From b2dfedd1243d239667efad41b328481707c5ef34 Mon Sep 17 00:00:00 2001 From: "Ketelsen, Sven" Date: Wed, 12 Jul 2023 11:17:30 +0000 Subject: [PATCH] DEV-1137 iaas server for siz cs --- create-kibana-objects.yml | 10 +--------- galaxy-requirements.yml | 2 +- group_vars/all/plain.yml | 12 +++++------ group_vars/backup/plain.yml | 2 +- group_vars/maria/plain.yml | 2 +- group_vars/postgres/plain.yml | 2 +- group_vars/restore/plain.yml | 2 +- group_vars/stage_demompmx/plain.yml | 2 +- group_vars/stage_devnso/plain.yml | 2 +- group_vars/stage_devscr/plain.yml | 2 +- group_vars/stage_ext/plain.yml | 2 +- group_vars/stage_prodnso/plain.yml | 2 +- group_vars/stage_qanso/plain.yml | 2 +- host_vars/prodnso-hocr-iaas-01.yml | 2 +- host_vars/prodnso-platform-iaas-01.yml | 2 +- host_vars/prodnso-sizcs-iaas-01/plain.yml | 13 ++++++++++++ host_vars/prodnso-sizcs-iaas-01/vault.yml | 22 +++++++++++++++++++++ roles/digitalocean/tasks/_create_server.yml | 2 +- roles/kibana/tasks/_import_savedobjects.yml | 3 +++ roles/wireguard/tasks/main.yaml | 2 +- stage-prodnso | 1 + users/matthias.friedrich/ssh.pub | 1 + users/nico.thiemann/ssh.pub | 1 + 23 files changed, 63 insertions(+), 30 deletions(-) create mode 100644 host_vars/prodnso-sizcs-iaas-01/plain.yml create mode 100644 host_vars/prodnso-sizcs-iaas-01/vault.yml create mode 100644 users/matthias.friedrich/ssh.pub create mode 100644 users/nico.thiemann/ssh.pub diff --git a/create-kibana-objects.yml b/create-kibana-objects.yml index 6720df8..f80656c 100644 --- a/create-kibana-objects.yml +++ b/create-kibana-objects.yml @@ -41,19 +41,11 @@ - "stage_{{ stage }}" changed_when: False - tasks: - - name: Add hosts - add_host: - name: "{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-{{ '%02d' | format(item|int) }}" - groups: "{{ ['stage_' + stage ] + [cluster_service] + cluster_features }}" - with_sequence: start=1 end={{ cluster_size | default(1) }} - changed_when: False - ############################################################# # Creating kibana search objects for created inventory ############################################################# -- hosts: "stage_{{ stage }}:!{{ stage }}-virtual-host-to-read-groups-vars" +- hosts: "{{ stage }}-virtual-host-to-read-groups-vars" serial: "{{ serial_number | default(1) }}" gather_facts: no remote_user: root diff --git a/galaxy-requirements.yml b/galaxy-requirements.yml index 3a7c978..f40db03 100644 --- a/galaxy-requirements.yml +++ b/galaxy-requirements.yml @@ -19,7 +19,7 @@ roles: scm: git src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-hcloud-role.git - name: hetzner-ansible-common - version: 0.0.5 + version: 0.0.6 scm: git src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-common-role.git - name: hetzner-ansible-filebeat diff --git a/group_vars/all/plain.yml b/group_vars/all/plain.yml index 5684fc3..0bc9e7d 100644 --- a/group_vars/all/plain.yml +++ b/group_vars/all/plain.yml @@ -110,7 +110,7 @@ default_users: - "administrator" - "{{ admin_user }}" -default_plattform_users: +default_platform_users: - "claus.paetow" - "sven.ketelsen" - "michael.haehnel" @@ -119,10 +119,10 @@ default_plattform_users: - "{{ awx_ansible_user_name }}" - "{{ gitlab_ansible_user_name }}" -smardigo_plattform_users: "{{ - default_plattform_users - + (custom_plattform_users | default([])) - + (custom_stage_plattform_users | default([])) +smardigo_platform_users: "{{ + default_platform_users + + (custom_platform_users | default([])) + + (custom_stage_platform_users | default([])) }}" ip_whitelist_netgo: @@ -137,7 +137,7 @@ offsite_storage_server_ip: 142.132.155.83/32 docker_owner: "{{ admin_user }}" docker_group: "{{ admin_user }}" -docker_users: "{{ smardigo_plattform_users }}" +docker_users: "{{ smardigo_platform_users }}" docker_compose_path: "/usr/bin/docker-compose" service_base_path: "/etc/smardigo" diff --git a/group_vars/backup/plain.yml b/group_vars/backup/plain.yml index 3e259b7..6502466 100644 --- a/group_vars/backup/plain.yml +++ b/group_vars/backup/plain.yml @@ -9,5 +9,5 @@ filebeat_enabled: false common_pip_dependencies: [] -custom_plattform_users: +custom_platform_users: - backuphamster diff --git a/group_vars/maria/plain.yml b/group_vars/maria/plain.yml index ec9f536..568887c 100644 --- a/group_vars/maria/plain.yml +++ b/group_vars/maria/plain.yml @@ -11,5 +11,5 @@ traefik_enabled: false filebeat_maria_enabled: true -custom_plattform_users: +custom_platform_users: - '{{ backupuser_user_name }}' diff --git a/group_vars/postgres/plain.yml b/group_vars/postgres/plain.yml index 5683d32..8ff2187 100644 --- a/group_vars/postgres/plain.yml +++ b/group_vars/postgres/plain.yml @@ -8,7 +8,7 @@ traefik_enabled: false filebeat_postgres_enabled: true -custom_plattform_users: +custom_platform_users: - "{{ backupuser_user_name }}" postgres_homedir: "/var/lib/postgresql" diff --git a/group_vars/restore/plain.yml b/group_vars/restore/plain.yml index 66e604d..a2b5471 100644 --- a/group_vars/restore/plain.yml +++ b/group_vars/restore/plain.yml @@ -7,7 +7,7 @@ traefik_enabled: false filebeat_enabled: false node_exporter_enabled: false -custom_plattform_users: +custom_platform_users: - "{{ backupuser_user_name }}" # postgresql related diff --git a/group_vars/stage_demompmx/plain.yml b/group_vars/stage_demompmx/plain.yml index dcbdb28..a287100 100644 --- a/group_vars/stage_demompmx/plain.yml +++ b/group_vars/stage_demompmx/plain.yml @@ -4,7 +4,7 @@ stage: "demompmx" hetzner_server_type_kube_cpl: cpx21 hetzner_server_type_kube_node: cpx31 -custom_stage_plattform_users: +custom_stage_platform_users: - "hp.wissenbach" # TODO read configuration with hetzner rest api diff --git a/group_vars/stage_devnso/plain.yml b/group_vars/stage_devnso/plain.yml index ca1e2b3..79fb1f6 100644 --- a/group_vars/stage_devnso/plain.yml +++ b/group_vars/stage_devnso/plain.yml @@ -58,7 +58,7 @@ management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}" # push mirror: https://{{ stage }}-gitea-01.smardigo.digital/gitea-admin/communication-keys/ gpg_key_smardigo_automation__private: "{{ gpg_key_smardigo_automation__private__vault }}" -custom_stage_plattform_users: +custom_stage_platform_users: - hp.wissenbach custom_stage_hetzner_ssh_keys: diff --git a/group_vars/stage_devscr/plain.yml b/group_vars/stage_devscr/plain.yml index f9ed35e..39d134d 100644 --- a/group_vars/stage_devscr/plain.yml +++ b/group_vars/stage_devscr/plain.yml @@ -5,7 +5,7 @@ stage: "devscr" hetzner_server_type_kube_cpl: cpx21 hetzner_server_type_kube_node: cpx41 -custom_stage_plattform_users: +custom_stage_platform_users: - 'daniel.risse' - 'esther.fuhrmann' - 'philipp.eichhorn' diff --git a/group_vars/stage_ext/plain.yml b/group_vars/stage_ext/plain.yml index b4dcff9..9aa2871 100644 --- a/group_vars/stage_ext/plain.yml +++ b/group_vars/stage_ext/plain.yml @@ -14,7 +14,7 @@ node_exporter_listen_address: "0.0.0.0" shared_service_hostname_harbor: "prodnso-harbor-01.smardigo.digital" -custom_stage_plattform_users: +custom_stage_platform_users: - "daniel.risse" - "esther.fuhrmann" - "philipp.eichhorn" diff --git a/group_vars/stage_prodnso/plain.yml b/group_vars/stage_prodnso/plain.yml index 03cff67..e4a8bef 100644 --- a/group_vars/stage_prodnso/plain.yml +++ b/group_vars/stage_prodnso/plain.yml @@ -51,5 +51,5 @@ alertmanager_admin_password_htpasswd: "{{ alertmanager_admin_password_htpasswd_v netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}" netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}" -custom_stage_plattform_users: +custom_stage_platform_users: - hp.wissenbach diff --git a/group_vars/stage_qanso/plain.yml b/group_vars/stage_qanso/plain.yml index cbd9386..e72298d 100644 --- a/group_vars/stage_qanso/plain.yml +++ b/group_vars/stage_qanso/plain.yml @@ -51,5 +51,5 @@ alertmanager_admin_password_htpasswd: "{{ alertmanager_admin_password_htpasswd_v netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}" netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}" -custom_stage_plattform_users: +custom_stage_platform_users: - "hp.wissenbach" diff --git a/host_vars/prodnso-hocr-iaas-01.yml b/host_vars/prodnso-hocr-iaas-01.yml index cf3e0dd..44b5124 100644 --- a/host_vars/prodnso-hocr-iaas-01.yml +++ b/host_vars/prodnso-hocr-iaas-01.yml @@ -4,7 +4,7 @@ pass_tenant_id: "hocr" hetzner_server_type: cpx41 -custom_plattform_users: [] +custom_platform_users: [] prometheus_alert_extra_config: high_load: diff --git a/host_vars/prodnso-platform-iaas-01.yml b/host_vars/prodnso-platform-iaas-01.yml index 786c063..54782e0 100644 --- a/host_vars/prodnso-platform-iaas-01.yml +++ b/host_vars/prodnso-platform-iaas-01.yml @@ -4,7 +4,7 @@ pass_tenant_id: "platform" hetzner_server_type: cx51 -custom_plattform_users: +custom_platform_users: - 'daniel.risse' - 'esther.fuhrmann' - 'philipp.eichhorn' diff --git a/host_vars/prodnso-sizcs-iaas-01/plain.yml b/host_vars/prodnso-sizcs-iaas-01/plain.yml new file mode 100644 index 0000000..dae9a82 --- /dev/null +++ b/host_vars/prodnso-sizcs-iaas-01/plain.yml @@ -0,0 +1,13 @@ +--- +pass_tenant_id: "sizch" + +hetzner_server_type: cpx31 + +custom_platform_users: + - "matthias.friedrich" + - "nico.thiemann" + +prometheus_alert_extra_config: + high_load: + duration: 1h + description: "High load for more than 1 hour." diff --git a/host_vars/prodnso-sizcs-iaas-01/vault.yml b/host_vars/prodnso-sizcs-iaas-01/vault.yml new file mode 100644 index 0000000..c44c4cd --- /dev/null +++ b/host_vars/prodnso-sizcs-iaas-01/vault.yml @@ -0,0 +1,22 @@ +$ANSIBLE_VAULT;1.1;AES256 +35306534333837353230623065356164376337613036393466376538326362323937366531323633 +6334646431323634626330313131363730343631383563350a383637343038646662666564363235 +33343035326263353765643837663532653232393261333461653237363064396537386636393237 +3263363335353130380a306233383037313664626636663962626536613761356565373131386463 +38343338323536636334306261316238636535306339636434383135396335303131626237663662 +35636165363063356431653337613463653233613739333939373030653762376134653530353562 +33333463313162636234656164343430366138653532386339633533313066323262396534643136 +64383837656364343330373237636139393564313361303265353833643338333537376139626232 +31326433636439366639336436636431383630613034363130343764666135353962613036343936 +65383038346661343831396362343235663835663034343564356332323932376566363339383338 +63386563303566613461623233616136363366623135373038613132356435306337346536666364 +65616236333132323765316439616237326661343436323132346535633364393933303462333936 +38376266393431326431363633383230313961623361663734353735303032343339666232623663 +32643736613865333238356565363737646139623732326466626633363865363763336436353030 +61356366653339303731363832643561386363626663666362333762643338373062343761333234 +66643534346238316461363266643238333238653163613264653033623435303737393138373566 +39386366643234353861653062313963303834616437363330336431306665303365313033613331 +64643330653139323638373664366438646630643035333031643037326531313737663936613665 +35663564323465313333663533303834656562663031366162366336313332653731646533313063 +62646133353166316235383730373631303432643863316334616632343039313131616339643066 +31343835383932393435396636666132353864343635343939613932333132336138 diff --git a/roles/digitalocean/tasks/_create_server.yml b/roles/digitalocean/tasks/_create_server.yml index 7d713d8..1be0710 100644 --- a/roles/digitalocean/tasks/_create_server.yml +++ b/roles/digitalocean/tasks/_create_server.yml @@ -8,7 +8,7 @@ ssh_pub_key: "{{ lookup('file', 'users/' + item + '/ssh.pub') }}" state: present register: result - loop: '{{ smardigo_plattform_users }}' + loop: '{{ smardigo_platform_users }}' - name: "Get fingerprints for ssh_keys" delegate_to: localhost diff --git a/roles/kibana/tasks/_import_savedobjects.yml b/roles/kibana/tasks/_import_savedobjects.yml index 840b8ee..25301dd 100644 --- a/roles/kibana/tasks/_import_savedobjects.yml +++ b/roles/kibana/tasks/_import_savedobjects.yml @@ -5,6 +5,8 @@ loop_control: label: "{{ es_index_pattern_service.id }}" loop_var: es_index_pattern_service + when: + - cluster_name is defined - name: "Setting default index pattern" delegate_to: localhost @@ -23,4 +25,5 @@ defaultIndex: '{{ es_index_pattern_tenant_uuid }}' become: false when: + - cluster_name is defined - elastic_state == 'present' diff --git a/roles/wireguard/tasks/main.yaml b/roles/wireguard/tasks/main.yaml index 80d246f..942b421 100644 --- a/roles/wireguard/tasks/main.yaml +++ b/roles/wireguard/tasks/main.yaml @@ -7,7 +7,7 @@ - name: "Register wireguard peers" set_fact: wireguard_peers: "{{ wireguard_peers | default([]) + [ lookup('file', 'users/' + item + '/wireguard.yml') | from_yaml ] }}" - loop: '{{ smardigo_plattform_users }}' + loop: '{{ smardigo_platform_users }}' when: "('users/' ~ item ~ '/wireguard.yml') is file" - name: "Print wireguard peers" diff --git a/stage-prodnso b/stage-prodnso index 8950b36..07568b8 100644 --- a/stage-prodnso +++ b/stage-prodnso @@ -57,6 +57,7 @@ prodnso-prometheus-01 [ubuntu_docker] prodnso-platform-iaas-01 prodnso-hocr-iaas-01 +prodnso-sizcs-iaas-01 [vpn] prodnso-vpn-01 diff --git a/users/matthias.friedrich/ssh.pub b/users/matthias.friedrich/ssh.pub new file mode 100644 index 0000000..da7abc5 --- /dev/null +++ b/users/matthias.friedrich/ssh.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL8qtV/finX8I7/nV5qpzHYiPKCM9H54GcTAgQmbneAn matthias.friedrich@netgo.de \ No newline at end of file diff --git a/users/nico.thiemann/ssh.pub b/users/nico.thiemann/ssh.pub new file mode 100644 index 0000000..a101f29 --- /dev/null +++ b/users/nico.thiemann/ssh.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqbsa8ClaaQZUqjsRqUCfCGfYOZHDpjb8W5B2y21wki nico.thiemann@netgo.de