feat: split management setup into own role (dev)

- the smardigo management instance is now configured by group management. connect is now only for dynamic smardigo instances. - <stage>-management-01-connect.<domain>
4 years ago · aad69fcdb0
parent 04b5cfb0b7
commit aad69fcdb0
2 changed files with 83 additions and 31 deletions
--- a/group_vars/stage_dev/plain.yml
+++ b/group_vars/stage_dev/plain.yml
@ -4,33 +4,81 @@ stage: "dev"

 # TODO read configuration with hetzner rest api
 shared_service_network: "10.0.0.0/16"
-shared_service_docker_ip: "10.0.0.7"
-shared_service_elastic_01: "10.0.0.22"
-shared_service_elastic_02: "10.0.0.23"
-shared_service_elastic_03: "10.0.0.24"
-shared_service_logstash_01: "10.0.0.26"
-shared_service_iam_ip: "10.0.0.13"
-shared_service_keycloak_ip: "10.0.0.6"
-shared_service_mail_ip: "10.0.0.8"
-shared_service_maria_ip: "10.0.0.11"
-shared_service_pg_master_ip: "10.0.0.17"
-shared_service_pg_slave_ip: "10.0.0.18"
-shared_service_webdav_ip: "10.0.0.16"
-
-shared_service_maria_hostname: "dev-maria-01"
-shared_service_postgres_01_hostname: "dev-postgres-01"
+shared_service_elastic_01: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-elastic-stack-elastic-01' )
+  | map(attribute='private_ip')
+  | list
+  | first }}"
+shared_service_elastic_02: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-elastic-stack-elastic-02' )
+  | map(attribute='private_ip')
+  | list
+  | first }}"
+shared_service_elastic_03: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-elastic-stack-elastic-03' )
+  | map(attribute='private_ip')
+  | list
+  | first }}"
+shared_service_logstash_01: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-elastic-stack-logstash-01' )
+  | map(attribute='private_ip')
+  | list
+  | first }}"
+shared_service_docker_ip: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-docker-registry-01' )
+  | map(attribute='private_ip')
+  | list
+  | first }}"
+shared_service_mail_ip: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-mail-01' )
+  | map(attribute='private_ip')
+  | list
+  | first }}"
+shared_service_pg_master_ip: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-postgres-01' )
+  | map(attribute='private_ip')
+  | list
+  | first }}"
+shared_service_pg_slave_ip: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-postgres-02' )
+  | map(attribute='private_ip')
+  | list
+  | first }}"
+shared_service_maria_ip: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-maria-01' )
+  | map(attribute='private_ip')
+  | list
+  | first }}"
+shared_service_keycloak_ip: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-keycloak-01' )
+  | map(attribute='private_ip')
+  | list
+  | first }}"
+shared_service_iam_ip: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-iam-01' )
+  | map(attribute='private_ip')
+  | list
+  | first }}"
+shared_service_webdav_ip: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-webdav-01' )
+  | map(attribute='private_ip')
+  | list
+  | first }}"
+
+shared_service_maria_hostname: "{{ stage }}-maria-01"
+shared_service_postgres_01_hostname: "{{ stage }}-postgres-01"
 shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01"
 shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02"
 shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03"
 shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01"

-shared_service_docker_registry_hostname: "dev-docker-registry-01.smardigo.digital"
+shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain }}"
+shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain }}"
+shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}"
+shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}"
+management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}"

-shared_service_iam_hostname: "dev-iam-01.smardigo.digital"
-shared_service_keycloak_hostname: "dev-keycloak-01.smardigo.digital"
-shared_service_mail_hostname: "dev-mail-01.smardigo.digital"
-shared_service_webdav_hostname: "dev-webdav-01.smardigo.digital"
-management_service_connect_hostname: "dev-management-01-connect.smardigo.digital"
+shared_service_docker_registry_hostname: "{{ stage }}-docker-registry-01.{{ domain }}"

 keycloak_server_url: "https://{{ shared_service_keycloak_hostname }}"

@ -60,24 +108,24 @@ shared_service_hosts: [
    name: "{{ shared_service_docker_registry_hostname }}"
  },
  {
-    ip: "{{ shared_service_iam_ip }}",
-    name: "{{ shared_service_iam_hostname }}"
+    ip: "{{ shared_service_maria_ip }}",
+    name: "{{ shared_service_maria_hostname }}"
  },
  {
-    ip: "{{ shared_service_keycloak_ip }}",
-    name: "{{ shared_service_keycloak_hostname }}"
+    ip: "{{ shared_service_pg_master_ip }}",
+    name: "{{ shared_service_postgres_01_hostname }}"
  },
  {
    ip: "{{ shared_service_mail_ip }}",
    name: "{{ shared_service_mail_hostname }}"
  },
  {
-    ip: "{{ shared_service_maria_ip }}",
-    name: "{{ shared_service_maria_hostname }}"
+    ip: "{{ shared_service_keycloak_ip }}",
+    name: "{{ shared_service_keycloak_hostname }}"
  },
  {
-    ip: "{{ shared_service_pg_master_ip }}",
-    name: "{{ shared_service_postgres_01_hostname }}"
+    ip: "{{ shared_service_iam_ip }}",
+    name: "{{ shared_service_iam_hostname }}"
  },
  {
    ip: "{{ shared_service_webdav_ip }}",
@ -104,7 +152,7 @@ management_oidc_realm: "management"
 management_oidc_client_id: "smardigo"

 smardigo_management_url: "{{ http_s }}://{{ management_service_connect_hostname }}/api/v1/scopes/{{ scope_id }}/processes/{{ process_instance_id }}/messages"
-smardigo_management_token: "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..rCRO1cVFgkyZ45D5cJNK5g.fc6JVOo5ja5sqe-0PQTfJGOivJ6tyiD-rwgY6rXJ3-U.tOgqgJ2zTjB3_M9BGtvVjQ"
+smardigo_management_token: "{{ management_smardigo_user_token_vault }}"

 connect_element_template_enabled: "true"
 connect_external_task_script_worker_enabled: "true"
--- a/group_vars/stage_qa/plain.yml
+++ b/group_vars/stage_qa/plain.yml
@ -152,7 +152,7 @@ management_oidc_realm: "management"
 management_oidc_client_id: "smardigo"

 smardigo_management_url: "{{ http_s }}://{{ management_service_connect_hostname }}/api/v1/scopes/{{ scope_id }}/processes/{{ process_instance_id }}/messages"
-smardigo_management_token: "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..ynbVHutFvwcnzGNpUrObEA.2kHkShTJHDQIRY5QVmwrC-pQOasbQeHb33L5W4wWDdw.OVghXkhWdkps0YYEomO-pg"
+smardigo_management_token: "{{ management_smardigo_user_token_vault }}"

 connect_element_template_enabled: "true"
 connect_external_task_script_worker_enabled: "true"
@ -175,6 +175,8 @@ docker_admin_password: "{{ docker_admin_password_vault }}"

 management_admin_username: "management-admin"
 management_admin_password: "{{ management_admin_password_vault }}"
+management_realm_admin_username: "management-realm-admin"
+management_realm_admin_password: "{{ management_realm_admin_password_vault }}"

 harbor_admin_username: "{{ harbor_admin_username_vault }}"
 harbor_admin_password: "{{ harbor_admin_password_vault }}"
@ -198,3 +200,5 @@ netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"

 docker_registry_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
 management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}"
+
+management_smardigo_user_token: "{{ management_smardigo_user_token_vault }}"