital"
kube_master_01_hostname: "{{ stage }}-kube-master-01.{{ domain }}"
kube_master_02_hostname: "{{ stage }}-kube-master-02.{{ domain }}"
kube_master_03_hostname: "{{ stage }}-kube-master-03.{{ domain }}"
kube_node_01_hostname: "{{ stage }}-kube-node-01.{{ domain }}"
kube_node_02_hostname: "{{ stage }}-kube-node-02.{{ domain }}"
kube_node_03_hostname: "{{ stage }}-kube-node-03.{{ domain }}"
shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain }}"
shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain }}"
shared_service_gitea_hostname: "{{ stage }}-gitea-01.{{ domain }}"
shared_service_redis_hostname: "{{ stage }}-redis-01.{{ domain }}"
shared_service_kube_argocd_hostname: "{{ stage }}-kube-argocd.{{ domain }}"
shared_service_kube_awx_hostname: "{{ stage }}-kube-awx.{{ domain }}"
shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain }}"
shared_service_kube_jaeger_collector_hostname: "{{ stage }}-kube-jaeger-collector.{{ domain }}"
shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain }}"
shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}"
shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}"
shared_service_harbor_hostname: "{{ stage }}-harbor-01.{{ domain }}"
management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}"
keycloak_server_url: "https://{{ shared_service_keycloak_hostname }}"

1148
group_vars/stage_dev/vault.yml
View File

File diff suppressed because it is too large Load Diff

8
group_vars/ubuntu_docker/plain.yml
Unescape Escape View File

@ -1,8 +0,0 @@
---
dns: hetzner
domain: "smardigo.dev"
traefik_letsencrypt_provider: "hetzner"
hetzner_server_type: cpx21
hetzner_server_labels: "stage={{ stage }} service=ubuntu_docker"

3
provisioning.yml
Unescape Escape View File

@ -61,11 +61,10 @@
hetzner_state: 'started'
when:
- "'hcloud' in group_names"
tasks:
- name: "Create server in DO-cloud via include_tasks"
include_role:
name: digitalocean
name: sma_digitalocean
tasks_from: _create_server
vars:
droplet:

2
remove-server.yml
Unescape Escape View File

@ -73,7 +73,7 @@
- name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
include_role:
name: dns
name: sma_digitalocean
tasks_from: _remove_dns
vars:
record_to_remove: '{{ inventory_hostname }}'

4
remove-service.yml
Unescape Escape View File

@ -63,7 +63,7 @@
tasks:
- name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
include_role:
name: dns
name: sma_digitalocean
tasks_from: _remove_dns
vars:
record_to_remove: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01-connect'
@ -71,7 +71,7 @@
- name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
include_role:
name: dns
name: sma_digitalocean
tasks_from: _remove_dns
vars:
record_to_remove: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01-wordpress'

2
restore-remote-database-backup.yml
Unescape Escape View File

@ -243,7 +243,7 @@
- name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
include_role:
name: dns
name: sma_digitalocean
tasks_from: _remove_dns
vars:
record_to_remove: '{{ inventory_hostname }}'

3
roles/connect/tasks/main.yml
Unescape Escape View File

@ -6,7 +6,8 @@
- name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>"
include_role:
name: dns
name: sma_digitalocean
tasks_from: domain
vars:
record_data: "{{ stage_server_ip }}"
record_name: "{{ connect_id }}"

6
roles/connect_compact/tasks/main.yml
Unescape Escape View File

@ -2,14 +2,16 @@
- name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>"
include_role:
name: dns
name: sma_digitalocean
tasks_from: domain
vars:
record_data: "{{ stage_server_ip }}"
record_name: "{{ connect_id }}"
- name: "Setup DNS configuration for <{{ connect_external_domain }}> to <{{ stage_server_ip }}>"
include_role:
name: dns
name: sma_digitalocean
tasks_from: domain
vars:
record_data: "{{ stage_server_ip }}"
record_name: "{{ connect_external_domain }}"

3
roles/connect_wordpress/tasks/main.yml
Unescape Escape View File

@ -21,7 +21,8 @@
- name: "Setup DNS configuration for {{ wordpress_id }}"
include_role:
name: dns
name: sma_digitalocean
tasks_from: domain
vars:
record_data: "{{ stage_server_ip }}"
record_name: "{{ inventory_hostname }}-wordpress"

33
roles/dns/tasks/main.yml
Unescape Escape View File

@ -1,33 +0,0 @@
---
- name: "Create DO DNS entry for <{{ record_name }}.{{ domain }}> to <{{ record_data }}> if necessary"
community.digitalocean.digital_ocean_domain_record:
oauth_token: "{{ digitalocean_authentication_token }}"
state: "{{ record_state | default('present') }}"
domain: "{{ domain }}"
type: A
name: "{{ record_name }}"
data: "{{ record_data }}"
ttl: "{{ dns_ttl | default(1800) }}"
delegate_to: localhost
become: false
when:
- dns == 'digitalocean'
tags:
- update_dns
- name: "Create Hetzner DNS entry for <{{ record_name }}.{{ domain }}> to <{{ record_data }}> if necessary"
community.dns.hetzner_dns_record:
hetzner_token: "{{ hetzner_dns_api_key }}"
state: "{{ record_state | default('present') }}"
zone: "{{ domain }}"
type: A
record: "{{ record_name }}.{{ domain }}"
ttl: "{{ sma_digitalocean_ttl | default(1800) }}"
value: "{{ stage_server_ip }}"
delegate_to: localhost
become: false
when:
- dns == 'hetzner'
tags:
- update_dns

3
roles/harbor/tasks/install.yml
Unescape Escape View File

@ -4,7 +4,8 @@
- name: "Setup DNS configuration for {{ inventory_hostname }} harbor"
include_role:
name: dns
name: sma_digitalocean
tasks_from: domain
vars:
record_data: "{{ stage_server_ip }}"
record_name: "{{ inventory_hostname }}"

3
roles/hcloud/tasks/main.yml
Unescape Escape View File

@ -77,7 +77,8 @@
- name: "Checking present state of dns for {{ inventory_hostname }}"
include_role:
name: dns
name: sma_digitalocean
tasks_from: domain
vars:
record_data: "{{ stage_server_ip }}"
record_name: "{{ inventory_hostname }}"

3
roles/keycloak/tasks/main.yml
Unescape Escape View File

@ -6,7 +6,8 @@
- name: "Setup DNS configuration for {{ inventory_hostname }}"
include_role:
name: dns
name: sma_digitalocean
tasks_from: domain
vars:
record_data: "{{ stage_server_ip }}"
record_name: "{{ inventory_hostname }}"

6
roles/keycloak_compact/tasks/main.yml
Unescape Escape View File

@ -5,14 +5,16 @@
- name: "Setup DNS configuration for <{{ keycloak_id }}> to <{{ stage_server_ip }}>"
include_role:
name: dns
name: sma_digitalocean
tasks_from: domain
vars:
record_data: "{{ stage_server_ip }}"
record_name: "{{ keycloak_id }}"
- name: "Setup DNS configuration for <{{ keycloak_external_domain }}> to <{{ stage_server_ip }}>"
include_role:
name: dns
name: sma_digitalocean
tasks_from: domain
vars:
record_data: "{{ stage_server_ip }}"
record_name: "{{ keycloak_external_domain }}"

3
roles/kibana/tasks/main.yaml
Unescape Escape View File

@ -7,7 +7,8 @@
- name: "Setup DNS configuration for {{ kibana_id }}"
include_role:
name: dns
name: sma_digitalocean
tasks_from: domain
vars:
record_data: "{{ stage_server_ip }}"
record_name: "{{ kibana_id }}"

2
roles/kubernetes/prometheus/tasks/_create_auth_secret.yml
Unescape Escape View File

@ -4,7 +4,6 @@
file:
path: "{{ htpasswd_file_path }}"
state: touch
mode: '0600'
- name: "Install latest passlib with pip"
pip: name=passlib
@ -14,7 +13,6 @@
path: "{{ htpasswd_file_path }}"
name: "{{ basic_auth_username }}"
password: "{{ basic_auth_password }}"
mode: '0600'
- name: "Read credentials out of htpasswd file"
ansible.builtin.slurp:

3
roles/pgadmin4/tasks/main.yml
Unescape Escape View File

@ -6,7 +6,8 @@
- name: "Setup DNS configuration for {{ inventory_hostname }} pgadmin4"
include_role:
name: dns
name: sma_digitalocean
tasks_from: domain
vars:
record_data: "{{ stage_server_ip }}"
record_name: "{{ inventory_hostname }}-pgadmin4"

3
roles/prometheus/tasks/main.yml
Unescape Escape View File

@ -17,7 +17,8 @@
- name: "Setup DNS configuration for <{{ inventory_hostname }}>"
include_role:
name: dns
name: sma_digitalocean
tasks_from: domain
vars:
record_data: "{{ stage_server_ip }}"
record_name: "{{ item }}"

6
roles/shared_service/tasks/main.yml
Unescape Escape View File

@ -16,14 +16,16 @@
- name: "Updating DNS for <{{ current_dns_entry }}> to <{{ current_server_ip }}>"
include_role:
name: dns
name: sma_digitalocean
tasks_from: domain
vars:
record_data: "{{ current_server_ip }}"
record_name: "{{ current_dns_entry }}"
- name: "Updating public DNS for <{{ current_host }}>"
include_role:
name: dns
name: sma_digitalocean
tasks_from: domain
vars:
record_data: "{{ item.ip }}"
record_name: "{{ item.name }}"

27
roles/sma_deploy/tasks/htpasswd.yml
Unescape Escape View File

@ -1,27 +0,0 @@
---
- name: "Create empty htpswd file"
ansible.builtin.file:
path: "{{ htpasswd_file_path }}"
state: touch
mode: '0600'
- name: "Add a user and password to empty htpswd file>"
community.general.htpasswd:
path: "{{ htpasswd_file_path }}"
name: "{{ basic_auth_username }}"
password: "{{ basic_auth_password }}"
mode: '0600'
- name: "Read credentials out of htpasswd file"
ansible.builtin.slurp:
src: "{{ htpasswd_file_path }}"
register: "credentials"
- name: "Delete htpasswd file"
ansible.builtin.file:
path: "{{ htpasswd_file_path }}"
state: absent
- name: "Setting htpasswd to <{{ credentials_name }}>" ## noqa var-naming
ansible.builtin.set_fact: "{{ credentials_name }}={{ credentials.content | b64decode | trim | replace('$','$$') }}"

1
roles/sma_digitalocean/defaults/main.yml
Unescape Escape View File

@ -0,0 +1 @@
---

20
roles/digitalocean/tasks/_create_server.yml → roles/sma_digitalocean/tasks/_create_server.yml
Unescape Escape View File

@ -1,5 +1,3 @@
---
- name: "Create ssh key"
delegate_to: localhost
community.digitalocean.digital_ocean_sshkey:
@ -60,10 +58,14 @@
vars:
jsonquery_ipaddress: "droplet.networks.v4[?type=='public'].ip_address"
- name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>"
include_role:
name: dns
vars:
record_state: present
record_data: "{{ stage_server_ip }}"
record_name: "{{ new_droplet.data.droplet.name }}"
# TODO: abolish _digitalocean/tasks/domain.yml
- name: "Create dns record for droplet"
delegate_to: localhost
community.digitalocean.digital_ocean_domain_record:
oauth_token: "{{ digitalocean_authentication_token }}"
state: present
domain: "{{ domain }}"
type: A
name: "{{ new_droplet.data.droplet.name }}"
data: "{{ stage_server_ip }}"
force_update: yes

0
roles/dns/tasks/_remove_dns.yml → roles/sma_digitalocean/tasks/_remove_dns.yml
Unescape Escape View File

81
roles/sma_digitalocean/tasks/domain.yml
Unescape Escape View File

@ -0,0 +1,81 @@
---
- name: "Read DNS entry for {{ record_name }}.{{ domain }} from digitalocean"
uri:
url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records?name={{ record_name }}.{{ domain }}"
headers:
accept: application/json
authorization: Bearer {{ digitalocean_authentication_token }}
return_content: yes
register: domain_records_response
delegate_to: 127.0.0.1
become: false
tags:
- update_dns
- name: "Save DNS entry as variable (fact)"
set_fact:
domain_records_response_json: "{{ domain_records_response.json }}"
delegate_to: 127.0.0.1
become: false
tags:
- update_dns
- name: "Parse DNS entry for {{ record_name }}.{{ domain }}"
set_fact:
domain_record: "{{ domain_records_response_json.domain_records | json_query(jmesquery) | first | default({'name': '-', 'ip': '-'}) }}"
vars:
jmesquery: '[*].{id: id, name: name, ip: data}'
delegate_to: 127.0.0.1
become: false
tags:
- update_dns
- name: "Print DNS entry for {{ record_name }}.{{ domain }}"
debug:
msg: "{{ domain_record }}"
delegate_to: 127.0.0.1
become: false
tags:
- update_dns
- name: "Delete DNS entry for <{{ record_data }}:{{ record_name }}> if necessary"
uri:
method: DELETE
url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records/{{ domain_record.id }}"
headers:
authorization: Bearer {{ digitalocean_authentication_token }}
return_content: yes
status_code: 204
when:
- domain_record.ip != '-'
- record_data != domain_record.ip
delegate_to: 127.0.0.1
become: false
tags:
- update_dns
- name: "Create DNS entry for <{{ record_name }}> if necessary"
uri:
method: POST
url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records"
headers:
authorization: Bearer {{ digitalocean_authentication_token }}
body: '{{ create_record | to_json }}'
body_format: json
return_content: yes
status_code: 201
vars:
create_record:
type: 'A'
ttl: "{{ sma_digitalocean_ttl | default(1800) }}"
data: "{{ record_data }}"
name: "{{ record_name }}"
when:
domain_record.ip == '-'
or record_data != domain_record.ip
or record_name != domain_record.name
delegate_to: 127.0.0.1
become: false
tags:
- update_dns

1
roles/sma_digitalocean/vars/main.yml
Unescape Escape View File

@ -0,0 +1 @@
---

12
roles/traefik/vars/main.yml
Unescape Escape View File

@ -2,14 +2,6 @@
traefik_id: "{{ inventory_hostname }}-traefik"
traefik_environment_digitalocean: [
'DO_AUTH_TOKEN: "{% if traefik_dns_01_challenge %}{{ digitalocean_authentication_token }}{% else %}{% endif %}"',
]
traefik_environment_hetzner: [
'HETZNER_API_KEY: "{% if traefik_dns_01_challenge %}{{ hetzner_dns_api_key }}{% else %}{% endif %}"',
]
traefik_environment_dns: "{{ traefik_environment_digitalocean if dns == 'digitalocean' else traefik_environment_hetzner if dns == 'hetzner' else [] }}"
traefik_docker: {
networks: [
{
@ -22,7 +14,9 @@ traefik_docker: {
name: "{{ traefik_id }}",
image_name: "{{ traefik_image_name }}",
image_version: "{{ traefik_version }}",
environment: "{{ traefik_environment_dns }}",
environment: [
'DO_AUTH_TOKEN: "{% if traefik_dns_01_challenge %}{{ digitalocean_authentication_token }}{% else %}{% endif %}"',
],
volumes: [
'"./acme.json:/acme.json"',
'"./traefik.toml:/traefik.toml:ro"',

16
stage-dev
Unescape Escape View File

@ -4,6 +4,9 @@ dev-backup-01
[connect]
dev-management-01
[pdns]
#dev-pdns-01
[elastic]
dev-elastic-stack-elastic-01
dev-elastic-stack-elastic-02
@ -34,15 +37,12 @@ dev-management-01
[maria]
dev-maria-01
[pdns]
#dev-pdns-01
[postfix]
dev-mail-01
[pgadmin4]
dev-pgadmin4-01
[postfix]
dev-mail-01
[postgres]
dev-postgres-01
dev-postgres-02
@ -53,9 +53,6 @@ dev-prometheus-01
[redis]
#dev-redis-01
[ubuntu_docker]
dev-devops-iaas-01
[webdav]
#dev-webdav-01
@ -82,6 +79,7 @@ kube_node
backup
connect
elastic
pdns
gitea
harbor
iam
@ -91,13 +89,11 @@ kibana
logstash
management
maria
pdns
pgadmin4
postfix
postgres
prometheus
redis
ubuntu_docker
webdav
[all:children]

2
templates/traefik/traefik.toml.j2
Unescape Escape View File

@ -89,7 +89,7 @@
caserver = "{{ letsencrypt_caserver_directory_url }}"
{% endif %}
[certificatesResolvers.letsencrypt.acme.dnsChallenge]
provider = "{{ traefik_letsencrypt_provider }}"
provider = "digitalocean"
resolvers = ["8.8.8.8:53"]
[certificatesResolvers.letsencrypt-http.acme]

Write Preview
Loading…
Cancel
Save