From da646bf4bd3b81fb5d61ab953999b0712398ae54 Mon Sep 17 00:00:00 2001
From: Sven Ketelsen <sven.ketelsen@arxes-tolina.de>
Date: Sat, 30 Oct 2021 15:00:04 +0200
Subject: [PATCH] chore: removed duplications between iam/gitea

- deploying is now done by shared role
- only configuration needed by iam/gitea role
---
 group_vars/gitea/plain.yml                    |  2 +-
 group_vars/postfix/plain.yml                  |  2 +-
 group_vars/stage_dev/plain.yml                |  2 +-
 roles/_docker/vars/main.yml                   |  1 -
 roles/_shared_service/defaults/main.yml       |  1 +
 roles/_shared_service/handlers/main.yml       |  1 +
 roles/_shared_service/meta/main.yml           |  1 +
 roles/_shared_service/tasks/main.yml          | 85 +++++++++++++++++++
 roles/_shared_service/vars/main.yml           |  1 +
 roles/gitea/tasks/main.yml                    | 67 ++-------------
 roles/gitea/vars/main.yml                     | 12 +--
 roles/iam/tasks/main.yml                      | 82 ++----------------
 roles/iam/vars/main.yml                       |  4 -
 .../config/prometheus/prometheus.yml.j2       |  2 +-
 14 files changed, 114 insertions(+), 149 deletions(-)
 create mode 100644 roles/_shared_service/defaults/main.yml
 create mode 100644 roles/_shared_service/handlers/main.yml
 create mode 100644 roles/_shared_service/meta/main.yml
 create mode 100644 roles/_shared_service/tasks/main.yml
 create mode 100644 roles/_shared_service/vars/main.yml

diff --git a/group_vars/gitea/plain.yml b/group_vars/gitea/plain.yml
index 4f53922..a180023 100644
--- a/group_vars/gitea/plain.yml
+++ b/group_vars/gitea/plain.yml
@@ -6,7 +6,7 @@ hetzner_server_labels: "stage={{ stage }} service=gitea"
 gitea_id: "{{ inventory_hostname }}-gitea"
 gitea_postgres_id: "{{ inventory_hostname }}-postgres-gitea"
 
-gitea_base_url: "{{ gitea_id }}.{{ domain }}"
+gitea_base_url: "{{ inventory_hostname }}.{{ domain }}"
 
 # unique id for a service, will be used for service access management as well (e.g. keycloak realm)
 gitea_client_id: "{{ cluster_name }}"
diff --git a/group_vars/postfix/plain.yml b/group_vars/postfix/plain.yml
index 5b8a800..2310fcc 100644
--- a/group_vars/postfix/plain.yml
+++ b/group_vars/postfix/plain.yml
@@ -1,6 +1,6 @@
 ---
 
-hetzner_server_labels: "stage={{ stage }} service=mail"
+hetzner_server_labels: "stage={{ stage }} service=postfix"
 
 docker_enabled: false
 traefik_enabled: false
diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml
index 2e41ca3..6c9fca4 100644
--- a/group_vars/stage_dev/plain.yml
+++ b/group_vars/stage_dev/plain.yml
@@ -76,10 +76,10 @@ shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01"
 shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02"
 shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03"
 shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01"
-shared_service_gitea_hostname: "{{ stage }}-gitea-01"
 
 shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain }}"
 shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain }}"
+shared_service_gitea_hostname: "{{ stage }}-gitea-01.{{ domain }}"
 shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}"
 shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}"
 management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}"
diff --git a/roles/_docker/vars/main.yml b/roles/_docker/vars/main.yml
index cd21505..ed97d53 100644
--- a/roles/_docker/vars/main.yml
+++ b/roles/_docker/vars/main.yml
@@ -1,2 +1 @@
 ---
-
diff --git a/roles/_shared_service/defaults/main.yml b/roles/_shared_service/defaults/main.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/roles/_shared_service/defaults/main.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/_shared_service/handlers/main.yml b/roles/_shared_service/handlers/main.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/roles/_shared_service/handlers/main.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/_shared_service/meta/main.yml b/roles/_shared_service/meta/main.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/roles/_shared_service/meta/main.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/_shared_service/tasks/main.yml b/roles/_shared_service/tasks/main.yml
new file mode 100644
index 0000000..6ed72e7
--- /dev/null
+++ b/roles/_shared_service/tasks/main.yml
@@ -0,0 +1,85 @@
+---
+
+### params:
+###   current_service: gitea
+###   current_server_ip : 1.2.3.4
+###   current_dns_entry : dev-gitea-01
+###   current_dns_entries : ['dev-gitea']
+###   service_base_path : /etc/smardigo/
+###   current_service_id : dev-gitea-01-gitea
+###   current_service_docker : <docker config object>
+###   docker_owner : root
+###   docker_group : root
+
+### tags:
+###   update_deployment
+
+- name: "Updating DNS for <{{ current_dns_entry }}> to <{{ current_server_ip }}>"
+  include_role:
+    name: _digitalocean
+    tasks_from: domain
+  vars:
+    record_data: "{{ current_server_ip }}"
+    record_name: "{{ current_dns_entry }}"
+
+- name: "Updating public DNS for <{{ current_host }}>"
+  include_role:
+    name: _digitalocean
+    tasks_from: domain
+  vars:
+    record_data: "{{ item.ip }}"
+    record_name: "{{ item.name }}"
+  loop: "{{ current_dns_entries }}"
+
+- name: "Checking if <{{ current_service_id }}/docker-compose.yml> exists"
+  stat:
+    path: '{{ service_base_path }}/{{ current_service_id }}/docker-compose.yml'
+  register: check_docker_compose_file
+  tags:
+    - update_deployment
+
+- name: "Stopping <{{ current_service_id }}>"
+  shell: docker-compose down
+  args:
+    chdir: '{{ service_base_path }}/{{ current_service_id }}'
+  when: check_docker_compose_file.stat.exists
+  ignore_errors: yes
+  tags:
+    - update_deployment
+
+- name: "Deploying docker templates for <{{ current_service_id }}>"
+  include_role:
+    name: _deploy
+    tasks_from: templates
+  vars:
+    current_config: "_docker"
+    current_base_path: "{{ service_base_path }}"
+    current_destination: "{{ current_service_id }}"
+    current_owner: "{{ docker_owner }}"
+    current_group: "{{ docker_group }}"
+    current_docker: "{{ current_service_docker }}"
+
+- name: "Deploying service templates for <{{ current_service_id }}>"
+  include_role:
+    name: _deploy
+    tasks_from: templates
+  vars:
+    current_config: "{{ current_service }}"
+    current_base_path: "{{ service_base_path }}"
+    current_destination: "{{ current_service_id }}"
+    current_owner: "{{ docker_owner }}"
+    current_group: "{{ docker_group }}"
+
+- name: "Updating docker image for <{{ current_service_id }}>"
+  shell: docker-compose pull
+  args:
+    chdir: '{{ service_base_path }}/{{ current_service_id }}'
+  tags:
+    - update_deployment
+
+- name: "Startinf <{{ current_service_id }}>"
+  shell: docker-compose up -d
+  args:
+    chdir: '{{ service_base_path }}/{{ current_service_id }}'
+  tags:
+    - update_deployment
diff --git a/roles/_shared_service/vars/main.yml b/roles/_shared_service/vars/main.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/roles/_shared_service/vars/main.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
index 37dabbe..bacc670 100644
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -1,64 +1,15 @@
 ---
 
 ### tags:
+###   update_deployment
 
-- name: "Setup DNS configuration for <{{ gitea_id }}> to <{{ stage_server_ip }}>"
+- name: "Deploying shared service gitea to <{{ current_host }}><{{ current_server_ip }}>"
   include_role:
-    name: _digitalocean
-    tasks_from: domain
+    name: _shared_service
   vars:
-    record_data: "{{ stage_server_ip }}"
-    record_name: "{{ gitea_id }}"
-
-- name: "Check if {{ gitea_id }}/docker-compose.yml exists"
-  stat:
-    path: '{{ service_base_path }}/{{ gitea_id }}/docker-compose.yml'
-  register: check_docker_compose_file
-  tags:
-    - update_deployment
-
-- name: "Stop {{ gitea_id }}"
-  shell: docker-compose down
-  args:
-    chdir: '{{ service_base_path }}/{{ gitea_id }}'
-  when: check_docker_compose_file.stat.exists
-  ignore_errors: yes
-  tags:
-    - update_deployment
-
-- name: "Deploy docker templates for {{ gitea_id }}"
-  include_role:
-    name: _deploy
-    tasks_from: templates
-  vars:
-    current_config: "_docker"
-    current_base_path: "{{ service_base_path }}"
-    current_destination: "{{ gitea_id }}"
-    current_owner: "{{ docker_owner }}"
-    current_group: "{{ docker_group }}"
-    current_docker: "{{ gitea_docker }}"
-
-- name: "Deploy service templates for {{ gitea_id }}"
-  include_role:
-    name: _deploy
-    tasks_from: templates
-  vars:
-    current_config: "gitea"
-    current_base_path: "{{ service_base_path }}"
-    current_destination: "{{ gitea_id }}"
-    current_owner: "{{ docker_owner }}"
-    current_group: "{{ docker_group }}"
-
-- name: "Update {{ gitea_id }}"
-  shell: docker-compose pull
-  args:
-    chdir: '{{ service_base_path }}/{{ gitea_id }}'
-  tags:
-    - update_deployment
-
-- name: "Start {{ gitea_id }}"
-  shell: docker-compose up -d
-  args:
-    chdir: '{{ service_base_path }}/{{ gitea_id }}'
-  tags:
-    - update_deployment
+    current_service: "gitea"
+    current_server_ip : "{{ stage_server_ip }}"
+    current_dns_entry: "{{ inventory_hostname }}"
+    current_dns_entries : "{{ gitea_public_dns_entries | default([]) }}"
+    current_service_id : "{{ gitea_id }}"
+    current_service_docker : "{{ gitea_docker }}"
diff --git a/roles/gitea/vars/main.yml b/roles/gitea/vars/main.yml
index f1f70b2..bea7571 100644
--- a/roles/gitea/vars/main.yml
+++ b/roles/gitea/vars/main.yml
@@ -3,22 +3,18 @@
 gitea_labels: [
   '"traefik.enable=true"',
   '"traefik.http.routers.{{ gitea_id }}.service={{ gitea_id }}"',
-  '"traefik.http.routers.{{ gitea_id }}.rule=Host(`{{ gitea_base_url }}`) && !Path(`/metrics`)"',
+  '"traefik.http.routers.{{ gitea_id }}.rule=Host(`{{ stage_server_domain }}`) && !Path(`/metrics`)"',
   '"traefik.http.routers.{{ gitea_id }}.entrypoints=websecure"',
   '"traefik.http.routers.{{ gitea_id }}.tls=true"',
   '"traefik.http.routers.{{ gitea_id }}.tls.certresolver=letsencrypt"',
-  '"traefik.http.services.{{ gitea_id }}.loadbalancer.server.port={{ service_port }}"',
+  '"traefik.http.services.{{ gitea_id }}.loadbalancer.server.port=3000"',
 
   '"traefik.http.routers.{{ gitea_id }}-admin.service={{ gitea_id }}-admin"',
-  '"traefik.http.routers.{{ gitea_id }}-admin.rule=Host(`{{ connect_base_url }}`) && Path(`/metrics`)"',
+  '"traefik.http.routers.{{ gitea_id }}-admin.rule=Host(`{{ stage_server_domain }}`) && Path(`/metrics`)"',
   '"traefik.http.routers.{{ gitea_id }}-admin.entrypoints=admin-service"',
   '"traefik.http.routers.{{ gitea_id }}-admin.tls=true"',
   '"traefik.http.routers.{{ gitea_id }}-admin.tls.certresolver=letsencrypt"',
-  '"traefik.http.routers.{{ gitea_id }}-admin.middlewares={{ gitea_id }}-admin-cors"',
-  '"traefik.http.middlewares.{{ gitea_id }}-admin-cors.headers.accesscontrolallowmethods=GET,OPTIONS"',
-  '"traefik.http.middlewares.{{ gitea_id }}-admin-cors.headers.accesscontrolalloworigin=*"',
-  '"traefik.http.middlewares.{{ gitea_id }}-admin-cors.headers.accesscontrolallowheaders=SMA_USER"',
-  '"traefik.http.services.{{ gitea_id }}-admin.loadbalancer.server.port={{ management_port }}"',
+  '"traefik.http.services.{{ gitea_id }}-admin.loadbalancer.server.port=3000"',
 ]
 
 gitea_environment: [
diff --git a/roles/iam/tasks/main.yml b/roles/iam/tasks/main.yml
index b76e2ea..5bfcbda 100644
--- a/roles/iam/tasks/main.yml
+++ b/roles/iam/tasks/main.yml
@@ -1,81 +1,15 @@
 ---
 
 ### tags:
-###   create_users
 ###   update_deployment
 
-- name: "Setup DNS configuration for {{ inventory_hostname }}"
+- name: "Deploying shared service iam to <{{ current_host }}><{{ current_server_ip }}>"
   include_role:
-    name: _digitalocean
-    tasks_from: domain
+    name: _shared_service
   vars:
-    record_data: "{{ stage_server_ip }}"
-    record_name: "{{ inventory_hostname }}"
-
-- name: "Setup public DNS configuration for {{ inventory_hostname }}"
-  include_role:
-    name: _digitalocean
-    tasks_from: domain
-  vars:
-    record_data: "{{ item.ip }}"
-    record_name: "{{ item.name }}"
-  loop: "{{ iam_public_dns_entries }}"
-  when: iam_public_dns_entries is defined
-
-- name: "Check docker networks"
-  include_role:
-    name: _docker
-    tasks_from: networks
-
-- name: "Check if {{ inventory_hostname }}/docker-compose.yml exists"
-  stat:
-    path: '{{ service_base_path }}/{{ inventory_hostname }}/docker-compose.yml'
-  register: check_docker_compose_file
-  tags:
-    - update_deployment
-
-- name: "Stop {{ inventory_hostname }}"
-  shell: docker-compose down
-  args:
-    chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
-  when: check_docker_compose_file.stat.exists
-  ignore_errors: yes
-  tags:
-    - update_deployment
-
-- name: "Deploy docker templates for {{ inventory_hostname }}"
-  include_role:
-    name: _deploy
-    tasks_from: templates
-  vars:
-    current_config: "_docker"
-    current_base_path: "{{ service_base_path }}"
-    current_destination: "{{ inventory_hostname }}"
-    current_owner: "{{ docker_owner }}"
-    current_group: "{{ docker_group }}"
-    current_docker: "{{ iam_docker }}"
-
-- name: "Deploy service templates for {{ inventory_hostname }}"
-  include_role:
-    name: _deploy
-    tasks_from: templates
-  vars:
-    current_config: "iam"
-    current_base_path: "{{ service_base_path }}"
-    current_destination: "{{ inventory_hostname }}"
-    current_owner: "{{ docker_owner }}"
-    current_group: "{{ docker_group }}"
-
-- name: "Update {{ inventory_hostname }}"
-  shell: docker-compose pull
-  args:
-    chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
-  tags:
-    - update_deployment
-
-- name: "Start {{ inventory_hostname }}"
-  shell: docker-compose up -d
-  args:
-    chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
-  tags:
-    - update_deployment
+    current_service: "iam"
+    current_server_ip : "{{ stage_server_ip }}"
+    current_dns_entry: "{{ inventory_hostname }}"
+    current_dns_entries : "{{ iam_public_dns_entries | default([]) }}"
+    current_service_id : "{{ iam_id }}"
+    current_service_docker : "{{ iam_docker }}"
diff --git a/roles/iam/vars/main.yml b/roles/iam/vars/main.yml
index 9907b40..2a19ee8 100644
--- a/roles/iam/vars/main.yml
+++ b/roles/iam/vars/main.yml
@@ -22,10 +22,6 @@ iam_labels: [
   '"traefik.http.routers.{{ iam_id }}-admin.entrypoints=admin-service"',
   '"traefik.http.routers.{{ iam_id }}-admin.tls=true"',
   '"traefik.http.routers.{{ iam_id }}-admin.tls.certresolver=letsencrypt"',
-  '"traefik.http.routers.{{ iam_id }}-admin.middlewares={{ iam_id }}-admin-cors"',
-  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolallowmethods=GET,OPTIONS"',
-  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolalloworigin=*"',
-  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolallowheaders=SMA_USER"',
   '"traefik.http.services.{{ iam_id }}-admin.loadbalancer.server.port={{ management_port }}"',
 ]
 
diff --git a/templates/prometheus/config/prometheus/prometheus.yml.j2 b/templates/prometheus/config/prometheus/prometheus.yml.j2
index 64f9724..69e1c68 100644
--- a/templates/prometheus/config/prometheus/prometheus.yml.j2
+++ b/templates/prometheus/config/prometheus/prometheus.yml.j2
@@ -247,7 +247,7 @@ scrape_configs:
     static_configs:
       - targets: [
 {% for host in server_group_names_gitea| default([]) %}
-          '{{ host }}-gitea.{{ domain }}:{{ admin_port_service }}',
+          '{{ host }}.{{ domain }}:{{ admin_port_service }}',
 {% endfor %}
         ]
         labels: