From b73a8a47239ce4a51c0117afcff4caca4fbd083a Mon Sep 17 00:00:00 2001 From: "Ketelsen, Sven" Date: Fri, 24 Feb 2023 12:44:56 +0000 Subject: [PATCH] DEV-914 bugfix of regression from customer specific domains --- create-database-backup.yml | 2 +- create-database.yml | 2 +- create-kibana-objects.yml | 3 +- create-realm.yml | 2 +- create-remote-database-backup.yml | 2 +- create-server.yml | 2 +- create-service.yml | 2 +- export-database.yml | 2 +- group_vars/all/plain.yml | 2 - group_vars/all/services.yml | 36 +++ group_vars/connect/plain.yml | 6 +- group_vars/connect_wordpress/main.yml | 4 +- group_vars/stage_dev/plain.yml | 266 ------------------ group_vars/stage_devscr/plain.yml | 94 +------ group_vars/stage_ext/plain.yml | 4 +- group_vars/stage_prodnso/plain.yml | 260 ----------------- group_vars/stage_prodwork01/plain.yml | 78 +---- group_vars/stage_qa/plain.yml | 260 ----------------- import-database.yml | 2 +- patchday.yml | 1 - pmci-callback.yml | 2 +- remove-database.yml | 2 +- remove-realm.yml | 2 +- remove-server.yml | 2 +- remove-service.yml | 2 +- restore-database-backup.yml | 2 +- restore-remote-database-backup.yml | 2 +- roles/common/configs/docker/config.json.j2 | 2 +- roles/common/tasks/main.yml | 27 +- roles/connect/defaults/main.yml | 2 +- roles/connect_compact/defaults/main.yml | 6 +- roles/connect_wordpress/defaults/main.yml | 2 +- roles/connect_wordpress/vars/main.yml | 2 +- roles/elastic/vars/main.yml | 2 +- roles/harbor/defaults/main.yml | 6 +- roles/harbor_realm/defaults/main.yml | 8 +- roles/iam/defaults/main.yml | 2 +- roles/iam/vars/main.yml | 2 +- roles/infrastructure_realm/defaults/main.yml | 2 +- roles/keycloak/defaults/main.yml | 2 +- roles/keycloak/tasks/_authenticate.yml | 2 +- .../keycloak/tasks/_configure_client_crud.yml | 8 +- roles/keycloak/tasks/_configure_realm.yml | 6 +- .../tasks/_configure_realm_admin_users.yml | 8 +- .../_configure_user_groupmembership_crud.yml | 8 +- roles/keycloak/tasks/_create_realm_admin.yml | 4 +- roles/keycloak/tasks/_create_realm_groups.yml | 4 +- roles/keycloak/tasks/_create_realm_users.yml | 4 +- roles/keycloak/tasks/_delete_client.yml | 6 +- roles/keycloak/tasks/main.yml | 6 +- roles/keycloak_compact/defaults/main.yml | 2 +- roles/keycloak_compact/tasks/main.yml | 2 +- roles/kibana/defaults/main.yaml | 1 - roles/kibana/tasks/_configure_dashboards.yml | 10 +- .../kibana/tasks/_configure_indexpattern.yml | 8 +- roles/kibana/tasks/_configure_roles.yml | 8 +- roles/kibana/tasks/_configure_searches.yml | 10 +- roles/kibana/tasks/_configure_spaces.yml | 10 +- roles/kibana/tasks/_configure_users.yml | 8 +- roles/kibana/tasks/_import_savedobjects.yml | 4 +- roles/kibana/tasks/import_service_ojects.yml | 2 +- roles/kubernetes/argocd/defaults/main.yml | 13 +- roles/kubernetes/argocd/tasks/main.yml | 6 +- roles/kubernetes/awx/tasks/awx-config.yml | 18 +- .../namespace/templates/docker-secret.json.j2 | 2 +- roles/management/defaults/main.yml | 2 +- roles/pdns/defaults/main.yml | 4 +- roles/webdav/defaults/main.yaml | 2 +- tasks/autodiscover_pre_tasks.yml | 44 +++ tasks/smardigo_management_message.yml | 2 +- update-docker-image.yml | 4 +- update-monitoring.yml | 2 +- update-service-state.yml | 2 +- 73 files changed, 229 insertions(+), 1102 deletions(-) diff --git a/create-database-backup.yml b/create-database-backup.yml index 6efdb65..4054f31 100644 --- a/create-database-backup.yml +++ b/create-database-backup.yml @@ -116,5 +116,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/create-database.yml b/create-database.yml index bc25530..42dff29 100644 --- a/create-database.yml +++ b/create-database.yml @@ -135,5 +135,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/create-kibana-objects.yml b/create-kibana-objects.yml index e409340..cac0058 100644 --- a/create-kibana-objects.yml +++ b/create-kibana-objects.yml @@ -61,7 +61,6 @@ vars: ansible_connection: local ansible_ssh_host: "{{ stage_server_domain }}" - kibana_api_endpoint: '{{ shared_service_elastic_stack_kibana_01_hostname }}-kibana.{{ domain }}' elastic_state: present elastic_users: - @@ -201,5 +200,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/create-realm.yml b/create-realm.yml index d69c838..c1b1898 100644 --- a/create-realm.yml +++ b/create-realm.yml @@ -94,5 +94,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/create-remote-database-backup.yml b/create-remote-database-backup.yml index c820b8d..9e698cf 100644 --- a/create-remote-database-backup.yml +++ b/create-remote-database-backup.yml @@ -119,5 +119,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/create-server.yml b/create-server.yml index db6a2be..30f30db 100644 --- a/create-server.yml +++ b/create-server.yml @@ -154,5 +154,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/create-service.yml b/create-service.yml index ec8c37a..483fc28 100644 --- a/create-service.yml +++ b/create-service.yml @@ -82,5 +82,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/export-database.yml b/export-database.yml index 2537c0b..47885eb 100644 --- a/export-database.yml +++ b/export-database.yml @@ -95,5 +95,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/group_vars/all/plain.yml b/group_vars/all/plain.yml index e53c197..9b60968 100644 --- a/group_vars/all/plain.yml +++ b/group_vars/all/plain.yml @@ -222,8 +222,6 @@ upstream_dns_servers: - 185.12.64.1 - 185.12.64.2 -shared_service_harbor_hostname: "{{ stage }}-harbor-01.{{ domain_env }}" - harbor_username: "{{ docker_registry_username_vault }}" harbor_token: "{{ docker_registry_token_vault }}" diff --git a/group_vars/all/services.yml b/group_vars/all/services.yml index 07d7109..17b943a 100644 --- a/group_vars/all/services.yml +++ b/group_vars/all/services.yml @@ -1,4 +1,40 @@ --- +# TODO variable shouldn't used in a global way elastic_id: "{{ inventory_hostname }}-elastic" +# TODO variable shouldn't used in a global way elastic_exporter_id: "{{ inventory_hostname }}-elastic-exporter" + +shared_service_url_harbor: "https://{{ shared_service_hostname_harbor }}" +shared_service_hostname_harbor: "{{ stage }}-harbor-01.{{ domain_env }}" + +shared_service_url_kibana: "https://{{ shared_service_hostname_kibana }}" +shared_service_hostname_kibana: "{{ stage }}-elastic-stack-kibana-01-kibana.{{ domain_env }}" + +shared_service_url_keycloak: "https://{{ shared_service_hostname_keycloak }}" +shared_service_hostname_keycloak: "{{ stage }}-keycloak-01.{{ domain_env }}" + +shared_service_host_management: "{{ stage }}-management-01" +shared_service_url_management: "https://{{ shared_service_hostname_management }}" +shared_service_hostname_management: "{{ shared_service_host_management }}-connect.{{ domain_env }}" + +# use private loadbalancer ip for all kubernetes services +shared_service_kube_argocd_hostname: "{{ stage }}-kube-argocd.{{ domain_env }}" +shared_service_kube_awx_hostname: "{{ stage }}-kube-awx.{{ domain_env }}" +shared_service_kube_harbor_hostname: "{{ stage }}-harbor.{{ domain_env }}" +shared_service_kube_jaeger_collector_hostname: "{{ stage }}-kube-jaeger-collector.{{ domain_env }}" +shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain_env }}" +# TODO make value available for plays with static inventory - by autodiscover_pre_tasks.yml +shared_service_kube_loadbalancer_ip_not_available: "private loadbalancer ip not available" +shared_service_kube_loadbalancer_ip: "{{ stage_private_ingress_loadbalancer_ip | default(shared_service_kube_loadbalancer_ip_not_available) }}" +shared_service_additional_hosts: + - name: "{{ shared_service_kube_argocd_hostname }}" + ip: "{{ shared_service_kube_loadbalancer_ip }}" + - name: "{{ shared_service_kube_awx_hostname }}" + ip: "{{ shared_service_kube_loadbalancer_ip }}" + - name: "{{ shared_service_kube_prometheus_hostname }}" + ip: "{{ shared_service_kube_loadbalancer_ip }}" + - name: "{{ shared_service_kube_jaeger_collector_hostname }}" + ip: "{{ shared_service_kube_loadbalancer_ip }}" + - name: "{{ shared_service_kube_harbor_hostname }}" + ip: "{{ shared_service_kube_loadbalancer_ip }}" \ No newline at end of file diff --git a/group_vars/connect/plain.yml b/group_vars/connect/plain.yml index 5d1177f..14b7e46 100644 --- a/group_vars/connect/plain.yml +++ b/group_vars/connect/plain.yml @@ -25,10 +25,10 @@ connect_auth_module: "oidc" connect_oidc_client_id: "{{ cluster_name }}" connect_oidc_client_secret: "{{ cluster_name }}" connect_oidc_registration_id: "{{ cluster_name }}" -connect_oidc_issuer_uri: "https://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}" +connect_oidc_issuer_uri: "https://{{ shared_service_hostname_keycloak }}/auth/realms/{{ current_realm_name }}" -connect_password_change_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}/account/password" -connect_iam_user_management_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/admin/{{ current_realm_name }}/console" +connect_password_change_url: "{{ http_s }}://{{ shared_service_hostname_keycloak }}/auth/realms/{{ current_realm_name }}/account/password" +connect_iam_user_management_url: "{{ http_s }}://{{ shared_service_hostname_keycloak }}/auth/admin/{{ current_realm_name }}/console" connect_mail_properties_simulation: false diff --git a/group_vars/connect_wordpress/main.yml b/group_vars/connect_wordpress/main.yml index ede22ad..21f2478 100644 --- a/group_vars/connect_wordpress/main.yml +++ b/group_vars/connect_wordpress/main.yml @@ -5,8 +5,8 @@ connect_wordpress_maria_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name } connect_wordpress_maria_username: "{{ connect_wordpress_maria_database }}" connect_wordpress_maria_password: "connect-wordpress-maria-admin" -connect_wordpress_oidc_issuer: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}" -connect_wordpress_oidc_provider_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}" +connect_wordpress_oidc_issuer: "{{ http_s }}://{{ shared_service_hostname_keycloak }}/auth/realms/{{ current_realm_name }}" +connect_wordpress_oidc_provider_url: "{{ http_s }}://{{ shared_service_hostname_keycloak }}/auth/realms/{{ current_realm_name }}" connect_wordpress_oidc_client_id: "{{ cluster_name }}" connect_wordpress_oidc_client_secret: "{{ cluster_name }}" diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml index f9e24cc..0f80fbf 100644 --- a/group_vars/stage_dev/plain.yml +++ b/group_vars/stage_dev/plain.yml @@ -4,48 +4,6 @@ stage: "dev" # TODO read configuration with hetzner rest api shared_service_network: "10.0.0.0/16" -shared_service_elastic_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-elastic-stack-elastic-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_elastic_02: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-elastic-stack-elastic-02' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_elastic_03: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-elastic-stack-elastic-03' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_logstash_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-elastic-stack-logstash-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_harbor_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-harbor-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_pdns_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-pdns-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_mail_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-mail-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" shared_service_pg_master_ip: "{{ stage_server_infos | selectattr('name', 'match', stage + '-postgres-01' ) | map(attribute='private_ip') @@ -58,92 +16,6 @@ shared_service_pg_slave_ip: "{{ stage_server_infos | list | first | default('-') }}" -shared_service_maria_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-maria-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_keycloak_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-keycloak-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_iam_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-iam-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_webdav_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-webdav-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_gitea_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-gitea-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_redis_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-redis-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_master_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-master-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_master_02: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-master-02' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_master_03: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-master-03' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_02: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-02' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_03: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-03' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_04: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-04' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_management_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-management-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" - -shared_service_kube_ip: "{{ stage_private_ingress_loadbalancer_ip | default('-') }}" shared_service_maria_hostname: "{{ stage }}-maria-01" shared_service_postgres_01_hostname: "{{ stage }}-postgres-01" @@ -152,149 +24,13 @@ shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01" shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02" shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03" shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01" -shared_service_elastic_stack_kibana_01_hostname: "{{ stage }}-elastic-stack-kibana-01" - -kube_master_01_hostname: "{{ stage }}-kube-master-01.{{ domain_env }}" -kube_master_02_hostname: "{{ stage }}-kube-master-02.{{ domain_env }}" -kube_master_03_hostname: "{{ stage }}-kube-master-03.{{ domain_env }}" -kube_node_01_hostname: "{{ stage }}-kube-node-01.{{ domain_env }}" -kube_node_02_hostname: "{{ stage }}-kube-node-02.{{ domain_env }}" -kube_node_03_hostname: "{{ stage }}-kube-node-03.{{ domain_env }}" shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain_env }}" shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain_env }}" shared_service_gitea_hostname: "{{ stage }}-gitea-01.{{ domain_env }}" shared_service_redis_hostname: "{{ stage }}-redis-01.{{ domain_env }}" -shared_service_kube_argocd_hostname: "{{ stage }}-kube-argocd.{{ domain_env }}" -shared_service_kube_awx_hostname: "{{ stage }}-kube-awx.{{ domain_env }}" -shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain_env }}" -shared_service_kube_jaeger_collector_hostname: "{{ stage }}-kube-jaeger-collector.{{ domain_env }}" shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain_env }}" shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain_env }}" -shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain_env }}" -shared_service_harbor_hostname: "{{ stage }}-harbor-01.{{ domain_env }}" - -management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain_env }}" - -keycloak_server_url: "https://{{ shared_service_keycloak_hostname }}" - -shared_service_hosts: [ - { - ip: "127.0.1.1", - name: "{{ inventory_hostname }}" - }, - { - ip: "{{ shared_service_elastic_01 }}", - name: "{{ shared_service_elastic_stack_01_hostname }}" - }, - { - ip: "{{ shared_service_elastic_02 }}", - name: "{{ shared_service_elastic_stack_02_hostname }}" - }, - { - ip: "{{ shared_service_elastic_03 }}", - name: "{{ shared_service_elastic_stack_03_hostname }}" - }, - { - ip: "{{ shared_service_logstash_01 }}", - name: "{{ shared_service_elastic_stack_logstash_01_hostname }}" - }, - { - ip: "{{ shared_service_maria_ip }}", - name: "{{ shared_service_maria_hostname }}" - }, - { - ip: "{{ shared_service_pg_master_ip }}", - name: "{{ shared_service_postgres_01_hostname }}" - }, - { - ip: "{{ shared_service_pg_slave_ip }}", - name: "{{ shared_service_postgres_02_hostname }}" - }, - { - ip: "{{ shared_service_harbor_ip }}", - name: "{{ shared_service_harbor_hostname }}" - }, - { - ip: "{{ shared_service_mail_ip }}", - name: "{{ shared_service_mail_hostname }}" - }, - { - ip: "{{ shared_service_keycloak_ip }}", - name: "{{ shared_service_keycloak_hostname }}" - }, - { - ip: "{{ shared_service_iam_ip }}", - name: "{{ shared_service_iam_hostname }}" - }, - { - ip: "{{ shared_service_webdav_ip }}", - name: "{{ shared_service_webdav_hostname }}" - }, - { - ip: "{{ shared_service_gitea_ip }}", - name: "{{ shared_service_gitea_hostname }}" - }, - { - ip: "{{ shared_service_redis_ip }}", - name: "{{ shared_service_redis_hostname }}" - }, - { - ip: "{{ shared_service_kube_master_01 }}", - name: "{{ kube_master_01_hostname }}" - }, - { - ip: "{{ shared_service_kube_master_02 }}", - name: "{{ kube_master_02_hostname }}" - }, - { - ip: "{{ shared_service_kube_master_03 }}", - name: "{{ kube_master_03_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_01 }}", - name: "{{ kube_node_01_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_02 }}", - name: "{{ kube_node_02_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_03 }}", - name: "{{ kube_node_03_hostname }}" - }, - { - ip: "{{ shared_service_pdns_ip }}", - name: "{{ shared_service_pdns_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_argocd_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_awx_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_prometheus_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_jaeger_collector_hostname }}" - }, - { - ip: "{{ shared_service_management_ip }}", - name: "{{ management_service_connect_hostname }}" - } -] - -# TODO read configuration with hetzner rest api -elastic_stack_network: { - dev-elastic-stack-elastic-01: "{{ shared_service_elastic_01 }}", - dev-elastic-stack-elastic-02: "{{ shared_service_elastic_02 }}", - dev-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}", -} harbor_oidc_realm: "harbor" harbor_oidc_client_id: "harbor" @@ -305,8 +41,6 @@ harbor_oidc_admin_password: "{{ harbor_oidc_admin_password_vault }}" management_oidc_realm: "management" management_oidc_client_id: "smardigo" -smardigo_management_url: "{{ http_s }}://{{ management_service_connect_hostname }}/api/v1/scopes/{{ scope_id }}/processes/{{ process_instance_id }}/messages" - connect_jwt_enabled: true connect_jwt_secret: "908ae14462d049d3be84964ef379c7c6" webdav_jwt_enabled: true diff --git a/group_vars/stage_devscr/plain.yml b/group_vars/stage_devscr/plain.yml index e888f7c..f39a7d5 100644 --- a/group_vars/stage_devscr/plain.yml +++ b/group_vars/stage_devscr/plain.yml @@ -16,98 +16,6 @@ default_plattform_users: # TODO read configuration with hetzner rest api shared_service_network: "10.1.0.0/16" -shared_service_kube_cpl_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-cpl-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_cpl_02: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-cpl-02' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_cpl_03: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-cpl-03' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_02: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-02' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_03: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-03' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" - -shared_service_kube_ip: "{{ stage_private_ingress_loadbalancer_ip | default('-') }}" - -kube_cpl_01_hostname: "{{ stage }}-kube-cpl-01.{{ domain }}" -kube_cpl_02_hostname: "{{ stage }}-kube-cpl-02.{{ domain }}" -kube_cpl_03_hostname: "{{ stage }}-kube-cpl-03.{{ domain }}" -kube_node_01_hostname: "{{ stage }}-kube-node-01.{{ domain }}" -kube_node_02_hostname: "{{ stage }}-kube-node-02.{{ domain }}" -kube_node_03_hostname: "{{ stage }}-kube-node-03.{{ domain }}" - -shared_service_kube_argocd_hostname: "{{ stage }}-kube-argocd.{{ domain }}" -shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain }}" -shared_service_kube_harbor_hostname: "{{ stage }}-harbor.{{ domain }}" - -shared_service_hosts: [ - { - ip: "127.0.1.1", - name: "{{ inventory_hostname }}" - }, - { - ip: "{{ shared_service_kube_cpl_01 }}", - name: "{{ kube_cpl_01_hostname }}" - }, - { - ip: "{{ shared_service_kube_cpl_02 }}", - name: "{{ kube_cpl_02_hostname }}" - }, - { - ip: "{{ shared_service_kube_cpl_03 }}", - name: "{{ kube_cpl_03_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_01 }}", - name: "{{ kube_node_01_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_02 }}", - name: "{{ kube_node_02_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_03 }}", - name: "{{ kube_node_03_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_argocd_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_prometheus_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_harbor_hostname }}" - }, -] netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}" netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}" @@ -120,4 +28,4 @@ gpg_key_smardigo_automation__private: '{{ gpg_key_smardigo_automation__private__ kubernetes_with_awx: False kubernetes_with_gitea: True -shared_service_harbor_hostname: "{{ stage }}-harbor.{{ domain }}" +shared_service_hostname_harbor: "{{ stage }}-harbor.{{ domain }}" diff --git a/group_vars/stage_ext/plain.yml b/group_vars/stage_ext/plain.yml index 2d32474..1160fd6 100644 --- a/group_vars/stage_ext/plain.yml +++ b/group_vars/stage_ext/plain.yml @@ -10,9 +10,7 @@ traefik_enabled: true filebeat_enabled: false node_exporter_enabled: true -shared_service_hosts: [] - # an ext server has no private network node_exporter_listen_address: "0.0.0.0" -shared_service_harbor_hostname: "prodnso-harbor-01.smardigo.digital" +shared_service_hostname_harbor: "prodnso-harbor-01.smardigo.digital" diff --git a/group_vars/stage_prodnso/plain.yml b/group_vars/stage_prodnso/plain.yml index 76b8fab..33c22f7 100644 --- a/group_vars/stage_prodnso/plain.yml +++ b/group_vars/stage_prodnso/plain.yml @@ -4,48 +4,6 @@ stage: "prodnso" # TODO read configuration with hetzner rest api shared_service_network: "10.0.0.0/16" -shared_service_elastic_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-elastic-stack-elastic-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_elastic_02: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-elastic-stack-elastic-02' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_elastic_03: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-elastic-stack-elastic-03' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_logstash_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-elastic-stack-logstash-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_harbor_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-harbor-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_pdns_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-pdns-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_mail_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-mail-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" shared_service_pg_master_ip: "{{ stage_server_infos | selectattr('name', 'match', stage + '-postgres-01' ) | map(attribute='private_ip') @@ -58,86 +16,6 @@ shared_service_pg_slave_ip: "{{ stage_server_infos | list | first | default('-') }}" -shared_service_maria_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-maria-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_keycloak_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-keycloak-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_iam_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-iam-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_webdav_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-webdav-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_gitea_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-gitea-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_redis_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-redis-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_master_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-master-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_master_02: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-master-02' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_master_03: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-master-03' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_02: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-02' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_03: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-03' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_management_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-management-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" - -shared_service_kube_ip: "{{ stage_private_ingress_loadbalancer_ip | default('-') }}" shared_service_maria_hostname: "{{ stage }}-maria-01" shared_service_postgres_01_hostname: "{{ stage }}-postgres-01" @@ -146,149 +24,13 @@ shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01" shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02" shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03" shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01" -shared_service_elastic_stack_kibana_01_hostname: "{{ stage }}-elastic-stack-kibana-01" - -kube_master_01_hostname: "{{ stage }}-kube-master-01.{{ domain_env }}" -kube_master_02_hostname: "{{ stage }}-kube-master-02.{{ domain_env }}" -kube_master_03_hostname: "{{ stage }}-kube-master-03.{{ domain_env }}" -kube_node_01_hostname: "{{ stage }}-kube-node-01.{{ domain_env }}" -kube_node_02_hostname: "{{ stage }}-kube-node-02.{{ domain_env }}" -kube_node_03_hostname: "{{ stage }}-kube-node-03.{{ domain_env }}" shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain_env }}" shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain_env }}" shared_service_gitea_hostname: "{{ stage }}-gitea-01.{{ domain_env }}" shared_service_redis_hostname: "{{ stage }}-redis-01.{{ domain_env }}" -shared_service_kube_argocd_hostname: "{{ stage }}-kube-argocd.{{ domain_env }}" -shared_service_kube_awx_hostname: "{{ stage }}-kube-awx.{{ domain_env }}" -shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain_env }}" -shared_service_kube_jaeger_collector_hostname: "{{ stage }}-kube-jaeger-collector.{{ domain_env }}" shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain_env }}" shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain_env }}" -shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain_env }}" -shared_service_harbor_hostname: "{{ stage }}-harbor-01.{{ domain_env }}" - -management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain_env }}" - -keycloak_server_url: "https://{{ shared_service_keycloak_hostname }}" - -shared_service_hosts: [ - { - ip: "127.0.1.1", - name: "{{ inventory_hostname }}" - }, - { - ip: "{{ shared_service_elastic_01 }}", - name: "{{ shared_service_elastic_stack_01_hostname }}" - }, - { - ip: "{{ shared_service_elastic_02 }}", - name: "{{ shared_service_elastic_stack_02_hostname }}" - }, - { - ip: "{{ shared_service_elastic_03 }}", - name: "{{ shared_service_elastic_stack_03_hostname }}" - }, - { - ip: "{{ shared_service_logstash_01 }}", - name: "{{ shared_service_elastic_stack_logstash_01_hostname }}" - }, - { - ip: "{{ shared_service_maria_ip }}", - name: "{{ shared_service_maria_hostname }}" - }, - { - ip: "{{ shared_service_pg_master_ip }}", - name: "{{ shared_service_postgres_01_hostname }}" - }, - { - ip: "{{ shared_service_pg_slave_ip }}", - name: "{{ shared_service_postgres_02_hostname }}" - }, - { - ip: "{{ shared_service_harbor_ip }}", - name: "{{ shared_service_harbor_hostname }}" - }, - { - ip: "{{ shared_service_mail_ip }}", - name: "{{ shared_service_mail_hostname }}" - }, - { - ip: "{{ shared_service_keycloak_ip }}", - name: "{{ shared_service_keycloak_hostname }}" - }, - { - ip: "{{ shared_service_iam_ip }}", - name: "{{ shared_service_iam_hostname }}" - }, - { - ip: "{{ shared_service_webdav_ip }}", - name: "{{ shared_service_webdav_hostname }}" - }, - { - ip: "{{ shared_service_gitea_ip }}", - name: "{{ shared_service_gitea_hostname }}" - }, - { - ip: "{{ shared_service_redis_ip }}", - name: "{{ shared_service_redis_hostname }}" - }, - { - ip: "{{ shared_service_kube_master_01 }}", - name: "{{ kube_master_01_hostname }}" - }, - { - ip: "{{ shared_service_kube_master_02 }}", - name: "{{ kube_master_02_hostname }}" - }, - { - ip: "{{ shared_service_kube_master_03 }}", - name: "{{ kube_master_03_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_01 }}", - name: "{{ kube_node_01_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_02 }}", - name: "{{ kube_node_02_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_03 }}", - name: "{{ kube_node_03_hostname }}" - }, - { - ip: "{{ shared_service_pdns_ip }}", - name: "{{ shared_service_pdns_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_argocd_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_awx_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_prometheus_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_jaeger_collector_hostname }}" - }, - { - ip: "{{ shared_service_management_ip }}", - name: "{{ management_service_connect_hostname }}" - } -] - -# TODO read configuration with hetzner rest api -elastic_stack_network: { - prodnso-elastic-stack-elastic-01: "{{ shared_service_elastic_01 }}", - prodnso-elastic-stack-elastic-02: "{{ shared_service_elastic_02 }}", - prodnso-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}", -} harbor_oidc_realm: "harbor" harbor_oidc_client_id: "harbor" @@ -299,8 +41,6 @@ harbor_oidc_admin_password: "{{ harbor_oidc_admin_password_vault }}" management_oidc_realm: "management" management_oidc_client_id: "smardigo" -smardigo_management_url: "{{ http_s }}://{{ management_service_connect_hostname }}/api/v1/scopes/{{ scope_id }}/processes/{{ process_instance_id }}/messages" - connect_jwt_enabled: true connect_jwt_secret: "908ae14462d049d3be84964ef379c7c6" webdav_jwt_enabled: true diff --git a/group_vars/stage_prodwork01/plain.yml b/group_vars/stage_prodwork01/plain.yml index af2c295..adf49d9 100644 --- a/group_vars/stage_prodwork01/plain.yml +++ b/group_vars/stage_prodwork01/plain.yml @@ -12,86 +12,10 @@ default_plattform_users: # TODO read configuration with hetzner rest api shared_service_network: "10.3.0.0/16" -shared_service_kube_cpl_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-cpl-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_cpl_02: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-cpl-02' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_cpl_03: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-cpl-03' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_02: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-02' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_03: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-03' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" - -shared_service_kube_ip: "{{ stage_private_ingress_loadbalancer_ip | default('-') }}" - -kube_cpl_01_hostname: "{{ stage }}-kube-cpl-01.{{ domain_env }}" -kube_cpl_02_hostname: "{{ stage }}-kube-cpl-02.{{ domain_env }}" -kube_cpl_03_hostname: "{{ stage }}-kube-cpl-03.{{ domain_env }}" -kube_node_01_hostname: "{{ stage }}-kube-node-01.{{ domain_env }}" -kube_node_02_hostname: "{{ stage }}-kube-node-02.{{ domain_env }}" -kube_node_03_hostname: "{{ stage }}-kube-node-03.{{ domain_env }}" - -shared_service_hosts: [ - { - ip: "127.0.1.1", - name: "{{ inventory_hostname }}" - }, - { - ip: "{{ shared_service_kube_cpl_01 }}", - name: "{{ kube_cpl_01_hostname }}" - }, - { - ip: "{{ shared_service_kube_cpl_02 }}", - name: "{{ kube_cpl_02_hostname }}" - }, - { - ip: "{{ shared_service_kube_cpl_03 }}", - name: "{{ kube_cpl_03_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_01 }}", - name: "{{ kube_node_01_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_02 }}", - name: "{{ kube_node_02_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_03 }}", - name: "{{ kube_node_03_hostname }}" - } -] filebeat_enabled: false -shared_service_harbor_hostname: "prodnso-harbor-01.{{ domain }}" +shared_service_hostname_harbor: "prodnso-harbor-01.{{ domain }}" netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}" netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}" diff --git a/group_vars/stage_qa/plain.yml b/group_vars/stage_qa/plain.yml index 5dfd6d2..aa47aac 100644 --- a/group_vars/stage_qa/plain.yml +++ b/group_vars/stage_qa/plain.yml @@ -4,48 +4,6 @@ stage: "qa" # TODO read configuration with hetzner rest api shared_service_network: "10.1.0.0/16" -shared_service_elastic_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-elastic-stack-elastic-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_elastic_02: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-elastic-stack-elastic-02' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_elastic_03: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-elastic-stack-elastic-03' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_logstash_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-elastic-stack-logstash-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_harbor_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-harbor-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_pdns_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-pdns-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_mail_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-mail-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" shared_service_pg_master_ip: "{{ stage_server_infos | selectattr('name', 'match', stage + '-postgres-01' ) | map(attribute='private_ip') @@ -58,86 +16,6 @@ shared_service_pg_slave_ip: "{{ stage_server_infos | list | first | default('-') }}" -shared_service_maria_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-maria-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_keycloak_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-keycloak-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_iam_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-iam-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_webdav_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-webdav-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_gitea_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-gitea-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_redis_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-redis-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_master_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-master-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_master_02: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-master-02' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_master_03: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-master-03' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_01: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_02: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-02' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_kube_node_03: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-kube-node-03' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" -shared_service_management_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-management-01' ) - | map(attribute='private_ip') - | list - | first - | default('-') }}" - -shared_service_kube_ip: "{{ stage_private_ingress_loadbalancer_ip | default('-') }}" shared_service_maria_hostname: "{{ stage }}-maria-01" shared_service_postgres_01_hostname: "{{ stage }}-postgres-01" @@ -146,149 +24,13 @@ shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01" shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02" shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03" shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01" -shared_service_elastic_stack_kibana_01_hostname: "{{ stage }}-elastic-stack-kibana-01" - -kube_master_01_hostname: "{{ stage }}-kube-master-01.{{ domain_env }}" -kube_master_02_hostname: "{{ stage }}-kube-master-02.{{ domain_env }}" -kube_master_03_hostname: "{{ stage }}-kube-master-03.{{ domain_env }}" -kube_node_01_hostname: "{{ stage }}-kube-node-01.{{ domain_env }}" -kube_node_02_hostname: "{{ stage }}-kube-node-02.{{ domain_env }}" -kube_node_03_hostname: "{{ stage }}-kube-node-03.{{ domain_env }}" shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain_env }}" shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain_env }}" shared_service_gitea_hostname: "{{ stage }}-gitea-01.{{ domain_env }}" shared_service_redis_hostname: "{{ stage }}-redis-01.{{ domain_env }}" -shared_service_kube_argocd_hostname: "{{ stage }}-kube-argocd.{{ domain_env }}" -shared_service_kube_awx_hostname: "{{ stage }}-kube-awx.{{ domain_env }}" -shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain_env }}" -shared_service_kube_jaeger_collector_hostname: "{{ stage }}-kube-jaeger-collector.{{ domain_env }}" shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain_env }}" shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain_env }}" -shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain_env }}" -shared_service_harbor_hostname: "{{ stage }}-harbor-01.{{ domain_env }}" - -management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain_env }}" - -keycloak_server_url: "https://{{ shared_service_keycloak_hostname }}" - -shared_service_hosts: [ - { - ip: "127.0.1.1", - name: "{{ inventory_hostname }}" - }, - { - ip: "{{ shared_service_elastic_01 }}", - name: "{{ shared_service_elastic_stack_01_hostname }}" - }, - { - ip: "{{ shared_service_elastic_02 }}", - name: "{{ shared_service_elastic_stack_02_hostname }}" - }, - { - ip: "{{ shared_service_elastic_03 }}", - name: "{{ shared_service_elastic_stack_03_hostname }}" - }, - { - ip: "{{ shared_service_logstash_01 }}", - name: "{{ shared_service_elastic_stack_logstash_01_hostname }}" - }, - { - ip: "{{ shared_service_maria_ip }}", - name: "{{ shared_service_maria_hostname }}" - }, - { - ip: "{{ shared_service_pg_master_ip }}", - name: "{{ shared_service_postgres_01_hostname }}" - }, - { - ip: "{{ shared_service_pg_slave_ip }}", - name: "{{ shared_service_postgres_02_hostname }}" - }, - { - ip: "{{ shared_service_harbor_ip }}", - name: "{{ shared_service_harbor_hostname }}" - }, - { - ip: "{{ shared_service_mail_ip }}", - name: "{{ shared_service_mail_hostname }}" - }, - { - ip: "{{ shared_service_keycloak_ip }}", - name: "{{ shared_service_keycloak_hostname }}" - }, - { - ip: "{{ shared_service_iam_ip }}", - name: "{{ shared_service_iam_hostname }}" - }, - { - ip: "{{ shared_service_webdav_ip }}", - name: "{{ shared_service_webdav_hostname }}" - }, - { - ip: "{{ shared_service_gitea_ip }}", - name: "{{ shared_service_gitea_hostname }}" - }, - { - ip: "{{ shared_service_redis_ip }}", - name: "{{ shared_service_redis_hostname }}" - }, - { - ip: "{{ shared_service_kube_master_01 }}", - name: "{{ kube_master_01_hostname }}" - }, - { - ip: "{{ shared_service_kube_master_02 }}", - name: "{{ kube_master_02_hostname }}" - }, - { - ip: "{{ shared_service_kube_master_03 }}", - name: "{{ kube_master_03_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_01 }}", - name: "{{ kube_node_01_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_02 }}", - name: "{{ kube_node_02_hostname }}" - }, - { - ip: "{{ shared_service_kube_node_03 }}", - name: "{{ kube_node_03_hostname }}" - }, - { - ip: "{{ shared_service_pdns_ip }}", - name: "{{ shared_service_pdns_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_argocd_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_awx_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_prometheus_hostname }}" - }, - { - ip: "{{ shared_service_kube_ip }}", - name: "{{ shared_service_kube_jaeger_collector_hostname }}" - }, - { - ip: "{{ shared_service_management_ip }}", - name: "{{ management_service_connect_hostname }}" - } -] - -# TODO read configuration with hetzner rest api -elastic_stack_network: { - qa-elastic-stack-elastic-01: "{{ shared_service_elastic_01 }}", - qa-elastic-stack-elastic-02: "{{ shared_service_elastic_02 }}", - qa-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}", -} harbor_oidc_realm: "harbor" harbor_oidc_client_id: "harbor" @@ -299,8 +41,6 @@ harbor_oidc_admin_password: "{{ harbor_oidc_admin_password_vault }}" management_oidc_realm: "management" management_oidc_client_id: "smardigo" -smardigo_management_url: "{{ http_s }}://{{ management_service_connect_hostname }}/api/v1/scopes/{{ scope_id }}/processes/{{ process_instance_id }}/messages" - connect_jwt_enabled: true connect_jwt_secret: "908ae14462d049d3be84964ef379c7c6" webdav_jwt_enabled: true diff --git a/import-database.yml b/import-database.yml index 4ad8146..7927d5d 100644 --- a/import-database.yml +++ b/import-database.yml @@ -94,5 +94,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/patchday.yml b/patchday.yml index 4fa0684..faf786a 100644 --- a/patchday.yml +++ b/patchday.yml @@ -3,7 +3,6 @@ ### tags: ### check_elastic_cluster - - hosts: prometheus vars: start: '{{ ansible_date_time.epoch }}' diff --git a/pmci-callback.yml b/pmci-callback.yml index 0f010e1..fdcdbbe 100644 --- a/pmci-callback.yml +++ b/pmci-callback.yml @@ -18,5 +18,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/remove-database.yml b/remove-database.yml index c3b06a9..7362132 100644 --- a/remove-database.yml +++ b/remove-database.yml @@ -121,5 +121,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/remove-realm.yml b/remove-realm.yml index 9c4b74f..7f181f2 100644 --- a/remove-realm.yml +++ b/remove-realm.yml @@ -92,5 +92,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/remove-server.yml b/remove-server.yml index f518231..29f0b14 100644 --- a/remove-server.yml +++ b/remove-server.yml @@ -91,5 +91,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/remove-service.yml b/remove-service.yml index c8a0e84..545296d 100644 --- a/remove-service.yml +++ b/remove-service.yml @@ -90,5 +90,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/restore-database-backup.yml b/restore-database-backup.yml index 2939891..b179030 100644 --- a/restore-database-backup.yml +++ b/restore-database-backup.yml @@ -96,5 +96,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/restore-remote-database-backup.yml b/restore-remote-database-backup.yml index 1980bcf..332fd28 100644 --- a/restore-remote-database-backup.yml +++ b/restore-remote-database-backup.yml @@ -261,5 +261,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/roles/common/configs/docker/config.json.j2 b/roles/common/configs/docker/config.json.j2 index 66e6a1f..c38fb65 100644 --- a/roles/common/configs/docker/config.json.j2 +++ b/roles/common/configs/docker/config.json.j2 @@ -1,6 +1,6 @@ { "auths": { - "{{ shared_service_harbor_hostname }}": { + "{{ shared_service_hostname_harbor }}": { "auth": "{{ [harbor_username, harbor_token] | join(":") | string | b64encode }}" } } diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 4bd8a38..455bf63 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -20,8 +20,31 @@ state: present create: yes block: | - {% for host in shared_service_hosts %} - {{ host.ip }} {{ host.name }} + {{ '127.0.1.1 ' + inventory_hostname }} + {{ '# shared services without domain (only internal available)' }} + {% for server_info in stage_server_infos | default([]) | sort(attribute='name') %} + {% if + server_info.service in ['elastic','logstash','maria','postgres'] + %} + {{ server_info.private_ip + ' ' + server_info.name }} + {% endif %} + {% endfor %} + {{ '# shared services with domain (maybe external available)' }} + {% for server_info in stage_server_infos | default([]) | sort(attribute='name') %} + {% if + server_info.service in ['harbor','gitea','postfix','keycloak','iam'] + or server_info.name == shared_service_host_management | default([]) + %} + {{ server_info.private_ip + ' ' + server_info.name + '.' + domain_env }} + {% endif %} + {% endfor %} + {{ '# additional services behind kube loadbalancer (maybe available)' }} + {% for host in shared_service_additional_hosts|default([]) %} + {% if shared_service_kube_loadbalancer_ip_not_available == host.ip %} + {{ '# loadbalancer private ip not available for ' + stage + ':' + host.name + ' (use dynamic inventory)'}} + {% else %} + {{ host.ip + ' ' + host.name }} + {% endif %} {% endfor %} when: - "'hcloud' in group_names" diff --git a/roles/connect/defaults/main.yml b/roles/connect/defaults/main.yml index 940075c..157ce28 100644 --- a/roles/connect/defaults/main.yml +++ b/roles/connect/defaults/main.yml @@ -1,6 +1,6 @@ --- -connect_image_name: "{{ shared_service_harbor_hostname }}/smardigo/connect-whitelabel-app" +connect_image_name: "{{ shared_service_hostname_harbor }}/smardigo/connect-whitelabel-app" connect_mail_host: "{{ shared_service_mail_hostname }}" connect_mail_properties_base_url: "{{ http_s }}://{{ connect_base_url }}" diff --git a/roles/connect_compact/defaults/main.yml b/roles/connect_compact/defaults/main.yml index 95b7cb4..b130034 100644 --- a/roles/connect_compact/defaults/main.yml +++ b/roles/connect_compact/defaults/main.yml @@ -5,9 +5,9 @@ connect_admin_username: "connect-admin" connect_admin_password: "{{ connect_admin_password_vault }}" connect_postgres_username: "connect-postgres-username" connect_postgres_password: "{{ connect_postgres_password_vault }}" -connect_image_name: "{{ shared_service_harbor_hostname }}/smardigo/connect-whitelabel-app" +connect_image_name: "{{ shared_service_hostname_harbor }}/smardigo/connect-whitelabel-app" -iam_image_name: "{{ shared_service_harbor_hostname }}/smardigo/iam-app" +iam_image_name: "{{ shared_service_hostname_harbor }}/smardigo/iam-app" elasticsearch_username: "elastic" elasticsearch_password: "{{ elasticsearch_password_vault }}" @@ -17,7 +17,7 @@ keycloak_admin_username: "keycloak-admin" keycloak_admin_password: "{{ keycloak_admin_password_vault }}" keycloak_postgres_username: "keycloak_postgres" keycloak_postgres_password: "{{ keycloak_postgres_password_vault }}" -keycloak_image_name: "{{ shared_service_harbor_hostname }}/smardigo/keycloak" +keycloak_image_name: "{{ shared_service_hostname_harbor }}/smardigo/keycloak" kibana_id: "{{ inventory_hostname }}-kibana" diff --git a/roles/connect_wordpress/defaults/main.yml b/roles/connect_wordpress/defaults/main.yml index 13d7218..9377a55 100644 --- a/roles/connect_wordpress/defaults/main.yml +++ b/roles/connect_wordpress/defaults/main.yml @@ -1,4 +1,4 @@ --- -wordpress_image_name: "{{ shared_service_harbor_hostname }}/smardigo/wordpress" +wordpress_image_name: "{{ shared_service_hostname_harbor }}/smardigo/wordpress" wordpress_image_version: '1.3.1' diff --git a/roles/connect_wordpress/vars/main.yml b/roles/connect_wordpress/vars/main.yml index e4c9459..68e1163 100644 --- a/roles/connect_wordpress/vars/main.yml +++ b/roles/connect_wordpress/vars/main.yml @@ -43,7 +43,7 @@ wordpress_docker: { " define( 'WP_HOME', 'https://{{ wordpress_base_url }}' );", " define( 'WP_SITEURL', 'https://{{ wordpress_base_url }}' );", " define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT );", - "AUTH_API: \"https://{{ shared_service_keycloak_hostname }}\"", + "AUTH_API: \"https://{{ shared_service_hostname_keycloak }}\"", "RESOURCE_API: \"https://{{ connect_base_url }}\"", "REALM_ID: \"{{ current_realm_name }}\"", "REGISTRATION_ID: \"{{ connect_wordpress_oidc_client_id }}\"", diff --git a/roles/elastic/vars/main.yml b/roles/elastic/vars/main.yml index e208ad1..26d1cd6 100644 --- a/roles/elastic/vars/main.yml +++ b/roles/elastic/vars/main.yml @@ -27,7 +27,7 @@ elastic_docker: { "cluster.initial_master_nodes: {{ groups['elastic'] | join(',')}}", "bootstrap.memory_lock: \"true\"", - "network.publish_host: {{ elastic_stack_network[inventory_hostname] }}", + "network.publish_host: \"{{ hostvars[inventory_hostname]['stage_private_server_ip'] }}", "xpack.security.enabled: \"true\"", "xpack.security.http.ssl.enabled: \"true\"", "xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/ca/ca.crt", diff --git a/roles/harbor/defaults/main.yml b/roles/harbor/defaults/main.yml index f731a71..220bb62 100644 --- a/roles/harbor/defaults/main.yml +++ b/roles/harbor/defaults/main.yml @@ -7,10 +7,6 @@ harbor_id: '{{ inventory_hostname }}-harbor' harbor_dockercompose_customized: services: - core: - extra_hosts: - - '{{ shared_service_keycloak_hostname }}:{{ shared_service_keycloak_ip }}' - - '{{ shared_service_mail_hostname }}:{{ shared_service_mail_ip }}' proxy: networks: - harbor @@ -45,7 +41,7 @@ harbor_base_configuration: email_insecure: true auth_mode: oidc_auth oidc_name: "{{ harbor_oidc_realm }}" - oidc_endpoint: 'https://{{ shared_service_keycloak_hostname }}/auth/realms/{{ harbor_oidc_realm }}' + oidc_endpoint: 'https://{{ shared_service_hostname_keycloak }}/auth/realms/{{ harbor_oidc_realm }}' oidc_client_id: "{{ harbor_oidc_client_id }}" oidc_client_secret: "{{ harbor_oidc_client_secret }}" oidc_groups_claim: groups diff --git a/roles/harbor_realm/defaults/main.yml b/roles/harbor_realm/defaults/main.yml index b997098..691cee5 100644 --- a/roles/harbor_realm/defaults/main.yml +++ b/roles/harbor_realm/defaults/main.yml @@ -4,14 +4,14 @@ current_realm_clients: [ { name: "{{ harbor_oidc_client_id }}", clientId: "{{ harbor_oidc_client_id }}", - admin_url: "{{ http_s }}://{{ shared_service_harbor_hostname }}", - root_url: "{{ http_s }}://{{ shared_service_harbor_hostname }}", + admin_url: "{{ http_s }}://{{ shared_service_hostname_harbor }}", + root_url: "{{ http_s }}://{{ shared_service_hostname_harbor }}", redirect_uris: [ - "{{ http_s }}://{{ shared_service_harbor_hostname }}/*" + "{{ http_s }}://{{ shared_service_hostname_harbor }}/*" ], secret: "{{ harbor_oidc_client_secret }}", web_origins: [ - "{{ http_s }}://{{ shared_service_harbor_hostname }}" + "{{ http_s }}://{{ shared_service_hostname_harbor }}" ] } ] diff --git a/roles/iam/defaults/main.yml b/roles/iam/defaults/main.yml index eddc6be..4a69e12 100644 --- a/roles/iam/defaults/main.yml +++ b/roles/iam/defaults/main.yml @@ -1,3 +1,3 @@ --- -iam_image_name: '{{ shared_service_harbor_hostname }}/smardigo/iam-app' +iam_image_name: '{{ shared_service_hostname_harbor }}/smardigo/iam-app' diff --git a/roles/iam/vars/main.yml b/roles/iam/vars/main.yml index bf37a59..2d05e8d 100644 --- a/roles/iam/vars/main.yml +++ b/roles/iam/vars/main.yml @@ -4,7 +4,7 @@ iam_id: "{{ inventory_hostname }}-iam" iam_cache_timeout: 600s -iam_keycloak_auth_server_url: "https://{{ shared_service_keycloak_hostname }}/auth" +iam_keycloak_auth_server_url: "https://{{ shared_service_hostname_keycloak }}/auth" iam_keycloak_admin_user: "{{ keycloak_admin_username }}" iam_keycloak_admin_password: "{{ keycloak_admin_password }}" diff --git a/roles/infrastructure_realm/defaults/main.yml b/roles/infrastructure_realm/defaults/main.yml index 66a531c..4e80d62 100644 --- a/roles/infrastructure_realm/defaults/main.yml +++ b/roles/infrastructure_realm/defaults/main.yml @@ -3,7 +3,7 @@ infrastructure_realm_name: "infrastructure" argocd_server_url: "{{ http_s}}://{{ stage }}-argocd.{{ domain }}" -keycloak_server_url: "{{ http_s}}://{{ stage }}-keycloak-01-keycloak.{{ domain }}" +shared_service_url_keycloak: "{{ http_s}}://{{ stage }}-keycloak-01-keycloak.{{ domain }}" current_realm_name: "{{ infrastructure_realm_name }}" shared_service_mail_hostname: "not_available" diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index a298d34..fd86150 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -3,7 +3,7 @@ # TODO doesn't bind to local port (currently used by setup keycloak with ansible) service_port_keycloak_external: "8110" -keycloak_image: "{{ shared_service_harbor_hostname }}/smardigo/keycloak" +keycloak_image: "{{ shared_service_hostname_harbor }}/smardigo/keycloak" keycloak_default_client_scopes: - web-origins diff --git a/roles/keycloak/tasks/_authenticate.yml b/roles/keycloak/tasks/_authenticate.yml index 94f2123..a3c284b 100644 --- a/roles/keycloak/tasks/_authenticate.yml +++ b/roles/keycloak/tasks/_authenticate.yml @@ -1,7 +1,7 @@ --- - name: "Authenticating with keycloak server" uri: - url: "{{ keycloak_server_url }}/auth/realms/master/protocol/openid-connect/token" + url: "{{ shared_service_url_keycloak }}/auth/realms/master/protocol/openid-connect/token" method: POST body_format: form-urlencoded body: 'username={{ keycloak_admin_username }}&password={{ keycloak_admin_password }}&client_id=admin-cli&grant_type=password' diff --git a/roles/keycloak/tasks/_configure_client_crud.yml b/roles/keycloak/tasks/_configure_client_crud.yml index 306c29b..2010ac0 100644 --- a/roles/keycloak/tasks/_configure_client_crud.yml +++ b/roles/keycloak/tasks/_configure_client_crud.yml @@ -3,7 +3,7 @@ delegate_to: 127.0.0.1 become: false uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/clients" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ realm_name }}/clients" method: GET headers: Authorization: "Bearer {{ bearer_token }} " @@ -12,7 +12,7 @@ - name: "CREATING client <{{ client_id }}> for realm <{{ realm_name }}>" uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/clients" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ realm_name }}/clients" method: POST body_format: json body: "{{ keycloak_client_object }}" @@ -35,7 +35,7 @@ delegate_to: 127.0.0.1 become: false uri: - url: '{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/clients/{{ id }}' + url: '{{ shared_service_url_keycloak }}/auth/admin/realms/{{ realm_name }}/clients/{{ id }}' method: PUT body_format: json body: "{{ keycloak_client_object }}" @@ -50,7 +50,7 @@ delegate_to: 127.0.0.1 become: false uri: - url: '{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/clients/{{ id }}' + url: '{{ shared_service_url_keycloak }}/auth/admin/realms/{{ realm_name }}/clients/{{ id }}' method: DELETE body_format: json body: "{{ keycloak_client_object }}" diff --git a/roles/keycloak/tasks/_configure_realm.yml b/roles/keycloak/tasks/_configure_realm.yml index bb38a67..d559fe8 100644 --- a/roles/keycloak/tasks/_configure_realm.yml +++ b/roles/keycloak/tasks/_configure_realm.yml @@ -9,7 +9,7 @@ auth_client_id: "admin-cli" auth_username: "{{ keycloak_admin_username }}" auth_password: "{{ keycloak_admin_password }}" - auth_keycloak_url: "{{ keycloak_server_url }}/auth" + auth_keycloak_url: "{{ shared_service_url_keycloak }}/auth" account_theme: "smardigo-theme" admin_theme: "smardigo-theme" login_theme: "smardigo-theme" @@ -40,7 +40,7 @@ - name: "Creating keycloak clientscopes" community.general.keycloak_clientscope: auth_client_id: admin-cli - auth_keycloak_url: "{{ keycloak_server_url }}/auth" + auth_keycloak_url: "{{ shared_service_url_keycloak }}/auth" auth_realm: "master" auth_username: "{{ keycloak_admin_username }}" auth_password: "{{ keycloak_admin_password }}" @@ -57,7 +57,7 @@ auth_client_id: "admin-cli" auth_username: "{{ keycloak_admin_username }}" auth_password: "{{ keycloak_admin_password }}" - auth_keycloak_url: "{{ keycloak_server_url }}/auth" + auth_keycloak_url: "{{ shared_service_url_keycloak }}/auth" state: present realm: "{{ current_realm_name }}" client_id: "{{ client.clientId }}" diff --git a/roles/keycloak/tasks/_configure_realm_admin_users.yml b/roles/keycloak/tasks/_configure_realm_admin_users.yml index 94a4391..7f729f6 100644 --- a/roles/keycloak/tasks/_configure_realm_admin_users.yml +++ b/roles/keycloak/tasks/_configure_realm_admin_users.yml @@ -1,7 +1,7 @@ --- - name: "Reading users of realm {{ current_realm_name }}" uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ current_realm_name }}/users" method: GET headers: Authorization: "Bearer {{ access_token }} " @@ -34,7 +34,7 @@ - name: "Reading realm clients" uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ current_realm_name }}/clients" method: GET headers: Authorization: "Bearer {{ access_token }} " @@ -67,7 +67,7 @@ - name: "Reading available role mappings for realm management client" uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}/available" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}/available" method: GET headers: Authorization: "Bearer {{ access_token }} " @@ -94,7 +94,7 @@ - name: "Adding realm admin role to user {{ realm_admin_user_id }}" uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}" method: POST body_format: json body: "{{ lookup('template','keycloak-become-realm-admin-user.json.j2') }}" diff --git a/roles/keycloak/tasks/_configure_user_groupmembership_crud.yml b/roles/keycloak/tasks/_configure_user_groupmembership_crud.yml index 8acfa1f..393213a 100644 --- a/roles/keycloak/tasks/_configure_user_groupmembership_crud.yml +++ b/roles/keycloak/tasks/_configure_user_groupmembership_crud.yml @@ -3,7 +3,7 @@ delegate_to: 127.0.0.1 become: false uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/groups" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ realm_name }}/groups" method: GET headers: Authorization: "Bearer {{ bearer_token }} " @@ -14,7 +14,7 @@ delegate_to: 127.0.0.1 become: false uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/users" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ realm_name }}/users" method: GET headers: Authorization: "Bearer {{ bearer_token }} " @@ -30,7 +30,7 @@ delegate_to: 127.0.0.1 become: false uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/users/{{ user_id }}/groups/" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ realm_name }}/users/{{ user_id }}/groups/" method: GET headers: Authorization: "Bearer {{ bearer_token }} " @@ -41,7 +41,7 @@ delegate_to: 127.0.0.1 become: false uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/users/{{ user_id }}/groups/{{ group_id }}" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ realm_name }}/users/{{ user_id }}/groups/{{ group_id }}" method: PUT body_format: json headers: diff --git a/roles/keycloak/tasks/_create_realm_admin.yml b/roles/keycloak/tasks/_create_realm_admin.yml index 84b9361..dcbb2e7 100644 --- a/roles/keycloak/tasks/_create_realm_admin.yml +++ b/roles/keycloak/tasks/_create_realm_admin.yml @@ -1,7 +1,7 @@ --- - name: "Reading users of realm {{ current_realm_name }}" uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ current_realm_name }}/users" method: GET headers: Authorization: "Bearer {{ access_token }} " @@ -50,7 +50,7 @@ - name: "Creating users for realm {{ current_realm_name }}" uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ current_realm_name }}/users" method: POST body_format: json body: "{{ lookup('template','keycloak-realm-create-user.json.j2') }}" diff --git a/roles/keycloak/tasks/_create_realm_groups.yml b/roles/keycloak/tasks/_create_realm_groups.yml index 5661162..a4f159c 100644 --- a/roles/keycloak/tasks/_create_realm_groups.yml +++ b/roles/keycloak/tasks/_create_realm_groups.yml @@ -1,7 +1,7 @@ --- - name: Read groups of realm {{ current_realm_name }} uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/groups" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ current_realm_name }}/groups" method: GET headers: Authorization: "Bearer {{ access_token }} " @@ -45,7 +45,7 @@ - name: "Create groups for realm {{ current_realm_name }}" uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/groups" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ current_realm_name }}/groups" method: POST body_format: json body: "{{ lookup('template','keycloak-realm-create-group.json.j2') }}" diff --git a/roles/keycloak/tasks/_create_realm_users.yml b/roles/keycloak/tasks/_create_realm_users.yml index 83b471c..603301e 100644 --- a/roles/keycloak/tasks/_create_realm_users.yml +++ b/roles/keycloak/tasks/_create_realm_users.yml @@ -1,7 +1,7 @@ --- - name: "Reading users of realm {{ current_realm_name }}" uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ current_realm_name }}/users" method: GET headers: Authorization: "Bearer {{ access_token }} " @@ -50,7 +50,7 @@ - name: "Creating users for realm {{ current_realm_name }}" uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ current_realm_name }}/users" method: POST body_format: json body: "{{ lookup('template','keycloak-realm-create-user.json.j2') }}" diff --git a/roles/keycloak/tasks/_delete_client.yml b/roles/keycloak/tasks/_delete_client.yml index 6eb3f26..b62b858 100644 --- a/roles/keycloak/tasks/_delete_client.yml +++ b/roles/keycloak/tasks/_delete_client.yml @@ -7,7 +7,7 @@ - name: "Authenticate with Keycloak server" uri: - url: "{{ keycloak_server_url }}/auth/realms/master/protocol/openid-connect/token" + url: "{{ shared_service_url_keycloak }}/auth/realms/master/protocol/openid-connect/token" method: POST body_format: form-urlencoded body: 'username={{ keycloak_admin_username }}&password={{ keycloak_admin_password }}&client_id=admin-cli&grant_type=password' @@ -19,7 +19,7 @@ - name: "Read clients from realm {{ realm_name }}" uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/clients" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ realm_name }}/clients" method: GET headers: Authorization: "Bearer {{ keycloak_authentication.json.access_token }}" @@ -70,7 +70,7 @@ - name: "Deleting client <{{ client_name }}> for realm <{{ realm_name }}>" uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/clients/{{ realm_client_id }}" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ realm_name }}/clients/{{ realm_client_id }}" method: DELETE body_format: json headers: diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index bbaf119..9a9be29 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -59,7 +59,7 @@ - name: "Setting local keycloak url" set_fact: - keycloak_server_url: "http://localhost:{{ service_port_keycloak_external }}" + shared_service_url_keycloak: "http://localhost:{{ service_port_keycloak_external }}" when: "'keycloak' in group_names" - name: "Wait for " @@ -70,7 +70,7 @@ - name: "Authenticate with Keycloak server" uri: - url: "{{ keycloak_server_url }}/auth/realms/master/protocol/openid-connect/token" + url: "{{ shared_service_url_keycloak }}/auth/realms/master/protocol/openid-connect/token" method: POST body_format: form-urlencoded body: 'username={{ keycloak_admin_username }}&password={{ keycloak_admin_password }}&client_id=admin-cli&grant_type=password' @@ -96,7 +96,7 @@ auth_client_id: "admin-cli" auth_username: "{{ keycloak_admin_username }}" auth_password: "{{ keycloak_admin_password }}" - auth_keycloak_url: "{{ keycloak_server_url }}/auth" + auth_keycloak_url: "{{ shared_service_url_keycloak }}/auth" account_theme: "smardigo-theme" admin_theme: "smardigo-theme" login_theme: "smardigo-theme" diff --git a/roles/keycloak_compact/defaults/main.yml b/roles/keycloak_compact/defaults/main.yml index 2f61103..e7a75ab 100644 --- a/roles/keycloak_compact/defaults/main.yml +++ b/roles/keycloak_compact/defaults/main.yml @@ -5,7 +5,7 @@ keycloak_admin_username: "keycloak-admin" keycloak_admin_password: "{{ keycloak_admin_password_vault }}" keycloak_postgres_username: "keycloak_postgres" keycloak_postgres_password: "{{ keycloak_postgres_password_vault }}" -keycloak_image_name: "{{ shared_service_harbor_hostname }}/smardigo/keycloak" +keycloak_image_name: "{{ shared_service_hostname_harbor }}/smardigo/keycloak" keycloak_compact_tls_cert_resolver: letsencrypt-http diff --git a/roles/keycloak_compact/tasks/main.yml b/roles/keycloak_compact/tasks/main.yml index 850b06d..a3a5ce5 100644 --- a/roles/keycloak_compact/tasks/main.yml +++ b/roles/keycloak_compact/tasks/main.yml @@ -47,7 +47,7 @@ - name: "Setting local keycloak url" set_fact: - keycloak_server_url: "http://localhost:{{ service_port_keycloak_external }}" + shared_service_url_keycloak: "http://localhost:{{ service_port_keycloak_external }}" - name: "Wait for " wait_for: diff --git a/roles/kibana/defaults/main.yaml b/roles/kibana/defaults/main.yaml index 945cc02..c5c474e 100644 --- a/roles/kibana/defaults/main.yaml +++ b/roles/kibana/defaults/main.yaml @@ -10,7 +10,6 @@ prometheus_es_exporter__username: '{{ stage }}-prometheus-es-exporter' prometheus_es_exporter__password: '{{ prometheus_es_exporter__password_vault }}' prometheus_es_exporter__email: 'nso.devops@netgo.de' -kibana_api_endpoint: '{{ shared_service_elastic_stack_kibana_01_hostname }}-kibana.{{ domain }}' kibana_technical_users: - elastic_users: diff --git a/roles/kibana/tasks/_configure_dashboards.yml b/roles/kibana/tasks/_configure_dashboards.yml index 0c02b88..2b2cd0f 100644 --- a/roles/kibana/tasks/_configure_dashboards.yml +++ b/roles/kibana/tasks/_configure_dashboards.yml @@ -10,7 +10,7 @@ - name: "Dashboards: Get all searches in elasticsearch" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/_find?per_page=10000&type={{ es_object_type }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}/_find?per_page=10000&type={{ es_object_type }}" method: GET status_code: [200] user: "{{ elastic_admin_username }}" @@ -47,7 +47,7 @@ - name: "Dashboards: Get all searches in elasticsearch" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}/s/{{ es_space }}/api/saved_objects/_find?per_page=10000&type=search" + url: "{{ shared_service_url_kibana }}/s/{{ es_space }}/api/saved_objects/_find?per_page=10000&type=search" method: GET status_code: [200] user: "{{ elastic_admin_username }}" @@ -121,7 +121,7 @@ - name: "Create {{ es_object_type }} <<{{ elastic_dashboard.attributes.title }}>>" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}/{{ es_object_type }}" method: POST status_code: [200] user: "{{ elastic_admin_username }}" @@ -140,7 +140,7 @@ - name: "Update {{ es_object_type }} <<{{ elastic_dashboard.attributes.title }}>>" delegate_to: localhost uri: - url: 'https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_dashboard_object[0]["id"] }}' + url: '{{ shared_service_url_kibana }}{{ api_path }}/{{ es_object_type }}/{{ lookup_dashboard_object[0]["id"] }}' method: PUT status_code: [200] user: "{{ elastic_admin_username }}" @@ -159,7 +159,7 @@ - name: "DELETE {{ es_object_type }} <<{{ elastic_dashboard.attributes.title }}>>" delegate_to: localhost uri: - url: 'https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_dashboard_object[0]["id"] }}' + url: '{{ shared_service_url_kibana }}{{ api_path }}/{{ es_object_type }}/{{ lookup_dashboard_object[0]["id"] }}' method: DELETE status_code: [200] user: "{{ elastic_admin_username }}" diff --git a/roles/kibana/tasks/_configure_indexpattern.yml b/roles/kibana/tasks/_configure_indexpattern.yml index 3faf15c..89fd72c 100644 --- a/roles/kibana/tasks/_configure_indexpattern.yml +++ b/roles/kibana/tasks/_configure_indexpattern.yml @@ -9,7 +9,7 @@ - name: "Get all index patterns in elasticsearch" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/_find?per_page=10000&type={{ es_object_type }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}/_find?per_page=10000&type={{ es_object_type }}" method: GET status_code: [200] user: "{{ elastic_admin_username }}" @@ -49,7 +49,7 @@ - name: "Create <{{ es_object_type }}> <{{ elastic_index_pattern.attributes.title }}>" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}/{{ es_object_type }}" method: POST status_code: [200] user: "{{ elastic_admin_username }}" @@ -68,7 +68,7 @@ - name: "Update {{ es_object_type }} <<{{ elastic_index_pattern.attributes.title }}>>" delegate_to: localhost uri: - url: 'https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_indexpattern_object[0]["id"] }}' + url: '{{ shared_service_url_kibana }}{{ api_path }}/{{ es_object_type }}/{{ lookup_indexpattern_object[0]["id"] }}' method: PUT status_code: [200] user: "{{ elastic_admin_username }}" @@ -87,7 +87,7 @@ - name: "DELETE {{ es_object_type }} <<{{ elastic_index_pattern.attributes.title }}>>" delegate_to: localhost uri: - url: 'https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_indexpattern_object[0]["id"] }}' + url: '{{ shared_service_url_kibana }}{{ api_path }}/{{ es_object_type }}/{{ lookup_indexpattern_object[0]["id"] }}' method: DELETE status_code: [200] user: "{{ elastic_admin_username }}" diff --git a/roles/kibana/tasks/_configure_roles.yml b/roles/kibana/tasks/_configure_roles.yml index 7d589aa..6ce0a30 100644 --- a/roles/kibana/tasks/_configure_roles.yml +++ b/roles/kibana/tasks/_configure_roles.yml @@ -8,7 +8,7 @@ - name: "Get all roles in elasticsearch" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}" method: GET status_code: [200] user: "{{ elastic_admin_username }}" @@ -39,7 +39,7 @@ - name: "Create role <<{{ elastic_role.name }}>>" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_role.name }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}/{{ elastic_role.name }}" method: PUT status_code: [204] user: "{{ elastic_admin_username }}" @@ -58,7 +58,7 @@ - name: "Update role <<{{ elastic_role.name }}>>" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_role.name }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}/{{ elastic_role.name }}" method: PUT status_code: [204] user: "{{ elastic_admin_username }}" @@ -77,7 +77,7 @@ - name: "DELETE role <<{{ elastic_role.name }}>>" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_role.name }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}/{{ elastic_role.name }}" method: DELETE status_code: [204] user: "{{ elastic_admin_username }}" diff --git a/roles/kibana/tasks/_configure_searches.yml b/roles/kibana/tasks/_configure_searches.yml index 8c3843f..73f067a 100644 --- a/roles/kibana/tasks/_configure_searches.yml +++ b/roles/kibana/tasks/_configure_searches.yml @@ -10,7 +10,7 @@ - name: "Get all searches in elasticsearch" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/_find?per_page=10000&type=search" + url: "{{ shared_service_url_kibana }}{{ api_path }}/_find?per_page=10000&type=search" method: GET status_code: [200] user: "{{ elastic_admin_username }}" @@ -46,7 +46,7 @@ - name: "Get all indexpatterns in elasticsearch" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}/s/{{ es_space }}/api/saved_objects/_find?per_page=10000&type=index-pattern" + url: "{{ shared_service_url_kibana }}/s/{{ es_space }}/api/saved_objects/_find?per_page=10000&type=index-pattern" method: GET status_code: [200] user: "{{ elastic_admin_username }}" @@ -109,7 +109,7 @@ - name: "Create {{ es_object_type }} <<{{ elastic_search.attributes.title }}>>" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}/{{ es_object_type }}" method: POST status_code: [200] user: "{{ elastic_admin_username }}" @@ -128,7 +128,7 @@ - name: "Update {{ es_object_type }} <<{{ elastic_search.attributes.title }}>>" delegate_to: localhost uri: - url: 'https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_search_object[0]["id"] }}' + url: '{{ shared_service_url_kibana }}{{ api_path }}/{{ es_object_type }}/{{ lookup_search_object[0]["id"] }}' method: PUT status_code: [200] user: "{{ elastic_admin_username }}" @@ -147,7 +147,7 @@ - name: "DELETE {{ es_object_type }} <<{{ elastic_search.attributes.title }}>>" delegate_to: localhost uri: - url: 'https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_search_object[0]["id"] }}' + url: '{{ shared_service_url_kibana }}{{ api_path }}/{{ es_object_type }}/{{ lookup_search_object[0]["id"] }}' method: DELETE status_code: [200] user: "{{ elastic_admin_username }}" diff --git a/roles/kibana/tasks/_configure_spaces.yml b/roles/kibana/tasks/_configure_spaces.yml index 800c034..ad305a4 100644 --- a/roles/kibana/tasks/_configure_spaces.yml +++ b/roles/kibana/tasks/_configure_spaces.yml @@ -8,7 +8,7 @@ - name: "Get all spaces in elasticsearch" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}" method: GET status_code: [200] user: "{{ elastic_admin_username }}" @@ -46,7 +46,7 @@ - name: "Create space <<{{ elastic_space.name }}>>" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}" method: POST status_code: [200] user: "{{ elastic_admin_username }}" @@ -65,7 +65,7 @@ - name: "Update space <<{{ elastic_space.name }}>>" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_space.name }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}/{{ elastic_space.name }}" method: PUT status_code: [200] user: "{{ elastic_admin_username }}" @@ -84,7 +84,7 @@ - name: "Update space advanced settings <<{{ elastic_space.name }}>>" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}/s/{{ elastic_space.name }}/api/kibana/settings" + url: "{{ shared_service_url_kibana }}/s/{{ elastic_space.name }}/api/kibana/settings" method: POST status_code: [200] user: "{{ elastic_admin_username }}" @@ -103,7 +103,7 @@ - name: "DELETE space <<{{ elastic_space.name }}>>" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_space.name }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}/{{ elastic_space.name }}" method: DELETE status_code: [204] user: "{{ elastic_admin_username }}" diff --git a/roles/kibana/tasks/_configure_users.yml b/roles/kibana/tasks/_configure_users.yml index 2fabe0b..7853fe5 100644 --- a/roles/kibana/tasks/_configure_users.yml +++ b/roles/kibana/tasks/_configure_users.yml @@ -9,7 +9,7 @@ - name: "Get all users in elasticsearch" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}" method: GET status_code: [200] user: "{{ elastic_admin_username }}" @@ -48,7 +48,7 @@ - name: "Create user <<{{ elastic_user.username }}>>" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_user.username }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}/{{ elastic_user.username }}" method: POST status_code: [200] user: "{{ elastic_admin_username }}" @@ -67,7 +67,7 @@ - name: "Update user <<{{ elastic_user.username }}>>" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_user.username }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}/{{ elastic_user.username }}" method: POST status_code: [200] user: "{{ elastic_admin_username }}" @@ -86,7 +86,7 @@ - name: "DELETE user << elastic_user.username >>" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_user.username }}" + url: "{{ shared_service_url_kibana }}{{ api_path }}/{{ elastic_user.username }}" method: DELETE status_code: [204] user: "{{ elastic_admin_username }}" diff --git a/roles/kibana/tasks/_import_savedobjects.yml b/roles/kibana/tasks/_import_savedobjects.yml index 7ea2a30..840b8ee 100644 --- a/roles/kibana/tasks/_import_savedobjects.yml +++ b/roles/kibana/tasks/_import_savedobjects.yml @@ -1,5 +1,5 @@ --- -- name: "Importing kibana objects to <{{ kibana_api_endpoint }}>" +- name: "Importing kibana objects to <{{ shared_service_url_kibana }}>" include_tasks: import_service_ojects.yml loop: "{{ es_index_pattern_services }}" loop_control: @@ -9,7 +9,7 @@ - name: "Setting default index pattern" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}/s/{{ stage }}-{{ tenant_id }}/api/kibana/settings" + url: "{{ shared_service_url_kibana }}/s/{{ stage }}-{{ tenant_id }}/api/kibana/settings" method: POST status_code: [200] user: "{{ elastic_admin_username }}" diff --git a/roles/kibana/tasks/import_service_ojects.yml b/roles/kibana/tasks/import_service_ojects.yml index 36eb4c0..a2b96ef 100644 --- a/roles/kibana/tasks/import_service_ojects.yml +++ b/roles/kibana/tasks/import_service_ojects.yml @@ -32,7 +32,7 @@ - name: "Importing service objects to kibana" delegate_to: localhost uri: - url: "https://{{ kibana_api_endpoint }}{{ api_path }}/_import?overwrite=true" + url: "{{ shared_service_url_kibana }}{{ api_path }}/_import?overwrite=true" method: POST status_code: [200] user: "{{ elastic_admin_username }}" diff --git a/roles/kubernetes/argocd/defaults/main.yml b/roles/kubernetes/argocd/defaults/main.yml index 82d29a5..283a2bb 100644 --- a/roles/kubernetes/argocd/defaults/main.yml +++ b/roles/kubernetes/argocd/defaults/main.yml @@ -32,17 +32,6 @@ argocd_server_admin_password: "{{ argocd_server_admin_password_vault | default( # https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd k8s_argocd_helm__release_values: - global: - hostAliases: - - ip: "{{ shared_service_harbor_ip }}" - hostnames: - - "{{ shared_service_harbor_hostname }}" - - ip: "{{ shared_service_keycloak_ip }}" - hostnames: - - "{{ shared_service_keycloak_hostname }}" - - ip: "{{ shared_service_gitea_ip }}" - hostnames: - - "{{ shared_service_gitea_hostname }}" controller: logLevel: warn logFormat: json @@ -195,7 +184,7 @@ k8s_argocd_helm__release_values: config: oidc.config: | name: Keycloak - issuer: '{{ keycloak_server_url }}/auth/realms/argocd' + issuer: '{{ shared_service_url_keycloak }}/auth/realms/argocd' clientID: '{{ argo_client_id }}' clientSecret: $oidc.keycloak.clientSecret requestedScopes: ["openid", "profile", "email", "{{ argo_keycloak_clientscope_name }}"] diff --git a/roles/kubernetes/argocd/tasks/main.yml b/roles/kubernetes/argocd/tasks/main.yml index 8691ece..cd2d044 100644 --- a/roles/kubernetes/argocd/tasks/main.yml +++ b/roles/kubernetes/argocd/tasks/main.yml @@ -88,7 +88,7 @@ become: False community.general.keycloak_clientscope: auth_client_id: admin-cli - auth_keycloak_url: "{{ keycloak_server_url }}/auth" + auth_keycloak_url: "{{ shared_service_url_keycloak }}/auth" auth_realm: 'master' auth_username: "{{ keycloak_admin_username }}" auth_password: "{{ keycloak_admin_password }}" @@ -154,7 +154,7 @@ delegate_to: localhost become: False uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ argo_realm_name }}/clients" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ argo_realm_name }}/clients" method: GET headers: Content-Type: "application/json" @@ -179,7 +179,7 @@ delegate_to: localhost become: False uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ argo_realm_name }}/clients/{{ id_of_client }}/client-secret" + url: "{{ shared_service_url_keycloak }}/auth/admin/realms/{{ argo_realm_name }}/clients/{{ id_of_client }}/client-secret" method: GET headers: Content-Type: "application/json" diff --git a/roles/kubernetes/awx/tasks/awx-config.yml b/roles/kubernetes/awx/tasks/awx-config.yml index df94fc2..e3828ae 100644 --- a/roles/kubernetes/awx/tasks/awx-config.yml +++ b/roles/kubernetes/awx/tasks/awx-config.yml @@ -283,12 +283,12 @@ when: - awx_type_id != "None" -- name: "Search credentials <{{ shared_service_harbor_hostname }}>" +- name: "Search credentials <{{ shared_service_hostname_harbor }}>" include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credentials awx_search_key: name - awx_search_name: "{{ shared_service_harbor_hostname }}" + awx_search_name: "{{ shared_service_hostname_harbor }}" - name: "Update awx_credential_harbor_id" set_fact: @@ -296,14 +296,14 @@ when: - awx_type_id != "None" -- name: "Add credentials <{{ shared_service_harbor_hostname }}>" +- name: "Add credentials <{{ shared_service_hostname_harbor }}>" delegate_to: localhost vars: - name: "{{ shared_service_harbor_hostname }}" - description: "{{ shared_service_harbor_hostname }}" + name: "{{ shared_service_hostname_harbor }}" + description: "{{ shared_service_hostname_harbor }}" credential_type_id: "{{ awx_credential_type_container_registry_id }}" credential_type_name: "Container Registry" - host: "{{ shared_service_harbor_hostname }}" + host: "{{ shared_service_hostname_harbor }}" username: "{{ harbor_username }}" password: "{{ harbor_token }}" uri: @@ -323,12 +323,12 @@ changed_when: response.status == 201 when: awx_credential_harbor_id is not defined -- name: "Search credentials <{{ shared_service_harbor_hostname }}>" +- name: "Search credentials <{{ shared_service_hostname_harbor }}>" include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credentials awx_search_key: name - awx_search_name: "{{ shared_service_harbor_hostname }}" + awx_search_name: "{{ shared_service_hostname_harbor }}" when: awx_credential_harbor_id is not defined - name: "Update awx_credential_harbor_id" @@ -360,7 +360,7 @@ vars: name: "hetzner-ansible" description: "hetzner-ansible" - image: "{{ shared_service_harbor_hostname }}/awx/awx-custom-ee" + image: "{{ shared_service_hostname_harbor }}/awx/awx-custom-ee" credential: "{{ awx_credential_harbor_id }}" pull: "always" uri: diff --git a/roles/kubernetes/namespace/templates/docker-secret.json.j2 b/roles/kubernetes/namespace/templates/docker-secret.json.j2 index 66e6a1f..c38fb65 100644 --- a/roles/kubernetes/namespace/templates/docker-secret.json.j2 +++ b/roles/kubernetes/namespace/templates/docker-secret.json.j2 @@ -1,6 +1,6 @@ { "auths": { - "{{ shared_service_harbor_hostname }}": { + "{{ shared_service_hostname_harbor }}": { "auth": "{{ [harbor_username, harbor_token] | join(":") | string | b64encode }}" } } diff --git a/roles/management/defaults/main.yml b/roles/management/defaults/main.yml index 0e7494f..a2be646 100644 --- a/roles/management/defaults/main.yml +++ b/roles/management/defaults/main.yml @@ -15,7 +15,7 @@ connect_connections: password: "{{ awx_admin_password }}" - id: "harbor" name: "Harbor" - url: "https://{{ shared_service_harbor_hostname }}/v2/" + url: "https://{{ shared_service_hostname_harbor }}/v2/" connectionType: "HTTP" authType: "BASIC_AUTH" username: "{{ harbor_admin_username }}" diff --git a/roles/pdns/defaults/main.yml b/roles/pdns/defaults/main.yml index 9f6ecb0..e5dcd2a 100644 --- a/roles/pdns/defaults/main.yml +++ b/roles/pdns/defaults/main.yml @@ -1,9 +1,9 @@ --- -pdns_image_name: "{{ shared_service_harbor_hostname }}/smardigo/pdns-authoritative" +pdns_image_name: "{{ shared_service_hostname_harbor }}/smardigo/pdns-authoritative" pdns_image_version: "1.0.0" -pdns_recursor_image_name: "{{ shared_service_harbor_hostname }}/smardigo/pdns-recursor" +pdns_recursor_image_name: "{{ shared_service_hostname_harbor }}/smardigo/pdns-recursor" pdns_recursor_image_version: "1.0.0" pdns_admin_image_name: "ngoduykhanh/powerdns-admin" diff --git a/roles/webdav/defaults/main.yaml b/roles/webdav/defaults/main.yaml index d7a7fad..7677aa3 100644 --- a/roles/webdav/defaults/main.yaml +++ b/roles/webdav/defaults/main.yaml @@ -1,3 +1,3 @@ --- -webdav_image_name: "{{ shared_service_harbor_hostname }}/smardigo/smardigo-webdav-app" +webdav_image_name: "{{ shared_service_hostname_harbor }}/smardigo/smardigo-webdav-app" diff --git a/tasks/autodiscover_pre_tasks.yml b/tasks/autodiscover_pre_tasks.yml index c78f616..ff13ced 100644 --- a/tasks/autodiscover_pre_tasks.yml +++ b/tasks/autodiscover_pre_tasks.yml @@ -94,6 +94,50 @@ when: - debug +- name: "Reading hetzner loadbalancer infos for stage <{{ stage }}>" + uri: + url: "https://api.hetzner.cloud/v1/load_balancers" + method: GET + headers: + authorization: Bearer {{ hetzner_authentication_ansible }} + register: hetzner_loadbalancers + delegate_to: 127.0.0.1 + tags: + - always + +- name: "Printing hetzner loadbalancer infos for stage <{{ stage }}>" + debug: + msg: "{{ hetzner_loadbalancers.json.load_balancers }}" + delegate_to: 127.0.0.1 + tags: + - always + when: + - debug + +- name: "Reading hetzner loadbalancer infos for stage <{{ stage }}> with pagination" + set_fact: + shared_service_kube_loadbalancer_ip: "{{ + hetzner_loadbalancers.json.load_balancers + | json_query(querystr1) + | first + | default([]) + | first + | default(shared_service_kube_loadbalancer_ip_not_available) }}" + vars: + querystr1: "[?name=='{{ stage }}-ingress'].private_net[*].ip" + delegate_to: 127.0.0.1 + tags: + - always + +- name: "Printing hetzner loadbalancer infos for stage <{{ stage }}>" + debug: + msg: "{{ shared_service_kube_loadbalancer_ip }}" + delegate_to: 127.0.0.1 + tags: + - always + when: + - debug + # due to a hetzner api bug for label selector: only last given selector is used - label_selector=stage=XXX,!manual not working correctly - name: "Reading hetzner server infos for stage <{{ stage }}>" set_fact: diff --git a/tasks/smardigo_management_message.yml b/tasks/smardigo_management_message.yml index f308194..907c094 100644 --- a/tasks/smardigo_management_message.yml +++ b/tasks/smardigo_management_message.yml @@ -25,7 +25,7 @@ - name: "Sending smardigo management message <{{ smardigo_management_action }}> to <{{ scope_id }}/{{ process_instance_id }}>" uri: - url: "{{ smardigo_management_url }}" + url: "{{ shared_service_url_management }}/api/v1/scopes/{{ scope_id }}/processes/{{ process_instance_id }}/messages" method: POST body_format: json body: "{{ lookup('template','smardigo-management-message.json.j2') }}" diff --git a/update-docker-image.yml b/update-docker-image.yml index cea96b8..d37f141 100644 --- a/update-docker-image.yml +++ b/update-docker-image.yml @@ -87,7 +87,7 @@ - name: "Pull/Tag/Push image <{{ source_project }}/{{ source_image_name }}:{{ source_image_version }}>" community.docker.docker_image: name: "dev-harbor-01.smardigo.digital/{{ source_project }}/{{ source_image_name }}:{{ source_image_version }}" - repository: "{{ shared_service_harbor_hostname }}/{{ destination_project | default(source_project) }}/{{ destination_image_name | default(source_image_name) }}:{{ destination_image_version | default(source_image_version) }}" + repository: "{{ shared_service_hostname_harbor }}/{{ destination_project | default(source_project) }}/{{ destination_image_name | default(source_image_name) }}:{{ destination_image_version | default(source_image_version) }}" force_tag: true source: pull push: true @@ -105,5 +105,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/update-monitoring.yml b/update-monitoring.yml index a3dfaab..924e05b 100644 --- a/update-monitoring.yml +++ b/update-monitoring.yml @@ -89,5 +89,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml diff --git a/update-service-state.yml b/update-service-state.yml index 49a07f3..1510774 100644 --- a/update-service-state.yml +++ b/update-service-state.yml @@ -86,5 +86,5 @@ connect_jwt_username: "{{ management_admin_username }}" tasks: - - name: "Sending smardigo management message to <{{ smardigo_management_url }}>" + - name: "Sending smardigo management message to <{{ shared_service_url_management }}>" include_tasks: tasks/smardigo_management_message.yml