chore: removed duplications between iam/gitea

- deploying is now done by shared role - only configuration needed by iam/gitea role
4 years ago · da646bf4bd
parent 8e88f4bf3d
commit da646bf4bd
14 changed files with 114 additions and 149 deletions
--- a/group_vars/gitea/plain.yml
+++ b/group_vars/gitea/plain.yml
@ -6,7 +6,7 @@ hetzner_server_labels: "stage={{ stage }} service=gitea"
 gitea_id: "{{ inventory_hostname }}-gitea"
 gitea_postgres_id: "{{ inventory_hostname }}-postgres-gitea"

-gitea_base_url: "{{ gitea_id }}.{{ domain }}"
+gitea_base_url: "{{ inventory_hostname }}.{{ domain }}"

 # unique id for a service, will be used for service access management as well (e.g. keycloak realm)
 gitea_client_id: "{{ cluster_name }}"
--- a/group_vars/postfix/plain.yml
+++ b/group_vars/postfix/plain.yml
@ -1,6 +1,6 @@
 ---

-hetzner_server_labels: "stage={{ stage }} service=mail"
+hetzner_server_labels: "stage={{ stage }} service=postfix"

 docker_enabled: false
 traefik_enabled: false
--- a/group_vars/stage_dev/plain.yml
+++ b/group_vars/stage_dev/plain.yml
@ -76,10 +76,10 @@ shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01"
 shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02"
 shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03"
 shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01"
-shared_service_gitea_hostname: "{{ stage }}-gitea-01"

 shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain }}"
 shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain }}"
+shared_service_gitea_hostname: "{{ stage }}-gitea-01.{{ domain }}"
 shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}"
 shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}"
 management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}"
--- a/roles/_docker/vars/main.yml
+++ b/roles/_docker/vars/main.yml
@ -1,2 +1 @@
 ---
-
--- a/roles/_shared_service/defaults/main.yml
+++ b/roles/_shared_service/defaults/main.yml
@ -0,0 +1 @@
+---
--- a/roles/_shared_service/handlers/main.yml
+++ b/roles/_shared_service/handlers/main.yml
@ -0,0 +1 @@
+---
--- a/roles/_shared_service/meta/main.yml
+++ b/roles/_shared_service/meta/main.yml
@ -0,0 +1 @@
+---
--- a/roles/_shared_service/tasks/main.yml
+++ b/roles/_shared_service/tasks/main.yml
@ -0,0 +1,85 @@
+---
+
+### params:
+###   current_service: gitea
+###   current_server_ip : 1.2.3.4
+###   current_dns_entry : dev-gitea-01
+###   current_dns_entries : ['dev-gitea']
+###   service_base_path : /etc/smardigo/
+###   current_service_id : dev-gitea-01-gitea
+###   current_service_docker : <docker config object>
+###   docker_owner : root
+###   docker_group : root
+
+### tags:
+###   update_deployment
+
+- name: "Updating DNS for <{{ current_dns_entry }}> to <{{ current_server_ip }}>"
+  include_role:
+    name: _digitalocean
+    tasks_from: domain
+  vars:
+    record_data: "{{ current_server_ip }}"
+    record_name: "{{ current_dns_entry }}"
+
+- name: "Updating public DNS for <{{ current_host }}>"
+  include_role:
+    name: _digitalocean
+    tasks_from: domain
+  vars:
+    record_data: "{{ item.ip }}"
+    record_name: "{{ item.name }}"
+  loop: "{{ current_dns_entries }}"
+
+- name: "Checking if <{{ current_service_id }}/docker-compose.yml> exists"
+  stat:
+    path: '{{ service_base_path }}/{{ current_service_id }}/docker-compose.yml'
+  register: check_docker_compose_file
+  tags:
+    - update_deployment
+
+- name: "Stopping <{{ current_service_id }}>"
+  shell: docker-compose down
+  args:
+    chdir: '{{ service_base_path }}/{{ current_service_id }}'
+  when: check_docker_compose_file.stat.exists
+  ignore_errors: yes
+  tags:
+    - update_deployment
+
+- name: "Deploying docker templates for <{{ current_service_id }}>"
+  include_role:
+    name: _deploy
+    tasks_from: templates
+  vars:
+    current_config: "_docker"
+    current_base_path: "{{ service_base_path }}"
+    current_destination: "{{ current_service_id }}"
+    current_owner: "{{ docker_owner }}"
+    current_group: "{{ docker_group }}"
+    current_docker: "{{ current_service_docker }}"
+
+- name: "Deploying service templates for <{{ current_service_id }}>"
+  include_role:
+    name: _deploy
+    tasks_from: templates
+  vars:
+    current_config: "{{ current_service }}"
+    current_base_path: "{{ service_base_path }}"
+    current_destination: "{{ current_service_id }}"
+    current_owner: "{{ docker_owner }}"
+    current_group: "{{ docker_group }}"
+
+- name: "Updating docker image for <{{ current_service_id }}>"
+  shell: docker-compose pull
+  args:
+    chdir: '{{ service_base_path }}/{{ current_service_id }}'
+  tags:
+    - update_deployment
+
+- name: "Startinf <{{ current_service_id }}>"
+  shell: docker-compose up -d
+  args:
+    chdir: '{{ service_base_path }}/{{ current_service_id }}'
+  tags:
+    - update_deployment
--- a/roles/_shared_service/vars/main.yml
+++ b/roles/_shared_service/vars/main.yml
@ -0,0 +1 @@
+---
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@ -1,64 +1,15 @@
 ---

 ### tags:
+###   update_deployment

- name: "Setup DNS configuration for <{{ gitea_id }}> to <{{ stage_server_ip }}>"
+- name: "Deploying shared service gitea to <{{ current_host }}><{{ current_server_ip }}>"
  include_role:
-    name: _digitalocean
-    tasks_from: domain
+    name: _shared_service
  vars:
-    record_data: "{{ stage_server_ip }}"
-    record_name: "{{ gitea_id }}"
-
- name: "Check if {{ gitea_id }}/docker-compose.yml exists"
-  stat:
-    path: '{{ service_base_path }}/{{ gitea_id }}/docker-compose.yml'
-  register: check_docker_compose_file
-  tags:
-    - update_deployment
-
- name: "Stop {{ gitea_id }}"
-  shell: docker-compose down
-  args:
-    chdir: '{{ service_base_path }}/{{ gitea_id }}'
-  when: check_docker_compose_file.stat.exists
-  ignore_errors: yes
-  tags:
-    - update_deployment
-
- name: "Deploy docker templates for {{ gitea_id }}"
-  include_role:
-    name: _deploy
-    tasks_from: templates
-  vars:
-    current_config: "_docker"
-    current_base_path: "{{ service_base_path }}"
-    current_destination: "{{ gitea_id }}"
-    current_owner: "{{ docker_owner }}"
-    current_group: "{{ docker_group }}"
-    current_docker: "{{ gitea_docker }}"
-
- name: "Deploy service templates for {{ gitea_id }}"
-  include_role:
-    name: _deploy
-    tasks_from: templates
-  vars:
-    current_config: "gitea"
-    current_base_path: "{{ service_base_path }}"
-    current_destination: "{{ gitea_id }}"
-    current_owner: "{{ docker_owner }}"
-    current_group: "{{ docker_group }}"
-
- name: "Update {{ gitea_id }}"
-  shell: docker-compose pull
-  args:
-    chdir: '{{ service_base_path }}/{{ gitea_id }}'
-  tags:
-    - update_deployment
-
- name: "Start {{ gitea_id }}"
-  shell: docker-compose up -d
-  args:
-    chdir: '{{ service_base_path }}/{{ gitea_id }}'
-  tags:
-    - update_deployment
+    current_service: "gitea"
+    current_server_ip : "{{ stage_server_ip }}"
+    current_dns_entry: "{{ inventory_hostname }}"
+    current_dns_entries : "{{ gitea_public_dns_entries | default([]) }}"
+    current_service_id : "{{ gitea_id }}"
+    current_service_docker : "{{ gitea_docker }}"
--- a/roles/gitea/vars/main.yml
+++ b/roles/gitea/vars/main.yml
@ -3,22 +3,18 @@
 gitea_labels: [
  '"traefik.enable=true"',
  '"traefik.http.routers.{{ gitea_id }}.service={{ gitea_id }}"',
-  '"traefik.http.routers.{{ gitea_id }}.rule=Host(`{{ gitea_base_url }}`) && !Path(`/metrics`)"',
+  '"traefik.http.routers.{{ gitea_id }}.rule=Host(`{{ stage_server_domain }}`) && !Path(`/metrics`)"',
  '"traefik.http.routers.{{ gitea_id }}.entrypoints=websecure"',
  '"traefik.http.routers.{{ gitea_id }}.tls=true"',
  '"traefik.http.routers.{{ gitea_id }}.tls.certresolver=letsencrypt"',
-  '"traefik.http.services.{{ gitea_id }}.loadbalancer.server.port={{ service_port }}"',
+  '"traefik.http.services.{{ gitea_id }}.loadbalancer.server.port=3000"',

  '"traefik.http.routers.{{ gitea_id }}-admin.service={{ gitea_id }}-admin"',
-  '"traefik.http.routers.{{ gitea_id }}-admin.rule=Host(`{{ connect_base_url }}`) && Path(`/metrics`)"',
+  '"traefik.http.routers.{{ gitea_id }}-admin.rule=Host(`{{ stage_server_domain }}`) && Path(`/metrics`)"',
  '"traefik.http.routers.{{ gitea_id }}-admin.entrypoints=admin-service"',
  '"traefik.http.routers.{{ gitea_id }}-admin.tls=true"',
  '"traefik.http.routers.{{ gitea_id }}-admin.tls.certresolver=letsencrypt"',
-  '"traefik.http.routers.{{ gitea_id }}-admin.middlewares={{ gitea_id }}-admin-cors"',
-  '"traefik.http.middlewares.{{ gitea_id }}-admin-cors.headers.accesscontrolallowmethods=GET,OPTIONS"',
-  '"traefik.http.middlewares.{{ gitea_id }}-admin-cors.headers.accesscontrolalloworigin=*"',
-  '"traefik.http.middlewares.{{ gitea_id }}-admin-cors.headers.accesscontrolallowheaders=SMA_USER"',
-  '"traefik.http.services.{{ gitea_id }}-admin.loadbalancer.server.port={{ management_port }}"',
+  '"traefik.http.services.{{ gitea_id }}-admin.loadbalancer.server.port=3000"',
 ]

 gitea_environment: [
--- a/roles/iam/tasks/main.yml
+++ b/roles/iam/tasks/main.yml
@ -1,81 +1,15 @@
 ---

 ### tags:
-###   create_users
 ###   update_deployment

- name: "Setup DNS configuration for {{ inventory_hostname }}"
+- name: "Deploying shared service iam to <{{ current_host }}><{{ current_server_ip }}>"
  include_role:
-    name: _digitalocean
-    tasks_from: domain
+    name: _shared_service
  vars:
-    record_data: "{{ stage_server_ip }}"
-    record_name: "{{ inventory_hostname }}"
-
- name: "Setup public DNS configuration for {{ inventory_hostname }}"
-  include_role:
-    name: _digitalocean
-    tasks_from: domain
-  vars:
-    record_data: "{{ item.ip }}"
-    record_name: "{{ item.name }}"
-  loop: "{{ iam_public_dns_entries }}"
-  when: iam_public_dns_entries is defined
-
- name: "Check docker networks"
-  include_role:
-    name: _docker
-    tasks_from: networks
-
- name: "Check if {{ inventory_hostname }}/docker-compose.yml exists"
-  stat:
-    path: '{{ service_base_path }}/{{ inventory_hostname }}/docker-compose.yml'
-  register: check_docker_compose_file
-  tags:
-    - update_deployment
-
- name: "Stop {{ inventory_hostname }}"
-  shell: docker-compose down
-  args:
-    chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
-  when: check_docker_compose_file.stat.exists
-  ignore_errors: yes
-  tags:
-    - update_deployment
-
- name: "Deploy docker templates for {{ inventory_hostname }}"
-  include_role:
-    name: _deploy
-    tasks_from: templates
-  vars:
-    current_config: "_docker"
-    current_base_path: "{{ service_base_path }}"
-    current_destination: "{{ inventory_hostname }}"
-    current_owner: "{{ docker_owner }}"
-    current_group: "{{ docker_group }}"
-    current_docker: "{{ iam_docker }}"
-
- name: "Deploy service templates for {{ inventory_hostname }}"
-  include_role:
-    name: _deploy
-    tasks_from: templates
-  vars:
-    current_config: "iam"
-    current_base_path: "{{ service_base_path }}"
-    current_destination: "{{ inventory_hostname }}"
-    current_owner: "{{ docker_owner }}"
-    current_group: "{{ docker_group }}"
-
- name: "Update {{ inventory_hostname }}"
-  shell: docker-compose pull
-  args:
-    chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
-  tags:
-    - update_deployment
-
- name: "Start {{ inventory_hostname }}"
-  shell: docker-compose up -d
-  args:
-    chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
-  tags:
-    - update_deployment
+    current_service: "iam"
+    current_server_ip : "{{ stage_server_ip }}"
+    current_dns_entry: "{{ inventory_hostname }}"
+    current_dns_entries : "{{ iam_public_dns_entries | default([]) }}"
+    current_service_id : "{{ iam_id }}"
+    current_service_docker : "{{ iam_docker }}"
--- a/roles/iam/vars/main.yml
+++ b/roles/iam/vars/main.yml
@ -22,10 +22,6 @@ iam_labels: [
  '"traefik.http.routers.{{ iam_id }}-admin.entrypoints=admin-service"',
  '"traefik.http.routers.{{ iam_id }}-admin.tls=true"',
  '"traefik.http.routers.{{ iam_id }}-admin.tls.certresolver=letsencrypt"',
-  '"traefik.http.routers.{{ iam_id }}-admin.middlewares={{ iam_id }}-admin-cors"',
-  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolallowmethods=GET,OPTIONS"',
-  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolalloworigin=*"',
-  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolallowheaders=SMA_USER"',
  '"traefik.http.services.{{ iam_id }}-admin.loadbalancer.server.port={{ management_port }}"',
 ]

--- a/templates/prometheus/config/prometheus/prometheus.yml.j2
+++ b/templates/prometheus/config/prometheus/prometheus.yml.j2
@ -247,7 +247,7 @@ scrape_configs:
    static_configs:
      - targets: [
 {% for host in server_group_names_gitea| default([]) %}
-          '{{ host }}-gitea.{{ domain }}:{{ admin_port_service }}',
+          '{{ host }}.{{ domain }}:{{ admin_port_service }}',
 {% endfor %}
        ]
        labels: