DEV-1137 iaas server for siz cs

create-kibana-objects.yml

@@ -41,19 +41,11 @@
         - "stage_{{ stage }}"
       changed_when: False
 
-  tasks:
-    - name: Add hosts
-      add_host:
-        name: "{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-{{ '%02d' | format(item|int) }}"
-        groups: "{{ ['stage_' + stage ] + [cluster_service] + cluster_features }}"
-      with_sequence: start=1 end={{ cluster_size | default(1) }}
-      changed_when: False
-
 #############################################################
 #   Creating kibana search objects for created inventory
 #############################################################
 
-- hosts: "stage_{{ stage }}:!{{ stage }}-virtual-host-to-read-groups-vars"
+- hosts: "{{ stage }}-virtual-host-to-read-groups-vars"
   serial: "{{ serial_number | default(1) }}"
   gather_facts: no
   remote_user: root

galaxy-requirements.yml

@@ -19,7 +19,7 @@ roles:
     scm: git
     src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-hcloud-role.git
   - name: hetzner-ansible-common
-    version: 0.0.5
+    version: 0.0.6
     scm: git
     src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-common-role.git
   - name: hetzner-ansible-filebeat

group_vars/all/plain.yml

@@ -110,7 +110,7 @@ default_users:
   - "administrator"
   - "{{ admin_user }}"
 
-default_plattform_users:
+default_platform_users:
   - "claus.paetow"
   - "sven.ketelsen"
   - "michael.haehnel"
@@ -119,10 +119,10 @@ default_plattform_users:
   - "{{ awx_ansible_user_name }}"
   - "{{ gitlab_ansible_user_name }}"
 
-smardigo_plattform_users: "{{
-  default_plattform_users
-  + (custom_plattform_users | default([]))
-  + (custom_stage_plattform_users | default([]))
+smardigo_platform_users: "{{
+  default_platform_users
+  + (custom_platform_users | default([]))
+  + (custom_stage_platform_users | default([]))
   }}"
 
 ip_whitelist_netgo:
@@ -137,7 +137,7 @@ offsite_storage_server_ip: 142.132.155.83/32
 
 docker_owner: "{{ admin_user }}"
 docker_group: "{{ admin_user }}"
-docker_users: "{{ smardigo_plattform_users }}"
+docker_users: "{{ smardigo_platform_users }}"
 docker_compose_path: "/usr/bin/docker-compose"
 
 service_base_path: "/etc/smardigo"

group_vars/backup/plain.yml

@@ -9,5 +9,5 @@ filebeat_enabled: false
 
 common_pip_dependencies: []
 
-custom_plattform_users:
+custom_platform_users:
   - backuphamster

group_vars/maria/plain.yml

@@ -11,5 +11,5 @@ traefik_enabled: false
 
 filebeat_maria_enabled: true
 
-custom_plattform_users:
+custom_platform_users:
   - '{{ backupuser_user_name }}'

group_vars/postgres/plain.yml

@@ -8,7 +8,7 @@ traefik_enabled: false
 
 filebeat_postgres_enabled: true
 
-custom_plattform_users:
+custom_platform_users:
   - "{{ backupuser_user_name }}"
 
 postgres_homedir: "/var/lib/postgresql"

group_vars/restore/plain.yml

@@ -7,7 +7,7 @@ traefik_enabled: false
 filebeat_enabled: false
 node_exporter_enabled: false
 
-custom_plattform_users:
+custom_platform_users:
   - "{{ backupuser_user_name }}"
 
 # postgresql related

group_vars/stage_demompmx/plain.yml

@@ -4,7 +4,7 @@ stage: "demompmx"
 hetzner_server_type_kube_cpl: cpx21
 hetzner_server_type_kube_node: cpx31
 
-custom_stage_plattform_users:
+custom_stage_platform_users:
   - "hp.wissenbach"
 
 # TODO read configuration with hetzner rest api

group_vars/stage_devnso/plain.yml

@@ -58,7 +58,7 @@ management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}"
 # push mirror: https://{{ stage }}-gitea-01.smardigo.digital/gitea-admin/communication-keys/
 gpg_key_smardigo_automation__private: "{{ gpg_key_smardigo_automation__private__vault }}"
 
-custom_stage_plattform_users:
+custom_stage_platform_users:
   - hp.wissenbach
 
 custom_stage_hetzner_ssh_keys:

group_vars/stage_devscr/plain.yml

@@ -5,7 +5,7 @@ stage: "devscr"
 hetzner_server_type_kube_cpl: cpx21
 hetzner_server_type_kube_node: cpx41
 
-custom_stage_plattform_users:
+custom_stage_platform_users:
   - 'daniel.risse'
   - 'esther.fuhrmann'
   - 'philipp.eichhorn'

group_vars/stage_ext/plain.yml

@@ -14,7 +14,7 @@ node_exporter_listen_address: "0.0.0.0"
 
 shared_service_hostname_harbor: "prodnso-harbor-01.smardigo.digital"
 
-custom_stage_plattform_users:
+custom_stage_platform_users:
   - "daniel.risse"
   - "esther.fuhrmann"
   - "philipp.eichhorn"

group_vars/stage_prodnso/plain.yml

@@ -51,5 +51,5 @@ alertmanager_admin_password_htpasswd: "{{ alertmanager_admin_password_htpasswd_v
 netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}"
 netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"
 
-custom_stage_plattform_users:
+custom_stage_platform_users:
   - hp.wissenbach

group_vars/stage_qanso/plain.yml

@@ -51,5 +51,5 @@ alertmanager_admin_password_htpasswd: "{{ alertmanager_admin_password_htpasswd_v
 netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}"
 netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"
 
-custom_stage_plattform_users:
+custom_stage_platform_users:
   - "hp.wissenbach"

host_vars/prodnso-hocr-iaas-01.yml

@@ -4,7 +4,7 @@ pass_tenant_id: "hocr"
 
 hetzner_server_type: cpx41
 
-custom_plattform_users: []
+custom_platform_users: []
 
 prometheus_alert_extra_config:
   high_load:

host_vars/prodnso-platform-iaas-01.yml

@@ -4,7 +4,7 @@ pass_tenant_id: "platform"
 
 hetzner_server_type: cx51
 
-custom_plattform_users:
+custom_platform_users:
   - 'daniel.risse'
   - 'esther.fuhrmann'
   - 'philipp.eichhorn'

host_vars/prodnso-sizcs-iaas-01/plain.yml

@@ -0,0 +1,13 @@
+---
+pass_tenant_id: "sizch"
+
+hetzner_server_type: cpx31
+
+custom_platform_users:
+  - "matthias.friedrich"
+  - "nico.thiemann"
+
+prometheus_alert_extra_config:
+  high_load:
+    duration: 1h
+    description: "High load for more than 1 hour."

host_vars/prodnso-sizcs-iaas-01/vault.yml

@@ -0,0 +1,22 @@
+$ANSIBLE_VAULT;1.1;AES256
+35306534333837353230623065356164376337613036393466376538326362323937366531323633
+6334646431323634626330313131363730343631383563350a383637343038646662666564363235
+33343035326263353765643837663532653232393261333461653237363064396537386636393237
+3263363335353130380a306233383037313664626636663962626536613761356565373131386463
+38343338323536636334306261316238636535306339636434383135396335303131626237663662
+35636165363063356431653337613463653233613739333939373030653762376134653530353562
+33333463313162636234656164343430366138653532386339633533313066323262396534643136
+64383837656364343330373237636139393564313361303265353833643338333537376139626232
+31326433636439366639336436636431383630613034363130343764666135353962613036343936
+65383038346661343831396362343235663835663034343564356332323932376566363339383338
+63386563303566613461623233616136363366623135373038613132356435306337346536666364
+65616236333132323765316439616237326661343436323132346535633364393933303462333936
+38376266393431326431363633383230313961623361663734353735303032343339666232623663
+32643736613865333238356565363737646139623732326466626633363865363763336436353030
+61356366653339303731363832643561386363626663666362333762643338373062343761333234
+66643534346238316461363266643238333238653163613264653033623435303737393138373566
+39386366643234353861653062313963303834616437363330336431306665303365313033613331
+64643330653139323638373664366438646630643035333031643037326531313737663936613665
+35663564323465313333663533303834656562663031366162366336313332653731646533313063
+62646133353166316235383730373631303432643863316334616632343039313131616339643066
+31343835383932393435396636666132353864343635343939613932333132336138

roles/digitalocean/tasks/_create_server.yml

@@ -8,7 +8,7 @@
     ssh_pub_key: "{{ lookup('file', 'users/' + item + '/ssh.pub') }}"
     state: present
   register: result
-  loop: '{{ smardigo_plattform_users }}'
+  loop: '{{ smardigo_platform_users }}'
 
 - name: "Get fingerprints for ssh_keys"
   delegate_to: localhost

roles/kibana/tasks/_import_savedobjects.yml

@@ -5,6 +5,8 @@
   loop_control:
     label: "{{ es_index_pattern_service.id }}"
     loop_var: es_index_pattern_service
+  when:
+    - cluster_name is defined
 
 - name: "Setting default index pattern"
   delegate_to: localhost
@@ -23,4 +25,5 @@
         defaultIndex: '{{ es_index_pattern_tenant_uuid }}'
   become: false
   when:
+    - cluster_name is defined
     - elastic_state == 'present'

roles/wireguard/tasks/main.yaml

@@ -7,7 +7,7 @@
 - name: "Register wireguard peers"
   set_fact:
     wireguard_peers: "{{ wireguard_peers | default([]) + [ lookup('file', 'users/' + item + '/wireguard.yml') | from_yaml ] }}"
-  loop: '{{ smardigo_plattform_users }}'
+  loop: '{{ smardigo_platform_users }}'
   when: "('users/' ~ item ~ '/wireguard.yml') is file"
 
 - name: "Print wireguard peers"

stage-prodnso

@@ -57,6 +57,7 @@ prodnso-prometheus-01
 [ubuntu_docker]
 prodnso-platform-iaas-01
 prodnso-hocr-iaas-01
+prodnso-sizcs-iaas-01
 
 [vpn]
 prodnso-vpn-01

users/matthias.friedrich/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL8qtV/finX8I7/nV5qpzHYiPKCM9H54GcTAgQmbneAn matthias.friedrich@netgo.de

users/nico.thiemann/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqbsa8ClaaQZUqjsRqUCfCGfYOZHDpjb8W5B2y21wki nico.thiemann@netgo.de