gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: gitea-admin:master
Branches Tags
gitea-admin:prodnso
gitea-admin:main
gitea-admin:qa
gitea-admin:feature/DEV-655
gitea-admin:feature/SC-124
gitea-admin:feature/SC-55
gitea-admin:feature/DEV-470_2nd
gitea-admin:feature/DEV-380_2nd
gitea-admin:feature/DEV-380
gitea-admin:master
..
compare: gitea-admin:feature/DEV-380_2nd
Branches Tags
gitea-admin:prodnso
gitea-admin:main
gitea-admin:qa
gitea-admin:feature/DEV-655
gitea-admin:feature/SC-124
gitea-admin:feature/SC-55
gitea-admin:feature/DEV-470_2nd
gitea-admin:feature/DEV-380_2nd
gitea-admin:feature/DEV-380
gitea-admin:master

169 Commits
master ... feature/DE

Author SHA1 Message Date
friedrich goerz 2c64432d1e DEV-380: __fast__ lauffaehig ohne Probleme (TM) ;) 4 years ago
friedrich goerz 5cac30fede DEV-380: added haproxy stuff to be ready for communication in case of M-M-replication for mariadb 
cherry-picked
 4 years ago
friedrich goerz 967203009c DEV-380: added haproxy stuff to be ready for communication in case of M-M-replication for mariadb 
cherry-picked
 4 years ago
Görz, Friedrich 67ef959d38 Update create-server.yml 4 years ago
friedrich goerz 425041c2dd DEV-380: rebased 4 years ago
friedrich goerz 561a58ab02 DEV-380: added haproxy stuff to be ready for communication in case of M-M-replication for mariadb 
cherry-picked
 4 years ago
friedrich goerz 547c9ee459 DEV-494: added hcloud as group also for dynamic SMA-instances 4 years ago
friedrich goerz 0f04201234 DEV-380: put changed in new branches due to merge conflict stuff 4 years ago
friedrich goerz bd85993f23 DEV-380: put changed in new branches due to merge conflict stuff 4 years ago
friedrich goerz 43892e7a54 DEV-380: added haproxy stuff to be ready for communication in case of M-M-replication for mariadb 
cherry-picked
 4 years ago
Sven Ketelsen 13a05a7a08 bugfix: gitlab/run-patchday runs the patchday twice 
- removed one of the two patchday.yml executions.
 4 years ago
Sven Ketelsen 41a065b048 bugfix: regression for etc/hosts update 
- shouldn't run for non hcloud servers at all
  when expression was wrongly negated
 4 years ago
Sven Ketelsen f00fdbe808 bugfix: fixed when expression (regression from DEV-492) 4 years ago
friedrich goerz b23b571f79 DEV-492: fix /etc/hosts-issue for DO-VMs 4 years ago
Görz, Friedrich 3e82085eb0 Bug/dev 476 blackbox do vm 4 years ago
friedrich goerz 9d418ccf11 DEV-476: consolidate dev-blackbox-01 on digitalocean platform 4 years ago
Sven Ketelsen 2cf1d8b9dc bugfix: service creation with portal is broken 
- Filebeat autodiscover condition isn't working for all
  hosts. Switched condition to docker_enabled flag. If a
  container has no default log file (harbor) there isn't
  a problem because there will just no log file found.
  The autodiscover docker container log files mustn't
  deactivated in this cases at all.
 4 years ago
Eichhorn, Philipp 6200deea76 DEV-489: add ssh key for philipp.eichhorn@netgo.de 4 years ago
Sven Ketelsen 72ff5db355 DEV-416: review collect postgres logs to elk-stack 4 years ago
Sven Ketelsen 0186de2e94 feat: rollout certs on qa 4 years ago
Sven Ketelsen 1048f5845d bugfix: removed daily roll over for log indices 4 years ago
Sven Ketelsen 8156a45ec2 feat: updated elastic certs for qa/prod stages 
- create new certificates (--days 1095)
- rollout with playbook smardigo.yml + -t update_certs
  all elasticsearch
  all kibana
  all logstash
- rollout with playbook setup.yml + -t update_certs
  all filebeat
- manually updates connect certs
  use smardigo.yml + -t update_certs - with connect role
 4 years ago
Sven Ketelsen acd2205aed bugfix: removed variable k8s_namespace 
- has to be set when a k8s namespace should be created
 4 years ago
Sven Ketelsen 1fd63f3676 feat: updated elastic certs on dev stage 
- create new certificates (--days 1095)
- rollout with playbook smardigo.yml + -t update_certs
  all elasticsearch
  all kibana
  all logstash
- rollout with playbook setup.yml + -t update_certs
  all filebeat
- manually updates connect certs
  use smardigo.yml + -t update_certs - with connect role
 4 years ago
Görz, Friedrich 84a013d169 MOB-148: added k8s cluster for mobene stuff 4 years ago
Görz, Friedrich 0f69260711 DEV-416: added stuff to enable filebeat for postgres + mariabb instances 4 years ago
Sven Ketelsen ef24ce7063 bugfix: added missing update monitoring (prometheus) 4 years ago
Sven Ketelsen 55ebe36758 MOB-102: office 365 email account (QA/PROD) 4 years ago
Sven Ketelsen 578d798332 MOB-102: set wordpress image version to latest 4 years ago
friedrich goerz 43fbb20fb8 DEV-484: changed index naming pattern from monthly to daily 4 years ago
Peter Heise 055c5d0b77 DEV-391 - changed public key for offsite storage. 4 years ago
friedrich goerz 8180523963 DEV-480: decrease prometheus retention time for DEV-stage 4 years ago
Sven Ketelsen 79bd5863e0 bugfix: set connect LOG_LEVELs from DEBUG to INFO 4 years ago
Sven Ketelsen 4a661b064f bugfix: axw jobs are now in descending order (by creation time) 4 years ago
friedrich goerz ebf2d41e48 DEV-473: changed custom metric queries to reduce messages in error.log 4 years ago
Görz, Friedrich 1c5b1c44dd DEV-391: fix merge problems + fixing linter problems 4 years ago
Sven Ketelsen 025bc37453 feat: small improvement in portal dossier 4 years ago
Sven Ketelsen 723db05ded feat: send up-and-running mail only when stage isn't DEV 
- sendUpAndRunningMail set on process start
 4 years ago
Sven Ketelsen 9a16dc20bf bugfix: view for awx jobs 4 years ago
Sven Ketelsen 77e71d0048 feat: fun with email templates aka. thymeleaf 4 years ago
Sven Ketelsen 1ad63bf864 feat: added initial password creation to portal 
- randomize passwords according to password policies
  2 Uppercase Characters
  2 Lowercase Characters
  2 Special Characters
  1 Digits
 4 years ago
Sven Ketelsen 05ccebc851 feat: added initial password creation to portal 
- randomize passwords according to password policies
  2 Uppercase Characters
  2 Lowercase Characters
  2 Special Characters
  1 Digits
 4 years ago
Sven Ketelsen 00ca2bc3f1 feat: added initial password creation to portal 
- randomize passwords according to password policies
  2 Uppercase Characters
  2 Lowercase Characters
  2 Special Characters
  1 Digits
 4 years ago
Ketelsen, Sven 8c69471639 DEV-477 bugfix: delete wordpress database when service is deleted by portal 4 years ago
Sven Ketelsen 1ebcce5a17 Revert "tmp" 
This reverts commit 9275cf4672.
 4 years ago
Sven Ketelsen 9275cf4672 tmp 4 years ago
Sven Ketelsen 51c1a79eb1 chore: apt: removed duplicated iotop entry 4 years ago
Görz, Friedrich 0eac3f3d3c DEV-429: mariadb upgrade 4 years ago
Sven Ketelsen 9f18847223 feat: added visualization for awx jobs 4 years ago
Sven Ketelsen 06a395855b feat: argo-cd 
- activated json logging
- disabled application set controller
 4 years ago
Sven Ketelsen 2150ed8e35 feat: switched prodnso-prometheus-01 server type to cpx21 
- increased due to disk space 40>80GB
 4 years ago
Sven Ketelsen ea827b727e feat: apt: added iotop to defaults 4 years ago
Sven Ketelsen 25bd87846c feat: kibana - default index patterns 
- uncategorized-*
- {{ stage }}-*-authlog-*
- {{ stage }}-*-syslog-*
- {{ stage }}-monitoring-*
- {{ stage }}-management-*-connect-*
 4 years ago
Sven Ketelsen 26dad106ba review: logstash index pattern 
- added block for [kubernetes][statefulset][name]
 4 years ago
Sven Ketelsen 2f0c919f2e review: logstash index pattern 
- added block for [kubernetes][daemonset][name]
 4 years ago
Sven Ketelsen 9c052aabc7 review: logstash index pattern 
- added uncategorized block for kubernetes
  no [kubernetes][deployment][name] available

- added uncategorized block for beats
  no [container][name] available
 4 years ago
Sven Ketelsen 4fbf0b4203 feat: added node-exporter for kubernetes servers 4 years ago
friedrich goerz 0d5976898a NOTICKET: corrected bloody typo 4 years ago
Görz, Friedrich 98c9f70e8a DEV-338: added logstash config to deliver k8s-dockerlogs into specific indices 4 years ago
Görz, Friedrich 4bf4167216 DEV-386: to use techn.user to scrape metrics for ssh-root-login 4 years ago
Sven Ketelsen aae57149dc bugfix: added missing role-policy-mapping to process 4 years ago
Görz, Friedrich d4aab3b7d8 DEV-473: removed stage specific threshold for replication_lag - flapping... 4 years ago
Görz, Friedrich 6c6dd5c1ae DEV-442: added threshold for pg_repl_lag to avoid false positives on DEV-stage 4 years ago
Michael Hähnel ff9c0d94a1 Extended Monitoring/Alerting for PostgreSQL 4 years ago
Sven Ketelsen acee683569 feat: added workflow heatmap flag to portal 
- SMA_WORKFLOW_HEATMAP_ENABLED: [false]|true
 4 years ago
Sven Ketelsen 9f65ecaf96 DEV-447: added new ext server ext-bdev-mpmexec-01 4 years ago
friedrich goerz 5d1b951f39 DEV-466: added missing but needed package 4 years ago
Sven Ketelsen f55a892418 bugfix: pgadmin username/password 
- username: nso.devops@netgo.de
- password: DEV default
- password: QA vault
- password: PRODNSO vault
 4 years ago
Michael Haehnel c112a780f1 Extend hetzner_ssh_keys for michael.haehnel 4 years ago
Sven Ketelsen 331667d8cc DEV-452 reverted backups from hourly to daily 4 years ago
friedrich goerz 0fe89b4985 DEV-452: tried to fix some stuff 4 years ago
Michael Haehnel 10bd066617 DEV-456: Added SSH key for michael.haehnel 4 years ago
Sven Ketelsen 15d313e9fe chore: added incident configuration to smardigo apps 4 years ago
friedrich goerz 0c8bfdb3d9 DEV-452: tried to fix some stuff 4 years ago
friedrich goerz a3bf98465a DEV-452: added workaround to fix problem with missing hetzner internal network 4 years ago
friedrich goerz cd09b5bb5e DEV-452: added workaround to fix problem with missing hetzner internal network 4 years ago
friedrich goerz f7a43f5981 DEV-452: added workaround to fix problem with missing hetzner internal network 4 years ago
friedrich goerz 31e79f7ee6 DEV-452: added DEBUG statements to get more information in case of problems 4 years ago
friedrich goerz 5ce99dbb58 DEV-452: pimped recursive _set_server_state.yml - bugfixed 4 years ago
Görz, Friedrich 37ca359842 DEv-452: added recursive _set_server_state.yml to work around hetzners... 4 years ago
Sven Ketelsen 7a9bd9411e bugfix: logstash mutate - remove_field 
- [host][ip]
- [host][mac]
 4 years ago
Sven Ketelsen c4a7359e6c chore: added argo-cd projects 
- bootstrap
- kube-system
- infrastructure
 4 years ago
Sven Ketelsen 104ede597d chore: removed stage prefix from pull secret (namespace) 4 years ago
Sven Ketelsen ae1e2854dc chore: removed stage prefix from pull secret (namespace) 4 years ago
Ketelsen, Sven 60a6c73be6 DEV-424 export for wordpress database (maria) 4 years ago
Görz, Friedrich 9efc1cf2b5 DEV-452: bugfix 4 years ago
friedrich goerz 64d0834b35 DEV-452: added potential fixes for our hetzner create_server - is locked/message problem - bugfix 4 years ago
friedrich goerz dac7002ad9 DEV-452: added potential fixes for our hetzner create_server - is locked/message problem 4 years ago
Sven Ketelsen 2a08f40e89 DEV-375: added sort for backup process search 4 years ago
friedrich goerz 8c8722851f DEV-386: added alert to get notification in case of ssh root login 4 years ago
Sven Ketelsen fff42dea2c chore: removed ignore_errors due to a bug in smardigo 4 years ago
Görz, Friedrich b4937db87a DEV-375: bugfix to run stuff for testdb only when is set 4 years ago
Sven Ketelsen 750b109b54 chore: added ignore_errors due to a bug in smardigo 4 years ago
Sven Ketelsen f631b487bd chore: new smardigo workflow version 4 years ago
Sven Ketelsen fec637ff41 DEV-375: removed button "Server freigeben" in teams 4 years ago
Sven Ketelsen 19c35ddd8c DEV-375: fixed process modell 
- 0 0 0 * * ? -> daily at 0.°°
 4 years ago
friedrich goerz 615121fe72 DEV-375: added label for restore- server to ignore them in promehtues 4 years ago
Sven Ketelsen 516b2eecd6 DEV-375: cleanup process 4 years ago
Sven Ketelsen a3e662c883 DEV-375: added cron expression for backups 
- every day at 0.°°
 4 years ago
friedrich goerz 038473f80c DEV-441: resizing postgres-VMs 4 years ago
Sven Ketelsen b4b0508cfe spike: automated mirrors for gitlab (w.i.p.) 4 years ago
Sven Ketelsen 17267379c5 chore: adjusted ssh key comments to convention 4 years ago
Sven Ketelsen ad80ceeaaa SMARCH-126: bootstrap argocd with argocd 4 years ago
Sven Ketelsen 20c745eeb4 SMARCH-126: bootstrap argocd with argocd 4 years ago
Sven Ketelsen 80c94ef184 SMARCH-126: bootstrap argocd with argocd 4 years ago
Ketelsen, Sven 8923ab7574 SMARCH-126: Bootstrap ArgoCD by ArgoCD 4 years ago
Görz, Friedrich 03c87e74dc DEV-435: ssh-key rotation for technical users 4 years ago
Görz, Friedrich bdc33af536 DEV-438: debuggen SFTP-error - thesis: ssh hardening will rise the WARN 4 years ago
Görz, Friedrich 315bee648d DEV-439: removed leftovers from mariadb-transport-encyrption 4 years ago
Sven Ketelsen 3e7320e02f bugfix: added 2h timeout to patchday 
- default is 1h - which isn't enough for patchday
 4 years ago
Sven Ketelsen ab790591c2 chore: whitelisted admin ips 4 years ago
Sven Ketelsen 2697a27350 DEV-375: extended backup process model 
- added database backup verify
 4 years ago
Görz, Friedrich f0eab6d3ae DEv-421: refactored installation for postgres-exporter + installed newer... 4 years ago
Görz, Friedrich a2fa12ef40 DEV-396: changed diskspace alert from predictive to alert of current usage 4 years ago
Sven Ketelsen 1a73a7f2be DEV-432: ed25519 with passphrase 4 years ago
friedrich goerz f4c97a9a04 DEV-432: ansible stuff to change ssh ciphers on serverside + added new ssh key for fgoerz 4 years ago
friedrich goerz 819a658e50 DEV-422: mariadb deactivate ssl stuff to ensure stable smardigo-ENV 4 years ago
friedrich goerz ea2e31cd27 DEV-383: fixing bug 4 years ago
Sven Ketelsen 64c2001924 Merge branch 'main' into qa 4 years ago
Görz, Friedrich c507859fb4 Revert "DEV-383: fixing bug on QA" 
This reverts commit b39400163e
 4 years ago
Görz, Friedrich 62e0a64f26 DEV-414: follow-up tasks prod@hetzner-incident 4 years ago
Görz, Friedrich b39400163e DEV-383: fixing bug on QA 4 years ago
Görz, Friedrich 49fc416764 DEV-382: enable SSL for postgres-connections 4 years ago
Sven Ketelsen d99c9001bf DEV-383: enable SSL for mariadb-connections 4 years ago
Sven Ketelsen 6297ad954e feat: removed admin ips from firewalls 4 years ago
Sven Ketelsen 0b18fc9bc2 MOB-28: added custom whitelisted ips for services 4 years ago
Sven Ketelsen 62fa239b6f MOB-28: added firewall whitelist for mobene - keycloak 4 years ago
Sven Ketelsen fec11415bc MOB-28: added firewall whitelist for mobene - keycloak 4 years ago
friedrich goerz 7d7dbcf622 NOTICKET: hetzner bugfix 4 years ago
Sven Ketelsen 7bb1c9eed3 chore: update of ip whitelist 4 years ago
friedrich goerz 44e21b4f03 NOTICKET: fix broken playbook due to violation of password policy 4 years ago
friedrich goerz fc5745eac2 NOTICKET: fix broken playbook due to renamed yml file 4 years ago
Sven Ketelsen f1c5e1b1f8 bugfix: wrong vault pass for qa/prodnso stage 4 years ago
Claus Paetow 164bc2730e bugfix: updated ssh key configuration 
- - ssh-rsa key claus.paetow
- + ssh-ed25519 key claus.paetow
 4 years ago
Sven Ketelsen fe66a12c6e bugfix: typo 4 years ago
Sven Ketelsen 4285716f6b chore: removed dev-fgrz-01 4 years ago
Sven Ketelsen 5a728d97be bugfix: typo 4 years ago
Görz, Friedrich 6fbc3af3c4 DEV-374: implemented logical restore-test to check if restore was succussful 4 years ago
Sven Ketelsen 197bcfd4ea DEV-375: added process model for creating backups 
- databaseEngines: postgres,maria
 4 years ago
Sven Ketelsen 194d3461e6 DEV-375: added process model for creating backups 
- databaseEngines: postgres,maria
 4 years ago
Sven Ketelsen 46c47ddcf0 bugfix: invalid json syntax 4 years ago
Görz, Friedrich 43da648df6 DEV-389: added gpg-decryption for backup 4 years ago
Sven Ketelsen b08a1466b7 bugfix: management backup process process deletion 4 years ago
Sven Ketelsen 4e07e72b99 bugfix: missing ssh_host for backup playbook 
- ansible_ssh_host: {{ stage_server_domain }}
 4 years ago
Sven Ketelsen 1c71fedb6e chore: gitlab - fixed vault passwords 4 years ago
Sven Ketelsen 6743bdcf27 chore: gitlab - removed schedules from tasks 
- isn't working as expected
 4 years ago
Görz, Friedrich 0c9042da83 DEV-373: try to automate restore from database backup 4 years ago
Sven Ketelsen 3257ff9a9b chore: dry pattern 4 years ago
Sven Ketelsen 7cff418410 chore: dry pattern 4 years ago
Sven Ketelsen 9222383ca6 chore: dry pattern 4 years ago
Sven Ketelsen 3bdbd689f6 chore: gitlab test 4 years ago
Sven Ketelsen 079d195153 chore: cleanup/consolidation 4 years ago
Sven Ketelsen 2a1cd6b638 chore: cleanup/consolidation 4 years ago
Sven Ketelsen a24368f884 chore: cleanup/consolidation 4 years ago
Sven Ketelsen 484b60ae16 chore: cleanup/consolidation 4 years ago
Sven Ketelsen 9c782fa7cb chore: dry pattern 4 years ago
Sven Ketelsen fc36445952 chore: dry pattern 4 years ago
Sven Ketelsen 9f75b8969a chore: ansible-management-dev only on main branch 4 years ago
Sven Ketelsen 80b321cd65 DEV-375 feat: new process for backup scheduling 4 years ago
Sven Ketelsen 49aa913213 bugfix: backup runs with gather_facts: false 4 years ago
Sven Ketelsen fa75354842 chore: cleanup 4 years ago
Sven Ketelsen 799fde1d00 chore: cleanup 4 years ago
Sven Ketelsen a35a2fa42e DEV-375 added smardigo backup application (w.i.p.) 4 years ago
Sven Ketelsen 1ee340fdd3 bugfix: added awx templates 
- create-remote-database-backup
 4 years ago
Sven Ketelsen 68f1c76919 bugfix: timestamp wasn't stabel anymore 4 years ago
Sven Ketelsen 5733b20dc3 bugfix: server creation was broken due to backupuser 4 years ago
Sven Ketelsen b35744a3b3 bugfix: used wrong email address for hetzner key 4 years ago
Sven Ketelsen 0398f7a7ff chore: renamed master into main - consistency 4 years ago
Sven Ketelsen 2c7504c781 chore: renamed master into main - consistency 4 years ago
295 changed files with 17033 additions and 9865 deletions
Show Stats

346
.gitlab-ci.yml
Unescape Escape View File

@ -11,16 +11,18 @@ services:
alias: docker alias: docker
stages: stages:
- ansible-lint - lint
- ansible-builder - ansible-builder
- ansible-run-setup - run-setup
- ansible-run-kubernetes - run-setup-digitalocean
- ansible-patchday - run-kubernetes
- run-management-update
- run-patchday
ansible-lint-job: lint-job:
stage: ansible-lint stage: lint
script: script:
- echo "Running ansible-lint to check for linting violations" - echo "Running lint to check for linting violations"
- ansible-lint -c ansible-lint.cfg - ansible-lint -c ansible-lint.cfg
only: only:
- branches - branches
@ -29,19 +31,19 @@ ansible-lint-job:
tags: tags:
- dind - dind
ansible-builder-job: builder-job:
# A resource group ensures a job is mutually exclusive across different pipelines for the same project. # A resource group ensures a job is mutually exclusive across different pipelines for the same project.
resource_group: deployment resource_group: dev
stage: ansible-builder stage: ansible-builder
before_script: before_script:
- cd ansible-builder - cd ansible-builder
script: script:
- echo "Running ansible-build to build awx execution environment" - echo "Running ansible-builder to build awx execution environment"
- ansible-builder build -v 3 --tag $AWX_EE_DOCKER_IMAGE_EXTERN:latest - ansible-builder build -v 3 --tag $AWX_EE_DOCKER_IMAGE_EXTERN:latest
- docker push $AWX_EE_DOCKER_IMAGE_EXTERN:latest - docker push $AWX_EE_DOCKER_IMAGE_EXTERN:latest
only: only:
refs: refs:
- master - main
changes: changes:
- pip-requirements - pip-requirements
- galaxy-requirements.yml - galaxy-requirements.yml
@ -52,22 +54,30 @@ ansible-builder-job:
- dind - dind
- harbor # 05.02.22 TODO some runners run into timeouts - harbor # 05.02.22 TODO some runners run into timeouts
##################################################################################
.run-ansible:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
######## ########
### https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible%20-%20run ### http://patorjk.com/software/taag/#p=display&f=Doom&t=setup.yml
### ###
### _ _ _ _ _ ### _ _
### (_) | | | | | | | ### | | | |
### __ _ _ __ ___ _| |__ | | ___ ______ _ __ _ _ _ __ ______ ___ ___| |_ _ _ _ __ _ _ _ __ ___ | | ### ___ ___| |_ _ _ _ __ _ _ _ __ ___ | |
### / _` | '_ \/ __| | '_ \| |/ _ \ |______| | '__| | | | '_ \ |______| / __|/ _ \ __| | | | '_ \| | | | '_ ` _ \| | ### / __|/ _ \ __| | | | '_ \| | | | '_ ` _ \| |
### | (_| | | | \__ \ | |_) | | __/ | | | |_| | | | | \__ \ __/ |_| |_| | |_) | |_| | | | | | | | ### \__ \ __/ |_| |_| | |_) | |_| | | | | | | |
### \__,_|_| |_|___/_|_.__/|_|\___| |_| \__,_|_| |_| |___/\___|\__|\__,_| .__(_)__, |_| |_| |_|_| ### |___/\___|\__|\__,_| .__(_)__, |_| |_| |_|_|
### | | __/ | ### | | __/ |
### |_| |___/ ### |_| |___/
ansible-run-setup-1-dev: .run-setup:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .run-ansible
stage: ansible-run-setup stage: run-setup
before_script: script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s) - eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
@ -75,81 +85,76 @@ ansible-run-setup-1-dev:
- chmod 0700 ~/.ssh - chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L - ssh-add -L
script: - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci
- STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci
after_script: after_script:
- rm /tmp/vault-pass - rm /tmp/vault-pass
only:
- master
- schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: dev
ansible-run-setup-2-qa:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest run-setup-digitalocean:
stage: ansible-run-setup extends: .run-ansible
stage: run-setup
before_script: before_script:
- export STAGE=dev
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s) - eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh - mkdir -p ~/.ssh
- chmod 0700 ~/.ssh - chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script: - ssh-add -L
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - ansible-playbook -i stage-digitalocean setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci
- STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci
after_script: after_script:
- rm /tmp/vault-pass - rm /tmp/vault-pass
only: only:
- qa - main
- schedules
tags:
- dind run-setup-dev:
- harbor # 05.02.22 TODO some runners run into timeouts extends: .run-setup
resource_group: dev
before_script:
- export STAGE=dev
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
only:
- main
run-setup-qa:
extends: .run-setup
resource_group: qa resource_group: qa
before_script:
- export STAGE=qa
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
only:
- qa
ansible-run-setup-3-prodnso: run-setup-prodnso:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .run-setup
stage: ansible-run-setup resource_group: prodnso
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=prodnso
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
- STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
only: only:
- prodnso - prodnso
- schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: prodnso
######## ########
### https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible%20-%20run ### This Page: http://patorjk.com/software/taag/#p=display&f=Doom&t=kubernetes.yml
### ###
### _ _ _ _ _ _ _ ### _ _ _ _
### (_) | | | | | | | | | | | ### | | | | | | | |
### __ _ _ __ ___ _| |__ | | ___ ______ _ __ _ _ _ __ ______ | | ___ _| |__ ___ _ __ _ __ ___| |_ ___ ___ _ _ _ __ ___ | | ### | | ___ _| |__ ___ _ __ _ __ ___| |_ ___ ___ _ _ _ __ ___ | |
### / _` | '_ \/ __| | '_ \| |/ _ \ |______| | '__| | | | '_ \ |______| | |/ / | | | '_ \ / _ \ '__| '_ \ / _ \ __/ _ \/ __|| | | | '_ ` _ \| | ### | |/ / | | | '_ \ / _ \ '__| '_ \ / _ \ __/ _ \/ __|| | | | '_ ` _ \| |
### | (_| | | | \__ \ | |_) | | __/ | | | |_| | | | | | <| |_| | |_) | __/ | | | | | __/ || __/\__ \| |_| | | | | | | | ### | <| |_| | |_) | __/ | | | | | __/ || __/\__ \| |_| | | | | | | |
### \__,_|_| |_|___/_|_.__/|_|\___| |_| \__,_|_| |_| |_|\_\\__,_|_.__/ \___|_| |_| |_|\___|\__\___||___(_)__, |_| |_| |_|_| ### |_|\_\\__,_|_.__/ \___|_| |_| |_|\___|\__\___||___(_)__, |_| |_| |_|_|
### __/ | ### __/ |
### |___/ ### |___/
ansible-run-kubernetes-1-dev: .run-kubernetes:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .run-ansible
stage: ansible-run-kubernetes stage: run-kubernetes
before_script: script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s) - eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
@ -157,144 +162,149 @@ ansible-run-kubernetes-1-dev:
- chmod 0700 ~/.ssh - chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L - ssh-add -L
script: - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci
- STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci
after_script: after_script:
- rm /tmp/vault-pass - rm /tmp/vault-pass
only:
- master run-kubernetes-dev:
- schedules extends: .run-kubernetes
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: dev resource_group: dev
before_script:
- export STAGE=dev
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
only:
- main
ansible-run-kubernetes-2-qa: run-kubernetes-qa:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .run-kubernetes
stage: ansible-run-kubernetes resource_group: qa
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=qa
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
- STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
only: only:
- qa - qa
- schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: qa
ansible-run-kubernetes-3-prodnso: run-kubernetes-prodnso:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .run-kubernetes
stage: ansible-run-kubernetes resource_group: prodnso
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=prodnso
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
- STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
only: only:
- prodnso - prodnso
- schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: prodnso
######## ########
### https://patorjk.com/software/taag/#p=display&f=Doom&t=patchday ### http://patorjk.com/software/taag/#p=display&f=Doom&t=smardigo.yml
### _ _ _
### | | | | | |
### _ __ __ _| |_ ___| |__ __| | __ _ _ _
### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | |
### | |_) | (_| | || (__| | | | (_| | (_| | |_| |
### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, |
### | | __/ |
### |_| |___/
### ###
### _ _ _
### | (_) | |
### ___ _ __ ___ __ _ _ __ __| |_ __ _ ___ _ _ _ __ ___ | |
### / __| '_ ` _ \ / _` | '__/ _` | |/ _` |/ _ \| | | | '_ ` _ \| |
### \__ \ | | | | | (_| | | | (_| | | (_| | (_) | |_| | | | | | | |
### |___/_| |_| |_|\__,_|_| \__,_|_|\__, |\___(_)__, |_| |_| |_|_|
### __/ | __/ |
### |___/ |___/
ansible-patchday-1-dev: .run-management-update:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .run-ansible
stage: ansible-patchday stage: run-management-update
before_script: script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s) - eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh - mkdir -p ~/.ssh
- chmod 0700 ~/.ssh - chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script: - ssh-add -L
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci - ansible-playbook -i stage-$STAGE smardigo.yml --vault-password-file=/tmp/vault-pass -l management -t update_configurations -u gitlabci
after_script: after_script:
- rm /tmp/vault-pass - rm /tmp/vault-pass
when: manual
only: only:
- master changes:
tags: - smardigo/**/*
- dind
- harbor # 05.02.22 TODO some runners run into timeouts run-management-update-dev:
extends: .run-management-update
resource_group: dev resource_group: dev
before_script:
- export STAGE=dev
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
only:
- main
ansible-patchday-2-qa: run-management-update-qa:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .run-management-update
stage: ansible-patchday resource_group: qa
before_script: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - export STAGE=qa
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script:
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
- STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
when: manual
only: only:
- qa - qa
- schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
resource_group: qa
ansible-patchday-3-prodnso: run-management-update-prodnso:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest extends: .run-management-update
stage: ansible-patchday resource_group: prodnso
before_script: before_script:
- export STAGE=prodnso
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
only:
- prodnso
########
### http://patorjk.com/software/taag/#p=display&f=Doom&t=patchday.yml
###
### _ _ _ _
### | | | | | | | |
### _ __ __ _| |_ ___| |__ __| | __ _ _ _ _ _ _ __ ___ | |
### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | || | | | '_ ` _ \| |
### | |_) | (_| | || (__| | | | (_| | (_| | |_| || |_| | | | | | | |
### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, (_)__, |_| |_| |_|_|
### | | __/ | __/ |
### |_| |___/ |___/
.run-patchday:
extends: .run-ansible
stage: run-patchday
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s) - eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh - mkdir -p ~/.ssh
- chmod 0700 ~/.ssh - chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
script: - ssh-add -L
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci
after_script: after_script:
- rm /tmp/vault-pass - rm /tmp/vault-pass
timeout: 2h
when: manual when: manual
run-patchday-dev:
extends: .run-patchday
resource_group: dev
before_script:
- export STAGE=dev
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
only: only:
- prodnso - main
- schedules
tags: run-patchday-qa:
- dind extends: .run-patchday
- harbor # 05.02.22 TODO some runners run into timeouts resource_group: qa
before_script:
- export STAGE=qa
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
only:
- qa
run-patchday-prodnso:
extends: .run-patchday
resource_group: prodnso resource_group: prodnso
before_script:
- export STAGE=prodnso
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
only:
- prodnso

2
ansible.cfg
Unescape Escape View File

@ -2,7 +2,7 @@
pipelining = True pipelining = True
host_key_checking = False host_key_checking = False
inventory_plugins = ./inventory_plugins inventory_plugins = ./inventory_plugins
callbacks_enabled = timer callbacks_enabled = profile_tasks
interpreter_python = auto_silent interpreter_python = auto_silent
log_path=last_ansible_run log_path=last_ansible_run
forks = 30 forks = 30

21
create-database-backup.yml
Unescape Escape View File

@ -54,6 +54,16 @@
with_items: "{{ cluster_features }}" with_items: "{{ cluster_features }}"
when: item in ['connect', 'management_connect', 'keycloak', 'webdav', 'gitea', 'workflow_index', 'workflow_proxy', 'pdns'] when: item in ['connect', 'management_connect', 'keycloak', 'webdav', 'gitea', 'workflow_index', 'workflow_proxy', 'pdns']
- name: "Add maria servers to hosts if necessary"
add_host:
name: "{{ stage }}-maria-01"
groups:
- "stage_{{ stage }}"
- "{{ item }}"
changed_when: False
with_items: "{{ cluster_features }}"
when: item in ['connect_wordpress']
############################################################# #############################################################
# Creating database backups for created inventory # Creating database backups for created inventory
############################################################# #############################################################
@ -62,7 +72,7 @@
serial: "{{ serial_number | default(1) }}" serial: "{{ serial_number | default(1) }}"
remote_user: root remote_user: root
vars: vars:
postgres_backup_state: dump database_backup_state: dump
ansible_ssh_host: "{{ stage_server_domain }}" ansible_ssh_host: "{{ stage_server_domain }}"
roles: roles:
@ -75,6 +85,12 @@
- role: keycloak_postgres - role: keycloak_postgres
when: "'keycloak' in group_names" when: "'keycloak' in group_names"
# - role: pdns_admin_postgres
# when: "'pdns' in group_names"
# - role: pdns_postgres
# when: "'pdns' in group_names"
- role: webdav_postgres - role: webdav_postgres
when: "'webdav' in group_names" when: "'webdav' in group_names"
@ -84,6 +100,9 @@
- role: workflow_proxy_postgres - role: workflow_proxy_postgres
when: "'workflow_proxy' in group_names" when: "'workflow_proxy' in group_names"
- role: connect_wordpress_maria
when: "'connect_wordpress' in group_names"
############################################################# #############################################################
# Sending smardigo management message to process # Sending smardigo management message to process
############################################################# #############################################################

17
create-database.yml
Unescape Escape View File

@ -58,7 +58,7 @@
- "{{ item }}" - "{{ item }}"
changed_when: False changed_when: False
with_items: "{{ cluster_features }}" with_items: "{{ cluster_features }}"
when: item in ['connect', 'management_connect', 'keycloak', 'webdav', 'gitea', 'workflow_index', 'workflow_proxy', 'pdns'] when: item in ['confirm', 'connect', 'management_connect', 'keycloak', 'webdav', 'gitea', 'workflow_index', 'workflow_proxy', 'pdns']
- name: "Add maria servers to hosts if necessary" - name: "Add maria servers to hosts if necessary"
add_host: add_host:
@ -88,9 +88,18 @@
- always - always
roles: roles:
- role: confirm_postgres
when: "'confirm' in group_names"
- role: connect_postgres - role: connect_postgres
when: "'connect' in group_names" when: "'connect' in group_names"
- role: gitea_postgres
when: "'gitea' in group_names"
- role: keycloak_postgres
when: "'keycloak' in group_names"
- role: pdns_postgres - role: pdns_postgres
vars: vars:
initialize: True initialize: True
@ -101,12 +110,6 @@
initialize: True initialize: True
when: "'pdns' in group_names" when: "'pdns' in group_names"
- role: gitea_postgres
when: "'gitea' in group_names"
- role: keycloak_postgres
when: "'keycloak' in group_names"
- role: webdav_postgres - role: webdav_postgres
when: "'webdav' in group_names" when: "'webdav' in group_names"

2
create-kibana-objects.yml
Unescape Escape View File

@ -61,7 +61,7 @@
vars: vars:
ansible_connection: local ansible_connection: local
ansible_ssh_host: "{{ stage_server_domain }}" ansible_ssh_host: "{{ stage_server_domain }}"
api_endpoint: '{{ stage }}-elastic-stack-kibana-01-kibana.{{ domain }}' kibana_api_endpoint: '{{ shared_service_elastic_stack_kibana_01_hostname }}-kibana.{{ domain }}'
elastic_state: present elastic_state: present
elastic_users: elastic_users:
- -

16
create-remote-database-backup.yml
Unescape Escape View File

@ -11,6 +11,7 @@
# Parameters: # Parameters:
# playbook inventory # playbook inventory
# stage := the name of the stage (e.g. dev, int, qa, prod) # stage := the name of the stage (e.g. dev, int, qa, prod)
# database_engine := the database engine to generate a complete backup for (e.g. postgres, maria)
# smardigo message callback # smardigo message callback
# scope_id := (scope id of the management process) # scope_id := (scope id of the management process)
# process_instance_id := (process instance id of the management process) # process_instance_id := (process instance id of the management process)
@ -50,7 +51,7 @@
changed_when: False changed_when: False
- name: "Add 'storage' servers to hosts if necessary" - name: "Add 'storage' servers to hosts if necessary"
add_host: add_host:
name: "{{ stage }}-fgrz-01" name: "{{ stage }}-backup-01"
groups: groups:
- "stage_{{ stage }}" - "stage_{{ stage }}"
- storage - storage
@ -62,6 +63,11 @@
- hosts: "postgres:maria" - hosts: "postgres:maria"
serial: "{{ serial_number | default(1) }}" serial: "{{ serial_number | default(1) }}"
gather_facts: false
vars:
ansible_ssh_host: "{{ stage_server_domain }}"
current_date_time: '{{ get_current_date_time }}'
tasks: tasks:
- name: "Trigger backup mechanism" - name: "Trigger backup mechanism"
include_role: include_role:
@ -74,8 +80,11 @@
- hosts: "postgres:maria:storage" - hosts: "postgres:maria:storage"
serial: "{{ serial_number | default(5) }}" serial: "{{ serial_number | default(5) }}"
gather_facts: false
vars: vars:
ansible_ssh_host: "{{ stage_server_domain }}"
storageserver_system_user: 'backuphamster' storageserver_system_user: 'backuphamster'
tasks: tasks:
# I could not get it up and running with <synchronize> module # I could not get it up and running with <synchronize> module
# to sync data from remote server A to remote server B # to sync data from remote server A to remote server B
@ -83,7 +92,8 @@
become: yes become: yes
become_user: '{{ storageserver_system_user }}' become_user: '{{ storageserver_system_user }}'
vars: vars:
database_server_ip: "{{ stage }}-{{ database_engine }}-01.{{ domain }}" # should work with non-fqdn due to existing entry in /etc/hosts
database_server_ip: "{{ stage }}-{{ database_engine }}-01"
shell: '/home/{{ storageserver_system_user }}/pull_remote_backups.sh {{ database_server_ip }} {{ stage }} {{ database_engine }}' shell: '/home/{{ storageserver_system_user }}/pull_remote_backups.sh {{ database_server_ip }} {{ stage }} {{ database_engine }}'
when: when:
- inventory_hostname in groups['storage'] - inventory_hostname in groups['storage']
@ -91,7 +101,7 @@
- name: "Cleanup remote backup dirs: {{ database_engine }}" - name: "Cleanup remote backup dirs: {{ database_engine }}"
become: yes become: yes
file: file:
path: '{{ backup_directory }}/{{ database_engine }}/{{ ansible_date_time.date }}' path: '{{ backup_directory }}/{{ database_engine }}/{{ get_current_date }}'
state: absent state: absent
when: when:
- not inventory_hostname in groups['storage'] - not inventory_hostname in groups['storage']

2
create-server.yml
Unescape Escape View File

@ -43,6 +43,7 @@
groups: groups:
- "stage_{{ stage }}" - "stage_{{ stage }}"
- "{{ cluster_service }}" - "{{ cluster_service }}"
- hcloud
with_sequence: start=1 end={{ cluster_size | default(1) }} with_sequence: start=1 end={{ cluster_size | default(1) }}
changed_when: False changed_when: False
@ -52,6 +53,7 @@
- hosts: "stage_{{ stage }}:!{{ stage }}-virtual-host-to-read-groups-vars" - hosts: "stage_{{ stage }}:!{{ stage }}-virtual-host-to-read-groups-vars"
serial: "{{ serial_number | default(5) }}" serial: "{{ serial_number | default(5) }}"
remote_user: root
gather_facts: false gather_facts: false
pre_tasks: pre_tasks:

6
elastic-certs.sh
Unescape Escape View File

@ -1,3 +1,9 @@
#!/bin/bash #!/bin/bash
if [ "x$1" == "x" ];then
echo "Stage as param \$1 is missing. exit"
exit 1
fi
docker run -v `pwd`/templates/elastic-certs:/certs -v `pwd`/templates/elastic-certs/$1-instances.yaml:/usr/share/elasticsearch/config/certificates/$1-instances.yml docker.elastic.co/elasticsearch/elasticsearch:7.12.0 /bin/sh "/certs/certutil.sh" $1 docker run -v `pwd`/templates/elastic-certs:/certs -v `pwd`/templates/elastic-certs/$1-instances.yaml:/usr/share/elasticsearch/config/certificates/$1-instances.yml docker.elastic.co/elasticsearch/elasticsearch:7.12.0 /bin/sh "/certs/certutil.sh" $1

99
export-database.yml
Unescape Escape View File

@ -0,0 +1,99 @@
---
# Parameters:
# playbook inventory
# stage := the name of the stage (e.g. dev, int, qa, prod)
# tenant_id := (unique key for the tenant, e.g. customer)
# cluster_name := (business name for the cluster, e.g. product, department )
# cluster_size := (WIP node count for the cluster)
# cluster_service := (service to setup, e.g. 'connect', ...)
# cluster_features := (optional features to use, e.g. ['wordpress', 'resubmission', ...])
# database_backup_file := the dump file to export, has to be on the database server under /tmp (e.g. wordpress_portal.sql)
# target_database := (optional) the database to export into ( see {{ connect_wordpress_maria_database }})
# smardigo message callback
# scope_id := (scope id of the management process)
# process_instance_id := (process instance id of the management process)
# smardigo_management_action := (smardigo management action anme of the management process)
#############################################################
# Creating inventory dynamically for given parameters
#############################################################
- hosts: localhost
connection: local
gather_facts: false
pre_tasks:
- name: "Check if ansible version is at least 2.10.x"
assert:
that:
- ansible_version.major >= 2
- ansible_version.minor >= 10
msg: "The ansible version has to be at least ({{ ansible_version.full }})"
# add virtual server to load stage specific variables as context
- name: "Add <{{ stage }}-virtual-host-to-read-groups-vars> to hosts"
add_host:
name: "{{ stage }}-virtual-host-to-read-groups-vars"
groups:
- "stage_{{ stage }}"
changed_when: False
tasks:
- name: Add maria servers to hosts if necessary
add_host:
name: "{{ stage }}-maria-01"
groups:
- "stage_{{ stage }}"
- "{{ item }}"
changed_when: False
with_items: "{{ cluster_features }}"
when: item in ['connect_wordpress']
#############################################################
# exporting database backups for created inventory
#############################################################
- hosts: "stage_{{ stage }}:!{{ stage }}-virtual-host-to-read-groups-vars"
serial: "{{ serial_number | default(1) }}"
remote_user: root
vars:
ansible_ssh_host: "{{ stage_server_domain }}"
pre_tasks:
- name: "export autodiscover pre-tasks"
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
roles:
- role: export_maria_database
vars:
database_backup_file: "{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-wordpress.sql.gz"
when:
- "'connect_wordpress' in group_names"
- "target_database is defined"
- role: export_maria_database
vars:
target_database: "{{ connect_wordpress_maria_database }}"
database_backup_file: "{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-wordpress.sql.gz"
when:
- "'connect_wordpress' in group_names"
#############################################################
# Sending smardigo management message to process
#############################################################
- hosts: "{{ stage }}-virtual-host-to-read-groups-vars"
serial: "{{ serial_number | default(1) }}"
gather_facts: false
connection: local
run_once: true
vars:
connect_jwt_username: "{{ management_admin_username }}"
tasks:
- name: "Sending smardigo management message to <{{ smardigo_management_url }}>"
include_tasks: tasks/smardigo_management_message.yml

4
external_monitoring.yml
Unescape Escape View File

@ -46,10 +46,6 @@
tags: tags:
- ssh_hardening - ssh_hardening
- name: "Install node-exporter via include_role"
include_role:
name: cloudalchemy.node-exporter
- name: "Install blackbox-exporter via include_role" - name: "Install blackbox-exporter via include_role"
include_role: include_role:
name: cloudalchemy.blackbox-exporter name: cloudalchemy.blackbox-exporter

2
galaxy-requirements.yml
Unescape Escape View File

@ -20,6 +20,8 @@ roles:
version: v3.6.1 version: v3.6.1
src: https://github.com/Oefenweb/ansible-postfix.git src: https://github.com/Oefenweb/ansible-postfix.git
scm: git scm: git
- name: geerlingguy.mysql
version: 3.3.2
collections: collections:
- name: hetzner.hcloud - name: hetzner.hcloud

60
gitlab-mirrors.yml
Unescape Escape View File

@ -0,0 +1,60 @@
---
# Parameters:
# playbook inventory
# stage := the name of the stage (e.g. dev, int, qa, prod)
# environment variable
# GITLAB_API_TOKEN := Access token from gitlab
#############################################################
# Creating inventory dynamically for given parameters
#############################################################
- hosts: localhost
gather_facts: false
connection: local
tasks:
- name: Add hosts
add_host:
name: "{{ stage }}-gitlab"
groups: "{{ ['stage_' + stage ] }}"
#############################################################
# Creating gitlab mirrors for current stage
#############################################################
- hosts: "stage_{{ stage }}"
serial: "{{ serial_number | default(1) }}"
gather_facts: false
connection: local
vars:
projects:
- id: 1210
name: argocd
- id: 1216
name: operator-awx
- id: 1212
name: operator-jaeger
- id: 1231
name: operator-knative
- id: 1233
name: smardigo-awx
- id: 1232
name: smardigo-jaeger
pre_tasks:
- name: "Add repository remote mirror to project"
delegate_to: 127.0.0.1
become: false
uri:
url: "https://git.dev-at.de/api/v4/projects/{{ item.id }}/remote_mirrors"
method: POST
body_format: json
body:
enabled: true
only_protected_branches: true
url: "https://{{ gitea_admin_username }}:{{ gitea_admin_password }}@{{ shared_service_gitea_hostname }}/argocd/{{ item.name }}.git"
headers:
PRIVATE-TOKEN: "{{ lookup('env', 'GITLAB_API_TOKEN') }}"
status_code: [201]
loop: "{{ projects }}"

4
group_vars/all/connect.yml
Unescape Escape View File

@ -0,0 +1,4 @@
---
connect_client_admin_username: "connect-admin"
connect_realm_admin_username: "connect-realm-admin"

269
group_vars/all/firewall.yml
Unescape Escape View File

@ -0,0 +1,269 @@
---
hcloud_firewall_objects:
-
name: "{{ stage }}-default"
state: present
rules:
-
direction: in
protocol: icmp
port: ''
source_ips: '{{ ip_whitelist }}'
destination_ips: []
description: ICMP allowed
-
direction: in
protocol: tcp
port: '22'
source_ips: '{{ ip_whitelist }}'
destination_ips: []
description: SSH allowed
-
direction: in
protocol: tcp
port: '80'
source_ips: '{{ ip_whitelist }}'
destination_ips: []
description: HTTP allowed
-
direction: in
protocol: tcp
port: '443'
source_ips: '{{ ip_whitelist }}'
destination_ips: []
description: HTTPS allowed
-
direction: in
protocol: tcp
port: 'any'
source_ips: '{{ ip_whitelist_admins }}'
destination_ips: []
description: TCP - allow work from home without VPN
-
direction: in
protocol: udp
port: 'any'
source_ips: '{{ ip_whitelist_admins }}'
destination_ips: []
description: UDP - allow work from home without VPN
apply_to:
-
type: label_selector
label_selector:
selector: 'stage={{ stage }}'
-
name: "{{ stage }}-monitoring"
state: present
rules:
-
direction: in
protocol: tcp
port: '9080-9085'
source_ips: '{{ ip_whitelist }}'
destination_ips: []
description: 'Server/Service Monitoring'
-
direction: in
protocol: tcp
port: '9001'
source_ips: '{{ ip_whitelist }}'
destination_ips: []
description: 'PgAdmin'
-
direction: in
protocol: tcp
port: '9187'
source_ips: '{{ ip_whitelist }}'
destination_ips: []
description: 'Postgres-Exporter'
apply_to:
-
type: label_selector
label_selector:
selector: 'stage={{ stage }}'
-
name: "{{ stage }}-monitoring-extern-https"
state: present
rules:
-
direction: in
protocol: tcp
port: '443'
source_ips:
- "{{ lookup('community.general.dig', 'dev-blackbox-01.smardigo.digital' ) }}/32"
destination_ips: []
description: null
apply_to:
-
type: label_selector
label_selector:
selector: 'service=connect'
-
type: label_selector
label_selector:
selector: 'service=keycloak'
hcloud_firewall_objects_awx:
-
name: "{{ stage }}-awx-ssh-access-for-k8s-nodes"
state: present
rules:
-
direction: in
protocol: tcp
port: '22'
source_ips: "{{ awx_source_ips }}"
destination_ips: []
description: null
apply_to:
-
type: label_selector
label_selector:
selector: 'stage={{ stage }}'
hcloud_firewall_objects_backup:
-
name: "{{ stage }}-backup-ssh-access"
state: present
rules:
-
direction: in
protocol: tcp
port: '22'
source_ips:
- "{{ offsite_storage_server_ip }}"
destination_ips: []
description: null
apply_to:
-
type: label_selector
label_selector:
selector: 'service=backup'
hcloud_firewall_objects_gitea:
-
name: "{{ stage }}-access-to-gitea"
state: present
rules:
-
direction: in
protocol: tcp
port: '443'
source_ips: "{{ ip_whitelist }}"
destination_ips: []
description: "Allow access for whitelisted ips"
-
direction: in
protocol: tcp
port: '443'
source_ips: "{{ [shared_service_network] + awx_source_ips }}"
destination_ips: []
description: "Allow access for kubernetes worker nodes"
-
direction: in
protocol: tcp
port: '443'
source_ips: "{{ [shared_service_network] + (gitea_https_whitelisted_ips | default([])) }}"
destination_ips: []
description: "Allow access for custom whitelisted ips"
apply_to:
-
type: label_selector
label_selector:
selector: 'service=gitea'
hcloud_firewall_objects_keycloak:
-
name: "{{ stage }}-access-to-keycloak"
state: present
rules:
-
direction: in
protocol: tcp
port: '443'
source_ips: "{{ ip_whitelist }}"
destination_ips: []
description: "Allow access for whitelisted ips"
-
direction: in
protocol: tcp
port: '443'
source_ips: "{{ [shared_service_network] + awx_source_ips }}"
destination_ips: []
description: "Allow access for kubernetes worker nodes"
-
direction: in
protocol: tcp
port: '443'
source_ips: "{{ [shared_service_network] + (keycloak_https_whitelisted_ips | default([])) }}"
destination_ips: []
description: "Allow access for custom whitelisted ips"
apply_to:
-
type: label_selector
label_selector:
selector: 'service=keycloak'
hcloud_firewall_objects_kibana:
-
name: "{{ stage }}-access-to-kibana"
state: present
rules:
-
direction: in
protocol: tcp
port: '443'
source_ips: "{{ ip_whitelist }}"
destination_ips: []
description: "Allow access for whitelisted ips"
-
direction: in
protocol: tcp
port: '443'
source_ips: "{{ [shared_service_network] + awx_source_ips }}"
destination_ips: []
description: "Allow access for kubernetes worker nodes"
-
direction: in
protocol: tcp
port: '443'
source_ips: "{{ [shared_service_network] + (kibana_https_whitelisted_ips | default([])) }}"
destination_ips: []
description: "Allow access for custom whitelisted ips"
apply_to:
-
type: label_selector
label_selector:
selector: 'service=kibana'
hcloud_firewall_objects_management:
-
name: "{{ stage }}-access-to-management"
state: present
rules:
-
direction: in
protocol: tcp
port: '443'
source_ips: "{{ ip_whitelist }}"
destination_ips: []
description: "Allow access for whitelisted ips"
-
direction: in
protocol: tcp
port: '443'
source_ips: "{{ [shared_service_network] + awx_source_ips }}"
destination_ips: []
description: "Allow access for kubernetes worker nodes"
-
direction: in
protocol: tcp
port: '443'
source_ips: "{{ [shared_service_network] + (management_https_whitelisted_ips | default([])) }}"
destination_ips: []
description: "Allow access for custom whitelisted ips"
apply_to:
-
type: label_selector
label_selector:
selector: 'service=connect,tenant=management'

244
group_vars/all/plain.yml
Unescape Escape View File

@ -1,4 +1,5 @@
--- ---
ansible_managed: 'do not edit manually - file powered by ansible'
debug: false debug: false
ssh_macs: ssh_macs:
@ -39,6 +40,7 @@ common_apt_dependencies:
- zip - zip
- curl - curl
- htop - htop
- iotop
- net-tools - net-tools
- bash-completion - bash-completion
- python3-pip - python3-pip
@ -64,14 +66,17 @@ awx_credential_machine_hetzner_name: hetzner-ansible-ssh
gitlab_ansible_user_name: "gitlabci" gitlab_ansible_user_name: "gitlabci"
backupuser_user_name: backupuser
# used for root-access by hetzner on server creation (@see cloud console/security/ssh-keys) # used for root-access by hetzner on server creation (@see cloud console/security/ssh-keys)
hetzner_ssh_keys: hetzner_ssh_keys:
- "claus.paetow@netgo.de" - "claus.paetow@netgo.de"
- "friedrich.goerz@netgo.de" - "friedrich.goerz@netgo.de"
- "peter.heise@netgo.de" - "peter.heise@netgo.de"
- "sven.ketelsen@netgo.de" - "sven.ketelsen@netgo.de"
- "michael.haehnel@netgo.de"
- "{{ awx_ansible_user_name }}@netgo.de" - "{{ awx_ansible_user_name }}@netgo.de"
- "{{ gitlab_ansible_user_name }}@netgo.de" - "{{ gitlab_ansible_user_name }}@git.dev-at.de"
hetzner_server_labels: "stage={{ stage }}" hetzner_server_labels: "stage={{ stage }}"
@ -99,25 +104,27 @@ sudo_group: "{{ sudo_groups
| replace('.','-') }}" | replace('.','-') }}"
# whitelist for outdated user detection - they wont't be deleted at all # whitelist for outdated user detection - they wont't be deleted at all
default_plattform_users: default_users:
- 'nobody' - 'nobody'
- 'elastic' - 'elastic'
- 'postgres' - 'postgres'
- 'administrator' - 'administrator'
- '{{ admin_user }}' - '{{ admin_user }}'
- '{{ backupuser_username }}'
smardigo_plattform_users: default_plattform_users:
- 'claus.paetow' - 'claus.paetow'
- 'friedrich.goerz' - 'friedrich.goerz'
- 'peter.heise' - 'peter.heise'
- 'sven.ketelsen' - 'sven.ketelsen'
- 'michael.haehnel'
- 'philipp.eichhorn'
- '{{ awx_ansible_user_name }}' - '{{ awx_ansible_user_name }}'
- '{{ gitlab_ansible_user_name }}' - '{{ gitlab_ansible_user_name }}'
smardigo_plattform_users: "{{ default_plattform_users + custom_plattform_users | default([]) }}"
ip_whitelist_admins: ip_whitelist_admins:
- "79.215.10.239/32" # sven - "87.150.33.14/32" # sven
- "212.86.56.112/32" # peter
ip_whitelist: ip_whitelist:
- "212.121.131.106/32" # netgo berlin - "212.121.131.106/32" # netgo berlin
@ -125,9 +132,7 @@ ip_whitelist:
- "46.245.219.98/32" # netgo borken - "46.245.219.98/32" # netgo borken
- "{{ shared_service_network }}" - "{{ shared_service_network }}"
# for test purpose DEV-361 offsite_storage_server_ip: 142.132.155.83/32
# currently (2022.03.18) set to IP of hetzner VM
gitlab_storage_server: 167.235.18.147/32
docker_owner: "{{ admin_user }}" docker_owner: "{{ admin_user }}"
docker_group: "{{ admin_user }}" docker_group: "{{ admin_user }}"
@ -137,12 +142,13 @@ docker_compose_path: "/usr/bin/docker-compose"
service_base_path: '/etc/smardigo' service_base_path: '/etc/smardigo'
gitea_admin_email: "nso.devops@netgo.de" devops_email_address: "nso.devops@netgo.de"
lets_encrypt_email: "nso.devops@netgo.de" gitea_admin_email: '{{ devops_email_address }}'
connect_admin_email: "nso.devops@netgo.de" lets_encrypt_email: '{{ devops_email_address }}'
keycloak_admin_email: "nso.devops@netgo.de" connect_admin_email: '{{ devops_email_address }}'
pgadmin4_admin_email: "nso.devops@netgo.de" keycloak_admin_email: '{{ devops_email_address }}'
harbor_oidc_admin_email: "nso.devops@netgo.de" pgadmin4_admin_email: '{{ devops_email_address }}'
harbor_oidc_admin_email: '{{ devops_email_address }}'
http_port: "80" http_port: "80"
https_port: "443" https_port: "443"
@ -197,121 +203,8 @@ blackbox_http_2xx_additional_targets: []
prometheus_federation_enabled: true prometheus_federation_enabled: true
kubernetes_prometheus_endpoint: "{{ stage }}-kube-prometheus.{{ domain }}" kubernetes_prometheus_endpoint: "{{ stage }}-kube-prometheus.{{ domain }}"
backupuser_username: backupuser get_current_date: "{{ lookup('pipe','date +%Y-%m-%d') }}"
backupuser_ssh_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAFRYAy3PqimYUWcO4Q9pdTvDQTsq7hKjWYoQEsJICnRRv+W+5d2lJvC3gqMpmWy9XxtrYePkVHCgIvfJSas9Jv7n7eeYoeWLWJq0nRSKg6EKFCH9y3v8tGPJQQf7wogOhHwr6m79c+lpNVUsVR+QOf76+47ZuwnuEBzK6xbDkmwyt7SPrJ59IFxOlmtz2HgVlTLczLalMygM4qlXqIt+lwuuFz4CsGcr4TwMKp9Uk6SCP3OV12oLnUUUOA3r72qmE4+JeUN6VNbXoBXEANfXm5kbM8w+dFhulCi1fQZCssB8PStA7Cs0gVqL6DYNUKRZaFL8e77hljGkPlOQDxOsBexPuceSDmmr6s5qT1wA6bnEFoeWbLlxixGlFA+1Q/LqWsYzoOZiTHDoaXvsc4VizlPp4Fn0OgJefPjuzBsWOyf0ob5oucfnmCAvEh/k+ioq0bIQDcliAM1UezitblHQgGHhqnKPMi664i0ULLiExARe4IV3KJiaG++RJyzUL5HNz3Qru+K5/pdj2jffluYTC4w+6ZYfjWEZS/DAumExv9T97kFOsapHCQJwTBa368Ch6uKkPCZO8p/ra3xTIUh/PibHaVCadgX2NR9q6jdiQtmc0SOyNJlMlPZD/Q1NrjXJ18ASny7gCBFItMyMtinVx9xQxQ+PFLB8oNYERw1ejIw== storage-server-smardigo' get_current_date_time: "{{ lookup('pipe','date +%Y-%m-%d_%H:%M') }}"
current_date_time: "{{ lookup('pipe','date +%Y-%m-%d_%H:%M') }}"
hcloud_firewall_objects:
-
name: "{{ stage }}-default"
state: present
rules:
-
direction: in
protocol: icmp
port: ''
source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
destination_ips: []
description: ICMP allowed
-
direction: in
protocol: tcp
port: '22'
source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
destination_ips: []
description: SSH allowed
-
direction: in
protocol: tcp
port: '80'
source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
destination_ips: []
description: HTTP allowed
-
direction: in
protocol: tcp
port: '443'
source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
destination_ips: []
description: HTTPS allowed
-
direction: in
protocol: tcp
port: 'any'
source_ips: '{{ ip_whitelist_admins }}'
destination_ips: []
description: TCP - allow work from home without VPN
-
direction: in
protocol: udp
port: 'any'
source_ips: '{{ ip_whitelist_admins }}'
destination_ips: []
description: UDP - allow work from home without VPN
apply_to:
-
type: label_selector
label_selector:
selector: 'stage={{ stage }}'
-
name: "{{ stage }}-monitoring"
state: present
rules:
-
direction: in
protocol: tcp
port: '9080-9085'
source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
destination_ips: []
description: 'Server/Service Monitoring'
-
direction: in
protocol: tcp
port: '9001'
source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
destination_ips: []
description: 'PgAdmin'
-
direction: in
protocol: tcp
port: '9187'
source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
destination_ips: []
description: 'Postgres-Exporter'
-
direction: in
protocol: tcp
port: '80'
source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
destination_ips: []
description: 'AWX'
apply_to:
-
type: label_selector
label_selector:
selector: 'stage={{ stage }}'
-
name: "{{ stage }}-monitoring-extern-https"
state: present
rules:
-
direction: in
protocol: tcp
port: '443'
source_ips:
- "{{ lookup('community.general.dig', 'dev-blackbox-01.smardigo.digital' ) }}/32"
destination_ips: []
description: null
apply_to:
-
type: label_selector
label_selector:
selector: 'service=connect'
-
type: label_selector
label_selector:
selector: 'service=keycloak'
hetzner_authentication_ansible: "{{ hetzner_authentication_ansible_vault }}" hetzner_authentication_ansible: "{{ hetzner_authentication_ansible_vault }}"
hetzner_authentication_ccm: "{{ hetzner_authentication_ccm_vault }}" hetzner_authentication_ccm: "{{ hetzner_authentication_ccm_vault }}"
@ -321,83 +214,14 @@ k8s_basic_services:
- kubelet - kubelet
- containerd - containerd
hcloud_firewall_objects_awx: selfsigned_ca_private_key_passphrase: '{{ selfsigned_ca_private_key_passphrase_vault }}'
-
name: "{{ stage }}-awx-ssh-access-for-k8s-nodes" prometheus_alert_diskspaceusage_warning: 85
state: present prometheus_alert_pg_replication_lag: 120
rules:
- # hetzner upstream DNSservers
direction: in upstream_dns_servers:
protocol: tcp - 185.12.64.1
port: '22' - 185.12.64.2
source_ips: "{{ src_ips }}"
destination_ips: [] wordpress_haproxy_admin_password: "{{ wordpress_haproxy_admin_password_vault | default('haproxy-admin') }}"
description: null
apply_to:
-
type: label_selector
label_selector:
selector: 'stage={{ stage }}'
-
name: "{{ stage }}-awx-access-SMA-mgmt-instance"
state: present
rules:
-
direction: in
protocol: tcp
port: '443'
source_ips: "{{ src_ips }}"
destination_ips: []
description: null
apply_to:
-
type: label_selector
label_selector:
selector: 'service=connect,tenant=management'
-
name: "{{ stage }}-awx-access-443-SMA-peripheral-instances"
state: present
rules:
-
direction: in
protocol: tcp
port: '443'
source_ips: "{{ src_ips }}"
destination_ips: []
description: null
apply_to:
-
type: label_selector
label_selector:
selector: 'service=gitea'
-
type: label_selector
label_selector:
selector: 'service=keycloak'
-
type: label_selector
label_selector:
selector: 'service=kibana'
hcloud_firewall_objects_backup:
-
name: "{{ stage }}-database-backup-ssh-access"
state: present
rules:
-
direction: in
protocol: tcp
port: '22'
source_ips:
- "{{ gitlab_storage_server }}"
destination_ips: []
description: null
apply_to:
-
type: label_selector
label_selector:
selector: 'service=postgres'
-
type: label_selector
label_selector:
selector: 'service=maria'

6
group_vars/bastelserver/plain.yml → group_vars/backup/plain.yml
Unescape Escape View File

@ -1,9 +1,11 @@
--- ---
#TODO needs to be removed after story DEV-361 is finished #TODO needs to be removed after story DEV-361 is finished
hetzner_server_type: "{{ hetzner_server_type_bastelserver | default('cx21') }}" hetzner_server_type: "{{ hetzner_server_type_bastelserver | default('cx21') }}"
hetzner_server_labels: "stage={{ stage }} service=bastelserver" hetzner_server_labels: "stage={{ stage }} service=backup"
docker_enabled: false docker_enabled: false
traefik_enabled: false traefik_enabled: false
filebeat_enabled: false filebeat_enabled: false
node_exporter_enabled: false
custom_plattform_users:
- backuphamster

5
group_vars/connect/plain.yml
Unescape Escape View File

@ -33,10 +33,5 @@ connect_iam_user_management_url: "{{ http_s }}://{{ shared_service_keycloak_host
connect_mail_properties_simulation: false connect_mail_properties_simulation: false
connect_loglevel_message_queue: "DEBUG"
connect_loglevel_document_index: "DEBUG"
connect_loglevel_workflow_index: "DEBUG"
connect_loglevel_workflow_analysis: "DEBUG"
connect_csrf_token_name: "21f4d682-dbad-45e5-b3b5-47d274b9772d" connect_csrf_token_name: "21f4d682-dbad-45e5-b3b5-47d274b9772d"
connect_csrf_token_value: "4d2ef8cc-f7d9-46d4-b4d6-f20f9dc48040" connect_csrf_token_value: "4d2ef8cc-f7d9-46d4-b4d6-f20f9dc48040"

4
group_vars/connect_wordpress/plain.yml → group_vars/connect_wordpress/main.yml
Unescape Escape View File

@ -1,6 +1,6 @@
--- ---
connect_wordpress_maria_host: "{{ shared_service_maria_hostname }}" connect_wordpress_maria_host: "mariaproxy"
connect_wordpress_maria_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_connect_wordpress" connect_wordpress_maria_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_connect_wordpress"
connect_wordpress_maria_username: "{{ connect_wordpress_maria_database }}" connect_wordpress_maria_username: "{{ connect_wordpress_maria_database }}"
connect_wordpress_maria_password: "connect-wordpress-maria-admin" connect_wordpress_maria_password: "connect-wordpress-maria-admin"
@ -11,4 +11,4 @@ connect_wordpress_oidc_client_id: "{{ cluster_name }}"
connect_wordpress_oidc_client_secret: "{{ cluster_name }}" connect_wordpress_oidc_client_secret: "{{ cluster_name }}"
connect_wordpress_buergerportal_username: "buergerportal" connect_wordpress_buergerportal_username: "buergerportal"
connect_wordpress_buergerportal_password: "buergerportal" connect_wordpress_buergerportal_password: "Buerger?P0rtal."

3
group_vars/connect_workflow_heatmap/main.yml
Unescape Escape View File

@ -0,0 +1,3 @@
---
connect_workflow_heatmap_enabled: "true"

68
group_vars/harbor/plain.yml
Unescape Escape View File

@ -2,3 +2,71 @@
hetzner_server_type: cpx31 hetzner_server_type: cpx31
hetzner_server_labels: "stage={{ stage }} service=harbor" hetzner_server_labels: "stage={{ stage }} service=harbor"
filebeat_inputs:
- type: log
paths:
- /var/log/harbor/portal.log
fields:
harbor: true
harbor-component: harbor-portal
- type: log
paths:
- /var/log/harbor/exporter.log
fields:
harbor: true
harbor-component: harbor-exporter
- type: log
paths:
- /var/log/harbor/redis.log
fields:
harbor: true
harbor-component: redis
- type: log
paths:
- /var/log/harbor/registryctl.log
fields:
harbor: true
harbor-component: registryctl
- type: log
paths:
- /var/log/harbor/chartmuseum.log
fields:
harbor: true
harbor-component: chartmuseum
- type: log
paths:
- /var/log/harbor/trivy-adapter.log
fields:
harbor: true
harbor-component: trivy-adapter
- type: log
paths:
- /var/log/harbor/postgresql.log
fields:
harbor: true
harbor-component: harbor-db
- type: log
paths:
- /var/log/harbor/jobservice.log
fields:
harbor: true
harbor-component: harbor-jobservice
- type: log
paths:
- /var/log/harbor/proxy.log
fields:
harbor: true
harbor-component: nginx
- type: log
paths:
- /var/log/harbor/registry.log
fields:
harbor: true
harbor-component: registry
- type: log
paths:
- /var/log/harbor/core.log
fields:
harbor: true
harbor-component: harbor-core

1
group_vars/kube_control_plane/plain.yml
Unescape Escape View File

@ -6,4 +6,3 @@ hetzner_server_labels: "stage={{ stage }} service=kube_control_plane"
docker_enabled: false docker_enabled: false
traefik_enabled: false traefik_enabled: false
filebeat_enabled: false filebeat_enabled: false
node_exporter_enabled: false

1
group_vars/kube_node/plain.yml
Unescape Escape View File

@ -6,4 +6,3 @@ hetzner_server_labels: "stage={{ stage }} service=kube_node"
docker_enabled: false docker_enabled: false
traefik_enabled: false traefik_enabled: false
filebeat_enabled: false filebeat_enabled: false
node_exporter_enabled: false

8
group_vars/management/plain.yml
Unescape Escape View File

@ -2,13 +2,15 @@
hetzner_server_type: cx21 hetzner_server_type: cx21
connect_image_version: "latest" connect_image_version: "9.0"
connect_admin_username: "{{ management_admin_username }}" connect_client_admin_username: "{{ management_admin_username }}"
connect_admin_password: "{{ management_admin_password }}" connect_client_admin_password: "{{ management_admin_password }}"
connect_workflow_env: "stage:{{ stage }};smardigoUserToken:{{ smardigo_auth_token_value }}" connect_workflow_env: "stage:{{ stage }};smardigoUserToken:{{ smardigo_auth_token_value }}"
connect_process_search_module: "external" connect_process_search_module: "external"
connect_oidc_client_secret: "{{ management_oidc_client_secret }}" connect_oidc_client_secret: "{{ management_oidc_client_secret }}"
connect_external_task_script_worker_enabled: "true"
spring_profiles_include: "prod,postgres,elastic,swagger" spring_profiles_include: "prod,postgres,elastic,swagger"
tenant_id: "{{ management_oidc_realm }}" tenant_id: "{{ management_oidc_realm }}"

7
group_vars/maria/plain.yml
Unescape Escape View File

@ -7,6 +7,9 @@ mysql_databases: []
mysql_users: [] mysql_users: []
docker_enabled: false
traefik_enabled: false traefik_enabled: false
filebeat_enabled: false
filebeat_maria_enabled: true
custom_plattform_users:
- '{{ backupuser_user_name }}'

7
group_vars/postgres/plain.yml
Unescape Escape View File

@ -5,6 +5,9 @@ hetzner_server_labels: "stage={{ stage }} service=postgres"
postgres_acls: [] postgres_acls: []
docker_enabled: false
traefik_enabled: false traefik_enabled: false
filebeat_enabled: false
filebeat_postgres_enabled: true
custom_plattform_users:
- '{{ backupuser_user_name }}'

15
group_vars/restore/plain.yml
Unescape Escape View File

@ -0,0 +1,15 @@
---
hetzner_server_type: "{{ hetzner_server_type_restore_database | default('cpx21') }}"
hetzner_server_labels: "stage={{ stage }} service=restore database_engine={{ database_engine | default('') }} manual=''"
docker_enabled: false
traefik_enabled: false
filebeat_enabled: false
custom_plattform_users:
- '{{ backupuser_user_name }}'
# postgresql related
# defining type of server (naster|slave|restore)
server_type: restore

2
group_vars/stage_dev/awx.yml
Unescape Escape View File

@ -1,3 +1,3 @@
--- ---
awx_hetzner_ansible_revision: "master" awx_hetzner_ansible_revision: "main"

30
group_vars/stage_dev/plain.yml
Unescape Escape View File

@ -58,12 +58,18 @@ shared_service_pg_slave_ip: "{{ stage_server_infos
| list | list
| first | first
| default('-') }}" | default('-') }}"
shared_service_maria_ip: "{{ stage_server_infos shared_service_maria_1st_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-maria-01' ) | selectattr('name', 'match', stage + '-maria-01' )
| map(attribute='private_ip') | map(attribute='private_ip')
| list | list
| first | first
| default('-') }}" | default('-') }}"
shared_service_maria_2nd_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-maria-02' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_keycloak_ip: "{{ stage_server_infos shared_service_keycloak_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-keycloak-01' ) | selectattr('name', 'match', stage + '-keycloak-01' )
| map(attribute='private_ip') | map(attribute='private_ip')
@ -139,12 +145,14 @@ shared_service_management_ip: "{{ stage_server_infos
shared_service_kube_ip: "{{ stage_private_ingress_loadbalancer_ip | default('-') }}" shared_service_kube_ip: "{{ stage_private_ingress_loadbalancer_ip | default('-') }}"
shared_service_maria_hostname: "{{ stage }}-maria-01" shared_service_maria_1st_hostname: "{{ stage }}-maria-01"
shared_service_maria_2nd_hostname: "{{ stage }}-maria-02"
shared_service_postgres_01_hostname: "{{ stage }}-postgres-01" shared_service_postgres_01_hostname: "{{ stage }}-postgres-01"
shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01" shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01"
shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02" shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02"
shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03" shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03"
shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01" shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01"
shared_service_elastic_stack_kibana_01_hostname: "{{ stage }}-elastic-stack-kibana-01"
kube_master_01_hostname: "{{ stage }}-kube-master-01.{{ domain }}" kube_master_01_hostname: "{{ stage }}-kube-master-01.{{ domain }}"
kube_master_02_hostname: "{{ stage }}-kube-master-02.{{ domain }}" kube_master_02_hostname: "{{ stage }}-kube-master-02.{{ domain }}"
@ -192,8 +200,12 @@ shared_service_hosts: [
name: "{{ shared_service_elastic_stack_logstash_01_hostname }}" name: "{{ shared_service_elastic_stack_logstash_01_hostname }}"
}, },
{ {
ip: "{{ shared_service_maria_ip }}", ip: "{{ shared_service_maria_1st_ip }}",
name: "{{ shared_service_maria_hostname }}" name: "{{ shared_service_maria_1st_hostname }}"
},
{
ip: "{{ shared_service_maria_2nd_ip }}",
name: "{{ shared_service_maria_2nd_hostname }}"
}, },
{ {
ip: "{{ shared_service_pg_master_ip }}", ip: "{{ shared_service_pg_master_ip }}",
@ -290,9 +302,8 @@ harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
harbor_oidc_admin_username: "harbor-admin" harbor_oidc_admin_username: "harbor-admin"
harbor_oidc_admin_password: "harbor-admin" harbor_oidc_admin_password: "harbor-admin"
postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'"
connect_image_version: "8.5.47" connect_image_version: "8.6"
iam_image_version: "latest" iam_image_version: "latest"
management_oidc_realm: "management" management_oidc_realm: "management"
@ -356,6 +367,9 @@ argocd_admin_password: "argocd-admin"
argo_keycloak_client_secret: "{{ argo_keycloak_client_secret_vault }}" argo_keycloak_client_secret: "{{ argo_keycloak_client_secret_vault }}"
argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}" argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}"
awx_admin_username: "awx-admin"
awx_admin_password: "{{ awx_admin_password_vault }}"
netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}" netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}"
netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}" netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"
@ -363,7 +377,7 @@ management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}"
# smardigo automation DEV gpg key # smardigo automation DEV gpg key
# https://git.dev-at.de/smardigo-hetzner/communication-keys/ # https://git.dev-at.de/smardigo-hetzner/communication-keys/
# push mirror: https://dev-gitea-01.smardigo.digital/gitea-admin/communication-keys/ # push mirror: https://{{ stage }}-gitea-01.smardigo.digital/communication-keys.git
gpg_key_smardigo_automation__private: '{{ gpg_key_smardigo_automation__private__vault }}' gpg_key_smardigo_automation__private: '{{ gpg_key_smardigo_automation__private__vault }}'
iam_opentracing_jaeger_enabled: true iam_opentracing_jaeger_enabled: true
@ -372,3 +386,5 @@ webdav_opentracing_jaeger_enabled: true
webdav_opentracing_jaeger_http_sender_url: "http://{{ shared_service_kube_jaeger_collector_hostname }}/api/traces" webdav_opentracing_jaeger_http_sender_url: "http://{{ shared_service_kube_jaeger_collector_hostname }}/api/traces"
connect_opentracing_jaeger_enabled: true connect_opentracing_jaeger_enabled: true
connect_opentracing_jaeger_http_sender_url: "http://{{ shared_service_kube_jaeger_collector_hostname }}/api/traces" connect_opentracing_jaeger_http_sender_url: "http://{{ shared_service_kube_jaeger_collector_hostname }}/api/traces"
prometheus_tsdb_rentention_time: '2w'

1295
group_vars/stage_dev/vault.yml
View File

File diff suppressed because it is too large Load Diff

2
group_vars/stage_ext/plain.yml
Unescape Escape View File

@ -12,3 +12,5 @@ node_exporter_enabled: false
shared_service_network: "10.2.0.0/16" shared_service_network: "10.2.0.0/16"
shared_service_hosts: [] shared_service_hosts: []
traefik_admin_username: "traefik-admin"

38
group_vars/stage_ext/vault.yml
Unescape Escape View File

@ -1,18 +1,22 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
34376237343736386538353235346231326462313534643130616532633535613331643236353764 38663233373062663161366637373233653833663531383237653432633832363036393236653231
3737383533313861373030313237366131356438393333350a323230316663346634636634353239 6136663865393830306533376665343733383565366333630a303664306465393566383663323666
61326262653334646539626464646663383164666166306162646166333462383833333832353461 31663735623036363431346561616538623534636334633438366238653936383335303430613932
3437663431653566650a383632653134343238393762333131613633313036636536343831333630 6461346332313639340a626139353538326461633133396163393464393335373866356133333038
34633361373264376263303364353531636434356263663965626639616666633861636463383637 30656133346362393635663566383938633663303662623136373537353462333239366331376462
34333838663834666532366564396566313739386262633335313335386661646166363636323766 64633239373639356463363464376564663162393064623635623033633966653139303766383437
35363535353664346463336566663163303333663065613532623265303262396531303831653636 63393832376561646330343637633761653232656238383636333963646332303734303539373730
65353565353233626331356666343932333539356331303161303062316433633761623132333033 37613833313332393663656466316639326164306636663861363530636338633337633833343630
65376632376266336361363832613064323861393366313763316434316264663562616134353766 36333636633164613130653732616236646663626332613234306530616565626666343335616565
62643165633030363237636632386166396538666337616430323534313062333965336233333836 37303464396237323261643236633264633838626236373734396535643466373035346436376133
36306637323764333233666239336331373763633737623666393466376163313738393036336232 63623765663134373261343431366261666565303631376533303465383161366135383263326663
34613536336336663837353031323665323733313634313731326537333938396361373435366435 35323766306238396430343965653335323437663161326233623066356464316434633234303162
32643338346635633962346537393338653464383431396432343932373439386230613537356134 35626634383366303436343038336336333963326530326161336462326535376264343564396231
64386165363233636237656364396333336261613037323136363630613533353639646439303337 32323662323839353939653065306261636338643139613933323634666633313636353864396166
31626663393335343962663033646135333366623738346436393764353438383264666666653635 35383633353735383430303930303437393563323264656439353730353839616561373639336664
64643462656332653361313766656633616134373166333163346131616334343161616235633666 31663237343136353564636366643865363464656534393832383531393532646166643637326337
3366 38306139663863653131386263336138643831303031396537373835613731393834386261356435
39333331353635363633396337643234396231323463306465323636343539353232353464333236
31396139383137666536663365393362393832656336653535626430333033353737633661663366
65633130663937373861616131353631326135396366623231366131333432326662653365373134
37303734383038346530393866613965663262373638313536663863356563383732

4
group_vars/stage_prodnso/keycloak.yml
Unescape Escape View File

@ -0,0 +1,4 @@
keycloak_https_whitelisted_ips:
- 195.200.47.243/32 # DEV-230 - sparda berlin
- 195.200.47.244/32 # DEV-230 - sparda berlin
- 92.42.192.157/32 # MOB-28 - mobene

26
group_vars/stage_prodnso/plain.yml
Unescape Escape View File

@ -58,12 +58,18 @@ shared_service_pg_slave_ip: "{{ stage_server_infos
| list | list
| first | first
| default('-') }}" | default('-') }}"
shared_service_maria_ip: "{{ stage_server_infos shared_service_maria_1st_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-maria-01' ) | selectattr('name', 'match', stage + '-maria-01' )
| map(attribute='private_ip') | map(attribute='private_ip')
| list | list
| first | first
| default('-') }}" | default('-') }}"
shared_service_maria_2nd_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-maria-02' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_keycloak_ip: "{{ stage_server_infos shared_service_keycloak_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-keycloak-01' ) | selectattr('name', 'match', stage + '-keycloak-01' )
| map(attribute='private_ip') | map(attribute='private_ip')
@ -139,12 +145,14 @@ shared_service_management_ip: "{{ stage_server_infos
shared_service_kube_ip: "{{ stage_private_ingress_loadbalancer_ip | default('-') }}" shared_service_kube_ip: "{{ stage_private_ingress_loadbalancer_ip | default('-') }}"
shared_service_maria_hostname: "{{ stage }}-maria-01" shared_service_maria_1st_hostname: "{{ stage }}-maria-01"
shared_service_maria_2nd_hostname: "{{ stage }}-maria-02"
shared_service_postgres_01_hostname: "{{ stage }}-postgres-01" shared_service_postgres_01_hostname: "{{ stage }}-postgres-01"
shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01" shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01"
shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02" shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02"
shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03" shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03"
shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01" shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01"
shared_service_elastic_stack_kibana_01_hostname: "{{ stage }}-elastic-stack-kibana-01"
kube_master_01_hostname: "{{ stage }}-kube-master-01.{{ domain }}" kube_master_01_hostname: "{{ stage }}-kube-master-01.{{ domain }}"
kube_master_02_hostname: "{{ stage }}-kube-master-02.{{ domain }}" kube_master_02_hostname: "{{ stage }}-kube-master-02.{{ domain }}"
@ -192,8 +200,12 @@ shared_service_hosts: [
name: "{{ shared_service_elastic_stack_logstash_01_hostname }}" name: "{{ shared_service_elastic_stack_logstash_01_hostname }}"
}, },
{ {
ip: "{{ shared_service_maria_ip }}", ip: "{{ shared_service_maria_1st_ip }}",
name: "{{ shared_service_maria_hostname }}" name: "{{ shared_service_maria_1st_hostname }}"
},
{
ip: "{{ shared_service_maria_2nd_ip }}",
name: "{{ shared_service_maria_2nd_hostname }}"
}, },
{ {
ip: "{{ shared_service_pg_master_ip }}", ip: "{{ shared_service_pg_master_ip }}",
@ -290,9 +302,8 @@ harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
harbor_oidc_admin_username: "harbor-admin" harbor_oidc_admin_username: "harbor-admin"
harbor_oidc_admin_password: "{{ harbor_oidc_admin_password_vault }}" harbor_oidc_admin_password: "{{ harbor_oidc_admin_password_vault }}"
postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'"
connect_image_version: "8.5.47" connect_image_version: "8.6"
iam_image_version: "latest" iam_image_version: "latest"
management_oidc_realm: "management" management_oidc_realm: "management"
@ -356,6 +367,9 @@ argocd_admin_password: "{{ argocd_admin_password_vault }}"
argo_keycloak_client_secret: "{{ argo_keycloak_client_secret_vault }}" argo_keycloak_client_secret: "{{ argo_keycloak_client_secret_vault }}"
argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}" argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}"
awx_admin_username: "awx-admin"
awx_admin_password: "{{ awx_admin_password_vault }}"
netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}" netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}"
netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}" netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"

1359
group_vars/stage_prodnso/vault.yml
View File

File diff suppressed because it is too large Load Diff

238
group_vars/stage_prodwork01/argocd.yml
Unescape Escape View File

@ -0,0 +1,238 @@
k8s_argocd_with_keycloak: False
argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}"
k8s_argocd_helm__name: "argo-cd"
k8s_argocd_helm__release_namespace: "argo-cd"
gpg_key_smardigo_automation__private: '{{ gpg_key_smardigo_automation__private__vault }}'
# https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd
k8s_argocd_helm__release_values:
controller:
logLevel: info
logFormat: json
metrics:
enabled: true
serviceMonitor:
enabled: true
namespace: "{{ k8s_argocd_helm__release_namespace }}"
additionalLabels:
release: prometheus
repoServer:
logLevel: info
logFormat: json
metrics:
enabled: true
serviceMonitor:
enabled: true
namespace: "{{ k8s_argocd_helm__release_namespace }}"
additionalLabels:
release: prometheus
env:
- name: ARGOCD_MAX_CONCURRENT_LOGIN_REQUESTS_COUNT
value: "0"
- name: ARGOCD_EXEC_TIMEOUT
value: "300s"
- name: XDG_CONFIG_HOME
value: /.config
- name: GNUPGHOME
value: /home/argocd/.gnupg
volumes:
- name: custom-tools
emptyDir: {}
- name: gnupg-home
emptyDir: {}
- name: sops-gpg
secret:
secretName: sops-gpg
volumeMounts:
- mountPath: /home/argocd/.gnupg
name: gnupg-home
subPath: .gnupg
- mountPath: /usr/local/bin/kustomize
name: custom-tools
subPath: kustomize
# Verify this matches a XDG_CONFIG_HOME=/.config env variable
- mountPath: /.config/kustomize/plugin/viaduct.ai/v1/ksops/ksops
name: custom-tools
subPath: ksops
initContainers:
- name: 1-install-ksops
image: viaductoss/ksops:v3.0.1
command: ["/bin/sh", "-c"]
args:
- echo "Installing KSOPS...";
mv ksops /custom-tools/;
mv $GOPATH/bin/kustomize /custom-tools/;
echo "Done.";
volumeMounts:
- mountPath: /custom-tools
name: custom-tools
- name: 2-import-gpg-key
image: argoproj/argocd:v2.2.5
command: ["gpg", "--import","/sops-gpg/gpg_key_smardigo_automation__private"]
env:
- name: GNUPGHOME
value: /gnupg-home/.gnupg
volumeMounts:
- mountPath: /sops-gpg
name: sops-gpg
- mountPath: /gnupg-home
name: gnupg-home
server:
logLevel: info
logFormat: json
config:
kustomize.buildOptions: "--enable-alpha-plugins"
rbacConfig:
policy.default: role:readonly
policy.csv: |
g, {{ argo_realm_group }}, role:admin
g, admin, role:admin
metrics:
enabled: true
serviceMonitor:
enabled: true
namespace: "{{ k8s_argocd_helm__release_namespace }}"
additionalLabels:
release: prometheus
service:
sessionAffinity: ClientIP
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
cert-manager.io/issue-temporary-certificate: "true"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/whitelist-source-range: "{{ ( ip_whitelist + ip_whitelist_admins ) | join(',') }}"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
hosts:
- "{{ k8s_argocd_helm__domain }}"
tls:
- secretName: "{{ stage }}-kube-argocd-cert"
hosts:
- "{{ k8s_argocd_helm__domain }}"
additionalProjects:
- name: infrastructure
namespace: '{{ k8s_argocd_helm__release_namespace }}'
additionalLabels: {}
additionalAnnotations: {}
description: infrastructure applications
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: https://kubernetes.default.svc
clusterResourceWhitelist:
- group: '*'
kind: '*'
orphanedResources:
warn: false
- name: bootstrap
namespace: '{{ k8s_argocd_helm__release_namespace }}'
additionalLabels: {}
additionalAnnotations: {}
description: application declarations for bootstraping k8s cluster with argo-cd
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: https://kubernetes.default.svc
clusterResourceWhitelist:
- group: '*'
kind: '*'
orphanedResources:
warn: false
- name: cus-mobene
namespace: '{{ k8s_argocd_helm__release_namespace }}'
additionalLabels: {}
additionalAnnotations: {}
description: application declarations for customer mobene
sourceRepos:
- '*'
destinations:
# TODO all applications have to be in argo-cd namespace
- namespace: 'argo-cd'
server: https://kubernetes.default.svc
- namespace: 'cus-mobene'
server: https://kubernetes.default.svc
- namespace: 'cus-mobene-nsodev'
server: https://kubernetes.default.svc
- namespace: 'cus-mobene-cusqa'
server: https://kubernetes.default.svc
- namespace: 'cus-mobene-cusprod'
server: https://kubernetes.default.svc
clusterResourceWhitelist:
- group: '*'
kind: '*'
orphanedResources:
warn: false
additionalApplications:
-
name: keycloak
namespace: '{{ k8s_argocd_helm__release_namespace }}'
destination:
namespace: sma-ums
server: https://kubernetes.default.svc
project: bootstrap
source:
path: config/kustomize/prodwork01
repoURL: https://{{ shared_service_gitea_hostname }}/argocd/k8s_keycloak.git
targetRevision: prod
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
-
name: filebeat
namespace: '{{ k8s_argocd_helm__release_namespace }}'
destination:
namespace: kube-system
server: https://kubernetes.default.svc
project: bootstrap
source:
path: config/prodwork01
repoURL: https://{{ shared_service_gitea_hostname }}/argocd/kube-system-filebeat.git
targetRevision: main
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
-
name: cus-mobene
namespace: '{{ k8s_argocd_helm__release_namespace }}'
destination:
namespace: cus-mobene
server: https://kubernetes.default.svc
project: cus-mobene
source:
path: config/default
repoURL: https://{{ shared_service_gitea_hostname }}/argocd/smardigo-mobene.git
targetRevision: main
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
redis:
metrics:
enabled: true
serviceMonitor:
enabled: true
namespace: "{{ k8s_argocd_helm__release_namespace }}"
additionalLabels:
release: "{{ k8s_prometheus_helm__name }}"
dex:
enabled: false
applicationSet:
enabled: false
configs:
secret:
argocdServerAdminPassword: '{{ argocd_server_admin_password | password_hash("bcrypt") }}'

500
group_vars/stage_prodwork01/mobene.yml
Unescape Escape View File

@ -0,0 +1,500 @@
$ANSIBLE_VAULT;1.1;AES256
38393035306261346134383162356566326337666661653966396532303666663037663163396466
3931326461323966316431316163323061636163653863390a643866376430356463303565366230
37626438636366626162643833613035373532663530306461383932666638356633613166356363
3234313739323864610a316136343030343464663066616632633561373730353334383337343439
33346364376339316535633261323465646661626337383166353936393964333738613736303434
64316237623236346631623333383835313866323035623364623531306335653334626339366636
38303535313965613464383534636435646261356231353339653436323639336532383862363162
35383535633665613464613238653330643666616436643130663666663631313762313733363064
35316665366136356264666336376361336565313632386663383438626633633763643066636266
62396435343236373963393565363165353566613830336639366433313635633736366637346236
30643262656132313130306534366131363138396565366462306236366561346632373837323332
35653561326530656438633836393133376435643430363633663866633364653034666232663034
30363862653536306634366237383135636466363231633462363538363465323037333036326335
66363964326563336135633266333732656130343336306534313334616134346661633133366262
38326637613730616439316265666335363239616630363234363261636564383539343662393961
39643338643066663663383736333062363436373962623538356236396364333064336164303033
33313434643835616362366363346438326533393766393235353835346238316537343666373839
32616631333236663162323363643333323535386230666166336365343262633362613961653930
34656330323763373461346464663166343833613066353232633030623130393036383162306562
66633139303861343965373463303261633633643665636262323461353134643765393930346431
36353364616533313064613731336438386562626164656263356635303634336434346564626535
62333132636433396565643836643762663762373637353739333631623434656463643739646633
31386630663861303934323162363138316266663936386333373730336534653631366261333733
34373437393964363131653630616330616431643362333431656135386632613034616635663366
30623536333834353731373831353161343564373239623861656364646238363131386561643031
32616234616133346637656161326337346163313131323735376362353363353261323239376264
61626265373766633836643131323135356338353762363039306638346432333162373436343761
65303437653134626365383562343639343231343265666637343163663232663535346564623661
34303931343666643966316437306339663466323865386562626266343133356331346665623866
31653364366662646666316161623237383431326335306661323536663637633938343736346434
35373738303335376637623466336666346632343938336264663062653833366638303563396166
33333065643935343964303734303465366465343832316365303231356337306132316563646264
30363161363739323465646466393435636539663630323634633034336265333064356231356563
62396236363337633230663634353566653230386366396331343262653762626666363932326333
34343866353831616232336335663861623864613164333864323938353636366133663365656431
66373162656434333236376337313830653035663738623564373961636337343637303631643436
30396138396266663364346337373637623763653539376430613431396535313632313235666339
39333765326536343034363464366239383935636464373232346239383631353666356533346331
39663238663431653036656535613131636262663536363332663234363066383262623731386235
36316133623566633836393630643966343261393532653835386437373937303631643635326337
31663566316530313238626330383532653334383236346337333534613431646466633832313765
63613937613537663137663935393337666333346466353466613138333861663064626434643637
64666361373936393434346463366635613031623263343739303765306539363133353836396435
64396464303139613736396361343231643937643861663163613736303466306432323762333865
33383665663037303634376530343630646135623237643865653934313864363936316536303163
65663964656632333764656464323837623138633964336435663133646234343037313065643531
35643739653238363064613636373032646337363865306139643437373564303238623431643035
66303561306333373534303630633461656265333231303731613634613533643264613830343733
32643564376333363962396436313533666339373662343365653930643131313566623735623863
33383837316433366562663966353261363639306435313261636165316566393964316438303761
39386264323562646230616137366164663465363961613863386533376266303538316238373663
66326438356464633065373139306630626165323664346165326136346335613935393632383164
64326431656233313036346463303136653237623236383930353033636536653338613033623738
64366431613363626563376331313736373762373863323563396335336631623732323330656566
38643636653466616162643264643934373739383263646538323039636537393934626265653930
39376262653533306163353663303635396666666337663337623039643464383965643234396635
61613931326633656637363132396563613739323362393538373636373731376231303734633835
30336538616632333539663932646465633039396133366136323637316163656136646339323266
65626239666538313231323336386662633134353235663132616265646166666239636338356263
61303437353930616437633465666534656434303530393766393932353235333532373339373834
35303631373634636437396633626530316461323863356362356165316533656536623931656563
61333330623439376137336464333561343961303835323632396265346533336532616135653731
34396561343562303438376533623738383334646439636634383431316661306435633161666363
39306336363464646137626165386665633738613932643563656463383031323039396331326266
66396365346331303436353565616532323637363563653636643934303962386435653533373030
65323531363830326262376236636236646163656139363430656534336332353262623330643631
36646539383536393664653932666534653761353966373031656363366138386539326135383234
32346163366432373163373437323039656161663238326563313530656566343138653238643564
38396234336332653861623038306663363630623139303736306131643465653237316266336461
39303932313663383965333434666362373763653637353064316661643939316431386561616238
64393938306236323736313131616132393631663761623935643065633432306237346261313631
61656230306236353964363035623961373638333131653562326163303633396539343461383065
33343237343866393561653834363261353039643032633964373931666461653730613233666334
30333734383536336635393461626130353735653566633435613332376637383031643935633736
64353063386230393539643534643932326336343239323564356330323034626233623136383462
63613066376638643030336463613836313135613732336334613337636161643936333632393065
65616262343062316465386633636661616331343434386461393936666661636366383663376633
65636332613937353262653766663239346334666336323164363734653961303262313662336165
34646162303934643834663261373833666666383031633333613064306466626263646639623132
39643737343461633536636331393135303132666431396565346530383731643365613461336664
37373665396532353466663537333833643835383263316430306665323366353830396137343561
37313032343866633635636135326566666566323436376234336364323330303033323230646635
38356664316139383233633134396631346232366639316330313436306337306665663534303362
37356235616465356532383337333530383466346638626563653138626538383761633261363266
39646264386537656264343766313137313163363732336137313061366336373062333336363062
35643632343264343530376135346530666531623261393133623435316366313465343561636535
62646132366139653462656233363834363262646663646463666530383361646461633562616564
35643632376237656364646662343866663131333266306639623538356361653635316564616239
64613031353236663136303763653634323562343164353636313938626139366466653665383830
65376335396531613166303130366437386166363034336337343833643037343835643230636536
37343330373535633233383139356437383465653561616161653838353364643264643365313964
34656261663962323639616166623561316130336562323333303665646230653537626435333537
37393965303265373437623531396534323162633661613132633339316337376234333666363738
65386632613965343534373733346535303461363130653665396263386337303534643461616465
34613636366231303930326266663261623161373634306263376332653136636332306532346639
64626666363634346639653835386366383138396665653234333539323536316664613332323161
33396463303330333031623938353533373939346535393961366139613634363738366138356437
30633733623564633134383366323161613064666238316565626362353935643363616338393562
35383939306666373438663837383137316263313665666637376530383065356638386636343863
61303635663434393538323639656132623562373062303030303030366636393261333865313636
39646136313866313830346630643133656561356162616635366236396136373538306335373533
66393034623535386537626636336531376138326232386238326635326638353734646563376665
38386534643063313565363364393766383635376132613736323165326131396364346665323765
61343137663365363365333534623338643263383733636661376632623938636132356231666537
64353134613862323531353066333635613133656465326230346162303031386561666664343631
65316531613863363735393664656536623236636465643737323939633839633833393364376138
63363437653663633135653838323962626361663163326661616439653934666238613930386265
38383732626333393235623638383764396665653230636431633361663531383561326562313133
33626338376464636534346166626464363566343936323436333938653335396563363930336533
61366461656434353532613363303438376639653935373266386465663434346635303563333435
37656263376435333038333233646638396436663432303563323236393330616131643662653733
34376639353939393838383435663934333064633132373363373065643939336633633461336631
37343361306531336362643735343931613865346664323433656631363335643330353437343733
36383130336233326335366132643534373764353930376530313934356530303632613539326665
63663330346262376333613431613334656466393436353132373030333636363234363462623866
33643136633437376364313539373736363962633938306663303564363836373031623133343832
66636366366632666566353564633838393262353166323464383331366162633561623939373766
30663034396539333236393130613534336238333761343164636231306661626264316331353432
32366263363137313961363337626335366265663263303361396336333034346632353136386165
30336564643335633264383362396230306635336362363464633631386265303562386261353066
36303634333336373761343963353733633632633962393336306663633862613134396463656237
64363464383337663133383965316232666561323864386331636232396138656364613062303266
62303236313863346662336161306264336266636431623238306530636164313866313939346265
36613564336263313938333030633431663564336438326438643333313865343738303637333436
33633239346563323764386639313737383736316134643662396433353338663936633931313430
37363733616534363264333437356635303935643431633335633538623631326465383864303237
31353663306366653333623566663266663130623130393665363834643561653961346464333264
61363631636436393236666362613130663037306330636363623436353861316363666364383264
66383435353239376331393937343235366562343433306666306365646330396133313035323165
32373831306337373236346361636465356363626138356161366466373734653465663230356532
31376663313232333662346530396639363334353330333830356235303430646539316366323863
33336436343066383564376132326531376266373730323535303066633532303663663638396630
66653235643937383366633764653234353236623133346530326433303534363963356436353565
35303332316464343866323361316438303538643935373263663131643237396463323137326466
38313162653863303365363235623537356530393531633862356465326436663763316436313434
63623763393532653934346264313039366461643238313336613639646665353030313830623435
35376533613837343032623431343564343564343637343862656137396333356364363435346662
38396534666663626131633835613637383434616431303833653334386435616463636562366164
64333166616334336365376666303162386630653233656337336436653365306636656233393037
38343161376466656563646463363664623363303035613661323361326635393232646430313534
35303663323662373134633162646436636233333464393639343034616364323862366139303336
35636533393137333632633262376263616338323638616164313838363865656164663861366431
65343230343564656533616334656234306432353166323564653131306434376134303632386138
30336131353437643663633864303439316232373861376565396664636266613966653334343732
62623861643038623234393431333434363330346536303733643534643666393933353335613664
37666537633061343035343731336665633330303930326263313231356238313964663134656338
63653731333861666231666131643031346238373038373833613036623463396362336564633465
31343565636236613432626237636433633830393934343662303232383431663764356634626230
37326439646132376230363266633437396161313566316562626332326132323334636339343534
35303561666239643434366637306165323463653264646462666636323361653635363834663464
35323961383066376430613130313863303338333562396663623361353235336533313630373535
65303863613932636164383764366330396431626138323966376234636265663734616336383334
39376436643362343262616230326366303634626131646564343364386139626463623765653934
66663930323137663061383539663738646334313138363861396337663366663361323833356231
39376165333133626337303663303763366331306533666135313134646466343166383435663837
38626136653430336266343339386238336635656266353866613831376561333832363936653138
38323131373338313065336166393832343236343135623635353966643733613339323934376638
30666430383066373930613237313239356564303061313430393032393933343561646635393465
31353666623236613139346436613238396462636335363434393837303464333166353761333437
31393438373063336161633032623430663539376334373066626163316635346666636136396264
64343236343738636137613933373739396636396366626463613530646434646466633830393334
66633435313732643831356639663961316266636535383735353131653834656433326561383934
63366639356264626232373634626130613035633432356534316432653262626637636665346639
30393936623762343663316237613465323565656336363264353363633662363165626539363238
61313461323835336531316231616135363635303566616663613531623730323933623462333034
63376435346465616661303662636265346465663065333263373530303234356134643238323864
65613765323165333062386661303863373437633463353231333061396234623935323135383434
33383533613530653235343565303562656165663237336162613935633061376236646564306665
39653030373938653566393933313832343738383232666631613137356165306664383937346261
62653565386337373966666438303566613065373737383937303031626266643933346335303234
65363463393562316237663130383665613635393235383830656462353139646332663835313739
30373535306265623230626137376561623063663037626439363834303531343839376130346233
31663266666132333366366634333964366563623261633938653564366666326666333565613635
61613135373466626465646637636666643363613432353165613834626561326433643863383966
37366633363565656632333262363764363338613063636461663063353634373131636232656339
37623030656562316464656464343337316138366336376436393830356434333731313366313435
35366163366161633965363263626362366163396132383939613463373139306634386162366231
62353563383466363833326264613731376464356336643066616562323732326630396665313364
31346639333561376564353437323765336132373139663262373263373264633465666631366139
63376466613466623131393038623039396330313333663939623663313762653561386530303165
66333565653938353135353530326132643564336532626433633535653039306332633731366635
63613738353163613535306464303336396165306638366561633833356365363432383163646166
35613465653535656632666565636433666261313938373537623936336562653732376434636636
65633761623939666138353964616537363837643263386666613163303039613737633265373265
36663736636134623431316264383430643331333839306132643631643934303464303762336637
32393263383833373865323439373837623035393633393131666664323566313633653233343361
31616466366564303662396561646364313334356136333332343931653132383130333365663762
38363336346664353766346665343962336139306432616536323336356431356662353164373436
66613463326639316361336530373337303564313139323061363136353464336665396334646333
39383937623839643539316139613663373832393139386231333164373961633834623635363735
64616366303739363366653934396535633361626138383633633862633964306132316333666530
66623135643033393538626639623737323331363664663563646464326439636335343037653165
63646261303764396266346362616561393738386136643866316630373538646331643837303930
31646538313961363064336166396166383938643335653862383166323532353461666461383737
33653337353637393934333566356261323937336336653830666164373262343065333261313936
30333362316137613962613666313938653533633833323564366332323866366635616166623762
66326235313630663162333038623765633235636565303166373337383138666334363334386663
32326333383132373966663530663130373263343662616237323435343566636230626639366163
37313237386663653636643031303464386336306439633866306363353739333733663563663937
64363062396565346230633331333039306466616264306630333032323566366431346632643263
39323734393031326666313861663439383664343534306639616165313065613163393632323937
34313939653038316436626139663566643837663838633866616637356231666161393263396161
39386433313730323237653637623839303732366531383637643832633234313866333633303563
34336334393630313862623536303035663532343137316266323931353462346634613464343761
36396166353739313664666535306233623831313630396231396638623838373736623764643939
32333838386535633039326462386535386637376437653138353834383266313432336332633034
38633061376439383163356237316639653230323634383238333539396435613661626139643938
64313132326633303266613138636436616337363263626438343832623064363634646636333131
37306636333362363230356661363935623032313533313366663764636364363834373236653665
34396266396334336435336637666631616166646164383032383861383464353531356439646331
33633365663836663634636666393636373831343831323166316636363365393036396538646533
66396438613266373266363035363338613130323734336538663564646537626662616135346334
31656439343133643563653866393033636139623265333435373538373136343264666433623232
63383738353736383530303561626439633634646239326436613937363038353030343239363062
63643739626365653832643934623366373936343139363730633434303662316637616165666538
39633563366365346439353130613937326530626231656638666561613933393338313266343961
36303033376361663339363430653965623566326632636637373830366663643039363863396164
61323765353263383862616238376135643235656130666564663065616538636335643939393862
62363330383632666561333634666437306230333362356438363964376465383335383138656435
35393139623262346162666364313434633061656539623931636636353364346361396134623737
37643130663031616637633137373130376139666434316364393132666532666339643439636330
64626639376338656333623132663335326132303065323865313132363136343434383734356564
66633137623266633932303730393637613538333932306535623065353034373733346138386338
31323435613139313162613635303337313732376535376131393735366334656465373831343865
63626531653130396239636166363763383665353037376236333962306238353531646265373335
61663439616436316563643533643165656262646162343462353966623734663031623636393235
35646435633138363131376664373663396239626132343165393061366366343732653734343938
35643465663835656434633862343861323431323164366665643832326263356334393366303337
33393136326563353735343336616338343165663532623036656666353432373237356334326339
35313732313135303963663733313261613236313732353262346266333566306262316437623666
65306532383565313337386661323332613164313664323639383331663534616130616361633334
31306432373363643733363038666233366333373432313336316636363966633739373838663537
64386463626561363563393864613935306434653934386531323330373562616130613263633734
66663539633732343665373534323438356232356238343434613163383233643163616138663336
34626531656566383764663262363736306165333536633265353133333363363935353031356262
63646530316162336232316333636634666165393865353462653338333834383764333539363231
64623731333063656665623466633834313030333964643138623837666232626365623035346333
30386233376662306539376631373234323233303633313462343564356430303432333864613731
33386534633163386330376233313739633336373735383238643834643666633363653063386464
39373133613633306537636332393236613231363466626662613537386530666665366263333366
32653266363964643862386634313230323661373366366236376136656231366432623732623965
63396232663439366261633165383161336431393866363238333137313361613736623936356164
32623531353062343732356461616138393163306661336165396162636263666638643535306334
62326130313034366431636130346134343039613637376162306431623163343263333432363561
62623733386464363736663061653332366434643838363231396535623337663439623265623339
66643731393137623163633633613431323136373865306537356565616530373366646134363733
37343339393636386361643230336634636137366130333163663236623063376535326166336135
64353163633137373761663365613138656638656132376563623334646639316432363765656434
30353465353537393439353636326537636133653132626537353665356235376533653733363538
30363636323831346663356161373032613430643833363762373662306334323933323262653539
66376632313430663365666534383565636663363033373039356430336363323065396664323461
31616137346530663163613239346363393730663564636261316335333431666664633338356562
31323431376238326265616265336461323037376636613064343836666262626132373539636539
31613263653665396161353738393161653163613939613963306234643339373134646565396335
31336333636639336663663966383662326661303631646165326662383330306430353136383463
30316634316162663430343037393236656332313134343134383262396265316634396531643738
30666333383633396361323765323961636565306338653530356237626138663765306466333836
33653762306163356163613163376164386633306635353439626166363331393535623434326464
63303130316432363265613031303738643566633230383436313661353565616235323966646635
37613965353432303966623234643363373135346364623335663633646232366532613135636430
36346335366635656635336538386238366533656562623732623865383639353737343266363662
31343038313730643464336239613966333934633936626662316131633738383237346232666635
32386434343561343864623361616334616463316163333962386237633337346633626163646534
32613034333433343236626133353265363962613861656532366537613837366332316531303362
30326639636437376163346664323661656530646238633861666437656366356564666566656235
62326536393963353733353336613839643431336134636664396462383763363237666533636165
39363636363736313764633761326165316131303539373536386139383666633338633235623535
39333731613330343130333663316530396630316339346332313131643531643032633235316638
31383530366539316634656139303133383036383232323134663963386538636262343939353837
39393666326264616434623462353561643938333433626531393466663230356531613635653434
34353533653034343831383030653331326135333634373037353666623031383538376535353762
38336262303665353038633638306638616364326564333239643437616531363663323235353935
63373739316264653239326236333562656537376332333135663163636335643835356233636330
33646330333632633939326534616163386264643630316333623134383736666432653835313965
61366565373133633039343938306166636264383564353262343066613933363365323233666233
36313234343865666634656362626466313631663237343463386265333338656531326665653235
39393264663832363830346434386465636561323935633639383634633161643733663431363637
36623738336136383365316334313835363333656465353065653131666537623866646336643166
35373030646165383739326563383236353863376437323335613862626336623230626439613465
35616633376135316464613765333132623761323161643639333731326535316663346562613733
37656336383664326338316137333639393061386462646336303936643736663339663932626365
30396465663938333336363461393636343435336536356664613734633135366666623861643064
62396666666233366663326161353065636535366561666362653937306538623762353963613634
65373364666363616263383166366130316339373338313231383637343238313731333735633031
35646336633464613133613832343339636338376432646336343463323839313336393139636663
35363931653165316330616336646230646166303966363634636637383736656439323032383132
36626562363236663431353733626464643230343636326237323038393130613337376264386161
63393563636532353833366539376539373837386566366261346338393964646264396232386439
36333436646634666539643036616530613964616238326262383530386430373765363161346461
64386365376131363139613334356138316533626366666137316166383636623963316662333464
39613133366232656230623538343163323763333931303133656363666362376239633938663230
34393032393631313937386336313065656638306237353435336332646163343330326332393136
30363038386566613938346262656630653365383639343330353762306539636263393137363366
30393136343032316164663631386163393639353937346637303565643665653038653664346466
66303762623837336538313130396638333238653737643439383662396239313338386132613835
38346336316635623030633863633431303462663563306632323930633731623937663761623335
66353733633236613432353031353462356163343364393563373236386338393736346438383865
62343735393861393463363064643337326136346664396430313839616438333337616236666136
37626636346163666639346435373036333962326137646139336530393436633335306235626132
33313930313531643931333331343664346131663433313834333033396361653064396439346262
34616635366237376434633937653865616136653463646339646137363365313530663033316464
37613133383861366164373464326335386432653563663562316635353533626562393532616631
38666338643135343735346232656561313638656537393231383635343262643530353438376566
63613062396234313639393863633765393966383838326562643539316336653937643238356633
61366235313964346262383365313366383564613732383064393665386133323538353032613662
65376637646263306431376235336163373931336635343633333432383832393932323463366363
39393830666161613939626237666361323362356332396332393765643964336433356261363930
34643131316437303634653565386633656362636663336263373362366265646133366561353433
34616562353030373535326265353537363438353930636135303037333566363030343935303134
32316231363538633662666337343564373465623739303839373139313734343831333164303439
39326433643861393330643530636530356531363331663934646332623535393066323639643038
61623664363966396536643330653636633733333536646666386135663739373538336262666661
33643161623132623632373363353536303762613361666361303164383363306533323539626239
66643133343864626634363062373365333238326265376330643932313533666564616266343730
32646637316364373433373236646334333964353664653133616233663062333864353636633063
66643464636466333635316635333865643635646331343438623734613865663338316336386536
37633337313266303461653661356564333861373732613730653036636331303462376363663737
36633438393034643932626533643330363765336537333562643035333866396539636234386663
33313632323737313536366133356635323631636131306335616137643435363433653633323264
39633839376366623466643838393334663565303632343433623562323834326132613665373162
66313061303465613062353238623962303132636231616530633832303634346335313566363964
34323866653862306261626531383363313438616265313532613965613139663262336135656631
32393662323661633233326164363131303163393463366533373334633864633862663463343832
34316261396533663733346437623837313538653236646162383161346261346563383534356561
34663336376465303561666232353232333234373163333635376237613234623836323035393461
36643634303337633033633730396262376164633639353963333034633962636637313538623262
33613461353331336430376537623839323764633666306236356538326164323737633865613663
66393132363562653666303134643263653165333939383831336232393838303966613133346135
30376464373431303963383832663364316130366531373637653834643437313637656662343834
32623932626164323239313132383562383933353430353330316434643865346662633864363335
35633163333236343137636534313964666463656663333232303639336163386336633764386431
61313566303131633162333539376333376563343436323362623661343164346562353234306138
30343937353331623436356234323430386262636635346131366462363334636661303962646364
62613066346163363766646531323239636136386664636562393564643261326263386138376661
62323261393264383136366330353435623139616432333061323430616462313034356232323664
61623532643330653530323735636532356335303637626139303464663734613233653037343533
30616237363163613838393262386236323565646636353563373339333534373833613762326132
34346230303032366339306430346437326536303139396238383165326530613061643563343265
32326534346631303062313465633232343465393937303262366131633839346465613233333436
36626663356461326338616637656336383332353665396133383666343664333535653634333037
36323138613438626530313565313733613166373563386132663639323539393366623338323663
38636137663732353739393136313338663764313338396634343332306430333831353235626565
64663938643964623439376261346665653062613735663431653233373037646132636262346561
37333962323231363466636532303639643031653733663464336433646163316637653430386339
37373037633564353563633762303263623634376238306361636263373462626431383730626631
62303438613437336462373437643631373039653534346265326266666632356237306538396634
30353033393163636239393663303431333335343436323563656239396132626136373961613435
66633539643638363734616162393934643061323261333962386531323933353463333433643932
33656563333761653662373335613839356634333532303633386237366234613138623965306335
38376635633332376137643366356339623561336361656563356265343133343034633536383035
62653864366330616365623930363666356634333461373235303364326264666362333462626137
35396436333533343138343239363435613061313065613838383966373939643836653062303965
66623634316131333735666432343830313937323864663330643436616537623132376162633837
65626631653962343166303338646138666564653261633631363531353263386337613836363064
30396635626566623235643063313735656534646533333836633933633235383163313166613635
38616531376534363562316665643764313830346336613530343632386133343039643064633764
61336133366232383539653466386665373666356131623165616166393536333935326631343862
38653938336464376639636664363034646134313762613930666261363332623837366630376230
32313963373738323639646661306235666437306330633465393234613339313064346661386661
38613437303936343537613163393837643166343636326335656536396335656564366437623535
66666332323161373430333735336230396234326230303336366561613965633163336336643266
66633766353831626439643161393835643636653564613238323333636265643564366237353335
39656262656237353864653338663334303436323066373839663365626563383066363634396238
31376662663066303364323639633634633136653134653666623234653239373064653262646130
34366565366666323037633738303237363465333232346536363466326238373136393363343166
65626466336639386139323166616336346537353862376536643562636662643531353165386133
37376332343333326366303761346639393261323534643965376564353032663861353437313330
63633961653730333863633034613338666335306261333762333132393236353331633338356539
39306533336265646133373065643238386538313238303830643837386137316461323363666433
33633562346465373463383264613163643630363862376566613035643961343232333331613938
34643662353965336364656531303839313266663061356338333963323661376464623134356530
66383732643265643366623265633331366135623934383133303938373131326163643761336135
34626466346634666164393038663736616234303362343065636239356531616534636161653364
62656631666534333739303231633862303330333165353736316366636461623932623138633564
35626165656234626666666330323837383433613266656236643731386333616636623733613831
33326262613161356638346664393230353635396234363033656632346434386261346262626335
61323265303737386563353335633131336230336266353932333761306435616362343335613939
33373431633261373135356337393838626661656433643338623361643362366561306338343336
38376466613034366633373233326562373832343232636362313630323861363034393362396165
31356539656462376530373362333263343561383834643265383261376233323534366133323762
32383038333038386433366334346431333435643064663566356266623237393533626431623361
30306534366530363865303039643032353731343334303435363639326632626239633062633562
38323539633932323332646463396165633333393738663730396237373864396634643035333734
66366237623330663335653162373634613565633033663566643964373436313533656566313934
32613736366235396237326233393532653433616563633364656365303364623931613561626238
37306537373330366231613231353835303834643066666132343332613361656365626432636263
64636237353766663833366339316631343939626137633138616335633139336438303038306339
35623666353939316539346333366631626433303332356465656330323964336463373737303638
34356464303437656364326266623134346237643061623365346361363564366134323164353835
65396232363931316339393737616264333765323432383833383065333838343331363934666334
64333164376430343734373362376130613433323465653132313665666365306663323166306239
31333961613839646466626663356235383361656462393238346566646637323438326335386165
35363631333332663332363434366530616134663663346537346434343666636336646665663438
39396235333434613932313539313833333666353366336263653137366363666530303632323865
61636261353564396230623261613965353530326533336634393338393438343863396266396234
36653731663035373466346131633038666165616633623566383336366264613061353934653737
31383734636231633335373465633236373236633133316364656462396566653539656130306133
33363266653766656530376433393738313331316565653930646266386262383431663236323161
34666633653064303835313864343736653738356333346164653433613333336434663666656235
32663131346435383037653335373061633437353464306164623938613737366337373133643336
33363335356134303561303763323635666637653639636435303162366562326337666139396463
38623531363136363132613630373036633431393433626432326439376565323634653531383036
33333030663032306132383661316661633463633163616266343335363061363434376436356339
36623834613663393566326132336361663330333836613633663239306636613032613039633763
30303530313539666137396332303437393735333037663461313863666235623039323638396138
63353264386530646231326530633562353737653762393538363232653439653264363162383362
61316564353733653463306564333931306462373037346338363863333736363532623932343262
36653365373438666530313162386338646338633364396636663137336338633735396636633034
34356638363633343537623565353562643335613361643737356264363535363662373032613865
65666335343163373134376233316331343336383334613130373739343161663361323039353330
39663939386431383134383263656434303464313639663438663237666463643063383130616564
32313266393831396130363664336438623939633261613138626135643739346165363336653637
30396461643131656135353131636462376365333564386563356230393939316530623134653336
61306363396334633035383962306262633836336165653639356266323434636634363932336634
32656462306665393031373539316531353733306134636363383237653261633265363339646631
61643764643235666339353963623630666339623365363939613639343262306666653033343064
62383264393762666165333937663164643861303661396264363333376635353834303266313533
31323132343333303630653033396563303938386332393732323736666337306233653136626662
63333435616239343662366530353566666231663232626266356536303137303464643464646465
33363461393064666564323761346334643134643933373739333863373964336536303766663932
61346132333261343661393138623939626236376230396131626665636562623739356433663165
38616265316538656363353933383762623761323564376465376533666136363931613035613137
65373034383236376531616162313566656634323564633639316330373362313034646431323738
61653331616536623538313830383533643361356435643861383533376436366431313032306664
36373038336439343666303536336264353838383530663132653434373132333130643035616134
30383530626337393030613734383231326566646166336166393134333965373563313430326463
64656239366437323261663563653265343862303462653362313435303263663631333964336534
63386133386639353666633765636161636538343432633133616162356438656162393565323636
37633137316239363464353732333765353831646364653466366437323633656262313930626639
32346536343432343837373635363263313032656333633631613461393366326566386436353837
62323331396636653432303734643966623162353336346362343862353537613764323265663164
34303138383237623234353364373030353261663237656431653637653861343532396165366136
38366138353936306132343765656163663863363561336430373736623538396135313039616538
62323363336539623433366661393936346161353366366235326635383764333666613135626339
66643561396663656562336665353135616563393361646332666632616336373061316532616465
34323966353031613631363734316230633266383638356239383262343136663030623830343263
62666339626135396338613033343562623737386363333566313466333432626433303339613433
62393530653536633333326335353831356439386537383039623965336262383431616239623230
63326430326533643834383233626539396236306339616262383631363765626632396630663763
38306330323663636136626534643637303066643866393033336436636563613964343835643633
32353263376333303537616363643630386632646537613063633162663637356131313436613431
62306133383333666532636437306264363961663261643133386530623564313366363237626137
33306635386564643562353466343136303130663234653938653539306134336363393430613635
65346263323734323234653832333066303236396634366361336630306231386431306438333264
64643030613739626363663064343066363634656233313232383564363166343766313961336635
61353361653330333239343761663764353731613938643138396337326330303939646233316136
33623561613366656532353932313835323339373565633864333538333036303566393537366134
31353737376439386130643066353364356363626566626537343038643465613734326237656535
66376365656433666164353836393230633864326535363239666530663061306161326361343532
64633366323539316532633839343066643934613363373530613463656366346138666131333236
32653636663463633632666234386139633461336539326261626463613633656665653334663162
36643231613333323232373639623334303033326533313663613739363730353863353934336637
63326634343332383939356562373636646535666432646664313266353532663637613539643364
33623463333536613566333136646339663761643066303736643239663439323439626534306439
32356338363163343463646565613539356562356566383861353033383961613233663635666139
64333231623030313161393264316462346264613933653737636439376563303765396533383265
66383631353931383830313234326461383265356561616563643638353332396236343031383234
31386438666361303932383435643461623734313163633632373937366137333939376133653064
65336364323264646437363236626233376365306537323766613931616339396665323563343661
35613337393334363931303537396637316137343137393963653637383763383830323762383062
39343031303730613035383633323634323833316335653336343165636264363536303462356263
37646438396232333661626539333738343732396139346334396135396234633161386264303038
32666636626137313564383635623761363931323261346331636632623731336166646262633666
32393534383561656438393161326661383939663835633930383635653236636136663665646163
33393533653363356163373461616135616630653866343139643137363436346138376530363135
35356536343863643834346666613831653161323039653637626662343433366363393831343038
33313162643730626539663961636434386533356631643062333434383762653136323266613561
64626138363466373662386162323865653738393065373063346334393431613132343663303336
64633461636432303433396562656164313933356261363364656331623038393430376437393236
63653031336465646536643464326136386666373037633137666539393634383432623631643962
63323063363537643437643835626562623466373830623136333761636538376235643633333939
31653963373234343762643234656332623561323334386139383461353461656236346361366565
39383864396264386639626631613036666632623764646637313563376536313665373330363662
39356261616632316163636533376637336537643332663336643831623334373731623032613961
34656236346237353237653737386131343166303030313263366231376366653338663030343235
38643533613732313562303133616165316431363562643530316635633464663236363339323533
38316562396533626633636630333365653731626366356335333136396136613232633138393861
38326436323433363838396363373334333064393731663733353439373662623839616666303833
32356139383735373832643632383931646261623830636238353963373933643739346463616534
66656663343962383131646564646163656466356438653732303062343166633463346131313635
65613232633161313435626466326538333364313764373963353766633839626164396134323938
35633164666333396536323566663036626134376432656565336237356130643236313133663137
39633036346433653636656134313036666633393766353662313830663936366534626661356533
39343832653535653461363839616433376431393833613731353539346464333663373739333663
34303531303435363966333965373632386362383439303062316539646539396438306630316332
33613963656364626130633836366331336536323965613266616564376362643033353830646266
39323963393530663133633238643530356566636564336631306364316431373164306262373132
63346135386235353962333331396263663637376364343330303163663432643765653966326338
39613561356663653338653430616564366138383366356435366430316432346533653766383232
39663638313637323966616664303230303933633937313062613230303930616135323464343536
32386564363938373630306539323639363833393834313963336630623839383935323733343566
32656266306134393461303338323361613139373931623039383231633964663863623537656132
66663062633636616638386337383664636634636161616535356539646236373461323039316238
37303535656331336662663566653133336465636466613631373364393935363561343937303030
37343631396539373937336135653066376535356162623261353237626265643035333737326461
63343130376465353331616164643836353266396265663839353331633830366438373866396334
62626330656338393035636163616361383432353536623231373031376230663834393036653237
35383134376361646464373632353664326134366232313539623733373630653334613338336233
303733343761396532386366313439393063

218
group_vars/stage_prodwork01/plain.yml
Unescape Escape View File

@ -0,0 +1,218 @@
---
stage: "prodwork01"
hcloud_firewall_app_specific_stuff: False
# TODO read configuration with hetzner rest api
shared_service_network: "10.3.0.0/16"
shared_service_elastic_01: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-elastic-stack-elastic-01' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_elastic_02: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-elastic-stack-elastic-02' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_elastic_03: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-elastic-stack-elastic-03' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_logstash_01: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-elastic-stack-logstash-01' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_harbor_ip: 188.34.196.240 #server in prodnso!!!
shared_service_gitea_ip: 157.90.169.198 #server in prodnso!!!
shared_service_pdns_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-pdns-01' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_mail_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-mail-01' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_pg_master_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-postgres-01' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_pg_slave_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-postgres-02' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_maria_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-maria-01' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_kube_cpl_01: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-kube-cpl-01' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_kube_cpl_02: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-kube-cpl-02' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_kube_cpl_03: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-kube-cpl-03' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_kube_node_01: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-kube-node-01' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_kube_node_02: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-kube-node-02' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_kube_node_03: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-kube-node-03' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_kube_ip: "{{ stage_private_ingress_loadbalancer_ip | default('-') }}"
shared_service_maria_hostname: "{{ stage }}-maria-01"
shared_service_postgres_01_hostname: "{{ stage }}-postgres-01"
shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01"
shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02"
shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03"
shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01"
shared_service_elastic_stack_kibana_01_hostname: "{{ stage }}-elastic-stack-kibana-01"
kube_cpl_01_hostname: "{{ stage }}-kube-cpl-01.{{ domain }}"
kube_cpl_02_hostname: "{{ stage }}-kube-cpl-02.{{ domain }}"
kube_cpl_03_hostname: "{{ stage }}-kube-cpl-03.{{ domain }}"
kube_node_01_hostname: "{{ stage }}-kube-node-01.{{ domain }}"
kube_node_02_hostname: "{{ stage }}-kube-node-02.{{ domain }}"
kube_node_03_hostname: "{{ stage }}-kube-node-03.{{ domain }}"
shared_service_gitea_hostname: "prodnso-gitea-01.{{ domain }}"
shared_service_harbor_hostname: "prodnso-harbor-01.{{ domain }}"
shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain }}"
shared_service_kube_jaeger_collector_hostname: "{{ stage }}-kube-jaeger-collector.{{ domain }}"
shared_service_hosts: [
{
ip: "127.0.1.1",
name: "{{ inventory_hostname }}"
},
{
ip: "{{ shared_service_elastic_01 }}",
name: "{{ shared_service_elastic_stack_01_hostname }}"
},
{
ip: "{{ shared_service_elastic_02 }}",
name: "{{ shared_service_elastic_stack_02_hostname }}"
},
{
ip: "{{ shared_service_elastic_03 }}",
name: "{{ shared_service_elastic_stack_03_hostname }}"
},
{
ip: "{{ shared_service_logstash_01 }}",
name: "{{ shared_service_elastic_stack_logstash_01_hostname }}"
},
{
ip: "{{ shared_service_maria_ip }}",
name: "{{ shared_service_maria_hostname }}"
},
{
ip: "{{ shared_service_pg_master_ip }}",
name: "{{ shared_service_postgres_01_hostname }}"
},
{
ip: "{{ shared_service_harbor_ip }}",
name: "{{ shared_service_harbor_hostname }}"
},
{
ip: "{{ shared_service_kube_cpl_01 }}",
name: "{{ kube_cpl_01_hostname }}"
},
{
ip: "{{ shared_service_kube_cpl_02 }}",
name: "{{ kube_cpl_02_hostname }}"
},
{
ip: "{{ shared_service_gitea_ip }}",
name: "{{ shared_service_gitea_hostname }}"
},
{
ip: "{{ shared_service_kube_cpl_03 }}",
name: "{{ kube_cpl_03_hostname }}"
},
{
ip: "{{ shared_service_kube_node_01 }}",
name: "{{ kube_node_01_hostname }}"
},
{
ip: "{{ shared_service_kube_node_02 }}",
name: "{{ kube_node_02_hostname }}"
},
{
ip: "{{ shared_service_kube_node_03 }}",
name: "{{ kube_node_03_hostname }}"
},
]
# TODO read configuration with hetzner rest api
elastic_stack_network: {
prodwork01-elastic-stack-elastic-01: "{{ shared_service_elastic_01 }}",
prodwork01-elastic-stack-elastic-02: "{{ shared_service_elastic_02 }}",
prodwork01-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}",
}
# Note: all dollar signs in the hash need to be doubled for escaping.
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
# TODO should be part of the automation (htpasswd -nb traefik-admin traefik-admin)
traefik_admin_username: "traefik-admin"
traefik_admin_password: "{{ traefik_admin_password_vault }}"
grafana_admin_username: "grafana-admin"
grafana_admin_password: "{{ grafana_admin_password_vault }}"
grafana_user_smardigo_login: "smardigo"
grafana_user_smardigo_password: "{{ grafana_user_smardigo_password_vault }}"
harbor_username: "{{ docker_registry_username_vault }}"
harbor_token: "{{ docker_registry_token_vault }}"
elastic_admin_username: "{{ elastic_admin_username_vault }}"
elastic_admin_password: "{{ elastic_admin_password_vault }}"
postgres_replicator_user_password: "{{ postgres_replicator_user_password_vault }}"
mysql_root_username: "{{ mysql_root_username_vault }}"
mysql_root_password: "{{ mysql_root_password_vault }}"
netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}"
netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"
kubernetes_with_awx: False

467
group_vars/stage_prodwork01/vault.yml
Unescape Escape View File

@ -0,0 +1,467 @@
$ANSIBLE_VAULT;1.1;AES256
31376136303461393238366661306362376566633162656530663632323931383566356430323862
6238646639646538623030323539343539373536643932320a386165346361316362386234613435
37663364393734356361383138393335616134633832376661303961326135363238343437303562
3138613734323033340a356665333063666231643238316239353436353062633061306634346463
37373334643530623030303062633862353431666433346266656664306561663565303337663834
62646331626163643136343066383465393265383634313632306264386334666235336133393731
35373836633462353964383265363634326264646435383461363362643162356466613331306362
35333764323363383961373664363566346632653534373763333561633336393830323961666632
65386536353632373766626434323338356632393635663736623333353033376161373234373664
30353133366233636439343166323332366561633262383835363663366132633130346331376663
65343166316464636363343331383734393062653230626435356430356238663634393333383864
39623831363962363161613834373434386565636137323361643730356164393365376662303764
38653163303734363333623165383037346466646231633464363131323963363734326162393736
66343639383161663734613439613736306334623962663765313166383262346661626630313364
65343865363938613730616336323965653762656636323363316139323466613832373165616136
64643838633239623762636531666537636435336331376137323562306666313637663461343232
63656632376237396233363532643334666563326136653435353136653963633761396638633266
38643262313138663263323164373064636364646431643462303036643033653566663835383435
34653137323365376466373833663238353537666463623762373837316164633030366138376165
30336532343961376430326662613434663932633361366434383136623731326366326439323138
37663630346631663565363831663735366432326335376566383232303562363537376339376262
62336331653439356537323138323162623230616666343663643961356262663839626266363130
39356164663733366662393935393164373661333263663933373439353263303036643033313361
63333862393136633861316662353030353662633638643330343234383565373232633161353561
64363164633261386239626539363933353332396636613235353533393833626565633739313230
37363534653363353633653765353263343832633764643937643366326261323063633965353536
30373137303534633832646166623639656664633032356135336163373134323337343261633965
39653264653036386463313539363634623531653064306635373432653464306532613165613463
33623261386439353437636666326430656437346639663236643338393735346261633230376538
36313637613539326662366236653661623565376137373065353232636563666230363562333365
38666137613266653461353739376136316430643931333462323432393263666630656236383937
38363131663062343830363835323033663036356266646534613038303166383534393465653430
31323161633438663833313737373664643236646635393964393262316331386461333263646330
38333366373537326264663333633334303935353535663038343938613831653333346365323836
31356163393432396466323065303337633537633132636438353932303563393063396230393263
31306335643565343432643961383833333761383731633064613564656364363436633537323938
61383430393930383438373433383335343266363062616564383865396665626434376337656563
30353636653330643963613965343237623536346332363533353530353064343065393361393164
30343435393035353832313638656339613266356464373566613030616539376665636333386261
32353733376362316134636564373635316462303236346339303637636365346563303437663039
30383966396262366638393861326166363761643830613861653238373561613866373564353336
33343564333361643137343262626365366462373666623863303662346165653239323732646130
37633963343833613135313663643438356132623165373539323166663330303264616466353539
61386433656663383532386332643131346466623131333739313832646532663961376537393439
62616536313965623839353331663939393439666235333038653734633535623862623630633935
30313561633234306234636430303961353930626237353632633233306539383365396266386234
62653966646235353865393539633130343735303233646137353831633433356165396162633131
38653231626162623036613861666135643065313333636239376432326430636236616431613566
61626661663236373636356661623136333939626564636366663532313062613265383432646364
66313637333338386336363739353235626139386263343265653865663362306330666261656435
64303966373333313736656565343862666166373465356438666564653666653062636436303164
34366162333137323437396663643538383730313234303661353239326638396435383864626466
33373232323662356562316435636339393466633031326463333032363930353065646464613735
31306132396137363562663736366131653430643431653634363362663266623532626230396562
38386162383331393462383766633635373038353561303462643133393336313135623232386233
62613462366462373537333862653963303765303565313663343833653236343933376635663765
34393238636238356234303237623732616362303032323831366338316462333637366165313435
65343861343361663864653739386531323639643832316264373139396234636535343866653966
30643061393437653461613134623833666432303563613738613865383933386138383536353332
39353431383933356536613639613339666538306632643561373833363437626466613262626361
64653365666661353632656635336464333433373832653535396633316364363937353134353035
66303037643532323330303433633730626437316630353637636236663235376636303839346361
32306538623763393533376566633630663530643965386566653764303638373761666533396563
62396230396266626131626463313762356333646530396133366538643965633863313766333332
37363637343335626462333666643362653735336432343635393364613865363663386366623164
30376430313761623236366336363661656634323430666665653739336138363932393836653762
38346431656464653161363239323834393338376264373934663261386565353031323966363361
30363735363132373963643661323030346365333532396665393661323066343563393933643033
32656230373266366137663239333162323732663163636337353438366438366266613163376335
35623732303235343365643533393135643132656330366135353063613165666563303839326636
66353339323133313662393331396536666233643861316634613830346435303237656130373136
36366137386261306335616338333737663139323061626466326136643239346466393961353331
61616538656538353539363737333138343361636634303436376536323435353838303830663161
37346635383061303039656230336336616439633936613135333438353235326666646236393863
33306637343764643334663962626164393734356265303165623032356133366637373130646136
63663532613537396265643837616364616530306631333232313466623465653534353831373033
38633839313863393032646238373162643866303065343236323265336533663732316433666432
38646535383831306165303435303764343238613230306139373432333534333562383963376238
62393664393761623839396161313265343630343435636662626563353932393363363733316538
63666563656462623563393435626165346237356663343132383938626433653063636133396461
66386331643032626562343366653961656631613433396430323630333239636530303238646464
64666464323336663732333861666331613037376232333264336230333965376334333665333537
32653730376561663038396664623237383536636461633032656634383561343438393233643237
30333536373864663537383932323136363830366638346435653331663836613232363561343630
61363435383838633861343838333865616330393661313465373737303737313438623334666332
30363737623362313435383231383333393733333563346166373130633231666130363535393835
62613337343765396134636462623039396665653936393238333430323136666536313233396462
65333565616533376161343633343364393538643963343237326232663362383961613466623432
63363561393132663763373532333761663764313064663838663266396231393365633334356133
37636230633561333863363765383965616537356437613439643136666363656237333333633962
35356366656366623164643536363563646535623465636163613264396436613863366663313530
33336130623032323932613238366166633833623265376234616636356339363938323238616665
37313361343865333138653035306664383461373834643263643363626630326532303162393230
34336330306637636637633536333633376361373161383038633661646130303439373565636465
30333230316166383439653235653464353165616265643961373431623933623432306636313463
61643937306266626132396164353361336437623434653339663630306135373532343839613661
38616330363066346135343433643462613931343361633262636539303737353334303536376463
33373065643231653236333939333564313039316238613831393163636639653237336163353663
62316634323933343330633436643033616365363230306262653637346538663038643863323562
30333662326138363934306264313534343732653734313763356438326632383737393662356264
33343034343335663030313032363533393136336135633863303561656634316437366236616466
63353062363537356633663033633136383664623161363466653730373631363261313630646336
66313762306466656230646338383737376461663135366532313533376130613732336535363436
31636537376661386233316161323031343830623734633163396234643635666434383261623635
38633264383939303630313235373261626535323261323464633134643135663033643366336639
30653239366537313564623131313636336535373663643836323461363634306637663539323365
65393337393435666337646231333437316637643934663337666666393930386333616231646664
65356338386163626166613632626666343635313062393233633033653966376566336139633937
30663438633032356463616435663562343865333035396436633034623037653563626536326465
66303466313536373562303833386334646233313161666637353163383830643636363432633562
65333337343066393733393631653732613139393031343866306239333661376234623333646233
31626537356166373938643438653262643236393238303562393538376331613162346235396633
66623731643261613363363962383563353232373933643339323262626236333439343439633636
30346562323331633061623035323236383136616635343865656564356463326563653264653734
33356163613361383835323537326630336630666232353232383334646334333762636231616266
32633565376466323162393931383236363061306361326663373738373166303239333030326530
61323331373765363839623261633261656261633563343864613635616537633630663737623762
64373032613962653763316234396431383131333963306666613336656162343566306163353565
32643038333033616139303737623337626366323964656261643831313334356332656339396536
33656563613463383236343037303963343264656234393237336261356638326262616237333866
30656365333865353032646239393930656564373335623734643961356435333761383566653737
36616164313635363134666161313832343961366162373933373738316230636539616435353435
38313962383066376432633235623665376430616364653766646537636336303435313231613631
38343262333233353363646361306435313030653133653861343765313261313730396564633337
61663037633737646433386333643362303337303538366137623139313462383736373363316632
32326364653936643639396636323565313864396163353334616238643964626633386234633662
32356533373362646632623431393436373630376335373465613232396536376438323039346666
66346362393234383332633736653466363434343833313764663066633136373238316230613561
39346461323433623238656263623834306235383761363435663663666266383766333061616262
66393730616632636531333165383235633132306266363766363534653339393834616639653832
36613530636430643062303637613339646535373562356437336530393665316130626362366538
39363730383330613638636437613334323530353037316132336461333039366638626139323363
38613630663834323163373163633664363633653530663037336565366433396333616363636130
38646131323061616164626532636266373366366564326639323536643638333764653266383737
32363636663561343033383865373636643032643938333465393364663962303366343835616330
36343132303262393233343231356331633762623261386166373632346237396633353430346335
31663737666164653539386435386335636439373338313262666534333737326535636466646462
35383838353466303635373730303232623834616462303462396634313734643861376262366463
37313438663235363439663737373866393764613663643130366531393337383734336638373637
33666436646161366331656239326535353466316632343331383863623430613063386132636132
30663036613133346632323233356563626236663435323165616630383330303933633232336231
62626233363032333465356436303063626535333233336166633334346665393037666533373334
65333138393961356665363232626632303734626364653633613334663937316639383566346131
64663937383939623266306338373963363466363337623632336636633134623631636438613935
35376536313230323263656534376162623063353037633264356162373961623836633634373366
63313736393466353066333939663936313730636137386562653831373433663236333530663362
37333634633134666464316336643661643664363631626631623537393033623964613861326330
36346238313538376565323037383263356630626266643964663161636465343733373837653635
32616263323361383337313434353530363038303635633763343738623838336637333163366130
62316362326237383133303862323934396332643864313166383661303862656466383362363133
63663966653861643266663866383963333663346332356439323030306230633164623863333135
30356335393033663139633531633937386364353166313963333436656238663431323964323735
36306533633832393538303363623239316263343031323336313735333133373766313665623261
61633164326238316536323933396466383165306234646662656661353962653032386339366236
30616336646262323139396165386336373262633639353130613932656434653632336135373664
34343036373233353538616562656166333236353133353761313838656461303764396630653765
35663238623038323931653734663062623434366465306233633435633266383030373434303962
62326230326539383533343036633366386239623464653338393338666163636630376662313636
63393763626237313539303563323139343332343933313530376666633238323635366136323265
39356564643863313765666465343466356165353065393964663238656464613738663931336366
66353164353836353836363736356663363761366466383538396331346166356466333634353933
65326539653264376432356261343965313665646166363139373132333334353530653034383530
32323434316436636461646632623635323735656332346439613533643031326261383535656165
62386632633438376639623362623532333036333136633332393061633831393564616164386333
36323036666666303931666137356131353339626234316361373432346661303232396265623336
36363137613562663865393135643639396361373361393566356336336432666466643831653239
61363662363733383664666535303430323336313930663361666533353936353337636664356638
38316438343364626462623237326164333636336333313930626266316132353762653537346537
38363064316530643839343062333636643830646239616435396433613836613835653537336139
36363033386662653039393539623436666162613562616531656430386561393731346162396461
64646534633132656533363734643063653033326563333131373338313833356634656334363266
62376330336365626137363232336331366161373231373133643335373263616630333465383234
63663065336165386635363631343666316365643963306531366261626161656331373236636637
62303032663137363363306564333864316535326564636464396430326439633436356336323665
62666535626265323833396137633735633631333631633638343433323031343439633734303364
33646664353733313738366662363132343133643939383733323134363062343237616330323866
37343932346137663339346334313930663734363539303933356534643437643161303134383163
31313465396439306130363534303733643834343234643837303462303866616638643937353830
39346136663166343333316565653039363833386361636465663333636534663066653966303635
37613931623332393031396538373634656139363666353061336634346134303834376264623530
31376432346437323566303761333266626264336232636131656133383763366439323064313263
36363330656537356262353933323733393565336461316230613732336438666432346530323465
65613036383830616335306163633536306562613637633934353062356165303935653636653762
36383164643635666563386466663039383339616533643139303664396531373735363661623766
65323738303430653637303566323335343836333466353930623830346365336565313035383131
39386633663832316635373066613466633930613034303530313035366237346631393864393132
62313662633030363235343437353537336432336361376166386435363635396130666639353166
35386535313066656234316331323731616630636635616561653236646466336165363434346131
31333632643364663331383336343136366363633537663365386534653463366561313234363636
30656332663064353937373333626436613934653834643265343431393563363932396538303930
64653839666137616631656363313464636531383065623566626665656234373534653330613962
30326138623630396264316634646636343262613638666634333134636638643631313237323964
63363134363435333662386139653564613761366533323036633462636236376237346663613039
34303339326136633366306338373362356136613732663666326133343562323638303661666436
34396561313930363934363936393839383432383538636464303232333266303863633137663235
63303939333931373934313764363263343431386234323734313563313539616238386434343336
63303433386337666331643862343563666235636132623033636335613663373363333032636135
64333664373961346361336163373864316437656163383336326366326565333434386465306565
39346334656266313735346539613365353565313234333164643732343735613935636137363862
36303635343966613163373336313238373133396461313962333465623566643237613264633235
30623161303435323439376638363930376637316631633064366430353231643934623732663236
63613262333866393137626430386232336230663262356333643861393765623865353136383036
36626562366134356331643032363633613834316563363163666131666261616165336464396135
63343066363563623861636462376134623832373230386331376135313463643232306634313038
63623337333465313264653137643366393934646661393931343966306235323966626235633063
35616634343433323730386235343863343333646333386664623365633331373832353661396230
37643333373966353238363631626366316664343030663766663265383262363161613337383537
34663261313564643763363734343736656466373862366163376138613031656530373134626337
38633364323330343236303634313139623231396137326534613039393064643565373764626563
65653830316261663837326363333034343438653965666561386631663066313134326235343239
38663739356337393664656566346163386533663761666636393235366539363039613333653664
63306638386561393362373762623637326465303234616238313931353261356366393166376562
34636466353137353630306433636330316631653237663630666337313266373730636533393036
32376363333761303238363136323933653432383138303363343732393661616633306463336566
65316566633630363963353939343261303338363534393537633133333236303837343062346435
63613566386663383034373766366361336131333364393761623336363132386537383432656335
66653466343262343266333862303232633661373561613235316136336536353534346461643134
30623561666438316136313030363433633066393438356461363161346564323738613336643932
65333162313966643232343163323231313530383533663465633031656464323866306239396661
36643739386131636633376538623831343538396636626262376564393363326363643133613065
36636562643139393135303135343737393466333533386333666332363437333933333131636463
31346638303036326433633539613934633933313232363735313565353462646237626462363636
31326261336232396539336161663239393034663665396331363636383534353933653033656337
62643963636439383166333362323965653938346465396430356130333734653537313363303462
37323961323232303865373332646631323466356632616161326138656664656632333630326535
64663733323336663531653964303831353264663863616232396337646337346166353238363965
39346262643333326666323863643033646430373230303535353564626536666634663135653365
64636233633761373037323431316436383862633062333332343137386330333932633538303732
33653737643366393561363531626235373761333836663063613063343730323037363839643333
39613631346364353139323661366538346136333034633165653330616434613736666131626137
33336332393432616135656134323936373362616331393937376338393037643539663934653361
61626362623139363532623062343831373932633766303366303738656235653666333431333234
38343934363037663363326631333230313466306636653432313736363435383963343662323332
36316637396661653665663535623333326634393966306336393336343536366438386662333431
64653732616664663566386361373636353865333238313032353533373661623164633530326131
31366565336435643938393461643431636634303932633831383261306636626234333366366563
64386636326535393462306639636537306161613530386238316638386263653630396262626165
61653338616530356534613537636566643265646431303734326334326232363462646631353739
34343939393662393635346361366166666139333765653866356238633964653739396365613234
38383666336430383334313265373233646166616230636363626264363961643362383063653132
66643765623366623438343061346435323936373635633130306535333661396232396434326562
32383562633533316132346565373832353365306463626362613066653433316133386562373039
63373432663364653561326332316563323363373937303664343166383263616230623030393362
32373532656636333061653963383262663339663562393962303336333433373136393564316665
32306262306330393933626335616263343964633938303238386437366332306166353533363966
39376663363734373238343363393239666535353963346633656338303336353935363930323333
65653261363536613436306135313236623537333539616530343639366638356561663364363366
33626666333164633030353563353836646665633561323038316334343736376137393933623731
32313237653839616263306232373861643266303364373962636534303065613438313062336466
34613762363232613962313364616632353233623836363638353464643136356638643330373538
32366230393131376234383438303938363363333434643534616566353635306265346239323763
34616339616538336264643765626631313035383839396232663631636634653137396533313933
30646134303332663135623538663637396133316531306538333465646165396537653133386132
62613830363163643532373261613134366536636365376238323631346166393437656131366435
34306263303938643963393961616134376163326639356165343332663835376239643463303032
39353635333732613964653033643036306166303139383937326361363131333532363532633834
64336238663932643832383462636130623766363835643834623531323738613863313838316561
32613664616334373133633037643236663637333565353961393535613636336436643766636533
38393531653338353563386462306534626238346262643161363934636339396135323937353135
35613131383564666263363763393339346239636538333464623361666236653235313836373237
38323038653233646539383562396332363161333263383632336638663766636439643834303132
63623335313239616138383633323036646131626433646664613762653764373063393531353239
66313534396333623837323934353830396232663235393866346664393864393535323233623262
32336661353635326633346236653265366637633335383066316261363032316231643133646563
36656365353938646234626562303461333166323231333964393262396363323138363464316136
36643331343432643266313939623838356332313262333530386665323934613131313330656461
37643961343334386137316563306565376438373165343863346638333531363438623235633861
38373363353031313937346364326534393031646533333362363633396539643030353862643364
33626634373435383061396666343337346633393366343331323664393335393431326164326137
34336361623062653636336566656438353639343334326263393666326133663863323032633061
61393466383039396364343237383331313138383465343630343766396563316137623662653439
31376530353532656262316232376564666362353631626339653162616530303561373932366563
35393465643161323134613237363264353235663066376461343036313131303837313562333332
34626132363439333963653531336265666435333636366133316261623536343834336136386361
66353031316437333765633532396233626437633937316430393765646566316164626132613837
36363037633239643030383163396631343932613834353338643765393364306332656630653364
33626637653830343866653335626464663135393266646365383562643762643966633631383665
64383836323765646165363032333466306363636631613266303738663465393837633734373535
34366439383762386661333730333666343239356135353234376636316465323337306436643335
38343932303336626439303337646566646534313832353835303164363061366138653633343064
37326461616630373533376562643038333433643061363432373739343434663461646363633237
38343431653730613661616365663762316134636237623233643166353763633263393330346461
36303039313065643438656237396234616435333431316661343539326638633134336666396461
32306331346236383165383961376166656461653734656231323130626639313164376666306235
36653263353232666261613735653161366634373766303466333463353462353835646162316365
63333939636630343332376331303831386562646333323738623037626562373664643631653364
32656438313231386362643538393134623361636163343763653038626564343431666639373334
62353436383938633733366635663238356164316563396366323863646565366436303165306534
66366139306334373238303036353839326436653332313962623439386433383231656263333265
38613162383830346330323561306535346330653835393536353961303535396361356532303438
32373331636238326263326366656338666562643839323834353666333363333561643838663266
33636135653238303535636637333833323461373435373361656132343430623566383534393931
34393534366331313939633162333662666264306634643066333061653439383961656566653039
66356138643734346237643139383830653933366334313137656439353765326238343138396435
61306234353563376335343661363363323239613531643532383530373666346630616131386338
37663531323536353833383431376336623631323963653065633636613263663238326235636438
62656563363634616535363761626165383234373431333662393635653831313539613137633666
32653763356632666462633538353938633261663235313862393239383462646665616165636439
61326263646136613739626336316531383137313566323730356439653735623336636437393462
63353930396239663731333463356337353136306630633764316162633764303265643039663963
35353664613532326466636365643861616437333432326461336365646366633537626132613235
66366531306364373534393233363632323563316166663933633233353165386430333938386465
65623038373139353633353034313132306266373962373633646133656462353337383235373433
36643665366533373635613833383962396136613836623135653331346666353064636438373932
37313166356436336333323038343734663538313265333030636363356633646433363561663862
61663635643761613166396331653761386165663038323438313861383637303363366364326630
39386461393832633338373264346335633266303765336639643833613265636133363739366161
37366235623637336165636565326232303633653733353635383833363564613238323835313030
35643566623635616532363130653262653135366566366638653263643464346337356363303738
36636638643036333135383262373839356331373062623830663835653833343439303937346138
38616536326564643933363965626335393430633062333830656561633566636432653663663036
66313837393364316631306334653439633232626330623834313935643366633662316263343033
36316562323963633463386366616537613734643631323163346536643636333163333430646662
36633563363338663238613163396338383362633831333439633933363964346138626134353766
35616434633639333061333364336465336533396636376634303736306535313563616565653135
62353038616135636139393335333662643765653465393239323231666563653165383039313834
34313966363162386539316238343632313234313931346335656136623434326132316536373732
36363261666430336662643665346532323361356134336364663431653666363765346130323430
61386631343962363935363538346536363837363764663664396163376466303663343137383832
62353933323261313261376532303837306232336263386162613565313966336564303436313639
61396133333661626138323232636439616234336434633134316662343334663166353032636463
63616238356138306164346666346235396533653635653031653964313839353435353963396332
65323735386461313134363137333732356138643335313737623330366265383861313564373066
35393966363132346431323963386631623532663338343334383930373433343631323732323031
33373936336462363933306261646263313165383936643335626362333263383035336636323666
35323531636635303936376664643730623333633634373931653137616130343462316132326361
64626664383562386165346235323038613734666235386463653133613836633335613866653532
33373930356662616434323030636231333966643866653265663265303430643639313330616539
31323239343938376239303630653636613565336361336332623966623431303231313666656161
30333233616639336636313436663361306135313132636631663865636663636431663536633732
61303764663531373261333938343966633162313137386231643937653634616635303562316331
39643862353965323337313232613030386434383237653061343634333062376166353662336431
39653730393762613466663466656139346366393137336263646234353337363136346533343638
63393265363430383431343233366333363433616362653438383663353436356464383632653863
39623730393331333761386136623866623663333737316331316337353962616533383632366562
66313566343932363266613466646632316538323766303232343336643036663930346466376633
32653831623363646539333633346538303131396630396664303134623061363061613538633836
33613630613335326137306131346135333633353832373238653030353737356164663937336363
37383864643164353862333437643138383631363238316664643535386238333932353634643933
64643134366264353734316532396235623139656231356463343765383762373666643464343965
61363562373930333061363731313066396661643732636462323535383636623337353331393139
39373561636134373733613733633566643261383934346535376261313662373932393436316266
33333562313862336537353633663837383762663238613664663034643134653632333065353063
66633832623335633634326130346634656631626339313936336234393464306462333764326232
62616363613533323862313363346134323639633066636565623031613939633065316133656437
36376563653763636566613533346331303366613863666138616335313838656331353134313133
38393966643637303835353162646131363865396535356461366466616137333162396566303666
33386431663333356137623337366430356463353866376638376262393738636537353738623130
31633438313238653035393861653062656539326534343139663461303964623937646435303861
31656634383934373261306664333465313833616362396635616365343662383261653131373962
31316662393161323765313336623234653165653133393830363561653539656665653630336538
66373037376365366134653232386431393334316333376465633462623763383130383931323133
61613262653434656562346265353663623937386336343337303166386334626561303863376539
36373636356338326537393935333730366364336239633035633561363563666134633161666430
66633263643164396566643561626633326532393434643164366465626561636437343861653962
62656134383038363032346435333762663564666264383866623865303832376136623266663363
64393931303066663733303161653137386432346562356164306162313266336334613233633965
30336135303935626434333036343765666433313938643337353138633736373564343261613966
33336537396633613933663232666663663135393063323136666536383161323061333263396131
66376362353039613431343366316639323438313866636334633261343630316263313431316664
31363939393835346437366635383537393438623536396637343930633461326530383462356139
63306334306637633065613365326139353932636336376534393962323764633931393633376163
38616131343661323038646538653037386437626539383233663138323262643162633634303930
66313031663234356539386666336263356366653438653134323334333932623263313632313136
32613238336137316331363135393339303332636262643561653030333133336265656134323064
62663761666162616534303333643235363762666539623666323135303639383461633564366432
34326435653730613462363635313664656139306663633836393264626233623035336164333463
64363738313761326432353336396633333430303236653930643035336533613532626331373565
35393361363536316431313661366633396365383134356232383030333538383930373533336137
35303033386464643061396238363235373634633430346461363331343263323130343637343963
30393539633261326139383332613036353938613930383162346466393930366331326133373438
34363436313331366138356239326336663537393139333530613564653936396335393236356439
61633561353962353665326361643638333134653631383762656561363664303839353266306264
63306135313030363664373534636464313264623366616465373738323663306666653532613765
30656533656462346234646462626534306135633036653666633737613532663466383334633063
32333565636632393930663966613962626237626135303963613434323232386136303635333766
37313038306439616265363435356362313261663237353934373763376439326364666137623630
32316563303065613564353636646333313931373263373334383264336239336632653763313833
63623633323061346131653664343239333061363235313839353762346533393462376139353135
35333034333364393763336530353532666331346263396334313934353539313333613864646138
66356439386533613036643830656236636630303336616532633438353734376561326335643366
66613061396630343264313361333365343638343865666530323761343666363536386364313333
34663436386363613338656363346665396432666261313066376262346662306135383934633262
37613232306130323764303331343161616162643466383038303630366637616266376539346361
32316234386232653365313862353037316331663139643463623561656638336164373964653032
32316537353831346663613832646662643338653737336439333566656233373166333934643266
32313939363165356531353861343366626364346436366632666537393538373737316561623331
37623761363661366339393232643137306438346631386237326437323234316234393634373233
31366563313036393963316264343061353330623437633131353562623063656230306133336663
33353161366137373061623232633933373064626335663639663932303730666338393933636636
38303265323139333263393338316637663138616333363165313166386630346133306138393761
37353566643338663963663638653831666335343865383965326531343533356534313039306331
65633166366361373961633131663830643936386539623830316230333661633965336233333537
65623038336464373334626430623438353034663935623866323539313965373166393739663830
63646137656135333064343161393734343532393237656164343535656564633335633038383739
64356432666264353865383633363037376161326464656433383631323761613134356665633138
37636664623635303661313930363564376132626663316162613339323935633239303530633331
35343261383430666635626637386135656464653366333631633763666164353665373235373832
32636336666261616532303530626239313239366333643035326132333966333133306135393439
61663661366632363431626531363534366236393361343839613962623637316164623639653765
35353266646339326230366161666431376365383530343039616262633166616631623537396137
31333665366636333961363962383639333762313066373633306532343066333534376232313263
30386661633136326332623032623139653562633564616561616636373932386165623461346465
35646664633131333633643863663066323263393838376434326461373535343337396466646432
36656630353364643033363962666565393239616461386663643539353336663935633966626263
64356438626238333937386139386138333739363436313031656165623537653932353037393537
62303431663735303937656630336630386332616265316532376461376466666663333962323666
62393365663339353536626662303338653830613537646365613530653066363837623631633731
30366438333339373534326632373830636363343338643233663934326539343433316134336131
64323530643737633064663031313765656565613931313166643434353838383134313965666464
64373665336332353265373261653030373164316233646439336365336136303931643034313738
35333535613631353935343561313234383763316564656665356162613763376137383533326338
33336638643062653033633331666263643964313263376363616330363038383530663138653536
66376335316438353362626436633831666334386230643566393463343164393331336332393738
66643133626230303831623430663636626132313435636264376465353664626338333466396535
36643032336431343132313337326165316436363263646465313163356530316136363362306631
63633564376331343031313730613331393864633634316462626164633839393432383130373430
30633532666563303039343366346433353738626237666166653930346533306662366365356339
63306161663262323538633133383664353561343664363731633334356234316132376261643761
64646332326537383563663039373261313933656539336164643438373763303261326135653463
64656236623166613132616535306630366261316434303234333139313938316135393766386233
36313134663764323530333736306465343066383137353835383130303230623037646634616666
34303438653530386336303237633934383938373333373535356165663566646537656536336466
66616462333435666536613934363633316664326462623635366531386332366239653963383437
30633563613262643330323237663664643533623531613665306135363463656163376134376632
65323263646137623639613861643838346665653139623164386265613165333531373831363631
65643734396339633264323966356131393166626530646561366138313131666630353739643165
31333437643461356330653135333036663363313666323736613231393030353834343465366562
30653565303464316632633237396662323463626463353262343234343730333331333638616663
63316563613266303762303236386663623166393035333233353666666630366266343466663939
31393336653133393537336334333163613165376163663931383930336532303030663738666438
65616330353063656566386634323936343034323938303562366632306338613338636266623732
65663564343635353635333939646330666565333939336664356464633232393362326631333832
32313765383963323963306362613036663566363861376232643033366636643566376631353661
36323865623237303966373732363161323064363662636364366564633235343131623265663035
38343862613039363936336265383034633138333164613434653766666131623737666536623761
38613963636162393239323034653561333234643331626163643363316264333365633066333136
32313635386664343134663632613333643331646131636663643162333231343563316336613332
36363962343763346161663664663333613636653733623965663662326435393134613364376233
63306439373536656332313233626637393037323133666138623662353132653166366161373263
66626131643133373665356361326236656165343339353030656663353230613931366261396363
61663636323133346362333630666634393530323133346435653735343134373237363034333635
35303663363837633139633038653932376139396239326134336236653263306662353639326630
39346637356639303265326234333866356431373439313065366634663963613961353231363138
39323137653433346638653836393032613263303430653936653330363566623866396634326664
34353833303566313635346138373365663133363030653861643361363831333633363933663337
63363165343661363964363263623936393466613465623366313565343464376566356437326463
33623861616134343835336533383235363139336132663936346537393030653462656461653261
35306561383433383439393736646531646162313734383630373763383161393463313734346161
34303961373239623463333933333165336164623964343739623935623832623436383139333137
34653734663430653062353566663133323634333932353933643262346139376135646162383034
35613537313861383835373733396637373235366264373766333231616531333733633332396432
63323462363437313366313632333133656166383238313464636238663638343831383635363764
32323366396663376635653664623062346535653465646634646432643938383533653039653661
32303031333332383638353831386362346634613062323530306432353437343634646362623566
35313934323439393437633834343162616633663733353032396136313766333031643538613439
63383035626161356232333430643438656433306330303138613833303934393466343666343238
38343835656265306330366535376430356333636262616535626564363831383034656464393165
30653635646164653963303930626437633937393838663165303763376632636132373264653935
34626430313634303534356236316662383539393239346234636537303661633331373734363264
65386563353737636130343061636364663836663030383838623731396662303663656161376665
39666336393861383962393064316263666331363234336331633834666230653661306361333663
32313333356433303939623563396664366536343566343535366161346135356263313932363535
30306632336239313733313138373839313334663034396438613365653136353534366134393865
65363533303938636262303166663438643063643062396633663364646437306235366164306332
3663316534333861663435383939393134643738323661373839

26
group_vars/stage_qa/plain.yml
Unescape Escape View File

@ -58,12 +58,18 @@ shared_service_pg_slave_ip: "{{ stage_server_infos
| list | list
| first | first
| default('-') }}" | default('-') }}"
shared_service_maria_ip: "{{ stage_server_infos shared_service_maria_1st_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-maria-01' ) | selectattr('name', 'match', stage + '-maria-01' )
| map(attribute='private_ip') | map(attribute='private_ip')
| list | list
| first | first
| default('-') }}" | default('-') }}"
shared_service_maria_2nd_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-maria-02' )
| map(attribute='private_ip')
| list
| first
| default('-') }}"
shared_service_keycloak_ip: "{{ stage_server_infos shared_service_keycloak_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-keycloak-01' ) | selectattr('name', 'match', stage + '-keycloak-01' )
| map(attribute='private_ip') | map(attribute='private_ip')
@ -139,12 +145,14 @@ shared_service_management_ip: "{{ stage_server_infos
shared_service_kube_ip: "{{ stage_private_ingress_loadbalancer_ip | default('-') }}" shared_service_kube_ip: "{{ stage_private_ingress_loadbalancer_ip | default('-') }}"
shared_service_maria_hostname: "{{ stage }}-maria-01" shared_service_maria_1st_hostname: "{{ stage }}-maria-01"
shared_service_maria_2nd_hostname: "{{ stage }}-maria-02"
shared_service_postgres_01_hostname: "{{ stage }}-postgres-01" shared_service_postgres_01_hostname: "{{ stage }}-postgres-01"
shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01" shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01"
shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02" shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02"
shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03" shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03"
shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01" shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01"
shared_service_elastic_stack_kibana_01_hostname: "{{ stage }}-elastic-stack-kibana-01"
kube_master_01_hostname: "{{ stage }}-kube-master-01.{{ domain }}" kube_master_01_hostname: "{{ stage }}-kube-master-01.{{ domain }}"
kube_master_02_hostname: "{{ stage }}-kube-master-02.{{ domain }}" kube_master_02_hostname: "{{ stage }}-kube-master-02.{{ domain }}"
@ -192,8 +200,12 @@ shared_service_hosts: [
name: "{{ shared_service_elastic_stack_logstash_01_hostname }}" name: "{{ shared_service_elastic_stack_logstash_01_hostname }}"
}, },
{ {
ip: "{{ shared_service_maria_ip }}", ip: "{{ shared_service_maria_1st_ip }}",
name: "{{ shared_service_maria_hostname }}" name: "{{ shared_service_maria_1st_hostname }}"
},
{
ip: "{{ shared_service_maria_2nd_ip }}",
name: "{{ shared_service_maria_2nd_hostname }}"
}, },
{ {
ip: "{{ shared_service_pg_master_ip }}", ip: "{{ shared_service_pg_master_ip }}",
@ -290,9 +302,8 @@ harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
harbor_oidc_admin_username: "harbor-admin" harbor_oidc_admin_username: "harbor-admin"
harbor_oidc_admin_password: "{{ harbor_oidc_admin_password_vault }}" harbor_oidc_admin_password: "{{ harbor_oidc_admin_password_vault }}"
postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'"
connect_image_version: "8.5.47" connect_image_version: "8.6"
iam_image_version: "latest" iam_image_version: "latest"
management_oidc_realm: "management" management_oidc_realm: "management"
@ -356,6 +367,9 @@ argocd_admin_password: "{{ argocd_admin_password_vault }}"
argo_keycloak_client_secret: "{{ argo_keycloak_client_secret_vault }}" argo_keycloak_client_secret: "{{ argo_keycloak_client_secret_vault }}"
argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}" argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}"
awx_admin_username: "awx-admin"
awx_admin_password: "{{ awx_admin_password_vault }}"
netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}" netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}"
netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}" netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"

1340
group_vars/stage_qa/vault.yml
View File

File diff suppressed because it is too large Load Diff

59
hcloud_firewall.yml
Unescape Escape View File

@ -47,11 +47,6 @@
loop: "{{ hcloud_firewall_objects }}" loop: "{{ hcloud_firewall_objects }}"
loop_control: loop_control:
loop_var: firewall_object loop_var: firewall_object
# set ENVvar awx_related=True to trigger playbook part
#
# needs to be implemented via switch due to potentially missing nodes at first time
# when playbook was executed
# #
- name: "Generate awx-related hcloud firewall rules" - name: "Generate awx-related hcloud firewall rules"
block: block:
@ -76,21 +71,59 @@
name: hcloud name: hcloud
tasks_from: configure-firewall2 tasks_from: configure-firewall2
vars: vars:
src_ips: '{{ k8s_worker_node_ips }}' awx_source_ips: '{{ k8s_worker_node_ips }}'
loop: "{{ hcloud_firewall_objects_awx }}" loop: "{{ hcloud_firewall_objects_awx }}"
loop_control: loop_control:
loop_var: firewall_object loop_var: firewall_object
when:
- awx_related is defined
- awx_related
- name: "Setup hcloud firewalls for database backup stuff..." - name: "Setup hcloud firewalls for database backup..."
include_role: include_role:
name: hcloud name: hcloud
tasks_from: configure-firewall2 tasks_from: configure-firewall2
vars:
awx_source_ips: '{{ k8s_worker_node_ips }}'
loop: "{{ hcloud_firewall_objects_backup }}" loop: "{{ hcloud_firewall_objects_backup }}"
loop_control: loop_control:
loop_var: firewall_object loop_var: firewall_object
when:
- backup_related is defined - name: "Setup hcloud firewalls for gitea..."
- backup_related include_role:
name: hcloud
tasks_from: configure-firewall2
vars:
awx_source_ips: '{{ k8s_worker_node_ips }}'
loop: "{{ hcloud_firewall_objects_gitea }}"
loop_control:
loop_var: firewall_object
- name: "Setup hcloud firewalls for keycloak..."
include_role:
name: hcloud
tasks_from: configure-firewall2
vars:
awx_source_ips: '{{ k8s_worker_node_ips }}'
loop: "{{ hcloud_firewall_objects_keycloak }}"
loop_control:
loop_var: firewall_object
- name: "Setup hcloud firewalls for kibana..."
include_role:
name: hcloud
tasks_from: configure-firewall2
vars:
awx_source_ips: '{{ k8s_worker_node_ips }}'
loop: "{{ hcloud_firewall_objects_kibana }}"
loop_control:
loop_var: firewall_object
- name: "Setup hcloud firewalls for management..."
include_role:
name: hcloud
tasks_from: configure-firewall2
vars:
awx_source_ips: '{{ k8s_worker_node_ips }}'
loop: "{{ hcloud_firewall_objects_management }}"
loop_control:
loop_var: firewall_object
# end of BLOCK
when: hcloud_firewall_app_specific_stuff | default(True)

7
host_vars/dev-blackbox-01.yml
Unescape Escape View File

@ -0,0 +1,7 @@
---
docker_enabled: false
traefik_enabled: false
filebeat_enabled: false
metricbeat_enabled: false
monitor_port_system: 9100

2
host_vars/ext-bdev-demo01-01.yml
Unescape Escape View File

@ -2,4 +2,4 @@
hetzner_server_labels: "stage={{ stage }} service=connect tenant=bdev" hetzner_server_labels: "stage={{ stage }} service=connect tenant=bdev"
hetzner_server_type: cx31 hetzner_server_type: cpx21

5
host_vars/ext-bdev-mpmexec-01.yml
Unescape Escape View File

@ -0,0 +1,5 @@
---
hetzner_server_labels: "stage={{ stage }} service=connect tenant=bdev"
hetzner_server_type: cpx21

14
host_vars/prodnso-mobene-cusprod-01/plain.yml
Unescape Escape View File

@ -0,0 +1,14 @@
---
wordpress_image_version: latest
connect_mail_protocol: "smtp"
connect_mail_host: "smtp.office365.com"
connect_mail_port: "587"
connect_mail_user: "{{ connect_mail_user_vault }}"
connect_mail_password: "{{ connect_mail_password_vault }}"
connect_mail_properties_sender: "Info@egeld24.de"
connect_mail_properties_sender_alias: "noreply"
connect_mail_properties_smtp_auth: "true"
connect_mail_properties_smtp_starttls_enable: "true"
connect_mail_properties_smtp_starttls_required: "true"

10
host_vars/prodnso-mobene-cusprod-01/vault.yml
Unescape Escape View File

@ -0,0 +1,10 @@
$ANSIBLE_VAULT;1.1;AES256
63313634313235623162373139646237316436336364376237333463303339636135303036323135
3339326265343539663634353235306436383963666162370a313862376337663239663162396163
38636336646465636339353032636161613034363434346436326364653165323632303666323464
3162336233343635380a626664376232653734316334383561333963343266616163356430653361
32353934613365303464653938626536656337363039326237633835643662653032363633653263
62333935353365653039383638353266633632656638346332633563323566306532336538336462
62386634323937626662313964313933616336323935616231623637363663626231356533303063
30326266363334643431336233376462303637303863656138333763633361346335643533336134
36363231376638376433353061343334356238313464343266396537663630363430

14
host_vars/prodnso-mobene-cusqa-01/plain.yml
Unescape Escape View File

@ -0,0 +1,14 @@
---
wordpress_image_version: latest
connect_mail_protocol: "smtp"
connect_mail_host: "smtp.office365.com"
connect_mail_port: "587"
connect_mail_user: "{{ connect_mail_user_vault }}"
connect_mail_password: "{{ connect_mail_password_vault }}"
connect_mail_properties_sender: "Info@egeld24.de"
connect_mail_properties_sender_alias: "noreply"
connect_mail_properties_smtp_auth: "true"
connect_mail_properties_smtp_starttls_enable: "true"
connect_mail_properties_smtp_starttls_required: "true"

10
host_vars/prodnso-mobene-cusqa-01/vault.yml
Unescape Escape View File

@ -0,0 +1,10 @@
$ANSIBLE_VAULT;1.1;AES256
34656337303930343532386532646463353864653937633637303733346462666333303034323037
6633333162376661313838366334313034336162623164630a336132396361353431386135303439
38383366616163363865366137316238666638383263326430653236383532303232636531323431
3563623830303665610a356336363438373938373863663738633661616366323334323661346666
61343632663635376264356263346430383236663363373331613639323065396533613635386531
30646135333638343461386436663763393663313266363434623837373562636166393033396163
65356633383732313034363965353162323230353263373537656539336364383935633436633334
64633461336431353532323939303761653534313134326335363732623032306161653437353330
38306561643033373033313963336164383235653639386261646134353237313639

3
host_vars/prodnso-mobene-nsodev-01.yml
Unescape Escape View File

@ -0,0 +1,3 @@
---
wordpress_image_version: latest

1
host_vars/prodnso-postgres-01.yml
Unescape Escape View File

@ -1,3 +1,4 @@
--- ---
hetzner_server_type: cpx21
server_type: "master" server_type: "master"

1
host_vars/prodnso-postgres-02.yml
Unescape Escape View File

@ -1,3 +1,4 @@
--- ---
hetzner_server_type: cpx21
server_type: "slave" server_type: "slave"

3
host_vars/prodnso-prometheus-01.yml
Unescape Escape View File

@ -0,0 +1,3 @@
---
hetzner_server_type: cpx21

4
host_vars/prodwork01-postgres-01.yml
Unescape Escape View File

@ -0,0 +1,4 @@
---
hetzner_server_type: cpx21
server_type: "master"

4
host_vars/prodwork01-postgres-02.yml
Unescape Escape View File

@ -0,0 +1,4 @@
---
hetzner_server_type: cpx21
server_type: "slave"

6
kubernetes.yml
Unescape Escape View File

@ -28,5 +28,7 @@
- { role: kubernetes/cert_manager } - { role: kubernetes/cert_manager }
- { role: kubernetes/external_dns } - { role: kubernetes/external_dns }
- { role: kubernetes/ingress_controller } - { role: kubernetes/ingress_controller }
- { role: kubernetes/argocd } - role: kubernetes/argocd
- { role: kubernetes/awx } when: kubernetes_with_argocd | default(True)
- role: kubernetes/awx
when: kubernetes_with_awx | default(True)

128
mobene.yml
Unescape Escape View File

@ -0,0 +1,128 @@
---
# creates kubernetes namespace with secrets for usage with mobene
# Parameters:
# secrets for mobene/namespaces read from group_vars
- name: 'apply mobene setup to {{ host | default("kube_control_plane") }}'
hosts: '{{ host | default("kube_control_plane") }}'
serial: "{{ serial_number | default(10) }}"
pre_tasks:
- name: "Check if ansible version is at least 2.10.x"
assert:
that:
- ansible_version.major >= 2
- ansible_version.minor >= 10
msg: "The ansible version has to be at least ({{ ansible_version.full }})"
tags:
- always
- name: "Import autodiscover pre-tasks"
import_tasks: tasks/autodiscover_pre_tasks.yml
tags:
- always
roles:
- role: kubernetes/namespace
vars:
k8s_namespace: cus-mobene-nsodev
k8s_secrets:
- name: connect-secrets
data:
JWT_SECRET: "{{ mobene.nsodev.connect.secrets.JWT_SECRET | string | b64encode }}"
ADMIN_PASSWORD: "{{ mobene.nsodev.connect.secrets.ADMIN_PASSWORD | string | b64encode }}"
ELASTIC_USERNAME: "{{ mobene.nsodev.connect.secrets.ELASTIC_USERNAME | string | b64encode }}"
ELASTIC_PASSWORD: "{{ mobene.nsodev.connect.secrets.ELASTIC_PASSWORD | string | b64encode }}"
DATASOURCE_USERNAME: "{{ mobene.nsodev.connect.secrets.DATASOURCE_USERNAME | string | b64encode }}"
DATASOURCE_PASSWORD: "{{ mobene.nsodev.connect.secrets.DATASOURCE_PASSWORD | string | b64encode }}"
MAIL_USER: "{{ mobene.nsodev.connect.secrets.MAIL_USER | string | b64encode }}"
MAIL_PASSWORD: "{{ mobene.nsodev.connect.secrets.MAIL_PASSWORD | string | b64encode }}"
OIDC_CLIENT_SECRET: "{{ mobene.nsodev.connect.secrets.OIDC_CLIENT_SECRET | string | b64encode }}"
- name: iam-secrets
data:
JWT_SECRET: "{{ mobene.nsodev.iam.secrets.JWT_SECRET | string | b64encode }}"
KEYCLOAK_ADMIN_PASSWORD: "{{ mobene.nsodev.iam.secrets.KEYCLOAK_ADMIN_PASSWORD | string | b64encode }}"
KEYCLOAK_ADMIN_USERNAME: "{{ mobene.nsodev.iam.secrets.KEYCLOAK_ADMIN_USERNAME | string | b64encode }}"
- name: sepa-exporter-secrets
data:
SMA_DOCUMENT_AUTH_TOKEN: "{{ mobene.nsodev.sepaExporter.secrets.SMA_DOCUMENT_AUTH_TOKEN | string | b64encode }}"
SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.nsodev.sepaExporter.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
- name: uba-exporter-secrets
data:
SMA_DOCUMENT_AUTH_TOKEN: "{{ mobene.nsodev.ubaExporter.secrets.SMA_DOCUMENT_AUTH_TOKEN | string | b64encode }}"
SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.nsodev.ubaExporter.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
- name: wordpress-secrets
data:
SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.nsodev.wordpress.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
- name: elastic-client-cert
data:
ca.crt: "{{ mobene.nsodev.elastic.secrets.caCrt | string | b64encode }}"
- role: kubernetes/namespace
vars:
k8s_namespace: cus-mobene-cusqa
k8s_secrets:
- name: connect-secrets
data:
JWT_SECRET: "{{ mobene.cusqa.connect.secrets.JWT_SECRET | string | b64encode }}"
ADMIN_PASSWORD: "{{ mobene.cusqa.connect.secrets.ADMIN_PASSWORD | string | b64encode }}"
ELASTIC_USERNAME: "{{ mobene.cusqa.connect.secrets.ELASTIC_USERNAME | string | b64encode }}"
ELASTIC_PASSWORD: "{{ mobene.cusqa.connect.secrets.ELASTIC_PASSWORD | string | b64encode }}"
DATASOURCE_USERNAME: "{{ mobene.cusqa.connect.secrets.DATASOURCE_USERNAME | string | b64encode }}"
DATASOURCE_PASSWORD: "{{ mobene.cusqa.connect.secrets.DATASOURCE_PASSWORD | string | b64encode }}"
MAIL_USER: "{{ mobene.cusqa.connect.secrets.MAIL_USER | string | b64encode }}"
MAIL_PASSWORD: "{{ mobene.cusqa.connect.secrets.MAIL_USER | string | b64encode }}"
OIDC_CLIENT_SECRET: "{{ mobene.cusqa.connect.secrets.OIDC_CLIENT_SECRET | string | b64encode }}"
- name: iam-secrets
data:
JWT_SECRET: "{{ mobene.cusqa.iam.secrets.JWT_SECRET | string | b64encode }}"
KEYCLOAK_ADMIN_PASSWORD: "{{ mobene.cusqa.iam.secrets.KEYCLOAK_ADMIN_PASSWORD | string | b64encode }}"
KEYCLOAK_ADMIN_USERNAME: "{{ mobene.cusqa.iam.secrets.KEYCLOAK_ADMIN_USERNAME | string | b64encode }}"
- name: sepa-exporter-secrets
data:
SMA_DOCUMENT_AUTH_TOKEN: "{{ mobene.cusqa.sepaExporter.secrets.SMA_DOCUMENT_AUTH_TOKEN | string | b64encode }}"
SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.cusqa.sepaExporter.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
- name: uba-exporter-secrets
data:
SMA_DOCUMENT_AUTH_TOKEN: "{{ mobene.cusqa.ubaExporter.secrets.SMA_DOCUMENT_AUTH_TOKEN | string | b64encode }}"
SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.cusqa.ubaExporter.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
- name: wordpress-secrets
data:
SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.cusqa.wordpress.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
- name: elastic-client-cert
data:
ca.crt: "{{ mobene.cusqa.elastic.secrets.caCrt | string | b64encode }}"
- role: kubernetes/namespace
vars:
k8s_namespace: cus-mobene-cusprod
k8s_secrets:
- name: connect-secrets
data:
JWT_SECRET: "{{ mobene.cusprod.connect.secrets.JWT_SECRET | string | b64encode }}"
ADMIN_PASSWORD: "{{ mobene.cusprod.connect.secrets.ADMIN_PASSWORD | string | b64encode }}"
ELASTIC_USERNAME: "{{ mobene.cusprod.connect.secrets.ELASTIC_USERNAME | string | b64encode }}"
ELASTIC_PASSWORD: "{{ mobene.cusprod.connect.secrets.ELASTIC_PASSWORD | string | b64encode }}"
DATASOURCE_USERNAME: "{{ mobene.cusprod.connect.secrets.DATASOURCE_USERNAME | string | b64encode }}"
DATASOURCE_PASSWORD: "{{ mobene.cusprod.connect.secrets.DATASOURCE_PASSWORD | string | b64encode }}"
MAIL_USER: "{{ mobene.cusprod.connect.secrets.MAIL_USER | string | b64encode }}"
MAIL_PASSWORD: "{{ mobene.cusprod.connect.secrets.MAIL_USER | string | b64encode }}"
OIDC_CLIENT_SECRET: "{{ mobene.cusprod.connect.secrets.OIDC_CLIENT_SECRET | string | b64encode }}"
- name: iam-secrets
data:
JWT_SECRET: "{{ mobene.cusprod.iam.secrets.JWT_SECRET | string | b64encode }}"
KEYCLOAK_ADMIN_PASSWORD: "{{ mobene.cusprod.iam.secrets.KEYCLOAK_ADMIN_PASSWORD | string | b64encode }}"
KEYCLOAK_ADMIN_USERNAME: "{{ mobene.cusprod.iam.secrets.KEYCLOAK_ADMIN_USERNAME | string | b64encode }}"
- name: sepa-exporter-secrets
data:
SMA_DOCUMENT_AUTH_TOKEN: "{{ mobene.cusprod.sepaExporter.secrets.SMA_DOCUMENT_AUTH_TOKEN | string | b64encode }}"
SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.cusprod.sepaExporter.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
- name: uba-exporter-secrets
data:
SMA_DOCUMENT_AUTH_TOKEN: "{{ mobene.cusprod.ubaExporter.secrets.SMA_DOCUMENT_AUTH_TOKEN | string | b64encode }}"
SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.cusprod.ubaExporter.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
- name: wordpress-secrets
data:
SMA_WORKFLOW_AUTH_TOKEN: "{{ mobene.cusprod.wordpress.secrets.SMA_WORKFLOW_AUTH_TOKEN | string | b64encode }}"
- name: elastic-client-cert
data:
ca.crt: "{{ mobene.cusprod.elastic.secrets.caCrt | string | b64encode }}"

52
patchday.yml
Unescape Escape View File

@ -102,33 +102,55 @@
name: postgresql name: postgresql
state: started state: started
# wait_for cannot be used anymore due to enabled SSL encryption for postgres connections in DEV-382
- name: "Smardigo Patchday: check if postgres is listing on net internal ip address" - name: "Smardigo Patchday: check if postgres is listing on net internal ip address"
ansible.builtin.wait_for: become: no
delay: 15 community.postgresql.postgresql_ping:
timeout: 180
port: 5432 port: 5432
host: '{{ stage_server_ip }}' ssl_mode: require
login_host: '{{ stage_private_server_ip }}'
register: check_postgres register: check_postgres
ignore_errors: yes
- name: "Smardigo Patchday: restart postgres and check listing on net internal ip address again" - name: "Smardigo Patchday: error-handling - ensure postgres started and check listing on net internal ip address"
block: block:
- name: "Smardigo Patchday: stop service(s)" - name: "Smardigo Patchday: error-handling - ensure service(s) started"
ansible.builtin.systemd: ansible.builtin.systemd:
name: postgresql name: postgresql
state: restarted state: started
- name: "Smardigo Patchday: check if postgres is listing on net internal ip address" - name: "Smardigo Patchday: error-handling - check if postgres is listing on net internal ip address"
ansible.builtin.wait_for: become: no
delay: 15 community.postgresql.postgresql_ping:
timeout: 180
port: 5432 port: 5432
host: '{{ stage_server_ip }}' ssl_mode: require
register: check_postgres login_host: '{{ stage_private_server_ip }}'
failed_when: check_postgres_again.failed register: check_postgres_again
retries: 5
failed_when: not check_postgres_again.is_available
rescue:
- name: "Smardigo Patchday: error-handling - send mail to DEVOPS-DL"
delegate_to: '{{ stage }}-mail-01'
community.general.mail:
host: localhost
port: 25
to: '{{ devops_email_address }}'
subject: "patchday( {{ lookup('pipe','date +%Y-%m-%d_%H:%M') }} ) problem report for {{ inventory_hostname }}"
body: |
Dear Sir or Madam,
I have to inform you that {{ inventory_hostname }} isn'n listening on {{ stage_private_server_ip }} anymore.
Plz check what happened/ fix it little padawan ;)
kind regards,
your automation-bofh
when: when:
- check_postgres.failed - not check_postgres.is_available
- hosts: all,!elastic,!postgres,!k8s_cluster - hosts: all,!elastic,!postgres,!k8s_cluster
serial: 10 serial: 10

2
provisioning.yml
Unescape Escape View File

@ -2,7 +2,7 @@
- name: 'apply setup to {{ host | default("all") }}' - name: 'apply setup to {{ host | default("all") }}'
hosts: '{{ host | default("all") }}' hosts: '{{ host | default("all") }}'
serial: "{{ serial_number | default(1) }}" serial: "{{ serial_number | default(5) }}"
gather_facts: no gather_facts: no
become: no become: no

19
remove-database.yml
Unescape Escape View File

@ -84,18 +84,27 @@
- role: connect_postgres - role: connect_postgres
when: "'connect' in group_names" when: "'connect' in group_names"
- role: pdns_admin_postgres - role: gitea_postgres
when: "'pdns' in group_names" when: "'gitea' in group_names"
- role: pdns_postgres
when: "'pdns' in group_names"
- role: keycloak_postgres - role: keycloak_postgres
when: "'keycloak' in group_names" when: "'keycloak' in group_names"
# - role: pdns_admin_postgres
# when: "'pdns' in group_names"
# - role: pdns_postgres
# when: "'pdns' in group_names"
- role: webdav_postgres - role: webdav_postgres
when: "'webdav' in group_names" when: "'webdav' in group_names"
- role: workflow_index_postgres
when: "'workflow_index' in group_names"
- role: workflow_proxy_postgres
when: "'workflow_proxy' in group_names"
- role: connect_wordpress_maria - role: connect_wordpress_maria
when: "'connect_wordpress' in group_names" when: "'connect_wordpress' in group_names"

2
restore-database-backup.yml
Unescape Escape View File

@ -61,7 +61,7 @@
serial: "{{ serial_number | default(1) }}" serial: "{{ serial_number | default(1) }}"
remote_user: root remote_user: root
vars: vars:
postgres_backup_state: restore database_backup_state: restore
ansible_ssh_host: "{{ stage_server_domain }}" ansible_ssh_host: "{{ stage_server_domain }}"
roles: roles:

251
restore-remote-database-backup.yml
Unescape Escape View File

@ -0,0 +1,251 @@
---
# restores remote database backup
# - postgres
# - executed on stage specific server: {{ stage }}-restore-postgres-01
# - restores a server from full-backup
# - mariadb
# - executed on stage specific server: {{ stage }}-restore-maria-01
# - restores a server from full-backup
# Parameters:
# playbook inventory
# stage := the name of the stage (e.g. dev, int, qa, prod)
# database_engine := the database engine to restore a backup for (e.g. postgres, maria)
# smardigo message callback
# scope_id := (scope id of the management process)
# process_instance_id := (process instance id of the management process)
# smardigo_management_action := (smardigo management action anme of the management process)
#############################################################
# Creating inventory dynamically for given parameters
#############################################################
- hosts: localhost
connection: local
gather_facts: false
pre_tasks:
- name: "Check if ansible version is at least 2.10.x"
assert:
that:
- ansible_version.major >= 2
- ansible_version.minor >= 10
msg: "The ansible version has to be at least ({{ ansible_version.full }})"
# add virtual server to load stage specific variables as context
- name: "Add <{{ stage }}-virtual-host-to-read-groups-vars> to hosts"
add_host:
name: "{{ stage }}-virtual-host-to-read-groups-vars"
groups:
- "stage_{{ stage }}"
changed_when: False
tasks:
- name: "Add {{ database_engine }} servers to hosts if necessary"
add_host:
name: "{{ stage }}-restore-{{ database_engine }}-01"
groups:
- "stage_{{ stage }}"
- 'restore'
changed_when: False
- name: "Add 'backup' servers to hosts if necessary"
add_host:
name: "{{ stage }}-backup-01"
groups:
- "stage_{{ stage }}"
- backup
changed_when: False
#############################################################
# Create restore server(s)
#############################################################
- hosts: "restore"
serial: "{{ serial_number | default(1) }}"
gather_facts: false
remote_user: root
roles:
- role: hcloud
vars:
sma_digitalocean_ttl: 60 # set it to 60sec to reduce DNS caching problems with internal IT in case of debugging ansible problems ;)
#############################################################
# Provisioning server(s) for created inventory
#############################################################
- hosts: "restore"
serial: "{{ serial_number | default(1) }}"
remote_user: root
vars:
ansible_ssh_host: "{{ stage_server_domain }}"
pre_tasks:
- name: "Import autodiscover pre-tasks"
import_tasks: tasks/autodiscover_pre_tasks.yml
become: false
tags:
- always
roles:
- role: common
- role: filebeat
when: filebeat_enabled | default(True)
- role: node_exporter
when: node_exporter_enabled | default(True)
- role: restore_{{ database_engine }}
#############################################################
# add restore specific firewall rule
#############################################################
- hosts: "{{ stage }}-virtual-host-to-read-groups-vars"
serial: "{{ serial_number | default(1) }}"
gather_facts: false
connection: local
vars:
hcloud_firewall_objects_backup:
-
name: "{{ stage }}-restore-ssh-access"
state: present
rules:
-
direction: in
protocol: tcp
port: '22'
source_ips:
- "{{ lookup('community.general.dig', groups['backup'][0] + '.' + domain ) }}/32"
destination_ips: []
description: null
apply_to:
-
type: label_selector
label_selector:
selector: 'service=restore'
tasks:
- name: "Add hcloud firewall rule(s)"
include_role:
name: hcloud
tasks_from: configure-firewall2
loop: "{{ hcloud_firewall_objects_backup }}"
loop_control:
loop_var: firewall_object
#############################################################
# Syncing backups from backup server to restore server
#############################################################
- hosts: "backup"
serial: "{{ serial_number | default(5) }}"
gather_facts: false
vars:
backupserver_system_user: 'backuphamster'
ansible_ssh_host: "{{ stage_server_domain }}"
tasks:
# I could not get it up and running with <synchronize> module
# to sync data from remote server A to remote server B
- name: "Syncing remote backups"
become: yes
become_user: '{{ backupserver_system_user }}'
vars:
database_server_ip: "{{ groups['restore'][0] }}.{{ domain }}"
shell: '/home/{{ backupserver_system_user }}/push_backups_to_restore_server.sh {{ database_server_ip }} {{ stage }} {{ database_engine }}'
#############################################################
# Restoring from backup
#############################################################
- hosts: "restore"
serial: "{{ serial_number | default(1) }}"
gather_facts: false
vars:
ansible_ssh_host: "{{ stage_server_domain }}"
tasks:
- name: "Triggering restore"
become: yes
shell: '/root/restore.sh {{ stage }}'
- name: "Check for test data on postgres"
block:
- name: "Querying postgres ..."
become: yes
become_user: postgres
community.postgresql.postgresql_query:
db: dummytestdb
query: SELECT movie FROM movie_quotes WHERE quote = %(quote_val)s
named_args:
quote_val: 'Shall we play'
register: query_output
- assert:
that:
- 'query_output.query_all_results | first | selectattr("movie","match","wargames") | length == 1'
when:
- database_engine == 'postgres'
- name: "Check for test data on mariadb"
block:
- name: "Querying mariadb ..."
become: yes
become_user: root
community.mysql.mysql_query:
login_unix_socket: /run/mysqld/mysqld.sock
login_db: dummytestdb
query: SELECT movie FROM movie_quotes WHERE quote = %s
positional_args:
- 'Shall we play'
register: query_output
- assert:
that:
- 'query_output.query_result | first | selectattr("movie","match","wargames") | length == 1'
when:
- database_engine == 'maria'
#############################################################
# Deleting servers/domains for created inventory
#############################################################
- hosts: "restore"
serial: "{{ serial_number | default(5) }}"
gather_facts: false
tasks:
- name: "Delete server <{{ inventory_hostname }}>"
include_role:
name: hcloud
tasks_from: _set_server_state
vars:
- server_state: "absent"
- name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
include_role:
name: sma_digitalocean
tasks_from: _remove_dns
vars:
record_to_remove: '{{ inventory_hostname }}'
#############################################################
# Sending smardigo management message to process
#############################################################
- hosts: "{{ stage }}-virtual-host-to-read-groups-vars"
serial: "{{ serial_number | default(1) }}"
gather_facts: false
connection: local
run_once: true
vars:
connect_jwt_username: "{{ management_admin_username }}"
tasks:
- name: "Sending smardigo management message to <{{ smardigo_management_url }}>"
include_tasks: tasks/smardigo_management_message.yml

0
roles/storage_server/defaults/main.yml → roles/backup/defaults/main.yml
Unescape Escape View File

2
roles/storage_server/files/pull_remote_backups.sh → roles/backup/files/pull_remote_backups.sh
Unescape Escape View File

@ -12,3 +12,5 @@ DEST_DIR=${HOME}/backups/${STAGE}/${DATABASE_ENGINE}/
mkdir -p ${DEST_DIR} mkdir -p ${DEST_DIR}
rsync -av --remove-source-files -e "ssh -o StrictHostKeyChecking=no" ${REMOTE_SYSTEM_USER}@${DATABASE_SERVER_IP}:/backups/${DATABASE_ENGINE}/* ${DEST_DIR}/ rsync -av --remove-source-files -e "ssh -o StrictHostKeyChecking=no" ${REMOTE_SYSTEM_USER}@${DATABASE_SERVER_IP}:/backups/${DATABASE_ENGINE}/* ${DEST_DIR}/
# remove files oder than XX in backup-DIR
find ${DEST_DIR} -ctime +7 -delete

32
roles/backup/files/push_backups_to_restore_server.sh
Unescape Escape View File

@ -0,0 +1,32 @@
#!/bin/bash
#
#
#
REMOTE_SYSTEM_USER=backupuser
DATABASE_SERVER_IP=$1
STAGE=$2
DATABASE_ENGINE=$3
# currently it defaults to todays date
DATE=$(date +%F)
LOCAL_BACKUP_DIR="${HOME}/backups/${STAGE}/${DATABASE_ENGINE}"
BACKUP_FILE_FOR_TRANSFER=$(find "${LOCAL_BACKUP_DIR}/${DATE}/" -name *.gz.gpg | tail -n 1)
REMOTE_BACKUP_DIR="/home/${REMOTE_SYSTEM_USER}/backups/${STAGE}/${DATABASE_ENGINE}"
DEST_DIR="${REMOTE_BACKUP_DIR}/${DATE}/"
# avoid "REMOTE HOST IDENTIFICATION HAS CHANGED" - errors due to dynamic created server on restore process
ssh-keygen -f "/home/backuphamster/.ssh/known_hosts" -R ${DATABASE_SERVER_IP}
SSH_OPTIONS='-o StrictHostKeyChecking=no'
# needed due to unknown rsync option --mkpath in rsync version 3.1.3
ssh ${SSH_OPTIONS} ${REMOTE_SYSTEM_USER}@${DATABASE_SERVER_IP} "mkdir -p ${DEST_DIR}"
rsync -v -e "ssh ${SSH_OPTIONS}" $BACKUP_FILE_FOR_TRANSFER ${REMOTE_SYSTEM_USER}@${DATABASE_SERVER_IP}:${DEST_DIR}
BKP_FILE_TRANSFERRED=$(echo $BACKUP_FILE_FOR_TRANSFER | awk -F / '{ print $NF}')
ssh ${SSH_OPTIONS} ${REMOTE_SYSTEM_USER}@${DATABASE_SERVER_IP} "test -f ${DEST_DIR}${BKP_FILE_TRANSFERRED}"

22
roles/storage_server/tasks/main.yml → roles/backup/tasks/main.yml
Unescape Escape View File

@ -29,8 +29,26 @@
- name: "Providing rsync script" - name: "Providing rsync script"
become: yes become: yes
copy: copy:
src: pull_remote_backups.sh src: '{{ item }}'
dest: '/home/{{ system_user }}/pull_remote_backups.sh' dest: '/home/{{ system_user }}/{{ item }}'
mode: '0755' mode: '0755'
owner: '{{ system_user }}' owner: '{{ system_user }}'
group: '{{ system_user }}' group: '{{ system_user }}'
with_items:
- pull_remote_backups.sh
- push_backups_to_restore_server.sh
- name: Touch metrics.prom is not exists
file:
path: "/home/{{ system_user }}/metrics.prom"
state: touch
mode: '0744'
owner: '{{ system_user }}'
group: '{{ system_user }}'
- name: Create symbolic link for node_exporter text metrics
file:
src: "/home/{{ system_user }}/metrics.prom"
dest: "/var/lib/prometheus/node-exporter/offsite-metrics.prom"
state: link

37
roles/common/tasks/main.yml
Unescape Escape View File

@ -23,6 +23,8 @@
{% for host in shared_service_hosts %} {% for host in shared_service_hosts %}
{{ host.ip }} {{ host.name }} {{ host.ip }} {{ host.name }}
{% endfor %} {% endfor %}
when:
- "'hcloud' in group_names"
tags: tags:
- update_etc_hosts - update_etc_hosts
@ -59,7 +61,7 @@
- name: "Remove outdated users" - name: "Remove outdated users"
user: name={{ item }} state=absent remove=yes user: name={{ item }} state=absent remove=yes
with_items: "{{ current_users.stdout_lines }}" with_items: "{{ current_users.stdout_lines }}"
when: not ((item in default_plattform_users) or (item in smardigo_plattform_users)) when: not ((item in default_users) or (item in smardigo_plattform_users))
tags: tags:
- users - users
@ -97,24 +99,13 @@
tags: tags:
- users - users
- name: "Create stuff for backups on database servers" - name: "Update available package list"
block: apt:
- name: "Create system user for remote_backup" update_cache: yes
become: yes
ansible.builtin.user:
name: '{{ backupuser_username }}'
comment: "user for backup"
shell: /bin/bash
- name: "Add SSH pub key to auth_keys"
authorized_key:
user: '{{ backupuser_username }}'
key: '{{ backupuser_ssh_pubkey }}'
when:
- inventory_hostname in groups['postgres'] or
inventory_hostname in groups['maria']
tags: tags:
- users - install
- upgrade
when: ansible_distribution == "Ubuntu"
- name: "Ensure docker configuration directory exists" - name: "Ensure docker configuration directory exists"
file: file:
@ -279,3 +270,13 @@
state: present state: present
tags: tags:
- config - config
- name: "configure ssh_hardening"
include_role:
# include role from collection called 'devsec'
name: devsec.hardening.ssh_hardening
apply:
tags:
- ssh_hardening
tags:
- ssh_hardening

8
roles/confirm_postgres/defaults/main.yml
Unescape Escape View File

@ -0,0 +1,8 @@
---
confirm_postgres_database: '{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_confirm'
confirm_postgres_password: 'confirm-postgres-admin'
postgres_acls:
- name: "{{ confirm_postgres_database }}"
password: "{{ confirm_postgres_password }}"
trusted_cidr_entry: "{{ shared_service_network }}"

18
roles/confirm_postgres/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,18 @@
---
### tags:
- name: "Updating <confirm> database on {{ inventory_hostname }}"
include_role:
name: postgres
tasks_from: _update_database_state
when:
- database_backup_state is not defined
- name: "Creating/Restoring <confirm> database backup on {{ inventory_hostname }}"
include_role:
name: postgres
tasks_from: _create_database_backup.yml
when:
- database_backup_state is defined
- database_backup_state in ['dump', 'restore']

4
roles/connect/defaults/main.yml
Unescape Escape View File

@ -2,10 +2,6 @@
connect_image_name: "{{ shared_service_harbor_hostname }}/smardigo/connect-whitelabel-app" connect_image_name: "{{ shared_service_harbor_hostname }}/smardigo/connect-whitelabel-app"
# TODO inject by management portal
connect_admin_username: "connect-admin"
connect_admin_password: "connect-admin"
connect_mail_host: "{{ shared_service_mail_hostname }}" connect_mail_host: "{{ shared_service_mail_hostname }}"
connect_mail_properties_base_url: "{{ http_s }}://{{ connect_base_url }}" connect_mail_properties_base_url: "{{ http_s }}://{{ connect_base_url }}"
connect_mail_properties_base_url_extern: "{{ http_s }}://{{ connect_base_url }}" connect_mail_properties_base_url_extern: "{{ http_s }}://{{ connect_base_url }}"

15
roles/connect/tasks/main.yml
Unescape Escape View File

@ -66,6 +66,14 @@
tags: tags:
- update_certs - update_certs
- name: "Restart {{ connect_id }}"
community.docker.docker_compose:
project_src: '{{ service_base_path }}/{{ connect_id }}'
restarted: yes
build: no
tags:
- update_certs
- name: "Update {{ connect_id }}" - name: "Update {{ connect_id }}"
community.docker.docker_compose: community.docker.docker_compose:
project_src: '{{ service_base_path }}/{{ connect_id }}' project_src: '{{ service_base_path }}/{{ connect_id }}'
@ -73,10 +81,3 @@
pull: yes pull: yes
tags: tags:
- update_deployment - update_deployment
- name: "Configure connect connections"
include_tasks: connections.yml
when:
smardigo_auth_token_value is defined
tags:
- always

13
roles/connect/vars/main.yml
Unescape Escape View File

@ -20,8 +20,8 @@ connect_labels: [
connect_environment: [ connect_environment: [
"TENANT_ID: \"{{ connect_client_id }}\"", "TENANT_ID: \"{{ connect_client_id }}\"",
"ADMIN_LOGIN: \"{{ connect_admin_username }}\"", "ADMIN_LOGIN: \"{{ connect_client_admin_username }}\"",
"ADMIN_PASSWORD: \"{{ connect_admin_password }}\"", "ADMIN_PASSWORD: \"{{ connect_client_admin_password }}\"",
"SMA_JWT_ENABLED: \"{{ connect_jwt_enabled | default('false') }}\"", "SMA_JWT_ENABLED: \"{{ connect_jwt_enabled | default('false') }}\"",
"SMA_JWT_SECRET: \"{{ connect_jwt_secret | default('') }}\"", "SMA_JWT_SECRET: \"{{ connect_jwt_secret | default('') }}\"",
"SMA_CSRF_TOKEN_NAME: \"{{ connect_csrf_token_name | default('') }}\"", "SMA_CSRF_TOKEN_NAME: \"{{ connect_csrf_token_name | default('') }}\"",
@ -29,7 +29,7 @@ connect_environment: [
"SPRING_PROFILES_INCLUDE: \"{{ spring_profiles_include | default('swagger') }}\"", "SPRING_PROFILES_INCLUDE: \"{{ spring_profiles_include | default('swagger') }}\"",
"RIBBON_DISPLAY_ON_ACTIVE_PROFILES: \"{{ ribbon_display_on_active_profiles | default('dev') }}\"", "RIBBON_DISPLAY_ON_ACTIVE_PROFILES: \"{{ ribbon_display_on_active_profiles | default('dev') }}\"",
"DATASOURCE_URL: \"jdbc:postgresql://{{ connect_postgres_host }}:{{ service_port_postgres }}/{{ connect_postgres_database }}\"", "DATASOURCE_URL: \"jdbc:postgresql://{{ connect_postgres_host }}:{{ service_port_postgres }}/{{ connect_postgres_database }}?sslmode=require\"",
"DATASOURCE_USERNAME: \"{{ connect_postgres_username }}\"", "DATASOURCE_USERNAME: \"{{ connect_postgres_username }}\"",
"DATASOURCE_PASSWORD: \"{{ connect_postgres_password }}\"", "DATASOURCE_PASSWORD: \"{{ connect_postgres_password }}\"",
"FILE_WHITELIST_URL: \"{{ connect_whitelist_url | default('') }}\"", "FILE_WHITELIST_URL: \"{{ connect_whitelist_url | default('') }}\"",
@ -44,6 +44,9 @@ connect_environment: [
"MAIL_PROPERTIES_BASE_URL_EXTERN: \"{{ connect_mail_properties_base_url_extern }}\"", "MAIL_PROPERTIES_BASE_URL_EXTERN: \"{{ connect_mail_properties_base_url_extern }}\"",
"MAIL_PROPERTIES_SENDER: \"{{ connect_mail_properties_sender | default('noreply-connect@netgo.de') }}\"", "MAIL_PROPERTIES_SENDER: \"{{ connect_mail_properties_sender | default('noreply-connect@netgo.de') }}\"",
"MAIL_PROPERTIES_SENDER_ALIAS: \"{{ connect_mail_properties_sender_alias | default('noreply-connect') }}\"", "MAIL_PROPERTIES_SENDER_ALIAS: \"{{ connect_mail_properties_sender_alias | default('noreply-connect') }}\"",
"MAIL_PROPERTIES_SMTP_AUTH: \"{{ connect_mail_properties_smtp_auth | default('false') }}\"",
"MAIL_PROPERTIES_SMTP_STARTTLS_ENABLE: \"{{ connect_mail_properties_smtp_starttls_enable | default('false') }}\"",
"MAIL_PROPERTIES_SMTP_STARTTLS_REQUIRED: \"{{ connect_mail_properties_smtp_starttls_required | default('false') }}\"",
"AUTH_MODULE: \"{{ connect_auth_module | default('preauth') }}\"", "AUTH_MODULE: \"{{ connect_auth_module | default('preauth') }}\"",
"OIDC_CLIENT_ID: \"{{ connect_oidc_client_id | default('oidc_config_not_found') }}\"", "OIDC_CLIENT_ID: \"{{ connect_oidc_client_id | default('oidc_config_not_found') }}\"",
@ -99,6 +102,10 @@ connect_environment: [
"OPENTRACING_JAEGER_LOG_SPANS: \"{{ connect_opentracing_jaeger_log_spans | default(false) }}\"", "OPENTRACING_JAEGER_LOG_SPANS: \"{{ connect_opentracing_jaeger_log_spans | default(false) }}\"",
"OPENTRACING_JAEGER_SERVICE_NAME: \"{{ connect_opentracing_jaeger_service_name | default(connect_id) }}\"", "OPENTRACING_JAEGER_SERVICE_NAME: \"{{ connect_opentracing_jaeger_service_name | default(connect_id) }}\"",
"OPENTRACING_JAEGER_HTTP_SENDER_URL: \"{{ connect_opentracing_jaeger_http_sender_url | default() }}\"", "OPENTRACING_JAEGER_HTTP_SENDER_URL: \"{{ connect_opentracing_jaeger_http_sender_url | default() }}\"",
"CONFIG_DELETE_SCOPE_ENABLED: \"{{ connect_config_delete_scope_enabled | default(false) }}\"",
"CONFIG_LOCAL_IMPORT_ENABLED: \"{{ connect_config_local_import_enabled | default(false) }}\"",
"SMA_WORKFLOW_HEATMAP_ENABLED: \"{{ connect_workflow_heatmap_enabled | default(false) }}\"",
] ]
connect_docker: { connect_docker: {

13
roles/connect_postgres/tasks/main.yml
Unescape Escape View File

@ -1,19 +1,18 @@
--- ---
### tags: ### tags:
### - remove-data
- name: "Setup postgres for {{ inventory_hostname }}" - name: "Updating <connect> database on {{ inventory_hostname }}"
include_role: include_role:
name: postgres name: postgres
tasks_from: _postgres-acls tasks_from: _update_database_state
when: when:
- postgres_backup_state is not defined - database_backup_state is not defined
- name: "Creating/restoring postgres backup" - name: "Creating/Restoring <connect> database backup on {{ inventory_hostname }}"
include_role: include_role:
name: postgres name: postgres
tasks_from: _create_database_backup.yml tasks_from: _create_database_backup.yml
when: when:
- postgres_backup_state is defined - database_backup_state is defined
- postgres_backup_state in ['dump', 'restore'] - database_backup_state in ['dump', 'restore']

13
roles/connect_realm/defaults/main.yml
Unescape Escape View File

@ -1,10 +1,6 @@
--- ---
# TODO inject by management portal
connect_client_admin_username: "connect-admin"
connect_client_admin_password: "C0nnect-Admin!" connect_client_admin_password: "C0nnect-Admin!"
# TODO inject by management portal
connect_realm_admin_username: "connect-realm-admin"
connect_realm_admin_password: "C0nnect-Realm-Admin!" connect_realm_admin_password: "C0nnect-Realm-Admin!"
current_realm_clients: [ current_realm_clients: [
@ -44,6 +40,9 @@ current_realm_users: >-
[{{ current_realm_users_base }}] [{{ current_realm_users_base }}]
{%- endif -%} {%- endif -%}
current_realm_admin_user: current_realm_admin_users: [
username: "{{ connect_realm_admin_username }}" {
password: "{{ connect_realm_admin_password }}" "username": "{{ connect_realm_admin_username }}",
"password": "{{ connect_realm_admin_password }}",
}
]

2
roles/connect_realm/tasks/main.yml
Unescape Escape View File

@ -17,7 +17,7 @@
name: keycloak name: keycloak
tasks_from: _create_realm_users tasks_from: _create_realm_users
- name: "Create realm admin" - name: "Create realm admin users"
include_role: include_role:
name: keycloak name: keycloak
tasks_from: _create_realm_admin tasks_from: _create_realm_admin

2
roles/connect_wordpress/tasks/main.yml
Unescape Escape View File

@ -6,7 +6,7 @@
- name: "Creating smardigo user token" - name: "Creating smardigo user token"
smardigo_user_token: smardigo_user_token:
secret: "{{ connect_jwt_secret }}" secret: "{{ connect_jwt_secret }}"
user_id: "{{ connect_admin_username }}" user_id: "{{ connect_client_admin_username }}"
register: smardigo_user_token_result register: smardigo_user_token_result
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
become: false become: false

18
roles/connect_wordpress/vars/main.yml
Unescape Escape View File

@ -27,6 +27,23 @@ wordpress_docker: {
}, },
], ],
services: [ services: [
{
name: "mariaproxy",
image_name: "haproxytech/haproxy-alpine",
image_version: "2.2.24",
ports: [
{
"external": "16666",
"internal": "6666",
},
],
volumes: [
'"./config/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro"',
],
networks: [
'"back-tier"',
],
},
{ {
name: "{{ wordpress_id }}", name: "{{ wordpress_id }}",
image_name: "{{ wordpress_image_name }}", image_name: "{{ wordpress_image_name }}",
@ -42,6 +59,7 @@ wordpress_docker: {
"WORDPRESS_CONFIG_EXTRA: |", "WORDPRESS_CONFIG_EXTRA: |",
" define( 'WP_HOME', 'https://{{ wordpress_base_url }}' );", " define( 'WP_HOME', 'https://{{ wordpress_base_url }}' );",
" define( 'WP_SITEURL', 'https://{{ wordpress_base_url }}' );", " define( 'WP_SITEURL', 'https://{{ wordpress_base_url }}' );",
" define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT );",
"AUTH_API: \"https://{{ shared_service_keycloak_hostname }}\"", "AUTH_API: \"https://{{ shared_service_keycloak_hostname }}\"",
"RESOURCE_API: \"https://{{ connect_base_url }}\"", "RESOURCE_API: \"https://{{ connect_base_url }}\"",
"REALM_ID: \"{{ current_realm_name }}\"", "REALM_ID: \"{{ current_realm_name }}\"",

14
roles/connect_wordpress_maria/tasks/main.yml
Unescape Escape View File

@ -2,7 +2,17 @@
### tags: ### tags:
- name: "Setup maria for {{ inventory_hostname }}" - name: "Updating <wordpress> database on {{ inventory_hostname }}"
include_role: include_role:
name: maria name: maria
tasks_from: _create-database tasks_from: _update_database_state
when:
- database_backup_state is not defined
- name: "Creating/Restoring <wordpress> database backup on {{ inventory_hostname }}"
include_role:
name: maria
tasks_from: _create_database_backup.yml
when:
- database_backup_state is defined
- database_backup_state in ['dump', 'restore']

9
roles/elastic/tasks/main.yaml
Unescape Escape View File

@ -64,12 +64,19 @@
- update_certs - update_certs
- update_config - update_config
- name: "Restart {{ elastic_id }}"
community.docker.docker_compose:
project_src: '{{ service_base_path }}/{{ elastic_id }}'
restarted: yes
build: no
tags:
- update_certs
- name: "Update {{ elastic_id }}" - name: "Update {{ elastic_id }}"
community.docker.docker_compose: community.docker.docker_compose:
project_src: '{{ service_base_path }}/{{ elastic_id }}' project_src: '{{ service_base_path }}/{{ elastic_id }}'
state: present state: present
pull: yes pull: yes
tags: tags:
- update_certs
- update_config - update_config
- update_deployment - update_deployment

3
roles/export_maria_database/defaults/main.yml
Unescape Escape View File

@ -0,0 +1,3 @@
---
upload_directory: "{{ backup_directory }}"

11
roles/export_maria_database/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,11 @@
---
### tags:
- name: "Export database <{{ target_database }}> to <{{ upload_directory }}/{{ database_backup_file }}>"
community.mysql.mysql_db:
name: "{{ target_database }}"
state: dump
target: "/{{ upload_directory }}/{{ database_backup_file }}"
config_file: "/etc/mysql/mariadb.conf.d/50-client.cnf"
login_password: "{{ mysql_root_password }}"

1
roles/gitea/vars/main.yml
Unescape Escape View File

@ -31,6 +31,7 @@ gitea_environment: [
"GITEA__database__NAME: \"{{ gitea_postgres_database }}\"", "GITEA__database__NAME: \"{{ gitea_postgres_database }}\"",
"GITEA__database__USER: \"{{ gitea_postgres_database }}\"", "GITEA__database__USER: \"{{ gitea_postgres_database }}\"",
"GITEA__database__PASSWD: \"{{ gitea_postgres_password }}\"", "GITEA__database__PASSWD: \"{{ gitea_postgres_password }}\"",
"GITEA__database__SSL_MODE: \"require\"",
"GITEA__server__DOMAIN: \"{{ stage_server_domain }}\"", "GITEA__server__DOMAIN: \"{{ stage_server_domain }}\"",
"GITEA__server__SSH_DOMAIN: \"{{ stage_server_domain }}\"", "GITEA__server__SSH_DOMAIN: \"{{ stage_server_domain }}\"",

13
roles/gitea_postgres/tasks/main.yml
Unescape Escape View File

@ -1,19 +1,18 @@
--- ---
### tags: ### tags:
### - remove-data
- name: "Setup postgres for {{ inventory_hostname }}" - name: "Updating <gitea> database on {{ inventory_hostname }}"
include_role: include_role:
name: postgres name: postgres
tasks_from: _postgres-acls tasks_from: _update_database_state
when: when:
- postgres_backup_state is not defined - database_backup_state is not defined
- name: "Creating/restoring postgres backup" - name: "Creating/Restoring <gitea> database backup on {{ inventory_hostname }}"
include_role: include_role:
name: postgres name: postgres
tasks_from: _create_database_backup.yml tasks_from: _create_database_backup.yml
when: when:
- postgres_backup_state is defined - database_backup_state is defined
- postgres_backup_state in ['dump', 'restore'] - database_backup_state in ['dump', 'restore']

1
roles/harbor/tasks/install.yml
Unescape Escape View File

@ -162,3 +162,4 @@
systemd: systemd:
name: harbor name: harbor
state: started state: started
enabled: yes

2
roles/hcloud/defaults/main.yml
Unescape Escape View File

@ -1,3 +1,5 @@
--- ---
server_state: "present" server_state: "present"
max_retries: 15
retry_delay: 60

47
roles/hcloud/tasks/_set_server_state.yml
Unescape Escape View File

@ -1,4 +1,9 @@
--- ---
- name: "Block to handle hetzner server state in case of problems"
block:
- name: "Increment the retry count"
set_fact:
retry_count: "{{ retry_count | default(0) | int + 1 }}"
- name: "Checking state for server <{{ inventory_hostname }}> is <{{ server_state }}>" - name: "Checking state for server <{{ inventory_hostname }}> is <{{ server_state }}>"
hetzner.hcloud.hcloud_server: hetzner.hcloud.hcloud_server:
@ -12,3 +17,45 @@
state: "{{ server_state }}" state: "{{ server_state }}"
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
become: false become: false
async: 300
poll: 5
register: hcloud_response
ignore_errors: yes
- name: "Block - DEBUG: hcloud_response"
debug:
msg: '{{ hcloud_response.msg }}'
when:
- hcloud_response.msg is defined
- name: "Ensure Server is STARTED when server_state=present"
hetzner.hcloud.hcloud_server:
api_token: "{{ hetzner_authentication_ansible }}"
name: "{{ inventory_hostname }}"
state: "started"
delegate_to: 127.0.0.1
become: false
async: 150
poll: 15
register: hcloud_response
when:
- server_state == 'present'
rescue:
- name: "RESCUE - fail: Maximum retries reached"
fail:
msg: "max_retries of {{ max_retries }} reached. Plz check."
when: retry_count | int == max_retries | int
- name: "RESCUE-fail DEBUG: hcloud_response"
debug:
msg: '{{ hcloud_response.msg }}'
- name: "RESCUE: wait_for {{ retry_delay }} sec. between retries"
wait_for:
timeout: "{{ retry_delay }}"
delegate_to: localhost
become: false
- name: "Include _set_server one time again => increase retry_count"
include_tasks: _set_server_state.yml

4
roles/import_maria_database/tasks/main.yml
Unescape Escape View File

@ -6,7 +6,7 @@
community.mysql.mysql_db: community.mysql.mysql_db:
name: "{{ target_database }}" name: "{{ target_database }}"
state: absent state: absent
config_file: "/etc/mysql/mariadb.conf.d/50-client.cnf" login_unix_socket: /var/run/mysqld/mysqld.sock
login_password: "{{ mysql_root_password }}" login_password: "{{ mysql_root_password }}"
- name: "Import database from <{{ upload_directory }}/{{ database_backup_file }}> to <{{ target_database }}>" - name: "Import database from <{{ upload_directory }}/{{ database_backup_file }}> to <{{ target_database }}>"
@ -14,5 +14,5 @@
name: "{{ target_database }}" name: "{{ target_database }}"
state: import state: import
target: "/{{ upload_directory }}/{{ database_backup_file }}" target: "/{{ upload_directory }}/{{ database_backup_file }}"
config_file: "/etc/mysql/mariadb.conf.d/50-client.cnf" login_unix_socket: /var/run/mysqld/mysqld.sock
login_password: "{{ mysql_root_password }}" login_password: "{{ mysql_root_password }}"

2
roles/import_maria_database/vars/main.yml
Unescape Escape View File

@ -1,2 +0,0 @@
---

2
roles/keycloak/tasks/_create_realm_admin.yml
Unescape Escape View File

@ -58,7 +58,7 @@
Content-Type: "application/json" Content-Type: "application/json"
Authorization: "Bearer {{ access_token }}" Authorization: "Bearer {{ access_token }}"
status_code: [201] status_code: [201]
loop: "[{{ current_realm_admin_user }}]" loop: "{{ current_realm_admin_users }}"
loop_control: loop_control:
loop_var: current_realm_user loop_var: current_realm_user
when: current_realm_user.username not in realm_user_usernames when: current_realm_user.username not in realm_user_usernames

2
roles/keycloak/vars/main.yml
Unescape Escape View File

@ -37,7 +37,7 @@ keycloak_docker: {
"DB_USER: \"{{ keycloak_postgres_username }}\"", "DB_USER: \"{{ keycloak_postgres_username }}\"",
"DB_PASSWORD: \"{{ keycloak_postgres_password }}\"", "DB_PASSWORD: \"{{ keycloak_postgres_password }}\"",
"DB_ADDR: \"{{ keycloak_postgres_host }}\"", "DB_ADDR: \"{{ keycloak_postgres_host }}\"",
"JDBC_PARAMS: \"sslmode=require\"",
"JAVA_OPTS_APPEND: \"-Dkeycloak.profile.feature.docker=enabled\"", "JAVA_OPTS_APPEND: \"-Dkeycloak.profile.feature.docker=enabled\"",
], ],
networks: [ networks: [

13
roles/keycloak_postgres/tasks/main.yml
Unescape Escape View File

@ -1,19 +1,18 @@
--- ---
### tags: ### tags:
### - remove-data
- name: "Setup postgres for {{ inventory_hostname }}" - name: "Updating <keycloak> database on {{ inventory_hostname }}"
include_role: include_role:
name: postgres name: postgres
tasks_from: _postgres-acls tasks_from: _update_database_state
when: when:
- database_create - database_backup_state is not defined
- name: "Creating/restoring postgres backup" - name: "Creating/Restoring <keycloak> database backup on {{ inventory_hostname }}"
include_role: include_role:
name: postgres name: postgres
tasks_from: _create_database_backup.yml tasks_from: _create_database_backup.yml
when: when:
- postgres_backup_state is defined - database_backup_state is defined
- postgres_backup_state in ['dump', 'restore'] - database_backup_state in ['dump', 'restore']

125
roles/kibana/defaults/main.yaml
Unescape Escape View File

@ -6,3 +6,128 @@ kibana_image_version: "7.16.1"
kibana_advanced_settings: kibana_advanced_settings:
changes: changes:
truncate:maxHeight: 0 truncate:maxHeight: 0
prometheus_es_exporter__username: '{{ stage }}-prometheus-es-exporter'
prometheus_es_exporter__password: '{{ prometheus_es_exporter__password_vault }}'
prometheus_es_exporter__email: 'nso.devops@netgo.de'
kibana_api_endpoint: '{{ shared_service_elastic_stack_kibana_01_hostname }}-kibana.{{ domain }}'
kibana_technical_users:
-
elastic_users:
-
username: '{{ prometheus_es_exporter__username }}'
roles:
- '{{ prometheus_es_exporter__username }}'
full_name: ''
password: '{{ prometheus_es_exporter__password }}'
email: '{{ prometheus_es_exporter__email }}'
enabled: true
elastic_state: present
elastic_roles:
-
elastic_state: present
name: '{{ prometheus_es_exporter__username }}'
elasticsearch:
cluster: []
indices:
- names:
- '{{ stage }}-*'
privileges:
- read
- read_cross_cluster
- view_index_metadata
allow_restricted_indices: false
run_as: []
kibana:
- base: []
feature:
advancedSettings:
- all
dashboard:
- all
discover:
- all
indexPatterns:
- all
savedObjectsManagement:
- all
visualize:
- all
spaces:
- '{{ prometheus_es_exporter__username }}'
elastic_spaces:
-
elastic_state: present
id: &es_space_name '{{ prometheus_es_exporter__username }}'
name: '{{ prometheus_es_exporter__username }}'
description: ''
disabledFeatures:
- canvas
- maps
- ml
- visualize
- enterpriseSearch
- logs
- infrastructure
- apm
- uptime
- observabilityCases
- siem
- monitoring
- fleet
- stackAlerts
- actions
- osquery
- savedObjectsTagging
elastic_index_patterns:
-
attributes:
fieldAttrs: '{}'
fields: "[]"
runtimeFieldMap: "{}"
timeFieldName: "@timestamp"
title: '{{ stage }}-management-*-connect-*'
typeMeta: "{}"
references: []
elastic_state: present
-
attributes:
fieldAttrs: '{}'
fields: "[]"
runtimeFieldMap: "{}"
timeFieldName: "@timestamp"
title: 'uncategorized-*'
typeMeta: "{}"
references: []
elastic_state: present
-
attributes:
fieldAttrs: '{}'
fields: "[]"
runtimeFieldMap: "{}"
timeFieldName: "@timestamp"
title: '{{ stage }}-*-authlog-*'
typeMeta: "{}"
references: []
elastic_state: present
-
attributes:
fieldAttrs: '{}'
fields: "[]"
runtimeFieldMap: "{}"
timeFieldName: "@timestamp"
title: '{{ stage }}-*-syslog-*'
typeMeta: "{}"
references: []
elastic_state: present
-
attributes:
fieldAttrs: '{}'
fields: "[]"
runtimeFieldMap: "{}"
timeFieldName: "@timestamp"
title: '{{ stage }}-monitoring-*'
typeMeta: "{}"
references: []
elastic_state: present

10
roles/kibana/tasks/_configure_dashboards.yml
Unescape Escape View File

@ -10,7 +10,7 @@
- name: "Dashboards: Get all searches in elasticsearch" - name: "Dashboards: Get all searches in elasticsearch"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/_find?per_page=10000&type={{ es_object_type }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/_find?per_page=10000&type={{ es_object_type }}"
method: GET method: GET
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -47,7 +47,7 @@
- name: "Dashboards: Get all searches in elasticsearch" - name: "Dashboards: Get all searches in elasticsearch"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}/s/{{ es_space }}/api/saved_objects/_find?per_page=10000&type=search" url: "https://{{ kibana_api_endpoint }}/s/{{ es_space }}/api/saved_objects/_find?per_page=10000&type=search"
method: GET method: GET
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -121,7 +121,7 @@
- name: "Create {{ es_object_type }} <<{{ elastic_dashboard.attributes.title }}>>" - name: "Create {{ es_object_type }} <<{{ elastic_dashboard.attributes.title }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/{{ es_object_type }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}"
method: POST method: POST
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -140,7 +140,7 @@
- name: "Update {{ es_object_type }} <<{{ elastic_dashboard.attributes.title }}>>" - name: "Update {{ es_object_type }} <<{{ elastic_dashboard.attributes.title }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: 'https://{{ api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_dashboard_object[0]["id"] }}' url: 'https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_dashboard_object[0]["id"] }}'
method: PUT method: PUT
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -159,7 +159,7 @@
- name: "DELETE {{ es_object_type }} <<{{ elastic_dashboard.attributes.title }}>>" - name: "DELETE {{ es_object_type }} <<{{ elastic_dashboard.attributes.title }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: 'https://{{ api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_dashboard_object[0]["id"] }}' url: 'https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_dashboard_object[0]["id"] }}'
method: DELETE method: DELETE
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"

56
roles/kibana/tasks/_configure_indexpattern.yml
Unescape Escape View File

@ -3,45 +3,53 @@
set_fact: set_fact:
api_path: '/s/{{ es_space }}/api/saved_objects' api_path: '/s/{{ es_space }}/api/saved_objects'
es_object_type: 'index-pattern' es_object_type: 'index-pattern'
indexpattern_exists: False index_pattern_exists: False
elastic_indexpattern_cleaned: {} elastic_index_pattern_cleaned: {}
- name: "Get all index patterns in elasticsearch" - name: "Get all index patterns in elasticsearch"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/_find?per_page=10000&type=index-pattern" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/_find?per_page=10000&type={{ es_object_type }}"
method: GET method: GET
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
password: "{{ elastic_admin_password }}" password: "{{ elastic_admin_password }}"
force_basic_auth: yes force_basic_auth: yes
register: all_indexpatterns register: all_index_patterns
become: false become: false
- name: "Lookup index pattern object if exists" - name: "Lookup index pattern <{{ elastic_index_pattern.attributes.title }}>"
set_fact: set_fact:
lookup_indexpattern_object: '{{ all_indexpatterns.json | community.general.json_query(querystr1) | first | community.general.json_query(indexpattern_query) }}' lookup_indexpattern_object: '{{ all_index_patterns.json | community.general.json_query(querystr1) | first | community.general.json_query(indexpattern_query) }}'
vars: vars:
querystr1: "[saved_objects[*]]" querystr1: "[saved_objects[*]]"
indexpattern_query: "[?attributes.title=='{{ elastic_indexpattern.attributes.title }}']" indexpattern_query: "[?attributes.title=='{{ elastic_index_pattern.attributes.title }}']"
- name: "Set switch VAR" - name: "Set switch VAR"
set_fact: set_fact:
indexpattern_exists: True index_pattern_exists: True
when: when:
- lookup_indexpattern_object | length > 0 - lookup_indexpattern_object | length > 0
- name: "Drop not needed key from dict" - name: "Drop not needed key from dict"
set_fact: set_fact:
elastic_indexpattern_cleaned: "{{ elastic_indexpattern_cleaned | combine({item.key: item.value}) }}" elastic_index_pattern_cleaned: "{{ elastic_index_pattern_cleaned | combine({item.key: item.value}) }}"
with_dict: '{{ elastic_indexpattern }}' with_dict: '{{ elastic_index_pattern }}'
when: when:
- item.key not in ['elastic_state'] - item.key not in ['elastic_state']
- name: "Create {{ es_object_type }} <<{{ elastic_indexpattern.attributes.title }}>>" - name: "Create <{{ es_object_type }}> <{{ elastic_index_pattern.attributes.title }}>"
debug:
msg: "{{ elastic_index_pattern_cleaned }}"
become: false
when:
- not index_pattern_exists
- elastic_index_pattern.elastic_state == 'present'
- name: "Create <{{ es_object_type }}> <{{ elastic_index_pattern.attributes.title }}>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/{{ es_object_type }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}"
method: POST method: POST
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -51,16 +59,16 @@
Content-Type: application/json Content-Type: application/json
kbn-xsrf: true kbn-xsrf: true
body_format: json body_format: json
body: '{{ elastic_indexpattern_cleaned | to_json }}' body: '{{ elastic_index_pattern_cleaned | to_json }}'
become: false become: false
when: when:
- not indexpattern_exists - not index_pattern_exists
- elastic_indexpattern.elastic_state == 'present' - elastic_index_pattern.elastic_state == 'present'
- name: "Update {{ es_object_type }} <<{{ elastic_indexpattern.attributes.title }}>>" - name: "Update {{ es_object_type }} <<{{ elastic_index_pattern.attributes.title }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: 'https://{{ api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_indexpattern_object[0]["id"] }}' url: 'https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_indexpattern_object[0]["id"] }}'
method: PUT method: PUT
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -70,16 +78,16 @@
Content-Type: application/json Content-Type: application/json
kbn-xsrf: true kbn-xsrf: true
body_format: json body_format: json
body: '{{ elastic_indexpattern_cleaned | to_json }}' body: '{{ elastic_index_pattern_cleaned | to_json }}'
become: false become: false
when: when:
- indexpattern_exists - index_pattern_exists
- elastic_indexpattern.elastic_state == 'present' - elastic_index_pattern.elastic_state == 'present'
- name: "DELETE {{ es_object_type }} <<{{ elastic_indexpattern.attributes.title }}>>" - name: "DELETE {{ es_object_type }} <<{{ elastic_index_pattern.attributes.title }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: 'https://{{ api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_indexpattern_object[0]["id"] }}' url: 'https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_indexpattern_object[0]["id"] }}'
method: DELETE method: DELETE
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -90,5 +98,5 @@
kbn-xsrf: true kbn-xsrf: true
become: false become: false
when: when:
- indexpattern_exists - index_pattern_exists
- elastic_indexpattern.elastic_state == 'absent' - elastic_index_pattern.elastic_state == 'absent'

8
roles/kibana/tasks/_configure_roles.yml
Unescape Escape View File

@ -8,7 +8,7 @@
- name: "Get all roles in elasticsearch" - name: "Get all roles in elasticsearch"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}"
method: GET method: GET
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -39,7 +39,7 @@
- name: "Create role <<{{ elastic_role.name }}>>" - name: "Create role <<{{ elastic_role.name }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/{{ elastic_role.name }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_role.name }}"
method: PUT method: PUT
status_code: [204] status_code: [204]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -58,7 +58,7 @@
- name: "Update role <<{{ elastic_role.name }}>>" - name: "Update role <<{{ elastic_role.name }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/{{ elastic_role.name }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_role.name }}"
method: PUT method: PUT
status_code: [204] status_code: [204]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -77,7 +77,7 @@
- name: "DELETE role <<{{ elastic_role.name }}>>" - name: "DELETE role <<{{ elastic_role.name }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/{{ elastic_role.name }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_role.name }}"
method: DELETE method: DELETE
status_code: [204] status_code: [204]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"

10
roles/kibana/tasks/_configure_searches.yml
Unescape Escape View File

@ -10,7 +10,7 @@
- name: "Get all searches in elasticsearch" - name: "Get all searches in elasticsearch"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/_find?per_page=10000&type=search" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/_find?per_page=10000&type=search"
method: GET method: GET
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -46,7 +46,7 @@
- name: "Get all indexpatterns in elasticsearch" - name: "Get all indexpatterns in elasticsearch"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}/s/{{ es_space }}/api/saved_objects/_find?per_page=10000&type=index-pattern" url: "https://{{ kibana_api_endpoint }}/s/{{ es_space }}/api/saved_objects/_find?per_page=10000&type=index-pattern"
method: GET method: GET
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -109,7 +109,7 @@
- name: "Create {{ es_object_type }} <<{{ elastic_search.attributes.title }}>>" - name: "Create {{ es_object_type }} <<{{ elastic_search.attributes.title }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/{{ es_object_type }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}"
method: POST method: POST
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -128,7 +128,7 @@
- name: "Update {{ es_object_type }} <<{{ elastic_search.attributes.title }}>>" - name: "Update {{ es_object_type }} <<{{ elastic_search.attributes.title }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: 'https://{{ api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_search_object[0]["id"] }}' url: 'https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_search_object[0]["id"] }}'
method: PUT method: PUT
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -147,7 +147,7 @@
- name: "DELETE {{ es_object_type }} <<{{ elastic_search.attributes.title }}>>" - name: "DELETE {{ es_object_type }} <<{{ elastic_search.attributes.title }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: 'https://{{ api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_search_object[0]["id"] }}' url: 'https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_search_object[0]["id"] }}'
method: DELETE method: DELETE
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"

13
roles/kibana/tasks/_configure_spaces.yml
Unescape Escape View File

@ -8,13 +8,16 @@
- name: "Get all spaces in elasticsearch" - name: "Get all spaces in elasticsearch"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}"
method: GET method: GET
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
password: "{{ elastic_admin_password }}" password: "{{ elastic_admin_password }}"
force_basic_auth: yes force_basic_auth: yes
retries: 5
delay: 15
register: all_spaces register: all_spaces
until: all_spaces.status in [200]
become: false become: false
- name: "Lookup space object if exists" - name: "Lookup space object if exists"
@ -43,7 +46,7 @@
- name: "Create space <<{{ elastic_space.name }}>>" - name: "Create space <<{{ elastic_space.name }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}"
method: POST method: POST
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -62,7 +65,7 @@
- name: "Update space <<{{ elastic_space.name }}>>" - name: "Update space <<{{ elastic_space.name }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/{{ elastic_space.name }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_space.name }}"
method: PUT method: PUT
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -81,7 +84,7 @@
- name: "Update space advanced settings <<{{ elastic_space.name }}>>" - name: "Update space advanced settings <<{{ elastic_space.name }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}/s/{{ elastic_space.name }}/api/kibana/settings" url: "https://{{ kibana_api_endpoint }}/s/{{ elastic_space.name }}/api/kibana/settings"
method: POST method: POST
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -100,7 +103,7 @@
- name: "DELETE space <<{{ elastic_space.name }}>>" - name: "DELETE space <<{{ elastic_space.name }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/{{ elastic_space.name }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_space.name }}"
method: DELETE method: DELETE
status_code: [204] status_code: [204]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"

8
roles/kibana/tasks/_configure_users.yml
Unescape Escape View File

@ -9,7 +9,7 @@
- name: "Get all users in elasticsearch" - name: "Get all users in elasticsearch"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}"
method: GET method: GET
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -48,7 +48,7 @@
- name: "Create user <<{{ elastic_user.username }}>>" - name: "Create user <<{{ elastic_user.username }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/{{ elastic_user.username }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_user.username }}"
method: POST method: POST
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -67,7 +67,7 @@
- name: "Update user <<{{ elastic_user.username }}>>" - name: "Update user <<{{ elastic_user.username }}>>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/{{ elastic_user.username }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_user.username }}"
method: POST method: POST
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"
@ -86,7 +86,7 @@
- name: "DELETE user << elastic_user.username >>" - name: "DELETE user << elastic_user.username >>"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/{{ elastic_user.username }}" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ elastic_user.username }}"
method: DELETE method: DELETE
status_code: [204] status_code: [204]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"

4
roles/kibana/tasks/_import_savedobjects.yml
Unescape Escape View File

@ -1,5 +1,5 @@
--- ---
- name: "Importing kibana objects to <{{ api_endpoint }}>" - name: "Importing kibana objects to <{{ kibana_api_endpoint }}>"
include_tasks: import_service_ojects.yml include_tasks: import_service_ojects.yml
loop: "{{ es_index_pattern_services }}" loop: "{{ es_index_pattern_services }}"
loop_control: loop_control:
@ -9,7 +9,7 @@
- name: "Setting default index pattern" - name: "Setting default index pattern"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}/s/{{ stage }}-{{ tenant_id }}/api/kibana/settings" url: "https://{{ kibana_api_endpoint }}/s/{{ stage }}-{{ tenant_id }}/api/kibana/settings"
method: POST method: POST
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"

34
roles/kibana/tasks/add_technical_users.yml
Unescape Escape View File

@ -0,0 +1,34 @@
---
- name: "Do some stuff in elastic with spaces ... "
include_role:
name: kibana
tasks_from: _configure_spaces.yml
loop: "{{ technical_user.elastic_spaces }}"
loop_control:
loop_var: elastic_space
- name: "Do some stuff in elastic with roles ..."
include_role:
name: kibana
tasks_from: _configure_roles.yml
loop: "{{ technical_user.elastic_roles }}"
loop_control:
loop_var: elastic_role
- name: "Do some stuff in elastic with users ..."
include_role:
name: kibana
tasks_from: _configure_users.yml
loop: "{{ technical_user.elastic_users }}"
loop_control:
loop_var: elastic_user
- name: "Do some stuff in elastic with index pattern ..."
vars:
es_space: "default"
include_role:
name: kibana
tasks_from: _configure_indexpattern.yml
loop: "{{ technical_user.elastic_index_patterns }}"
loop_control:
loop_var: elastic_index_pattern

2
roles/kibana/tasks/import_service_ojects.yml
Unescape Escape View File

@ -32,7 +32,7 @@
- name: "Importing service objects to kibana" - name: "Importing service objects to kibana"
delegate_to: localhost delegate_to: localhost
uri: uri:
url: "https://{{ api_endpoint }}{{ api_path }}/_import?overwrite=true" url: "https://{{ kibana_api_endpoint }}{{ api_path }}/_import?overwrite=true"
method: POST method: POST
status_code: [200] status_code: [200]
user: "{{ elastic_admin_username }}" user: "{{ elastic_admin_username }}"

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save