diff --git a/create-database.yml b/create-database.yml index 3c2d554..e40d5b4 100644 --- a/create-database.yml +++ b/create-database.yml @@ -101,6 +101,7 @@ serial: "{{ serial_number | default(1) }}" connection: local gather_facts: false + run_once: true post_tasks: - name: "Sending smardigo management message <{{ smardigo_management_action }}> to <{{ scope_id }}/{{ process_instance_id }}>" diff --git a/create-realm.yml b/create-realm.yml index 0ebccce..23ca81a 100644 --- a/create-realm.yml +++ b/create-realm.yml @@ -76,6 +76,7 @@ serial: "{{ serial_number | default(1) }}" connection: local gather_facts: false + run_once: true post_tasks: - name: "Sending smardigo management message <{{ smardigo_management_action }}> to <{{ scope_id }}/{{ process_instance_id }}>" diff --git a/create-server.yml b/create-server.yml index d6454b4..e752b06 100644 --- a/create-server.yml +++ b/create-server.yml @@ -135,6 +135,7 @@ serial: "{{ serial_number | default(1) }}" connection: local gather_facts: false + run_once: true post_tasks: - name: "Sending smardigo management message <{{ smardigo_management_action }}> to <{{ scope_id }}/{{ process_instance_id }}>" diff --git a/create-service.yml b/create-service.yml index b72e303..e19feff 100644 --- a/create-service.yml +++ b/create-service.yml @@ -88,6 +88,7 @@ serial: "{{ serial_number | default(1) }}" connection: local gather_facts: false + run_once: true post_tasks: - name: "Sending smardigo management message <{{ smardigo_management_action }}> to <{{ scope_id }}/{{ process_instance_id }}>" diff --git a/group_vars/connect/plain.yml b/group_vars/connect/plain.yml index 864ab84..7f35772 100644 --- a/group_vars/connect/plain.yml +++ b/group_vars/connect/plain.yml @@ -1,9 +1,7 @@ --- hetzner_server_type: cx21 -hetzner_server_labels: "stage={{ stage }} service=connect{{ tenant_id | ternary(' tenant=' + tenant_id, '', omit) }}" - -connect_image_version: "8.3.0" +hetzner_server_labels: "stage={{ stage }} service=connect{% if tenant_id is defined %} tenant={{ tenant_id }}{% endif %}" # unique id for a service, will be used for service access management as well (e.g. keycloak realm) connect_client_id: "{{ cluster_name }}" diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml index 7e5c5e0..d21ef32 100644 --- a/group_vars/stage_dev/plain.yml +++ b/group_vars/stage_dev/plain.yml @@ -97,6 +97,8 @@ docker_registry_oidc_client_id: "docker-registry" postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'" +connect_image_version: "8.3.7" + smardigo_management_oidc_realm: "smardigo" smardigo_management_oidc_client_id: "management-smardigo" diff --git a/group_vars/stage_qa/plain.yml b/group_vars/stage_qa/plain.yml index 885ba2b..51f5ea3 100644 --- a/group_vars/stage_qa/plain.yml +++ b/group_vars/stage_qa/plain.yml @@ -24,6 +24,11 @@ shared_service_logstash_01: "{{ stage_server_infos | map(attribute='private_ip') | list | first }}" +shared_service_docker_ip: "{{ stage_server_infos + | selectattr('name', 'match', stage + '-docker-registry-01' ) + | map(attribute='private_ip') + | list + | first }}" shared_service_mail_ip: "{{ stage_server_infos | selectattr('name', 'match', stage + '-mail-01' ) | map(attribute='private_ip') @@ -49,6 +54,16 @@ shared_service_keycloak_ip: "{{ stage_server_infos | map(attribute='private_ip') | list | first }}" +shared_service_iam_ip: "{{ stage_server_infos + | selectattr('name', 'match', stage + '-iam-01' ) + | map(attribute='private_ip') + | list + | first }}" +shared_service_webdav_ip: "{{ stage_server_infos + | selectattr('name', 'match', stage + '-webdav-01' ) + | map(attribute='private_ip') + | list + | first }}" shared_service_maria_hostname: "{{ stage }}-maria-01" shared_service_postgres_01_hostname: "{{ stage }}-postgres-01" @@ -57,7 +72,9 @@ shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02" shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03" shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01" +shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain }}" shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain }}" +shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}" shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}" shared_service_docker_registry_hostname: "{{ stage }}-docker-registry-01.{{ domain }}" @@ -83,6 +100,10 @@ shared_service_hosts: [ ip: "{{ shared_service_logstash_01 }}", name: "{{ shared_service_elastic_stack_logstash_01_hostname }}" }, + { + ip: "{{ shared_service_docker_ip }}", + name: "{{ shared_service_docker_registry_hostname }}" + }, { ip: "{{ shared_service_maria_ip }}", name: "{{ shared_service_maria_hostname }}" @@ -99,6 +120,14 @@ shared_service_hosts: [ ip: "{{ shared_service_keycloak_ip }}", name: "{{ shared_service_keycloak_hostname }}" }, + { + ip: "{{ shared_service_iam_ip }}", + name: "{{ shared_service_iam_hostname }}" + }, + { + ip: "{{ shared_service_webdav_ip }}", + name: "{{ shared_service_webdav_hostname }}" + } ] # TODO read configuration with hetzner rest api @@ -111,12 +140,18 @@ elastic_stack_network: { docker_registry_oidc_realm: "docker" docker_registry_oidc_client_id: "docker-registry" +postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'" + +connect_image_version: "8.3.7" + smardigo_management_oidc_realm: "smardigo" smardigo_management_oidc_client_id: "management-smardigo" smardigo_management_url: "{{ http_s }}://{{ management_service_connect_hostname }}/api/v1/scopes/{{ scope_id }}/processes/{{ process_instance_id }}/messages" smardigo_management_token: "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..rCRO1cVFgkyZ45D5cJNK5g.fc6JVOo5ja5sqe-0PQTfJGOivJ6tyiD-rwgY6rXJ3-U.tOgqgJ2zTjB3_M9BGtvVjQ" +connect_external_task_script_worker_enabled: "true" + #awx_admin_username: "< see vault >" #awx_admin_password: "< see vault >" diff --git a/import-database.yml b/import-database.yml index 0f36c88..6aec37e 100644 --- a/import-database.yml +++ b/import-database.yml @@ -80,6 +80,7 @@ serial: "{{ serial_number | default(1) }}" connection: local gather_facts: false + run_once: true post_tasks: - name: "Sending smardigo management message <{{ smardigo_management_action }}> to <{{ scope_id }}/{{ process_instance_id }}>" diff --git a/roles/awx/tasks/awx-config.yml b/roles/awx/tasks/awx-config.yml index 726b58b..70f1c2b 100644 --- a/roles/awx/tasks/awx-config.yml +++ b/roles/awx/tasks/awx-config.yml @@ -270,12 +270,12 @@ tags: - awx_config -- name: "Search credentials " +- name: "Search credentials <{{ shared_service_docker_registry_hostname }}>" include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credentials awx_search_key: name - awx_search_name: "dev-docker-registry-01.smardigo.digital" + awx_search_name: "{{ shared_service_docker_registry_hostname }}" tags: - awx_config @@ -287,7 +287,7 @@ tags: - awx_config -- name: "Add credentials " +- name: "Add credentials <{{ shared_service_docker_registry_hostname }}>" vars: name: "{{ shared_service_docker_registry_hostname }}" description: "{{ shared_service_docker_registry_hostname }}" @@ -316,12 +316,12 @@ tags: - awx_config -- name: "Search credentials " +- name: "Search credentials <{{ shared_service_docker_registry_hostname }}>" include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credentials awx_search_key: name - awx_search_name: "dev-docker-registry-01.smardigo.digital" + awx_search_name: "{{ shared_service_docker_registry_hostname }}" when: awx_credential_docker_registry_id is not defined tags: - awx_config @@ -362,7 +362,7 @@ vars: name: "hetzner-ansible" description: "hetzner-ansible" - image: "dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee" + image: "{{ shared_service_docker_registry_hostname }}/awx/awx-custom-ee" credential: "{{ awx_credential_docker_registry_id }}" pull: "always" uri: diff --git a/roles/iam/defaults/main.yml b/roles/iam/defaults/main.yml index ad48e99..32ed6ca 100644 --- a/roles/iam/defaults/main.yml +++ b/roles/iam/defaults/main.yml @@ -1,5 +1,4 @@ --- -iam_image_name: 'dev-docker-registry-01.smardigo.digital/smardigo/iam-app' - -iam_version: '8.1.0-SNAPSHOT' +iam_image_name: '{{ shared_service_docker_registry_hostname }}/smardigo/iam-app' +iam_image_version: '8.2.0' diff --git a/roles/iam/vars/main.yml b/roles/iam/vars/main.yml index 829af43..fa07d75 100644 --- a/roles/iam/vars/main.yml +++ b/roles/iam/vars/main.yml @@ -44,7 +44,7 @@ iam_docker: { { name: "{{ iam_id }}", image_name: "{{ iam_image_name }}", - image_version: "{{ iam_version }}", + image_version: "{{ iam_image_version }}", labels: "{{ iam_labels + ( iam_labels_additional | default([])) }}", restart: "{{ iam_service_restart | default('always') }}", environment: [ diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index 3a26600..dd6523b 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -5,6 +5,7 @@ ### create_groups ### update_realms ### update_deployment +### configure_container - name: "Setup DNS configuration for {{ inventory_hostname }}" include_role: @@ -123,9 +124,9 @@ - name: "Activate event listeners" shell: | - docker exec "{{ keycloak_id }} /bin/sh -c '/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD'" - docker exec "{{ keycloak_id }} /bin/sh -c '/opt/jboss/keycloak/bin/kcadm.sh update events/config -s "eventsEnabled=true" -s "adminEventsEnabled=true" -s "eventsListeners+=metrics-listener"'" - docker exec "{{ keycloak_id }} /bin/sh -c 'usr/bin/rm -f /opt/jboss/.keycloak/kcadm.config'" + docker exec {{ keycloak_id }} /bin/sh -c "/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD" + docker exec {{ keycloak_id }} /bin/sh -c "/opt/jboss/keycloak/bin/kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'" + docker exec {{ keycloak_id }} /bin/sh -c "usr/bin/rm -f /opt/jboss/.keycloak/kcadm.config" tags: - update_deployment - + - configure_container diff --git a/roles/webdav/defaults/main.yaml b/roles/webdav/defaults/main.yaml index cec4ef5..6e6491a 100644 --- a/roles/webdav/defaults/main.yaml +++ b/roles/webdav/defaults/main.yaml @@ -1,4 +1,4 @@ --- -webdav_image_name: "dev-docker-registry-01.smardigo.digital/smardigo/smardigo-webdav-app" -webdav_image_version: "8.2.2" +webdav_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/smardigo-webdav-app" +webdav_image_version: "8.2.6" diff --git a/scripts/update-docker-image.sh b/scripts/update-docker-image.sh index af2e24f..f3efc37 100644 --- a/scripts/update-docker-image.sh +++ b/scripts/update-docker-image.sh @@ -1,9 +1,9 @@ # update a docker image with remote docker deamon (ssh) (pull/tag/push) -# update-docker-image.sh smardigo/keycloak 12.0.4.2 -# update-docker-image.sh smardigo/connect-whitelabel-app latest +# update-docker-image.sh dev smardigo/keycloak 12.0.4.2 +# update-docker-image.sh qa smardigo/connect-whitelabel-app latest -FROM="docker.dev-at.de/$1:$2" -TO="dev-docker-registry-01.smardigo.digital/$1:$2" +FROM="docker.dev-at.de/$2:$3" +TO="$1-docker-registry-01.smardigo.digital/$2:$3" echo echo updating $TO with image from $FROM diff --git a/send-message.yml b/send-message.yml deleted file mode 100644 index 0f22062..0000000 --- a/send-message.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- - -# Parameters: -# playbook inventory -# stage := the type of the stage (e.g. dev, int, qa, prod) -# tenant_id := (unique key for the tenant, e.g. customer) -# cluster_name := (business name for the cluster, e.g. product, department ) -# cluster_size := (WIP node count for the cluster) -# cluster_services := (services to setup, e.g. ['connect', 'wordpress', ...]) -# smardigo message callback -# scope_id := (scope id of the management process) -# process_instance_id := (process instance id of the management process) -# smardigo_management_action := (smardigo management action anme of the management process) - -############################################################# -# Creating inventory dynamically for given parameters -############################################################# - -- hosts: localhost - connection: local - gather_facts: false - - pre_tasks: - - name: "Check if ansible version is at least 2.10.x" - assert: - that: - - ansible_version.major >= 2 - - ansible_version.minor >= 10 - msg: "The ansible version has to be at least ({{ ansible_version.full }})" - - tasks: - - name: Add hosts - add_host: - name: "{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-{{ '%02d' | format(item|int) }}" - groups: - - "stage_{{ stage }}" - - "{{ cluster_service }}" - with_sequence: start=1 end={{ cluster_count | default(1) }} - changed_when: False - -############################################################# -# Sending smardigo management message to process -############################################################# - -- hosts: "stage_{{ stage }}" - serial: "{{ serial_number | default(5) }}" - connection: local - gather_facts: false - - post_tasks: - - name: "Sending smardigo management message <{{ smardigo_management_action }}> to <{{ scope_id }}/{{ process_instance_id }}>" - uri: - url: "{{ smardigo_management_url }}" - method: POST - body_format: json - body: "{{ lookup('template','smardigo-management-message.json.j2') }}" - headers: - accept: "*/*" - Content-Type: "application/json" - Smardigo-User-Token: "{{ smardigo_management_token }}" - status_code: [200] - retries: 5 - delay: 5 - delegate_to: 127.0.0.1 diff --git a/stage-qa b/stage-qa index 97ea457..649bdfb 100644 --- a/stage-qa +++ b/stage-qa @@ -2,6 +2,7 @@ qa-awx-01 [connect] +qa-management-smardigo-01 [elastic] qa-elastic-stack-elastic-01 @@ -12,6 +13,7 @@ qa-elastic-stack-elastic-03 qa-docker-registry-01 [iam] +qa-iam-01 [keycloak] qa-keycloak-01 @@ -28,6 +30,9 @@ qa-maria-01 [postfix] qa-mail-01 +[pgadmin4] +qa-pgadmin4-01 + [postgres] qa-postgres-01 qa-postgres-02 @@ -36,6 +41,7 @@ qa-postgres-02 qa-prometheus-01 [webdav] +qa-webdav-01 [stage_qa:children] awx @@ -47,6 +53,7 @@ keycloak kibana logstash maria +pgadmin4 postfix postgres prometheus diff --git a/upload-database-dumb.yml b/upload-database-dumb.yml index 84c035d..a13cb52 100644 --- a/upload-database-dumb.yml +++ b/upload-database-dumb.yml @@ -84,6 +84,7 @@ serial: "{{ serial_number | default(1) }}" connection: local gather_facts: false + run_once: true post_tasks: - name: "Sending smardigo management message <{{ smardigo_management_action }}> to <{{ scope_id }}/{{ process_instance_id }}>"