Feature/dev 1122

- Update postgres role: use blockinfile instead lineinfile

.gitignore

@@ -10,3 +10,4 @@ kubespray/
 /kubespray/
 
 xvars-*.yml
+*/__pycache__/*

.gitmodules

@@ -1,4 +1,4 @@
 [submodule "kubespray"]
   path = kubespray
   url = https://github.com/kubernetes-sigs/kubespray.git
-  branch = v2.18.0
+  branch = release-2.21

README.md

@@ -6,7 +6,7 @@
 
 ## Install needed ansible collections / roles
 
-    ansible-galaxy install -r galaxy-requirements.yml
+    ansible-galaxy install -r galaxy-requirements.yml -f
 
 # Setup
 Create/Start servers for stage-dev
@@ -91,10 +91,6 @@ if everything works fine, plz push the created docker container with:
 
 # TODO
 
-IPFire
-  149.233.6.129 - eShelter
-  212.121.131.106 - Siemensdamm
-
 Prometheus (Grafana)
   docker exec -i dev-prometheus-01-grafana sh -c 'grafana-cli plugins install grafana-piechart-panel'
   docker restart dev-prometheus-01-grafana

ansible-builder/context/Dockerfile

@@ -1,22 +1,31 @@
-ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:latest
+ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:stable-2.12-latest
 ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest
 
 FROM $EE_BASE_IMAGE as galaxy
 ARG ANSIBLE_GALAXY_CLI_COLLECTION_OPTS=
 USER root
 
-ADD _build /build
+RUN mkdir -p /root/.ssh
+ADD ansible-builder/context/id_ed25519 /root/.ssh/id_ed25519
+RUN chmod -R 700 /root/.ssh
+
+
+RUN mkdir /build
 WORKDIR /build
+ADD galaxy-requirements.yml requirements.yml
+ADD pip-requirements requirements.txt
+ADD ansible-builder/bindep.txt bindep.txt
 
-RUN ansible-galaxy role install -r requirements.yml --roles-path /usr/share/ansible/roles
+RUN ssh-keyscan git.dev-at.de >> /root/.ssh/known_hosts
+RUN eval $(ssh-agent) && ssh-add /root/.ssh/id_ed25519 && ansible-galaxy role install -r requirements.yml --roles-path /usr/share/ansible/roles
 RUN ansible-galaxy collection install $ANSIBLE_GALAXY_CLI_COLLECTION_OPTS -r requirements.yml --collections-path /usr/share/ansible/collections
 
 FROM $EE_BUILDER_IMAGE as builder
 
 COPY --from=galaxy /usr/share/ansible /usr/share/ansible
 
-ADD _build/requirements.txt requirements.txt
-ADD _build/bindep.txt bindep.txt
+ADD pip-requirements requirements.txt
+ADD ansible-builder/bindep.txt bindep.txt
 RUN ansible-builder introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt
 RUN assemble
 
@@ -30,7 +39,7 @@ RUN /output/install-from-bindep && rm -rf /output/wheels
 RUN alternatives --set python /usr/bin/python3
 COPY --from=quay.io/project-receptor/receptor:0.9.7 /usr/bin/receptor /usr/bin/receptor
 RUN mkdir -p /var/run/receptor
-ADD run.sh /run.sh
+ADD ansible-builder/context/run.sh /run.sh
 CMD /run.sh
 USER 1000
 RUN git lfs install

ansible-lint.cfg

@@ -1,3 +1,4 @@
 exclude_paths:
 - .ansible/
 - test*.yml
+- pmci-*.yml

ansible.cfg

@@ -1,8 +1,9 @@
 [defaults]
 pipelining = True
 host_key_checking = False
-inventory_plugins = ./inventory_plugins
-callbacks_enabled = timer
+inventory_plugins = inventory_plugins
+callbacks_enabled = profile_tasks
 interpreter_python = auto_silent
 log_path=last_ansible_run
 forks = 30
+ssh_args = -o ServerAliveInterval=10

awx.yml

@@ -0,0 +1,31 @@
+---
+
+# configuring awx cluster
+
+- name: 'apply awx config update to {{ host | default("all") }}'
+  hosts: '{{ host | default("kube_control_plane") }}'
+  serial: "{{ serial_number | default(10) }}"
+  vars:
+    ansible_ssh_host: "{{ stage_server_domain }}"
+
+  pre_tasks:
+    - name: "Check if ansible version is at least {{ ansible_minimal_version }}"
+      assert:
+        that:
+          - ansible_version.string is version(ansible_minimal_version, ">=")
+        msg: "The ansible version has to be at least {{ ansible_minimal_version }}"
+      tags:
+        - always
+
+    - name: "Import autodiscover pre-tasks"
+      import_tasks: tasks/autodiscover_pre_tasks.yml
+      become: false
+      tags:
+        - always
+
+  roles:
+    - role: kubernetes/awx
+      when: kubernetes_with_awx | default(false)
+      tags:
+        - never # shouldn't be done automatically due to removal logic
+        - update_awx_config

create-database-backup.yml

@@ -2,12 +2,12 @@
 
 # creates database backup
 #   - postgres
-#     - executed on stage specific server: {{ stage }}-postgres-01
+#     - executed on stage specific server: {{ shared_service_postgres_primary }}
 #     - creates database backup for specific database
 
 # Parameters:
 #   playbook inventory
-#     stage := the name of the stage (e.g. dev, int, qa, prod)
+#     stage := the name of the stage (e.g. devnso, qanso, prodnso)
 #     tenant_id := (unique key for the tenant, e.g. customer)
 #     cluster_name := (business name for the cluster, e.g. product, department )
 #     cluster_size := (WIP node count for the cluster)
@@ -28,12 +28,11 @@
   gather_facts: false
 
   pre_tasks:
-    - name: "Check if ansible version is at least 2.10.x"
-      assert:
-        that:
-          - ansible_version.major >= 2
-          - ansible_version.minor >= 10
-        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
+    - name: "Import constraints check"
+      import_tasks: tasks/constraints_check.yml
+      become: false
+      tags:
+        - always
 
 #     add virtual server to load stage specific variables as context
     - name: "Add <{{ stage }}-virtual-host-to-read-groups-vars> to hosts"
@@ -46,13 +45,23 @@
   tasks:
     - name: "Add postgres servers to hosts if necessary"
       add_host:
-        name: "{{ stage }}-postgres-01"
+        name: "{{ shared_service_postgres_primary }}"
         groups:
         - "stage_{{ stage }}"
         - "{{ item }}"
       changed_when: False
       with_items: "{{ cluster_features }}"
-      when: item in ['connect', 'management_connect', 'keycloak', 'webdav', 'gitea', 'workflow_index', 'workflow_proxy', 'pdns']
+      when: item in ['connect', 'management_connect', 'keycloak', 'gitea']
+
+    - name: "Add maria servers to hosts if necessary"
+      add_host:
+        name: "{{ shared_service_maria_primary }}"
+        groups:
+        - "stage_{{ stage }}"
+        - "{{ item }}"
+      changed_when: False
+      with_items: "{{ cluster_features }}"
+      when: item in ['connect_wordpress']
 
 #############################################################
 #   Creating database backups for created inventory
@@ -62,7 +71,7 @@
   serial: "{{ serial_number | default(1) }}"
   remote_user: root
   vars:
-    postgres_backup_state: dump
+    database_backup_state: dump
     ansible_ssh_host: "{{ stage_server_domain }}"
 
   roles:
@@ -75,14 +84,8 @@
     - role: keycloak_postgres
       when: "'keycloak' in group_names"
 
-    - role: webdav_postgres
-      when: "'webdav' in group_names"
-
-    - role: workflow_index_postgres
-      when: "'workflow_index' in group_names"
-
-    - role: workflow_proxy_postgres
-      when: "'workflow_proxy' in group_names"
+    - role: connect_wordpress_maria
+      when: "'connect_wordpress' in group_names"
 
 #############################################################
 #   Sending smardigo management message to process
@@ -97,5 +100,5 @@
     connect_jwt_username: "{{ management_admin_username }}"
 
   tasks:
-    - name: "Sending smardigo management message to <{{ smardigo_management_url }}>"
+    - name: "Sending smardigo management message to <{{ shared_service_url_management }}>"
       include_tasks: tasks/smardigo_management_message.yml

create-database.yml

@@ -2,19 +2,17 @@
 
 # creates databases on shared service servers
 #   - postgres
-#     - executed on stage specific server: {{ stage }}-postgres-01
+#     - executed on stage specific server: {{ shared_service_postgres_primary }}
 #     - creates databases to work with connect: {{ connect_postgres_database }}
-#     - creates databases to work with pdns: {{ pdns_postgres_database }}
 #     - creates databases to work with management connect: {{ management_connect_postgres_database }}
-#     - creates databases to work with shared webdav: {{ webdav_postgres_database }}
 #     - creates databases to work with shared keycloak: {{ keycloak_postgres_database }}
 #   - maria
-#     - executed on stage specific server: {{ stage }}-maria-01
+#     - executed on stage specific server: {{ shared_service_maria_primary }}
 #     - creates databases to work with connect wordpress: {{ connect_wordpress_maria_database }}
 
 # Parameters:
 #   playbook inventory
-#     stage := the name of the stage (e.g. dev, int, qa, prod)
+#     stage := the name of the stage (e.g. devnso, qanso, prodnso)
 #     tenant_id := (unique key for the tenant, e.g. customer)
 #     cluster_name := (business name for the cluster, e.g. product, department )
 #     cluster_size := (WIP node count for the cluster)
@@ -34,12 +32,11 @@
   connection: local
 
   pre_tasks:
-    - name: "Check if ansible version is at least 2.10.x"
-      assert:
-        that:
-          - ansible_version.major >= 2
-          - ansible_version.minor >= 10
-        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
+    - name: "Import constraints check"
+      import_tasks: tasks/constraints_check.yml
+      become: false
+      tags:
+        - always
 
 #     add virtual server to load stage specific variables as context
     - name: "Add <{{ stage }}-virtual-host-to-read-groups-vars> to hosts"
@@ -52,17 +49,17 @@
   tasks:
     - name: "Add postgres servers to hosts if necessary"
       add_host:
-        name: "{{ stage }}-postgres-01"
+        name: "{{ shared_service_postgres_primary }}"
         groups:
         - "stage_{{ stage }}"
         - "{{ item }}"
       changed_when: False
       with_items: "{{ cluster_features }}"
-      when: item in ['connect', 'management_connect', 'keycloak', 'webdav', 'gitea', 'workflow_index', 'workflow_proxy', 'pdns']
+      when: item in ['connect', 'management_connect', 'keycloak', 'gitea']
 
     - name: "Add maria servers to hosts if necessary"
       add_host:
-        name: "{{ stage }}-maria-01"
+        name: "{{ shared_service_maria_primary }}"
         groups:
         - "stage_{{ stage }}"
         - "{{ item }}"
@@ -91,31 +88,12 @@
     - role: connect_postgres
       when: "'connect' in group_names"
 
-    - role: pdns_postgres
-      vars:
-        initialize: True
-      when: "'pdns' in group_names"
-
-    - role: pdns_admin_postgres
-      vars:
-        initialize: True
-      when: "'pdns' in group_names"
-
     - role: gitea_postgres
       when: "'gitea' in group_names"
 
     - role: keycloak_postgres
       when: "'keycloak' in group_names"
 
-    - role: webdav_postgres
-      when: "'webdav' in group_names"
-
-    - role: workflow_index_postgres
-      when: "'workflow_index' in group_names"
-
-    - role: workflow_proxy_postgres
-      when: "'workflow_proxy' in group_names"
-
     - role: connect_wordpress_maria
       when: "'connect_wordpress' in group_names"
 
@@ -132,5 +110,5 @@
     connect_jwt_username: "{{ management_admin_username }}"
 
   tasks:
-    - name: "Sending smardigo management message to <{{ smardigo_management_url }}>"
+    - name: "Sending smardigo management message to <{{ shared_service_url_management }}>"
       include_tasks: tasks/smardigo_management_message.yml

create-kibana-objects.yml

@@ -7,7 +7,7 @@
 
 # Parameters:
 #   playbook inventory
-#     stage := the name of the stage (e.g. dev, int, qa, prod)
+#     stage := the name of the stage (e.g. devnso, qanso, prodnso)
 #     tenant_id := (unique key for the tenant, e.g. customer)
 #     cluster_name := (business name for the cluster, e.g. product, department )
 #     cluster_size := (WIP node count for the cluster)
@@ -27,12 +27,11 @@
   connection: local
 
   pre_tasks:
-    - name: "Check if ansible version is at least 2.10.x"
-      assert:
-        that:
-          - ansible_version.major >= 2
-          - ansible_version.minor >= 10
-        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
+    - name: "Import constraints check"
+      import_tasks: tasks/constraints_check.yml
+      become: false
+      tags:
+        - always
 
 #     add virtual server to load stage specific variables as context
     - name: "Add <{{ stage }}-virtual-host-to-read-groups-vars> to hosts"
@@ -61,7 +60,6 @@
   vars:
     ansible_connection: local
     ansible_ssh_host: "{{ stage_server_domain }}"
-    api_endpoint: '{{ stage }}-elastic-stack-kibana-01-kibana.{{ domain }}'
     elastic_state: present
     elastic_users:
       -
@@ -95,6 +93,8 @@
             - all
             dashboard:
             - all
+            dev_tools:
+            - all
             discover:
             - all
             indexPatterns:
@@ -201,5 +201,5 @@
     connect_jwt_username: "{{ management_admin_username }}"
 
   tasks:
-    - name: "Sending smardigo management message to <{{ smardigo_management_url }}>"
+    - name: "Sending smardigo management message to <{{ shared_service_url_management }}>"
       include_tasks: tasks/smardigo_management_message.yml

create-realm.yml

@@ -5,7 +5,7 @@
 
 # Parameters:
 #   playbook inventory
-#     stage := the name of the stage (e.g. dev, int, qa, prod)
+#     stage := the name of the stage (e.g. devnso, qanso, prodnso)
 #     tenant_id := (unique key for the tenant, e.g. customer)
 #     cluster_name := (business name for the cluster, e.g. product, department )
 #     cluster_size := (WIP node count for the cluster)
@@ -28,12 +28,11 @@
   connection: local
 
   pre_tasks:
-    - name: "Check if ansible version is at least 2.10.x"
-      assert:
-        that:
-          - ansible_version.major >= 2
-          - ansible_version.minor >= 10
-        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
+    - name: "Import constraints check"
+      import_tasks: tasks/constraints_check.yml
+      become: false
+      tags:
+        - always
 
 #     add virtual server to load stage specific variables as context
     - name: "Add <{{ stage }}-virtual-host-to-read-groups-vars> to hosts"
@@ -78,9 +77,6 @@
     - role: gitea_realm
       when: '"gitea" in group_names'
 
-    - role: workflow_proxy_realm
-      when: '"workflow-proxy" in group_names'
-
 #############################################################
 #   Sending smardigo management message to process
 #############################################################
@@ -94,5 +90,5 @@
     connect_jwt_username: "{{ management_admin_username }}"
 
   tasks:
-    - name: "Sending smardigo management message to <{{ smardigo_management_url }}>"
+    - name: "Sending smardigo management message to <{{ shared_service_url_management }}>"
       include_tasks: tasks/smardigo_management_message.yml

create-remote-database-backup.yml

@@ -1,16 +1,25 @@
 ---
+#    ******         **         ******    **   **   **     **   *******    #
+#   /*////**       ****       **////**  /**  **   /**    /**  /**////**   #
+#   /*   /**      **//**     **    //   /** **    /**    /**  /**   /**   #
+#   /******      **  //**   /**         /****     /**    /**  /*******    #
+#   /*//// **   **********  /**         /**/**    /**    /**  /**////     #
+#   /*    /**  /**//////**  //**    **  /**//**   /**    /**  /**         #
+#   /*******   /**     /**   //******   /** //**  //*******   /**         #
+#   ///////    //      //     //////    //   //    ///////    //          #
 
 # creates remote database backup
 #   - postgres
-#     - executed on stage specific server: {{ stage }}-postgres-02 (currently: slave)
+#     - executed on stage specific server: {{ shared_service_postgres_secondary }} (currently: slave)
 #     - creates database backup for ALL databases in postgres-server
 #   - mariadb
-#     - executed on stage specific server: {{ stage }}-maria-01
+#     - executed on stage specific server: {{ shared_service_maria_primary }}
 #     - creates database backup for ALL databases in mariadb-server
 
 # Parameters:
 #   playbook inventory
-#     stage := the name of the stage (e.g. dev, int, qa, prod)
+#     stage := the name of the stage (e.g. devnso, qanso, prodnso)
+#     database_engine := the database engine to generate a complete backup for (e.g. postgres, maria)
 #   smardigo message callback
 #     scope_id := (scope id of the management process)
 #     process_instance_id := (process instance id of the management process)
@@ -24,14 +33,7 @@
   connection: local
   gather_facts: false
 
-  pre_tasks:
-    - name: "Check if ansible version is at least 2.10.x"
-      assert:
-        that:
-          - ansible_version.major >= 2
-          - ansible_version.minor >= 10
-        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
-
+  tasks:
     #     add virtual server to load stage specific variables as context
     - name: "Add <{{ stage }}-virtual-host-to-read-groups-vars> to hosts"
       add_host:
@@ -40,21 +42,44 @@
           - "stage_{{ stage }}"
       changed_when: False
 
+- hosts: "{{ stage }}-virtual-host-to-read-groups-vars"
+  serial: "{{ serial_number | default(1) }}"
+  gather_facts: false
+  connection: local
+
+  pre_tasks:
+    - name: "Import constraints check"
+      import_tasks: tasks/constraints_check.yml
+      become: false
+      tags:
+        - always
+
+    - name: "Import autodiscover pre-tasks"
+      import_tasks: tasks/autodiscover_pre_tasks.yml
+      become: false
+      tags:
+        - always
+
   tasks:
     - name: "Add {{ database_engine }} servers to hosts if necessary"
       add_host:
-        name: "{{ stage }}-{{ database_engine }}-01"
+        name: "{{ item.name }}"
         groups:
           - "stage_{{ stage }}"
-        - '{{ database_engine }}'
-      changed_when: False
-    - name: "Add 'storage' servers to hosts if necessary"
+          - "{{ database_engine }}"
+      when:
+        - (database_engine == 'postgres' and item.service == 'postgres' and (item.role | default('')) == 'slave')
+          or (database_engine == 'maria' and item.service == 'maria')
+      loop: "{{ stage_server_infos }}"
+
+    - name: "Add 'backup' servers to hosts if necessary"
       add_host:
-        name: "{{ stage }}-fgrz-01"
+        name: "{{ stage }}-backup-01"
         groups:
           - "stage_{{ stage }}"
-        - storage
-      changed_when: False
+          - "backup"
+      when:
+        - "'postgres' in groups or 'maria' in groups"
 
 ##############################################################
 ##   Creating remote database backups for created inventory
@@ -62,39 +87,47 @@
 
 - hosts: "postgres:maria"
   serial: "{{ serial_number | default(1) }}"
+  gather_facts: false
+  vars:
+    ansible_ssh_host: "{{ stage_server_domain }}"
+    current_date_time: "{{ get_current_date_time }}"
+
   tasks:
     - name: "Trigger backup mechanism"
       include_role:
-        name: '{{ database_engine }}'
+        name: "{{ database_engine }}"
         tasks_from: _create_backup
 
 #############################################################
-#   Syncing remote database backups to storage server
+#   Syncing remote database backups to backup server
 #############################################################
 
-- hosts: "postgres:maria:storage"
+- hosts: "postgres:maria:backup"
   serial: "{{ serial_number | default(5) }}"
+  gather_facts: false
   vars:
-    storageserver_system_user: 'backuphamster'
+    ansible_ssh_host: "{{ stage_server_domain }}"
+    backup_server_system_user: "backuphamster"
+
   tasks:
     # I could not get it up and running with <synchronize> module
     # to sync data from remote server A to remote server B
     - name: "Syncing remote backups"
       become: yes
-      become_user: '{{ storageserver_system_user }}'
-      vars:
-        database_server_ip: "{{ stage }}-{{ database_engine }}-01.{{ domain }}"
-      shell: '/home/{{ storageserver_system_user }}/pull_remote_backups.sh {{ database_server_ip }} {{ stage }} {{ database_engine }}'
+      become_user: "{{ backup_server_system_user }}"
+      shell: "/home/{{ backup_server_system_user }}/pull_remote_backups.sh {{ item }} {{ stage }} {{ database_engine }}"
+      with_items: "{{ (groups['postgres'] | default([])) + (groups['maria'] | default([])) }}"
       when:
-        - inventory_hostname in groups['storage']
+        - inventory_hostname in groups['backup']
 
     - name: "Cleanup remote backup dirs: {{ database_engine }}"
       become: yes
       file:
-        path: '{{ backup_directory }}/{{ database_engine }}/{{ ansible_date_time.date }}'
+        path: "{{ backup_directory }}/{{ database_engine }}/{{ get_current_date }}"
         state: absent
       when:
-        - not inventory_hostname in groups['storage']
+        - not inventory_hostname in groups['backup']
+        - inventory_hostname in groups [database_engine]
 
 #############################################################
 #   Sending smardigo management message to process
@@ -109,5 +142,5 @@
     connect_jwt_username: "{{ management_admin_username }}"
 
   tasks:
-    - name: "Sending smardigo management message to <{{ smardigo_management_url }}>"
+    - name: "Sending smardigo management message to <{{ shared_service_url_management }}>"
       include_tasks: tasks/smardigo_management_message.yml

create-server.yml

@@ -2,7 +2,7 @@
 
 # Parameters:
 #   playbook inventory
-#     stage := the name of the stage (e.g. dev, int, qa, prod)
+#     stage := the name of the stage (e.g. devnso, qanso, prodnso)
 #     tenant_id := (unique key for the tenant, e.g. customer)
 #     cluster_name := (business name for the cluster, e.g. product, department )
 #     cluster_size := (WIP node count for the cluster)
@@ -21,12 +21,11 @@
   connection: local
 
   pre_tasks:
-    - name: "Check if ansible version is at least 2.10.x"
-      assert:
-        that:
-          - ansible_version.major >= 2
-          - ansible_version.minor >= 10
-        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
+    - name: "Import constraints check"
+      import_tasks: tasks/constraints_check.yml
+      become: false
+      tags:
+        - always
 
 #     add virtual server to load stage specific variables as context
     - name: "Add <{{ stage }}-virtual-host-to-read-groups-vars> to hosts"
@@ -43,6 +42,7 @@
         groups:
         - "stage_{{ stage }}"
         - "{{ cluster_service }}"
+        - hcloud
       with_sequence: start=1 end={{ cluster_size | default(1) }}
       changed_when: False
 
@@ -52,6 +52,7 @@
 
 - hosts: "stage_{{ stage }}:!{{ stage }}-virtual-host-to-read-groups-vars"
   serial: "{{ serial_number | default(5) }}"
+  remote_user: root
   gather_facts: false
 
   pre_tasks:
@@ -88,7 +89,12 @@
         - update_networks
 
   roles:
-    - role: hcloud
+    - role: hetzner-ansible-hcloud
+
+    - role: hetzner-ansible-dns
+      vars:
+        record_data: "{{ stage_server_ip }}"
+        record_name: "{{ inventory_hostname }}"
 
 #############################################################
 #   Provisioning servers for created inventory
@@ -128,15 +134,19 @@
       when:
         - docker_enabled
 
-    - role: common
+    - role: hetzner-ansible-common
+
+    - role: devsec.hardening.ssh_hardening
+      tags:
+        - ssh_hardening 
 
-    - role: filebeat
+    - role: hetzner-ansible-filebeat
       when: filebeat_enabled | default(True)
 
-    - role: node_exporter
+    - role: hetzner-ansible-node-exporter
       when: node_exporter_enabled | default(True)
 
-    - role: traefik
+    - role: hetzner-ansible-traefik
       when: traefik_enabled | default(True)
 
 #############################################################
@@ -152,5 +162,5 @@
     connect_jwt_username: "{{ management_admin_username }}"
 
   tasks:
-    - name: "Sending smardigo management message to <{{ smardigo_management_url }}>"
+    - name: "Sending smardigo management message to <{{ shared_service_url_management }}>"
       include_tasks: tasks/smardigo_management_message.yml

create-service.yml

@@ -2,7 +2,7 @@
 
 # Parameters:
 #   playbook inventory
-#     stage := the name of the stage (e.g. dev, int, qa, prod)
+#     stage := the name of the stage (e.g. devnso, qanso, prodnso)
 #     tenant_id := (unique key for the tenant, e.g. customer)
 #     cluster_name := (business name for the cluster, e.g. product, department )
 #     cluster_size := (WIP node count for the cluster)
@@ -22,12 +22,11 @@
   connection: local
 
   pre_tasks:
-    - name: "Check if ansible version is at least 2.10.x"
-      assert:
-        that:
-          - ansible_version.major >= 2
-          - ansible_version.minor >= 10
-        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
+    - name: "Import constraints check"
+      import_tasks: tasks/constraints_check.yml
+      become: false
+      tags:
+        - always
 
 #     add virtual server to load stage specific variables as context
     - name: "Add <{{ stage }}-virtual-host-to-read-groups-vars> to hosts"
@@ -82,5 +81,5 @@
     connect_jwt_username: "{{ management_admin_username }}"
 
   tasks:
-    - name: "Sending smardigo management message to <{{ smardigo_management_url }}>"
+    - name: "Sending smardigo management message to <{{ shared_service_url_management }}>"
       include_tasks: tasks/smardigo_management_message.yml

docker/dregsy/config.yaml

@@ -1,120 +0,0 @@
-# relay config sections
-skopeo:
-  # path to the skopeo binary; defaults to 'skopeo', in which case it needs to
-  # be in PATH
-  binary: skopeo
-  # directory under which to look for client certs & keys, as well as CA certs
-  # (see note below)
-  certs-dir: /etc/skopeo/certs.d
-
-docker:
-  # Docker host to use as the relay
-  dockerhost: unix:///var/run/docker.sock
-  # Docker API version to use, defaults to 1.24
-  api-version: 1.24
-
-# settings for image matching (see below)
-lister:
-  # maximum number of repositories to list, set to -1 for no limit, defaults to 100
-  maxItems: 100
-  # for how long a repository list will be re-used before retrieving again;
-  # specify as a Go duration value ('s', 'm', or 'h'), set to -1 for not caching,
-  # defaults to 1h
-  cacheDuration: 1h
-
-# list of sync tasks
-tasks:
-
-  - name: smardigo # required
-
-    # interval in seconds at which the task should be run; when omitted,
-    # the task is only run once at start-up
-    interval: 600
-
-    # determines whether for this task, more verbose output should be
-    # produced; defaults to false when omitted
-    verbose: true
-
-    # 'source' and 'target' are both required and describe the source and
-    # target registries for this task:
-    #  - 'registry' points to the server; required
-    #  - 'auth' contains the base64 encoded credentials for the registry
-    #    in JSON form {"username": "...", "password": "..."}
-    #  - 'auth-refresh' specifies an interval for automatic retrieval of
-    #    credentials; only for AWS ECR (see below)
-    #  - 'skip-tls-verify' determines whether to skip TLS verification for the
-    #    registry server (only for 'skopeo', see note below); defaults to false
-    source:
-      registry: docker.dev-at.de
-      auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg==
-    target:
-      registry: dev-harbor-01.smardigo.digital
-      auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K
-
-    # 'mappings' is a list of 'from':'to' pairs that define mappings of image
-    # paths in the source registry to paths in the destination; 'from' is
-    # required, while 'to' can be dropped if the path should remain the same as
-    # 'from'. Regular expressions are supported in both fields (read on below
-    # for more details). Additionally, the tags being synced for a mapping can
-    # be limited by providing a 'tags' list. This list may contain semver and
-    # regular expressions filters (see below). When omitted, all image tags are
-    # synced.
-    mappings:
-      - from: smardigo/connect-whitelabel-app
-        to: smardigo/connect-whitelabel-app
-        tags:
-          - 'regex: ^(latest)|(([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+))$'
-      - from: smardigo/iam-app
-        to: smardigo/iam-app
-        tags:
-          - 'regex: ^(latest)|(([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+))$'
-      - from: smardigo/smardigo-webdav-app
-        to: smardigo/smardigo-webdav-app
-        tags:
-          - 'regex: ^(latest)|(([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+))$'
-      - from: smardigo/smardigo-workflow-proxy-app
-        to: smardigo/smardigo-workflow-proxy-app
-        tags:
-          - 'regex: ^(latest)|(([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+))$'
-
-  - name: sensw
-    interval: 600
-    verbose: true
-    source:
-      registry: docker.dev-at.de
-      auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg==
-    target:
-      registry: dev-harbor-01.smardigo.digital
-      auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K
-    mappings:
-      - from: smardigo/sensw-app
-        to: sensw/sensw-app
-        tags:
-          - 'regex: ^(latest)|(([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+))$'
-      - from: smardigo/sensw-bda-adapter-app
-        to: sensw/sensw-bda-adapter-app
-        tags:
-          - 'regex: ^(latest)|(([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+))$'
-      - from: smardigo/sensw-profiskal-export-app
-        to: sensw/sensw-profiskal-export-app
-        tags:
-          - 'regex: ^(latest)|(([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+))$'
-
-  - name: ssp
-    interval: 600
-    verbose: true
-    source:
-      registry: docker.dev-at.de
-      auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg==
-    target:
-      registry: dev-harbor-01.smardigo.digital
-      auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K
-    mappings:
-      - from: smardigo/ssp-connect-app
-        to: ssp/ssp-connect-app
-        tags:
-          - 'regex: ^(latest)|(([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+))$'
-      - from: smardigo/smardigo-action-si-dyns-app
-        to: ssp/smardigo-action-si-dyns-app
-        tags:
-          - 'regex: ^(latest)|(([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+)\.([0-9]|[1-9][0-9]+))$'

docker/dregsy/docker-compose.yml

@@ -1,11 +0,0 @@
-version: '3.7'
-
-services:
-  local-dregsy:
-    image: "xelalex/dregsy:0.4.1"
-    volumes:
-      - "./config.yaml:/config.yaml:ro"
-      - "/var/run/docker.sock:/var/run/docker.sock:ro"
-    environment:
-      LOG_LEVEL: "debug"
-      LOG_FORMAT: "json"

dump-hcloud-ips.yml

@@ -0,0 +1,95 @@
+
+---
+
+# This playbook dumps all ip addresses from Hetzner Cloud saving it into local file.
+# A prefix "route" will be added, to easily use it within custom ovpn configuration.
+#
+# Parameters:
+#   playbook inventory
+#     stage := the name of the stage (e.g. devnso, qanso, prodnso)
+# Example:
+#   STAGE=ext && ansible-playbook dump-hcloud-ips.yml -e "stage=${STAGE}" --vault-password-file=~/.ansible-vault-pass-${STAGE}
+
+#############################################################
+#   Creating inventory dynamically for given parameters     #
+#############################################################
+
+- hosts: localhost
+  connection: local
+  gather_facts: false
+
+  pre_tasks:
+    - name: "Import constraints check"
+      import_tasks: tasks/constraints_check.yml
+      become: false
+      tags:
+        - always
+
+#     Add virtual server to load stage specific variables as context
+    - name: "Add <{{ stage }}-virtual-host-to-read-groups-vars> to hosts"
+      add_host:
+        name: "{{ stage }}-virtual-host-to-read-groups-vars"
+        groups:
+        - "stage_{{ stage }}"
+      changed_when: False
+
+#############################################################
+#   Dumping ip addresses from hcloud with given stage       #
+#############################################################
+
+- hosts: "{{ stage }}-virtual-host-to-read-groups-vars"
+  serial: "{{ serial_number | default(1) }}"
+  gather_facts: false
+  connection: local
+
+  pre_tasks:
+    - name: "Reading current server groups from hetzner"
+      include_role:
+        name: hetzner-ansible-hcloud
+        tasks_from: _read_server_infos
+      with_items: [
+        {
+          name: "all",
+          label_selector: "stage={{ stage }}",
+        }
+      ]
+      loop_control:
+        loop_var: current_server_group
+
+    - name: "Reading info about current loadbalancers from hetzner"
+      include_role:
+        name: hetzner-ansible-hcloud
+        tasks_from: _read_load_balancer_infos
+      with_items: [
+        {
+          name: "all",
+          #label_selector: "stage={{ stage }}", # There are no useful labels at the moment. Todo: Create labels for load balancers like stage=dev
+        }
+      ]
+      loop_control:
+        loop_var: current_load_balancer_group
+
+  tasks:
+    - name: 'Save Hetzner Server ip adresses in ~/hcloud_ip_addresses.txt'
+      blockinfile:
+        marker: "## {mark} managed by ansible (hosts config for {{ stage }}) ##"
+        path: '~/hcloud_ip_addresses.txt'
+        state: present
+        create: yes
+        block: |
+          {% for host in server_group_infos_all %}
+          # {{ host.name }}
+          route {{ host.ip }}
+          {% endfor %}
+
+    - name: 'Save Hetzner loadbalancer ip adresses in ~/hcloud_ip_addresses.txt'
+      blockinfile:
+        marker: "## {mark} managed by ansible (load balancer config for {{ stage }}) ##"
+        path: '~/hcloud_ip_addresses.txt'
+        state: present
+        create: yes
+        block: |
+          {% for host in load_balancer_group_infos_all %}
+          # {{ host.name }}
+          route {{ host.ip }}
+          {% endfor %}

elastic-certs.sh

@@ -1,3 +1,9 @@
 #!/bin/bash
 
-docker run -v `pwd`/templates/elastic-certs:/certs -v `pwd`/templates/elastic-certs/$1-instances.yaml:/usr/share/elasticsearch/config/certificates/$1-instances.yml docker.elastic.co/elasticsearch/elasticsearch:7.12.0 /bin/sh "/certs/certutil.sh" $1
+if [ "x$1" == "x" ];then
+  echo "Stage as param \$1 is missing. exit"
+  exit 1
+fi
+
+
+docker run -v `pwd`/templates/elastic-certs:/certs -v `pwd`/templates/elastic-certs/$1-instances.yaml:/usr/share/elasticsearch/config/certificates/$1-instances.yml docker.elastic.co/elasticsearch/elasticsearch:7.16.3 /bin/sh "/certs/certutil.sh" $1

evil-remove-server.yml

@@ -17,14 +17,11 @@
     default: 'no'
 
   pre_tasks:
-    - name: "Check if ansible version is at least 2.10.x"
-      assert:
-        that:
-          - ansible_version.major >= 2
-          - ansible_version.minor >= 10
-        msg: "The ansible version has to be at least ({{ ansible_version.full }})"
-      delegate_to: 127.0.0.1
+    - name: "Import constraints check"
+      import_tasks: tasks/constraints_check.yml
       become: false
+      tags:
+        - always
 
     - name: "Import autodiscover pre-tasks"
       import_tasks: tasks/autodiscover_pre_tasks.yml
@@ -36,13 +33,13 @@
     - block:
       - name: "Delete server <{{ inventory_hostname }}>"
         include_role:
-          name: hcloud
+          name: hetzner-ansible-hcloud
           tasks_from: _set_server_state
         vars: 
           - server_state: "absent"
       - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
         include_role:
-          name: sma_digitalocean
+          name: hetzner-ansible-dns
           tasks_from: _remove_dns
         vars:
           record_to_remove: '{{ inventory_hostname }}'

export-database.yml

@@ -0,0 +1,98 @@
+---
+
+# Parameters:
+#   playbook inventory
+#     stage := the name of the stage (e.g. devnso, qanso, prodnso)
+#     tenant_id := (unique key for the tenant, e.g. customer)
+#     cluster_name := (business name for the cluster, e.g. product, department )
+#     cluster_size := (WIP node count for the cluster)
+#     cluster_service := (service to setup, e.g. 'connect', ...)
+#     cluster_features := (optional features to use, e.g. ['wordpress', 'resubmission', ...])
+#     database_backup_file := the dump file to export, has to be on the database server under /tmp (e.g. wordpress_portal.sql)
+#     target_database := (optional) the database to export into ( see {{ connect_wordpress_maria_database }})
+#   smardigo message callback
+#     scope_id := (scope id of the management process)
+#     process_instance_id := (process instance id of the management process)
+#     smardigo_management_action := (smardigo management action anme of the management process)
+
+#############################################################
+#   Creating inventory dynamically for given parameters
+#############################################################
+
+- hosts: localhost
+  connection: local
+  gather_facts: false
+
+  pre_tasks:
+    - name: "Import constraints check"
+      import_tasks: tasks/constraints_check.yml
+      become: false
+      tags:
+        - always
+
+#     add virtual server to load stage specific variables as context
+    - name: "Add <{{ stage }}-virtual-host-to-read-groups-vars> to hosts"
+      add_host:
+        name: "{{ stage }}-virtual-host-to-read-groups-vars"
+        groups:
+        - "stage_{{ stage }}"
+      changed_when: False
+
+  tasks:
+    - name: Add maria servers to hosts if necessary
+      add_host:
+        name: "{{ shared_service_maria_primary }}"
+        groups:
+        - "stage_{{ stage }}"
+        - "{{ item }}"
+      changed_when: False
+      with_items: "{{ cluster_features }}"
+      when: item in ['connect_wordpress']
+
+#############################################################
+#   exporting database backups for created inventory
+#############################################################
+
+- hosts: "stage_{{ stage }}:!{{ stage }}-virtual-host-to-read-groups-vars"
+  serial: "{{ serial_number | default(1) }}"
+  remote_user: root
+  vars:
+    ansible_ssh_host: "{{ stage_server_domain }}"
+
+  pre_tasks:
+    - name: "Import autodiscover pre-tasks"
+      import_tasks: tasks/autodiscover_pre_tasks.yml
+      become: false
+      tags:
+        - always
+
+  roles:
+    - role: export_maria_database
+      vars:
+        database_backup_file: "{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-wordpress.sql.gz"
+      when:
+        - "'connect_wordpress' in group_names"
+        - "target_database is defined"
+
+    - role: export_maria_database
+      vars:
+        target_database: "{{ connect_wordpress_maria_database }}"
+        database_backup_file: "{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-wordpress.sql.gz"
+      when:
+        - "'connect_wordpress' in group_names"
+
+#############################################################
+#   Sending smardigo management message to process
+#############################################################
+
+- hosts: "{{ stage }}-virtual-host-to-read-groups-vars"
+  serial: "{{ serial_number | default(1) }}"
+  gather_facts: false
+  connection: local
+  run_once: true
+  vars:
+    connect_jwt_username: "{{ management_admin_username }}"
+
+  tasks:
+    - name: "Sending smardigo management message to <{{ shared_service_url_management }}>"
+      include_tasks: tasks/smardigo_management_message.yml

external_monitoring.yml

@@ -2,18 +2,48 @@
 - name: 'apply setup to {{ host | default("all") }}'
   hosts: '{{ host | default("all") }}'
   serial: "{{ serial_number | default(5) }}"
+  become: yes
   tasks:
-  - set_fact:
-      promethues_endpoints_all_stages:
-        - "{{ lookup('community.general.dig', 'dev-prometheus-01.' + domain ) }}"
-        - "{{ lookup('community.general.dig', 'qa-prometheus-01.' + domain ) }}"
+  - name: "Set VARs"
+    set_fact:
+      prometheus_endpoints_all_stages:
+        - "{{ lookup('community.general.dig', 'devnso-prometheus-01.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'qanso-prometheus-01.' + domain ) }}"
         - "{{ lookup('community.general.dig', 'prodnso-prometheus-01.' + domain ) }}"
+      k8s_nodes_devnso:
+        - "{{ lookup('community.general.dig', 'devnso-kube-node-01.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'devnso-kube-node-02.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'devnso-kube-node-03.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'devnso-kube-node-04.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'devnso-kube-node-05.' + domain ) }}"
+      k8s_nodes_qanso:
+        - "{{ lookup('community.general.dig', 'qanso-kube-node-01.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'qanso-kube-node-02.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'qanso-kube-node-03.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'qanso-kube-node-04.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'qanso-kube-node-05.' + domain ) }}"
+      k8s_nodes_prodnso:
+        - "{{ lookup('community.general.dig', 'prodnso-kube-node-01.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'prodnso-kube-node-02.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'prodnso-kube-node-03.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'prodnso-kube-node-04.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'prodnso-kube-node-05.' + domain ) }}"
+      k8s_nodes_mobene:
+        - "{{ lookup('community.general.dig', 'prodwork01-kube-node-01.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'prodwork01-kube-node-02.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'prodwork01-kube-node-03.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'prodwork01-kube-node-04.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'prodwork01-kube-node-05.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'prodwork01-kube-node-06.' + domain ) }}"
+        - "{{ lookup('community.general.dig', 'prodwork01-kube-node-07.' + domain ) }}"
 
   - name: "Allow SSH in UFW"
     ufw:
       rule: limit
       port: 22
       proto: tcp
+      src: "{{ item }}"
+    loop: "{{ ip_whitelist }}"
 
   - name: "Allow port 9100 for node-exporter in UFW"
     ufw:
@@ -21,7 +51,7 @@
       port: 9100
       proto: tcp
       src: "{{ item }}"
-    loop: "{{ promethues_endpoints_all_stages }}"
+    loop: "{{ prometheus_endpoints_all_stages }}"
 
   - name: "Allow port 9115 for blackbox-exporter in UFW"
     ufw:
@@ -29,7 +59,7 @@
       port: 9115
       proto: tcp
       src: "{{ item }}"
-    loop: "{{ promethues_endpoints_all_stages + ip_whitelist_admins}}"
+    loop: "{{ prometheus_endpoints_all_stages + ip_whitelist + k8s_nodes_mobene + k8s_nodes_devnso + k8s_nodes_qanso + k8s_nodes_prodnso + k8s_nodes_demompmx }}"
 
   - name: "Set firewall default policy"
     ufw:
@@ -46,10 +76,6 @@
     tags:
       - ssh_hardening
 
-  - name: "Install node-exporter via include_role"
-    include_role:
-      name:  cloudalchemy.node-exporter
-
   - name: "Install blackbox-exporter via include_role"
     include_role:
       name: cloudalchemy.blackbox-exporter

galaxy-requirements.yml

@@ -1,37 +1,65 @@
 ---
 roles:
   - name: geerlingguy.docker
-  version: 4.1.1
-- name: geerlingguy.kubernetes
-  version: 7.1.0
-- name: geerlingguy.redis
-  version: 1.7.0
-- name: idealista.prometheus_redis_exporter_role
-  version: 2.1.0
-- name: cloudalchemy.node-exporter
-  version: 2.0.0
-  scm: git
-  src: https://github.com/cloudalchemy/ansible-node-exporter
+    version: 6.0.3
   - name: cloudalchemy.blackbox-exporter
     version: 1.0.0
-  src: https://github.com/cloudalchemy/ansible-blackbox-exporter
     scm: git
+    src: https://github.com/cloudalchemy/ansible-blackbox-exporter
   - name: postfix
-  version: v3.6.1
+    version: v3.6.2
+    scm: git
     src: https://github.com/Oefenweb/ansible-postfix.git
+  - name: hetzner-ansible-dns
+    version: 0.0.5
+    scm: git
+    src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-dns-role.git
+  - name: hetzner-ansible-hcloud
+    version: 0.0.4
+    scm: git
+    src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-hcloud-role.git
+  - name: hetzner-ansible-common
+    version: 0.0.5
+    scm: git
+    src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-common-role.git
+  - name: hetzner-ansible-filebeat
+    version: 0.0.7
+    scm: git
+    src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-filebeat-role.git
+  - name: hetzner-ansible-metricbeat
+    version: 0.0.5
+    scm: git
+    src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-metricbeat-role.git
+  - name: hetzner-ansible-node-exporter
+    version: 0.0.4
+    scm: git
+    src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-node-exporter-role.git
+  - name: hetzner-ansible-traefik
+    version: 0.0.5
+    scm: git
+    src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-traefik-role.git
+  - name: hetzner-ansible-sma-deploy
+    version: 0.0.4
     scm: git
+    src: git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-sma-deploy-role.git
 
 collections:
   - name: hetzner.hcloud
-  version: 1.6.0
+    version: 1.8.2
   - name: community.general
+    version: 7.0.1
   - name: community.docker
-  version: 2.1.1
+    version: 3.4.6
   - name: kubernetes.core
+    version: 2.4.0
   - name: community.mysql
+    version: 3.7.1
   - name: community.postgresql
+    version: 2.4.1
   - name: community.digitalocean
-  version: 1.11.0
+    version: 1.23.0
   - name: devsec.hardening
-  version: 7.12.0
+    version: 8.7.0
     src: https://github.com/dev-sec/ansible-collection-hardening
+  - name: community.dns
+    version: 2.5.4

gitlab-mirrors.yml

@@ -0,0 +1,60 @@
+---
+# Parameters:
+#   playbook inventory
+#     stage := the name of the stage (e.g. devnso, qanso, prodnso)
+#   environment variable
+#     GITLAB_API_TOKEN := Access token from gitlab
+
+#############################################################
+#   Creating inventory dynamically for given parameters
+#############################################################
+
+- hosts: localhost
+  gather_facts: false
+  connection: local
+
+  tasks:
+    - name: Add hosts
+      add_host:
+        name: "{{ stage }}-gitlab"
+        groups: "{{ ['stage_' + stage ] }}"
+
+#############################################################
+#   Creating gitlab mirrors for current stage
+#############################################################
+
+- hosts: "stage_{{ stage }}"
+  serial: "{{ serial_number | default(1) }}"
+  gather_facts: false
+  connection: local
+  vars:
+    projects:
+    - id: 1210
+      name: argocd
+    - id: 1216
+      name: operator-awx
+    - id: 1212
+      name: operator-jaeger
+    - id: 1231
+      name: operator-knative
+    - id: 1233
+      name: smardigo-awx
+    - id: 1232
+      name: smardigo-jaeger
+
+  pre_tasks:
+    - name: "Add repository remote mirror to project"
+      delegate_to: 127.0.0.1
+      become: false
+      uri:
+        url: "https://git.dev-at.de/api/v4/projects/{{ item.id }}/remote_mirrors"
+        method: POST
+        body_format: json
+        body:
+          enabled: true
+          only_protected_branches: true
+          url: "https://{{ gitea_admin_username }}:{{ gitea_admin_password }}@{{ shared_service_hostname_gitea }}/argocd/{{ item.name }}.git"
+        headers:
+          PRIVATE-TOKEN: "{{ lookup('env', 'GITLAB_API_TOKEN') }}"
+        status_code: [201]
+      loop: "{{ projects }}"

gitlab.clone.k8s-clusters.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+git clone git@git.dev-at.de:smardigo-hetzner/k8s-clusters/devnso-argocd.git ../devnso-argocd
+git clone git@git.dev-at.de:smardigo-hetzner/k8s-clusters/devscr-argocd.git ../devscr-argocd
+git clone git@git.dev-at.de:smardigo-hetzner/k8s-clusters/qanso-argocd.git ../qanso-argocd
+git clone git@git.dev-at.de:smardigo-hetzner/k8s-clusters/prodnso-argocd.git ../prodnso-argocd
+git clone git@git.dev-at.de:smardigo-hetzner/k8s-clusters/demompmx-argocd.git ../demompmx-argocd

gitlab.clone.roles.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+git clone git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-common-role.git ../hetzner-ansible-common-role
+git clone git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-dns-role.git ../hetzner-ansible-dns-role
+git clone git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-filebeat-role.git ../hetzner-ansible-filebeat-role
+git clone git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-hcloud-role.git ../hetzner-ansible-hcloud-role
+git clone git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-metricbeat-role.git ../hetzner-ansible-metricbeat-role
+git clone git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-node-exporter-role.git ../hetzner-ansible-node-exporter-role.
+git clone git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-sma-deploy-role.git ../hetzner-ansible-sma-deploy-role
+git clone git@git.dev-at.de:smardigo-hetzner/ansible/hetzner-ansible-roles/hetzner-ansible-traefik-role.git ../hetzner-ansible-traefik-role

group_vars/all/argocd.yml

@@ -0,0 +1,180 @@
+---
+argocd_oidc_realm: "stage-argocd"
+argocd_oidc_client_id: "stage-argocd"
+argocd_oidc_client_secret: "{{ argocd_oidc_client_secret_vault | default(argo_keycloak_client_secret_vault) }}" # backwards compatibility
+argocd_oidc_admin_username: "argocd-admin"
+argocd_oidc_admin_password: "{{ argocd_oidc_admin_password_vault | default(argocd_admin_password_vault) }}" # backwards compatibility
+argocd_oidc_admin_email: "{{ devops_email_address }}"
+argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}"
+
+k8s_argocd_helm__name: "argo-cd"
+k8s_argocd_helm__release_namespace: "argo-cd"
+
+k8s_argocd_helm__chart_version: 5.19.0
+
+# https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd
+k8s_argocd_helm__release_values:
+  repoServer:
+    serviceAccount:
+      create: true
+      name: argo-cd-argocd-repo-server
+    rbac:
+    - apiGroups:
+      - ""
+      resources:
+      - secrets
+      verbs:
+      - get
+    logLevel: warn
+    logFormat: json
+    env:
+      - name: ARGOCD_MAX_CONCURRENT_LOGIN_REQUESTS_COUNT
+        value: "0"
+      - name: ARGOCD_EXEC_TIMEOUT
+        value: "300s"
+      - name: XDG_CONFIG_HOME
+        value: /.config
+      - name: GNUPGHOME
+        value: /home/argocd/.gnupg
+      - name: HELM_PLUGINS
+        value: /custom-tools/helm-plugins/
+      - name: HELM_SECRETS_SOPS_PATH
+        value: /custom-tools/sops
+      - name: HELM_SECRETS_VALS_PATH
+        value: /custom-tools/vals
+      - name: HELM_SECRETS_KUBECTL_PATH
+        value: /custom-tools/kubectl
+      - name: HELM_SECRETS_CURL_PATH
+        value: /custom-tools/curl
+      # https://github.com/jkroepke/helm-secrets/wiki/Security-in-shared-environments
+      - name: HELM_SECRETS_KEY_LOCATION_PREFIX
+        value: "/sops-gpg/"
+      - name: HELM_SECRETS_VALUES_ALLOW_SYMLINKS
+        value: "false"
+      - name: HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH
+        value: "false"
+      - name: HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL
+        value: "false"
+    volumes:
+      - name: custom-tools
+        emptyDir: {}
+      - name: custom-tools-helm
+        emptyDir: {}
+      - name: gnupg-home
+        emptyDir: {}
+      - name: sops-gpg
+        secret:
+          secretName: sops-gpg
+    volumeMounts:
+      - mountPath: /home/argocd/.gnupg
+        name: gnupg-home
+        subPath: .gnupg
+      - mountPath: /usr/local/bin/kustomize
+        name: custom-tools
+        subPath: kustomize
+        # Verify this matches a XDG_CONFIG_HOME=/.config env variable
+      - mountPath: /.config/kustomize/plugin/viaduct.ai/v1/ksops/ksops
+        name: custom-tools
+        subPath: ksops
+      - mountPath: /custom-tools/helm-plugins
+        name: custom-tools-helm
+        subPath: helm-plugins
+      - mountPath: /custom-tools/kubectl
+        name: custom-tools-helm
+        subPath: kubectl
+      - mountPath: /custom-tools/sops
+        name: custom-tools-helm
+        subPath: sops
+      - mountPath: /custom-tools/vals
+        name: custom-tools-helm
+        subPath: vals
+    initContainers:
+      - name: 1-install-ksops
+        image: viaductoss/ksops:v3.0.1
+        command: ["/bin/sh", "-c"]
+        args:
+          - echo "Installing KSOPS...";
+            mv ksops /custom-tools/;
+            mv $GOPATH/bin/kustomize /custom-tools/;
+            echo "Done.";
+        volumeMounts:
+          - mountPath: /custom-tools
+            name: custom-tools
+      - name: 2-download-tools
+        image: alpine:latest
+        command: [sh, -ec]
+        env:
+          - name: HELM_SECRETS_VERSION
+            value: "3.12.0"
+          - name: KUBECTL_VERSION
+            value: "1.24.3"
+          - name: VALS_VERSION
+            value: "0.18.0"
+          - name: SOPS_VERSION
+            value: "3.7.3"
+        args:
+          - |
+            echo "Installing helm secrets...";
+            mkdir -p /custom-tools/helm-plugins
+            wget -qO- https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets.tar.gz | tar -C /custom-tools/helm-plugins -xzf-;
+            echo "Done.";
+
+            echo "Downloading SOPS=${SOPS_VERSION} and kubectl ...";
+            wget -qO /custom-tools/sops https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux
+            wget -qO /custom-tools/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl
+            echo "Done.";
+
+            echo "Downloading vals...";
+            wget -qO- https://github.com/variantdev/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_amd64.tar.gz | tar -xzf- -C /custom-tools/ vals;
+            echo "Done.";
+
+            chmod +x /custom-tools/*;
+        volumeMounts:
+          - mountPath: /custom-tools
+            name: custom-tools-helm
+      - name: 3-import-gpg-key
+        image: argoproj/argocd:v2.2.5
+        command: ["gpg", "--import","/sops-gpg/gpg_key_smardigo_automation__private"]
+        env:
+          - name: GNUPGHOME
+            value: /gnupg-home/.gnupg
+        volumeMounts:
+          - mountPath: /sops-gpg
+            name: sops-gpg
+          - mountPath: /gnupg-home
+            name: gnupg-home
+  server:
+    logLevel: warn
+    logFormat: json
+    config:
+      kustomize.buildOptions: "--enable-alpha-plugins"
+      helm.valuesFileSchemes: >-
+        secrets+gpg-import, secrets+gpg-import-kubernetes,
+        secrets+age-import, secrets+age-import-kubernetes,
+        secrets,secrets+literal,
+        https
+    service:
+      sessionAffinity: ClientIP
+    ingress:
+      enabled: true
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-prod
+        cert-manager.io/issue-temporary-certificate: "true"
+        kubernetes.io/ingress.class: nginx
+        nginx.ingress.kubernetes.io/whitelist-source-range: "{{ ( ip_whitelist ) | join(',') }}"
+        nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
+        nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+        nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+      hosts:
+        - "{{ shared_service_kube_hostname_argocd }}"
+      tls:
+        - secretName: "{{ stage }}-kube-argocd-cert"
+          hosts:
+            - "{{ shared_service_kube_hostname_argocd }}"
+  dex:
+    enabled: false
+  applicationSet:
+    enabled: false
+  configs:
+    secret:
+      argocdServerAdminPassword: '{{ argocd_server_admin_password | password_hash("bcrypt") }}'

group_vars/all/awx.yml

@@ -0,0 +1,16 @@
+---
+awx_oidc_realm: "stage-awx"
+awx_oidc_client_id: "stage-awx"
+awx_oidc_client_secret: "{{ awx_oidc_client_secret_vault }}"
+awx_oidc_admin_username: "{{ awx_admin_username }}"
+awx_oidc_admin_password: "{{ awx_admin_password }}"
+awx_oidc_admin_email: "{{ devops_email_address }}"
+
+awx_custom_ee_image: "/awx/awx-custom-ee"
+
+awx_ansible_user_name: "awx"
+awx_ansible_user_ssh_key_private: "{{ ansible_ssh_key_private_vault }}"
+awx_credential_machine_hetzner_name: hetzner-ansible-ssh
+
+awx_ansible_username: ansible
+awx_ansible_password: ansible

group_vars/all/backup.yml

@@ -0,0 +1,4 @@
+---
+backup_communication_keys_repository: "https://{{ gitea_admin_username | urlencode() }}:{{ gitea_admin_password | urlencode() }}@{{ shared_service_hostname_gitea }}/gitea-admin/communication-keys.git"
+backup_communication_keys_stage_gpg_key: "smardigo_automation_{{ stage }}.gpg.pub"
+backup_gpg_recipient: "smardigo automation {{ stage | upper }}"

group_vars/all/connect.yml

@@ -0,0 +1,17 @@
+---
+shared_service_connect_data_hostname: "{{ shared_service_elastic_stack_01_hostname }}"
+shared_service_connect_data_username: "{{ elastic_connect_data_username_vault | default(elastic_admin_username) }}"
+shared_service_connect_data_password: "{{ elastic_connect_data_password_vault | default(elastic_admin_password) }}"
+
+connect_id: "{{ inventory_hostname }}-connect"
+connect_base_url: "{{ connect_id }}.{{ domain }}"
+wordpress_id: "{{ inventory_hostname }}-wordpress"
+wordpress_base_url: "{{ wordpress_id }}.{{ domain }}"
+
+smardigo_auth_token_name: "Smardigo-User-Token"
+
+smardigo_default_theme: "/themes/netgo.json"
+
+connect_wordpress_buergerportal_username: "buergerportal"
+# initial credentials, keycloak forces password update on first login
+connect_wordpress_buergerportal_password: "Buerger?P0rtal."

group_vars/all/database.yml

@@ -0,0 +1,20 @@
+---
+shared_service_maria_primary: "{{ stage }}-maria-01"
+
+shared_service_postgres_primary: "{{ stage }}-postgres01-01"
+shared_service_postgres_secondary: "{{ stage }}-postgres01-02"
+
+shared_service_pg_master_ip: "{{ stage_server_infos
+  | selectattr('name', '==', shared_service_postgres_primary )
+  | map(attribute='private_ip')
+  | list
+  | first
+  | default('-') }}"
+shared_service_pg_slave_ip: "{{ stage_server_infos
+  | selectattr('name', '==', shared_service_postgres_secondary )
+  | map(attribute='private_ip')
+  | list
+  | first
+  | default('-') }}"
+
+postgres_replicator_user_password: "{{ postgres_replicator_user_password_vault }}"

group_vars/all/dns.yml

@@ -0,0 +1,8 @@
+---
+dns: digitalocean
+domain: "smardigo.digital"
+domain_env: "{{ domain }}"
+traefik_letsencrypt_provider: "digitalocean"
+
+hetzner_dns_api_key: '{{ hetzner_dns_api_key_vault }}'
+digitalocean_authentication_token: '{{ digitalocean_authentication_token_vault }}'

group_vars/all/elastic.yml

@@ -0,0 +1,6 @@
+---
+elastic_cluster_settings_max_shards: 1000
+
+# We use a proxy due to blocked ip addresses by elastic
+filebeat_image_name: "{{ shared_service_hostname_harbor }}/docker.elastic.co/beats/filebeat"
+metricbeat_image_name: "{{ shared_service_hostname_harbor }}/docker.elastic.co/beats/metricbeat"

group_vars/all/firewall.yml

@@ -0,0 +1,290 @@
+---
+hcloud_firewall_objects:
+   -
+     name: "{{ stage }}-default"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: icmp
+        port: ''
+        source_ips: '{{ ip_whitelist }}'
+        destination_ips: []
+        description: "ICMP allowed"
+     -
+        direction: in
+        protocol: tcp
+        port: '22'
+        source_ips: '{{ ip_whitelist }}'
+        destination_ips: []
+        description: "Allow access to SSH for whitelisted ips"
+     -
+        direction: in
+        protocol: tcp
+        port: '80'
+        source_ips: '{{ ip_whitelist }}'
+        destination_ips: []
+        description: "Allow access to HTTP for whitelisted ips"
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: '{{ ip_whitelist }}'
+        destination_ips: []
+        description: "Allow access to HTTPS for whitelisted ips"
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }}'
+   -
+     name: "{{ stage }}-monitoring"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: tcp
+        port: '9080-9085'
+        source_ips: '{{ ip_whitelist + [ lookup("community.general.dig", stage + "-prometheus-01." + domain ) + "/32"]  }}'
+        destination_ips: []
+        description: "Allow access to Server/Service Monitoring for whitelisted ips"
+     -
+        direction: in
+        protocol: tcp
+        port: '9001'
+        source_ips: '{{ ip_whitelist }}'
+        destination_ips: []
+        description: "Allow access to PgAdmin Monitoring for whitelisted ips"
+     -
+        direction: in
+        protocol: tcp
+        port: '9187'
+        source_ips: '{{ ip_whitelist }}'
+        destination_ips: []
+        description: "Allow access to Postgres-Exporter Monitoring for whitelisted ips"
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }}'
+   -
+     name: "{{ stage }}-monitoring-extern-https"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips:
+         - "{{ lookup('community.general.dig', 'dev-blackbox-01.smardigo.digital' ) }}/32"
+        destination_ips: []
+        description: "Allow access to Blackbox Monitoring for whitelisted ips"
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service=connect'
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service=keycloak'
+   -
+     name: "{{ stage }}-access-to-kubernetes-api"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: tcp
+        port: '6443'
+        source_ips: "{{ ip_whitelist }}"
+        destination_ips: []
+        description: "Allow access to K8-API for whitelisted ips"
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service=kube_control_plane'
+
+hcloud_firewall_objects_awx:
+   -
+     name: "{{ stage }}-awx-ssh-access-for-k8s-nodes"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: tcp
+        port: '22'
+        source_ips: "{{ k8s_worker_node_ips }}"
+        destination_ips: []
+        description: "Allow access to SSH from kubernetes worker nodes"
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service'
+
+hcloud_firewall_objects_vpn:
+   -
+     name: "{{ stage }}-vpn-access"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: udp
+        port: "{{ service_port_wireguard }}"
+        source_ips: 
+          - "0.0.0.0/0"
+        destination_ips: []
+        description: "Allow access to VPN"
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service=vpn'
+
+hcloud_firewall_objects_backup:
+   -
+     name: "{{ stage }}-backup-ssh-access"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: tcp
+        port: '22'
+        source_ips:
+          - "{{ offsite_storage_server_ip }}"
+        destination_ips: []
+        description: "Allow access to BACKUP from offsite"
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service=backup'
+
+hcloud_firewall_objects_gitea:
+   -
+     name: "{{ stage }}-access-to-gitea"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: "{{ ip_whitelist }}"
+        destination_ips: []
+        description: "Allow access to GITEA for whitelisted ips"
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: "{{ [shared_service_network] + k8s_worker_node_ips }}"
+        destination_ips: []
+        description: "Allow access to GITEA for kubernetes worker nodes"
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: "{{ [shared_service_network] + (gitea_https_whitelisted_ips | default([])) }}"
+        destination_ips: []
+        description: "Allow access to GITEA for custom whitelisted ips"
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service=gitea'
+
+hcloud_firewall_objects_keycloak:
+   -
+     name: "{{ stage }}-access-to-keycloak"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: "{{ ip_whitelist }}"
+        destination_ips: []
+        description: "Allow access to KEYCLOAK for custom whitelisted ips"
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: "{{ [shared_service_network] + k8s_worker_node_ips }}"
+        destination_ips: []
+        description: "Allow access to KEYCLOAK for kubernetes worker nodes"
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: "{{ [shared_service_network] + (keycloak_https_whitelisted_ips | default([])) }}"
+        destination_ips: []
+        description: "Allow access to KEYCLOAK for custom whitelisted ips"
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service=keycloak'
+
+hcloud_firewall_objects_kibana:
+   -
+     name: "{{ stage }}-access-to-kibana"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: "{{ ip_whitelist }}"
+        destination_ips: []
+        description: "Allow access to KIBANA for whitelisted ips"
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: "{{ [shared_service_network] + k8s_worker_node_ips }}"
+        destination_ips: []
+        description: "Allow access to KIBANA for kubernetes worker nodes"
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: "{{ [shared_service_network] + (kibana_https_whitelisted_ips | default([])) }}"
+        destination_ips: []
+        description: "Allow access to KIBANA for custom whitelisted ips"
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service=kibana'
+
+hcloud_firewall_objects_management:
+   -
+     name: "{{ stage }}-access-to-management"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: "{{ ip_whitelist }}"
+        destination_ips: []
+        description: "Allow access to MANAGEMENT for whitelisted ips"
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: "{{ [shared_service_network] + k8s_worker_node_ips }}"
+        destination_ips: []
+        description: "Allow access to MANAGEMENT for kubernetes worker nodes"
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: "{{ [shared_service_network] + (management_https_whitelisted_ips | default([])) }}"
+        destination_ips: []
+        description: "Allow access to MANAGEMENT for custom whitelisted ips"
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service=connect,tenant=management'

group_vars/all/gitea.yml

@@ -0,0 +1,7 @@
+---
+gitea_oidc_realm: "stage-gitea"
+gitea_oidc_client_id: "stage-gitea"
+gitea_oidc_client_secret: "{{ gitea_oidc_client_secret_vault | default(gitea_client_secret) }}" # backwards compatibility
+gitea_oidc_admin_username: "{{ gitea_admin_username }}"
+gitea_oidc_admin_password: "{{ gitea_admin_password }}"
+gitea_oidc_admin_email: "{{ devops_email_address }}"

group_vars/all/gpg.yml

@@ -0,0 +1,4 @@
+# smardigo automation {{ stage }} gpg key
+# https://git.dev-at.de/smardigo-hetzner/communication-keys/
+# push mirror: https://{{ stage }}-gitea-01.smardigo.digital/gitea-admin/communication-keys/
+gpg_key_smardigo_automation__private: "{{ gpg_key_smardigo_automation__private__vault }}"

group_vars/all/grafana.yml

@@ -0,0 +1,18 @@
+---
+# Define a list of unprivileged Grafana users which will be assigned to the 'Viewer' role
+# Set initial login password for all users, needs to be changed by the user afterwards!
+grafana_users:
+  - name: "smardigo"
+    login: "smardigo"
+    email: "{{ grafana_smardigo_email }}"
+    password: "{{ grafana_smardigo_password }}"
+
+grafana_smardigo_password: "{{ grafana_smardigo_password_vault }}"
+
+# Define Grafana Dashboards which should be visible users without admin role
+# See uids from in hetzner-ansible/templates/prometheus/config/grafana/provisioning/dashboards/*.json
+grafana_dashboard_whitelist:
+  - "hb7fSE0Zz" # Servers
+  - "spring_boot_21" # Spring Boot Statistics
+  - "000000039" # PostgreSQL Database
+  - "549c2bf8936f7767ea6ac47c47b00f2a" # MySQL

group_vars/all/harbor.yml

@@ -0,0 +1,10 @@
+---
+harbor_oidc_realm: "stage-harbor"
+harbor_oidc_client_id: "stage-harbor"
+harbor_oidc_client_secret: "{{ harbor_oidc_client_secret_vault | default(docker_registry_oidc_client_secret_vault) }}"  # backwards compatibility
+harbor_oidc_admin_username: "harbor-admin"
+harbor_oidc_admin_password: "{{ harbor_oidc_admin_password_vault }}"
+harbor_oidc_admin_email: "{{ devops_email_address }}"
+
+harbor_username: "{{ docker_registry_username_vault }}"
+harbor_token: "{{ docker_registry_token_vault }}"

group_vars/all/keycloak.yml

@@ -0,0 +1,5 @@
+---
+keycloak_admin_username: "keycloak-admin"
+keycloak_admin_password: "{{ keycloak_admin_password_vault }}"
+
+keycloak_default_theme: "mpmx-theme"

group_vars/all/kubespray.yml

@@ -0,0 +1,2 @@
+---
+kube_image_repo: "prodnso-harbor-01.smardigo.digital/k8sgcrio-proxy"

group_vars/all/management.yml

@@ -0,0 +1,47 @@
+---
+management_admin_username: "management-admin" # backwards compatibility
+management_admin_password: "{{ management_admin_password_vault }}" # backwards compatibility
+
+management_oidc_realm: "stage-connect"
+management_oidc_client_id: "connect"
+management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}"
+management_oidc_admin_username: "management-admin"
+management_oidc_admin_password: "{{ management_admin_password_vault }}"
+management_oidc_admin_email: "{{ devops_email_address }}"
+
+management_configurations:
+  - pmci
+  - backup
+  - provisioning # legacy
+
+connect_workflow_env:
+  - "stage:{{ stage }}"
+  - "managementHostname:{{ shared_service_host_management }}"
+  - "kibanaHostname:{{ shared_service_hostname_kibana }}"
+  - "keycloakHostname:{{ shared_service_hostname_keycloak }}"
+  - "smardigoUserToken:{{ smardigo_auth_token_value | default('-') }}"
+
+connect_connection_teams_url: "{{ netgo_msteams_hook_cd }}"
+connect_connection_awx_url: "{{ shared_service_kube_url_awx }}/"
+connect_connection_harbor_url: "{{ shared_service_url_harbor }}/v2/"
+
+connect_connections:
+- id: "teams"
+  name: "MS Teams"
+  url: "{{ connect_connection_teams_url }}"
+  connectionType: "HTTPS"
+  authType: "NO_AUTH"
+- id: "awx"
+  name: "AWX"
+  url: "{{ connect_connection_awx_url }}"
+  connectionType: "HTTP"
+  authType: "BASIC_AUTH"
+  username: "{{ awx_admin_username }}"
+  password: "{{ awx_admin_password }}"
+- id: "harbor"
+  name: "Harbor"
+  url: "{{ connect_connection_harbor_url }}"
+  connectionType: "HTTP"
+  authType: "BASIC_AUTH"
+  username: "{{ harbor_admin_username }}"
+  password: "{{ harbor_admin_password }}"

group_vars/all/plain.yml

@@ -1,6 +1,6 @@
 ---
+ansible_ssh_host: "{{ stage_server_domain }}"
 
-debug: false
 ssh_macs:
   - umac-128-etm@openssh.com
   - hmac-sha2-256-etm@openssh.com
@@ -23,8 +23,9 @@ ssh_ciphers:
   - aes256-ctr
   - aes128-gcm@openssh.com
   - aes256-gcm@openssh.com
-ssh_permit_root_login: 'yes'
+ssh_permit_root_login: "yes"
 
+debug: false
 docker_enabled: true
 docker_config_enabled: true
 traefik_enabled: true
@@ -39,57 +40,59 @@ common_apt_dependencies:
   - zip
   - curl
   - htop
+  - iotop
   - net-tools
   - bash-completion
   - python3-pip
 
 common_pip_dependencies:
+  - passlib
+  - pyOpenSSL>=23.0
   - docker-compose
+  - requests==2.28
 
 use_ssl: true
 http_s: "http{{ use_ssl | ternary('s', '', omit) }}"
 
-domain: "smardigo.digital"
 stage_server_domain: "{{ inventory_hostname }}.{{ domain }}"
 stage_server_url: "{{ http_s }}://{{ stage_server_domain }}"
-
-alertmanager_channel_smardigo: "#monitoring-{{ stage }}"
+stage_kube_load_balancer: "{{ stage_kube }}-ingress"
 
 hetzner_server_type: cx11
 hetzner_server_image: ubuntu-20.04
-
-awx_ansible_user_name: "awx"
-awx_ansible_user_ssh_key_private: "{{ ansible_ssh_key_private_vault }}"
-awx_credential_machine_hetzner_name: hetzner-ansible-ssh
+hetzner_location: nbg1
+hetzner_load_balancer_type: lb11
 
 gitlab_ansible_user_name: "gitlabci"
 
-# used for root-access by hetzner on server creation (@see cloud console/security/ssh-keys)
-hetzner_ssh_keys:
+backupuser_user_name: backupuser
+
+# used for root-access by hetzner on server creation
+# all ssh keys have to be available to hetzner cloud
+# (@see cloud console / security / ssh-keys) (web ui)
+default_hetzner_ssh_keys:
   - "claus.paetow@netgo.de"
-  - "friedrich.goerz@netgo.de"
-  - "peter.heise@netgo.de"
   - "sven.ketelsen@netgo.de"
+  - "michael.haehnel@netgo.de"
+  - "hoan.to@netgo.de"
+  - "hendrik.kiedrowski@netgo.de"
   - "{{ awx_ansible_user_name }}@netgo.de"
-  - "{{ gitlab_ansible_user_name }}@netgo.de"
+  - "{{ gitlab_ansible_user_name }}@git.dev-at.de"
+
+hetzner_ssh_keys: "{{
+  default_hetzner_ssh_keys
+  + (custom_stage_hetzner_ssh_keys | default([]))
+  }}"
 
-hetzner_server_labels: "stage={{ stage }}"
+hetzner_server_labels: "stage={{ stage }} service=none"
 
 admin_user: "root"
 
-sudo_groups: [
-  {
-    id:   "CentOS",
-    sudo_group:   "wheel",
-  },
-  {
-    id:   "RedHat",
-    sudo_group:   "wheel",
-  },
-  {
-    id:   "Ubuntu",
-    sudo_group:   "sudo",
-  },
+sudo_groups:
+  [
+    { id: "CentOS", sudo_group: "wheel" },
+    { id: "RedHat", sudo_group: "wheel" },
+    { id: "Ubuntu", sudo_group: "sudo" },
   ]
 sudo_group: "{{ sudo_groups
   | selectattr('id', 'match', '' + ansible_distribution + '')
@@ -99,50 +102,56 @@ sudo_group: "{{ sudo_groups
   | replace('.', '-') }}"
 
 # whitelist for outdated user detection - they wont't be deleted at all
+default_users:
+  - "nobody"
+  - "elastic"
+  - "postgres"
+  - "backuphamster"
+  - "administrator"
+  - "{{ admin_user }}"
+
 default_plattform_users:
-  - 'nobody'
-  - 'elastic'
-  - 'postgres'
-  - 'administrator'
-  - '{{ admin_user }}'
-  - '{{ backupuser_username }}'
-
-smardigo_plattform_users:
-  - 'claus.paetow'
-  - 'friedrich.goerz'
-  - 'peter.heise'
-  - 'sven.ketelsen'
-  - '{{ awx_ansible_user_name }}'
-  - '{{ gitlab_ansible_user_name }}'
-
-ip_whitelist_admins:
-  - "79.215.10.239/32" # sven
-  - "212.86.56.112/32" # peter
-
-ip_whitelist:
+  - "claus.paetow"
+  - "sven.ketelsen"
+  - "michael.haehnel"
+  - "hoan.to"
+  - "hendrik.kiedrowski"
+  - "{{ awx_ansible_user_name }}"
+  - "{{ gitlab_ansible_user_name }}"
+
+smardigo_plattform_users: "{{
+  default_plattform_users
+  + (custom_plattform_users | default([]))
+  + (custom_stage_plattform_users | default([]))
+  }}"
+
+ip_whitelist_netgo:
   - "212.121.131.106/32" # netgo berlin
   - "149.233.6.129/32" # netgo e-shelter
   - "46.245.219.98/32" # netgo borken
-  - "{{ shared_service_network }}"
+  - "164.138.195.162/32" # netgo Aachen
 
-# for test purpose DEV-361
-# currently (2022.03.18) set to IP of hetzner VM
-gitlab_storage_server: 167.235.18.147/32
+ip_whitelist: "{{ ip_whitelist_netgo + [shared_service_network] + [(shared_service_vpn_ip+'/32') | default('')] | select() }}"
+
+offsite_storage_server_ip: 142.132.155.83/32
 
 docker_owner: "{{ admin_user }}"
 docker_group: "{{ admin_user }}"
 docker_users: "{{ smardigo_plattform_users }}"
-docker_compose_version: "1.29.2"
 docker_compose_path: "/usr/bin/docker-compose"
 
-service_base_path: '/etc/smardigo'
+service_base_path: "/etc/smardigo"
 
-gitea_admin_email: "nso.devops@netgo.de"
-lets_encrypt_email: "nso.devops@netgo.de"
-connect_admin_email: "nso.devops@netgo.de"
-keycloak_admin_email: "nso.devops@netgo.de"
-pgadmin4_admin_email: "nso.devops@netgo.de"
-harbor_oidc_admin_email: "nso.devops@netgo.de"
+devops_email_address: "nso.devops@netgo.de"
+gitea_admin_email: "{{ devops_email_address }}"
+lets_encrypt_email: "{{ devops_email_address }}"
+connect_admin_email: "{{ devops_email_address }}"
+keycloak_admin_email: "{{ devops_email_address }}"
+pgadmin4_admin_email: "{{ devops_email_address }}"
+grafana_admin_email: "{{ devops_email_address }}"
+grafana_smardigo_email: "{{ devops_email_address }}"
+harbor_oidc_admin_email: "{{ devops_email_address }}"
+argocd_admin_email: "{{ devops_email_address }}"
 
 http_port: "80"
 https_port: "443"
@@ -157,7 +166,6 @@ service_port_logstash: "5044"
 service_port_postgres: "5432"
 service_port_kibana: "5601"
 service_port_cadvisor: "8080"
-service_port_webdav: "8080"
 service_port_keycloak: "8080"
 service_port_iam: "8082"
 service_port_sonarqube: "9000"
@@ -165,6 +173,7 @@ service_port_pgadmin: "9001"
 service_port_phpmyadmin: "9002"
 service_port_node_exporter: "9100"
 service_port_elasticsearch: "9200"
+service_port_wireguard: "51820"
 
 monitor_port_system: "9082"
 monitor_port_docker: "9083"
@@ -176,142 +185,13 @@ monitor_port_postgres: "9087"
 admin_port_service: "9081"
 admin_port_traefik: "9080"
 
-connect_id: "{{ inventory_hostname }}-connect"
-connect_base_url: "{{ connect_id }}.{{ domain }}"
-wordpress_id: "{{ inventory_hostname }}-wordpress"
-wordpress_base_url: "{{ wordpress_id }}.{{ domain }}"
-
-smardigo_auth_token_name: "Smardigo-User-Token"
-
 filebeat_certificate: "{{ stage }}-elastic-stack-filebeat"
 logstash_certificate: "{{ stage }}-elastic-stack-logstash-01"
 
 backup_directory: "/backups"
 
-blackbox_exporter_fqdn: "dev-blackbox-01.{{ domain }}"
-blackbox_http_2xx_targets:
-- 'https://{{ stage }}-keycloak-01.smardigo.digital/auth/'
-#- 'https://{{ stage }}-management-01-connect.smardigo.digital/'
-blackbox_http_2xx_additional_targets: []
-
-prometheus_federation_enabled: true
-kubernetes_prometheus_endpoint: "{{ stage }}-kube-prometheus.{{ domain }}"
-
-backupuser_username: backupuser
-backupuser_ssh_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAFRYAy3PqimYUWcO4Q9pdTvDQTsq7hKjWYoQEsJICnRRv+W+5d2lJvC3gqMpmWy9XxtrYePkVHCgIvfJSas9Jv7n7eeYoeWLWJq0nRSKg6EKFCH9y3v8tGPJQQf7wogOhHwr6m79c+lpNVUsVR+QOf76+47ZuwnuEBzK6xbDkmwyt7SPrJ59IFxOlmtz2HgVlTLczLalMygM4qlXqIt+lwuuFz4CsGcr4TwMKp9Uk6SCP3OV12oLnUUUOA3r72qmE4+JeUN6VNbXoBXEANfXm5kbM8w+dFhulCi1fQZCssB8PStA7Cs0gVqL6DYNUKRZaFL8e77hljGkPlOQDxOsBexPuceSDmmr6s5qT1wA6bnEFoeWbLlxixGlFA+1Q/LqWsYzoOZiTHDoaXvsc4VizlPp4Fn0OgJefPjuzBsWOyf0ob5oucfnmCAvEh/k+ioq0bIQDcliAM1UezitblHQgGHhqnKPMi664i0ULLiExARe4IV3KJiaG++RJyzUL5HNz3Qru+K5/pdj2jffluYTC4w+6ZYfjWEZS/DAumExv9T97kFOsapHCQJwTBa368Ch6uKkPCZO8p/ra3xTIUh/PibHaVCadgX2NR9q6jdiQtmc0SOyNJlMlPZD/Q1NrjXJ18ASny7gCBFItMyMtinVx9xQxQ+PFLB8oNYERw1ejIw== storage-server-smardigo'
-
-current_date_time: "{{ lookup('pipe','date +%Y-%m-%d_%H:%M') }}"
-
-hcloud_firewall_objects:
-   -
-     name: "{{ stage }}-default"
-     state: present
-     rules:
-     -
-        direction: in
-        protocol: icmp
-        port: ''
-        source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
-        destination_ips: []
-        description: ICMP allowed
-     -
-        direction: in
-        protocol: tcp
-        port: '22'
-        source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
-        destination_ips: []
-        description: SSH allowed
-     -
-        direction: in
-        protocol: tcp
-        port: '80'
-        source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
-        destination_ips: []
-        description: HTTP allowed
-     -
-        direction: in
-        protocol: tcp
-        port: '443'
-        source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
-        destination_ips: []
-        description: HTTPS allowed
-     -
-        direction: in
-        protocol: tcp
-        port: 'any'
-        source_ips: '{{ ip_whitelist_admins }}'
-        destination_ips: []
-        description: TCP - allow work from home without VPN
-     -
-        direction: in
-        protocol: udp
-        port: 'any'
-        source_ips: '{{ ip_whitelist_admins }}'
-        destination_ips: []
-        description: UDP - allow work from home without VPN
-     apply_to:
-     -
-       type: label_selector
-       label_selector:
-         selector: 'stage={{ stage }}'
-   -
-     name: "{{ stage }}-monitoring"
-     state: present
-     rules:
-     -
-        direction: in
-        protocol: tcp
-        port: '9080-9085'
-        source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
-        destination_ips: []
-        description: 'Server/Service Monitoring'
-     -
-        direction: in
-        protocol: tcp
-        port: '9001'
-        source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
-        destination_ips: []
-        description: 'PgAdmin'
-     -
-        direction: in
-        protocol: tcp
-        port: '9187'
-        source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
-        destination_ips: []
-        description: 'Postgres-Exporter'
-     -
-        direction: in
-        protocol: tcp
-        port: '80'
-        source_ips: '{{ ip_whitelist + ip_whitelist_admins }}'
-        destination_ips: []
-        description: 'AWX'
-     apply_to:
-     -
-       type: label_selector
-       label_selector:
-         selector: 'stage={{ stage }}'
-   -
-     name: "{{ stage }}-monitoring-extern-https"
-     state: present
-     rules:
-     -
-        direction: in
-        protocol: tcp
-        port: '443'
-        source_ips:
-         - "{{ lookup('community.general.dig', 'dev-blackbox-01.smardigo.digital' ) }}/32"
-        destination_ips: []
-        description: null
-     apply_to:
-     -
-       type: label_selector
-       label_selector:
-         selector: 'service=connect'
-     -
-       type: label_selector
-       label_selector:
-         selector: 'service=keycloak'
+get_current_date: "{{ lookup('pipe', 'date +%Y-%m-%d') }}"
+get_current_date_time: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}"
 
 hetzner_authentication_ansible: "{{ hetzner_authentication_ansible_vault }}"
 hetzner_authentication_ccm: "{{ hetzner_authentication_ccm_vault }}"
@@ -321,83 +201,22 @@ k8s_basic_services:
   - kubelet
   - containerd
 
-hcloud_firewall_objects_awx:
-   -
-     name: "{{ stage }}-awx-ssh-access-for-k8s-nodes"
-     state: present
-     rules:
-     -
-        direction: in
-        protocol: tcp
-        port: '22'
-        source_ips: "{{ src_ips }}"
-        destination_ips: []
-        description: null
-     apply_to:
-     -
-       type: label_selector
-       label_selector:
-         selector: 'stage={{ stage }}'
-   -
-     name: "{{ stage }}-awx-access-SMA-mgmt-instance"
-     state: present
-     rules:
-     -
-        direction: in
-        protocol: tcp
-        port: '443'
-        source_ips: "{{ src_ips }}"
-        destination_ips: []
-        description: null
-     apply_to:
-     -
-       type: label_selector
-       label_selector:
-         selector: 'service=connect,tenant=management'
-   -
-     name: "{{ stage }}-awx-access-443-SMA-peripheral-instances"
-     state: present
-     rules:
-     -
-        direction: in
-        protocol: tcp
-        port: '443'
-        source_ips: "{{ src_ips }}"
-        destination_ips: []
-        description: null
-     apply_to:
-     -
-       type: label_selector
-       label_selector:
-         selector: 'service=gitea'
-     -
-       type: label_selector
-       label_selector:
-         selector: 'service=keycloak'
-     -
-       type: label_selector
-       label_selector:
-         selector: 'service=kibana'
-
-hcloud_firewall_objects_backup:
-   -
-     name: "{{ stage }}-database-backup-ssh-access"
-     state: present
-     rules:
-     -
-        direction: in
-        protocol: tcp
-        port: '22'
-        source_ips:
-          - "{{ gitlab_storage_server }}"
-        destination_ips: []
-        description: null
-     apply_to:
-     -
-       type: label_selector
-       label_selector:
-         selector: 'service=postgres'
-     -
-       type: label_selector
-       label_selector:
-         selector: 'service=maria'
+selfsigned_ca_private_key_passphrase: "{{ selfsigned_ca_private_key_passphrase_vault }}"
+
+# hetzner upstream DNSservers
+upstream_dns_servers:
+  - 185.12.64.1
+  - 185.12.64.2
+
+keycloak_admin_username: "keycloak-admin"
+keycloak_admin_password: "{{ keycloak_admin_password_vault }}"
+
+# Note: all dollar signs in the hash need to be doubled for escaping.
+# To create user:password pair, it's possible to use this command:
+# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
+traefik_admin_username: "traefik-admin"
+traefik_admin_password_htpasswd: "{{ traefik_admin_password_htpasswd_vault }}"
+
+mysql_root_username: "{{ mysql_root_username_vault }}"
+mysql_root_password: "{{ mysql_root_password_vault }}"
+lvm_volume_encryption: false

group_vars/all/prometheus.yml

@@ -0,0 +1,38 @@
+---
+# node exporter exposes data only into the private network
+node_exporter_listen_address: "{{ stage_private_server_ip }}"
+
+# TODO the blackbox exporter shouldn't be DEV tagged at all
+blackbox_exporter_fqdn: "dev-blackbox-01.{{ domain }}"
+
+blackbox_http_2xx_targets:
+  - "https://{{ stage }}-keycloak-01.smardigo.digital/auth/"
+  - "https://{{ stage_kube }}-awx.smardigo.digital"
+# - 'https://{{ stage }}-management-01-connect.smardigo.digital/'
+
+blackbox_http_2xx_additional_targets: []
+
+prometheus_tsdb_rentention_time: "4w"
+
+prometheus_federation_enabled: true
+prometheus_remote_write_enabled: true
+
+prometheus_alert_diskspaceusage_warning: 85
+prometheus_alert_pg_replication_lag: 120
+
+alertmanager_channel_smardigo: "#monitoring-{{ stage }}"
+
+prometheus_enabled: true
+prometheus_alertmanager_enabled: true
+prometheus_grafana_enabled: true
+prometheus_prom2teams_enabled: true
+
+prometheus_service_names:
+  - "{{ (prometheus_enabled | default(true)) | ternary(prometheus_id, '') }}"
+  - "{{ (prometheus_alertmanager_enabled | default(true)) | ternary(alertmanager_id, '') }}"
+  - "{{ (prometheus_grafana_enabled | default(true)) | ternary(grafana_id, '') }}"
+  - "{{ (prometheus_prom2teams_enabled | default(true)) | ternary(prom2teams_id, '') }}"
+
+prometheus_docker_volume_names:
+  - "{{ (prometheus_alertmanager_enabled | default(true)) | ternary(alertmanager_id + '-data', '') }}"
+  - "{{ (prometheus_grafana_enabled | default(true)) | ternary(grafana_id + '-data', '') }}"

group_vars/all/services.yml

@@ -1,4 +1,62 @@
 ---
-
+# TODO variable shouldn't used in a global way
 elastic_id: "{{ inventory_hostname }}-elastic"
+# TODO variable shouldn't used in a global way
 elastic_exporter_id: "{{ inventory_hostname }}-elastic-exporter"
+
+shared_service_url_harbor: "https://{{ shared_service_hostname_harbor }}"
+shared_service_hostname_harbor: "{{ stage }}-harbor-01.{{ domain_env }}"
+shared_service_url_gitea: "https://{{ shared_service_hostname_gitea }}"
+shared_service_hostname_gitea: "{{ stage }}-gitea-01.{{ domain_env }}"
+shared_service_url_keycloak: "https://{{ shared_service_hostname_keycloak }}"
+shared_service_hostname_keycloak: "{{ stage }}-keycloak-01.{{ domain_env }}"
+shared_service_url_kibana: "https://{{ shared_service_hostname_kibana }}"
+shared_service_hostname_kibana: "{{ stage }}-elastic-stack-kibana-01-kibana.{{ domain_env }}"
+shared_service_host_management: "{{ stage }}-management-01"
+shared_service_url_management: "https://{{ shared_service_hostname_management }}"
+shared_service_hostname_management: "{{ shared_service_host_management }}-connect.{{ domain_env }}"
+
+shared_service_hostname_logstash: "{{ stage }}-elastic-stack-logstash-01"
+
+# use private loadbalancer ip for all kubernetes services
+stage_kube: "{{ stage }}"
+shared_service_kube_url_argocd: "https://{{ shared_service_kube_hostname_argocd }}"
+shared_service_kube_hostname_argocd: "{{ stage_kube }}-argocd.{{ domain_env }}"
+shared_service_kube_url_awx: "https://{{ shared_service_kube_hostname_awx }}"
+shared_service_kube_hostname_awx: "{{ stage_kube }}-awx.{{ domain_env }}"
+shared_service_kube_url_gitea: "https://{{ shared_service_kube_hostname_gitea }}"
+shared_service_kube_hostname_gitea: "{{ stage_kube }}-gitea.{{ domain_env }}"
+shared_service_kube_url_harbor: "https://{{ shared_service_kube_hostname_harbor }}"
+shared_service_kube_hostname_harbor: "{{ stage }}-harbor.{{ domain_env }}"
+shared_service_kube_url_kibana: "https://{{ shared_service_kube_hostname_kibana }}"
+shared_service_kube_hostname_kibana: "{{ stage_kube }}-kibana.{{ domain_env }}"
+shared_service_kube_url_prometheus: "https://{{ shared_service_kube_hostname_prometheus }}"
+shared_service_kube_hostname_prometheus: "{{ stage_kube }}-prometheus.{{ domain_env }}"
+shared_service_kube_jaeger_collector_hostname: "{{ stage_kube }}-jaeger-collector.{{ domain_env }}"
+
+shared_service_kube_loadbalancer_public_ip_not_available: "public loadbalancer ip not available"
+shared_service_kube_loadbalancer_public_ip: "{{ stage_public_ingress_loadbalancer_ip | default(shared_service_kube_loadbalancer_public_ip_not_available) }}"
+shared_service_kube_loadbalancer_private_ip_not_available: "private loadbalancer ip not available"
+shared_service_kube_loadbalancer_private_ip: "{{ stage_private_ingress_loadbalancer_ip | default(shared_service_kube_loadbalancer_private_ip_not_available) }}"
+shared_service_loadbalancer_logstash_public_ip_not_available: "public logstash loadbalancer ip not available"
+shared_service_loadbalancer_logstash_public_ip: "{{ stage_public_logstash_loadbalancer_ip | default(shared_service_loadbalancer_logstash_public_ip_not_available) }}"
+shared_service_loadbalancer_logstash_private_ip_not_available: "private logstash loadbalancer ip not available"
+shared_service_loadbalancer_logstash_private_ip: "{{ stage_private_logstash_loadbalancer_ip | default(shared_service_loadbalancer_logstash_private_ip_not_available) }}"
+
+shared_service_default_additional_hosts:
+  - name: "{{ shared_service_kube_hostname_argocd }}"
+    ip: "{{ shared_service_kube_loadbalancer_private_ip }}"
+  - name: "{{ shared_service_kube_hostname_awx }}"
+    ip: "{{ shared_service_kube_loadbalancer_private_ip }}"
+  - name: "{{ shared_service_kube_hostname_gitea }}"
+    ip: "{{ shared_service_kube_loadbalancer_private_ip }}"
+  - name: "{{ shared_service_kube_hostname_harbor }}"
+    ip: "{{ shared_service_kube_loadbalancer_private_ip }}"
+  - name: "{{ shared_service_kube_hostname_kibana }}"
+    ip: "{{ shared_service_kube_loadbalancer_private_ip }}"
+  - name: "{{ shared_service_kube_hostname_prometheus }}"
+    ip: "{{ shared_service_kube_loadbalancer_private_ip }}"
+  - name: "{{ shared_service_kube_jaeger_collector_hostname }}"
+    ip: "{{ shared_service_kube_loadbalancer_private_ip }}"
+
+shared_service_additional_hosts: "{{ shared_service_default_additional_hosts + (shared_service_custom_additional_hosts | default([])) }}"

group_vars/all/versions.yml

@@ -0,0 +1,31 @@
+---
+elastic_elasticsearch_version: "7.16.3"
+elastic_elasticsearch_exporter_version: "v1.5.0"
+elastic_filebeat_version: "7.16.3"
+elastic_kibana_version: "7.16.3"
+elastic_logstash_version: "7.16.3"
+elastic_metricbeat_version: "7.16.3"
+
+gitea_version: "1.19"
+
+prom_grafana_version: "9.1.5"
+
+harbor_version: "v2.4.1"
+
+keycloak_version: "21.0.2.7"
+
+pgadmin4_version: "7.3"
+
+prom_alertmanager_version: "v0.25.0"
+prom_blackbox_exporter_version: "v0.24.0"
+prom_prometheus_version: "v2.44.0"
+prom_prom2teams_version: "3.2.3" # TODO 4.2.1
+
+traefik_version: "v2.10.3"
+
+connect_version: "10.5"
+iam_version: "10.5"
+
+ansible_minimal_version: "2.12.0"
+
+wireguard_version: latest

group_vars/all/vpn.yml

@@ -0,0 +1,8 @@
+---
+shared_service_vpn: "{{ stage }}-vpn-01"
+shared_service_vpn_ip: "{{ stage_server_infos
+  | selectattr('name', 'match', shared_service_vpn )
+  | map(attribute='public_ip')
+  | list
+  | first
+  | default('-') }}"

group_vars/backup/plain.yml

@@ -1,9 +1,13 @@
 ---
 #TODO needs to be removed after story DEV-361 is finished
 hetzner_server_type: "{{ hetzner_server_type_bastelserver | default('cx21') }}"
-hetzner_server_labels: "stage={{ stage }} service=bastelserver"
+hetzner_server_labels: "stage={{ stage }} service=backup"
 
 docker_enabled: false
 traefik_enabled: false
 filebeat_enabled: false
-node_exporter_enabled: false
+
+common_pip_dependencies: []
+
+custom_plattform_users:
+  - backuphamster

group_vars/connect/plain.yml

@@ -6,15 +6,14 @@ hetzner_server_labels: "stage={{ stage }} service=connect{% if tenant_id is defi
 # unique id for a service, will be used for service access management as well (e.g. keycloak realm)
 connect_client_id: "{{ cluster_name }}"
 
-connect_postgres_host: "{{ shared_service_postgres_01_hostname }}"
+connect_postgres_host: "{{ shared_service_postgres_primary }}"
 connect_postgres_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_connect"
 connect_postgres_username: "{{ connect_postgres_database }}"
 connect_postgres_password: "connect-postgres-admin"
 
-#connect_process_search_module: "external"
-connect_elastic_host: "{{ shared_service_elastic_stack_01_hostname }}"
-connect_elastic_username: "{{ elastic_admin_username }}"
-connect_elastic_password: "{{ elastic_admin_password }}"
+connect_elastic_host: "{{ shared_service_connect_data_hostname }}"
+connect_elastic_username: "{{ shared_service_connect_data_username }}"
+connect_elastic_password: "{{ shared_service_connect_data_password }}"
 connect_elastic_ca: "file:/usr/share/smardigo/ca.crt"
 connect_elastic_prefix: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}"
 
@@ -26,17 +25,12 @@ connect_auth_module: "oidc"
 connect_oidc_client_id: "{{ cluster_name }}"
 connect_oidc_client_secret: "{{ cluster_name }}"
 connect_oidc_registration_id: "{{ cluster_name }}"
-connect_oidc_issuer_uri: "https://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}"
+connect_oidc_issuer_uri: "https://{{ shared_service_hostname_keycloak }}/auth/realms/{{ current_realm_name }}"
 
-connect_password_change_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}/account/password"
-connect_iam_user_management_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/admin/{{ current_realm_name }}/console"
+connect_password_change_url: "{{ http_s }}://{{ shared_service_hostname_keycloak }}/auth/realms/{{ current_realm_name }}/account/password"
+connect_iam_user_management_url: "{{ http_s }}://{{ shared_service_hostname_keycloak }}/auth/admin/{{ current_realm_name }}/console"
 
 connect_mail_properties_simulation: false
 
-connect_loglevel_message_queue: "DEBUG"
-connect_loglevel_document_index: "DEBUG"
-connect_loglevel_workflow_index: "DEBUG"
-connect_loglevel_workflow_analysis: "DEBUG"
-
 connect_csrf_token_name: "21f4d682-dbad-45e5-b3b5-47d274b9772d"
 connect_csrf_token_value: "4d2ef8cc-f7d9-46d4-b4d6-f20f9dc48040"

group_vars/connect_datasource_action/main.yml

@@ -0,0 +1,3 @@
+---
+
+connect_datasource_action_enabled: "true"

group_vars/connect_search_elastic/main.yml

@@ -0,0 +1,3 @@
+---
+
+connect_search_elastic_enabled: "true"

group_vars/connect_webdav/main.yml

@@ -1,3 +0,0 @@
----
-
-connect_webdav_enabled: "true"

group_vars/connect_wordpress/main.yml

@@ -0,0 +1,4 @@
+---
+connect_wordpress_maria_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_connect_wordpress"
+connect_wordpress_maria_username: "{{ connect_wordpress_maria_database }}"
+connect_wordpress_maria_password: "connect-wordpress-maria-admin"

group_vars/connect_wordpress/plain.yml

@@ -1,14 +0,0 @@
----
-
-connect_wordpress_maria_host: "{{ shared_service_maria_hostname }}"
-connect_wordpress_maria_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_connect_wordpress"
-connect_wordpress_maria_username: "{{ connect_wordpress_maria_database }}"
-connect_wordpress_maria_password: "connect-wordpress-maria-admin"
-
-connect_wordpress_oidc_issuer: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}"
-connect_wordpress_oidc_provider_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}"
-connect_wordpress_oidc_client_id: "{{ cluster_name }}"
-connect_wordpress_oidc_client_secret: "{{ cluster_name }}"
-
-connect_wordpress_buergerportal_username: "buergerportal"
-connect_wordpress_buergerportal_password: "buergerportal"

group_vars/connect_workflow_heatmap/main.yml

@@ -0,0 +1,3 @@
+---
+
+connect_workflow_heatmap_enabled: "true"

group_vars/elastic/plain.yml

@@ -1,6 +1,6 @@
 ---
 
-hetzner_server_type: cx31
+hetzner_server_type: cpx31
 hetzner_server_labels: "stage={{ stage }} service=elastic"
 
 traefik_enabled: false

group_vars/gitea/plain.yml

@@ -8,11 +8,7 @@ gitea_postgres_id: "{{ inventory_hostname }}-postgres-gitea"
 
 gitea_base_url: "{{ inventory_hostname }}.{{ domain }}"
 
-# unique id for a service, will be used for service access management as well (e.g. keycloak realm)
-gitea_client_id: "{{ cluster_name }}"
-gitea_client_secret: "{{ cluster_name }}"
-
-gitea_postgres_host: "{{ shared_service_postgres_01_hostname }}"
+gitea_postgres_host: "{{ shared_service_postgres_primary }}"
 gitea_postgres_database: "{{ stage }}_gitea"
 gitea_postgres_username: "{{ gitea_postgres_database }}"
 gitea_postgres_password: "gitea-postgres-admin"

group_vars/gw/plain.yml

@@ -1,9 +0,0 @@
----
-
-hetzner_server_type: cx21
-hetzner_server_labels: "stage={{ stage }} service=gw"
-
-docker_enabled: false
-traefik_enabled: false
-filebeat_enabled: false
-node_exporter_enabled: false

group_vars/harbor/plain.yml

@@ -2,3 +2,71 @@
 
 hetzner_server_type: cpx31
 hetzner_server_labels: "stage={{ stage }} service=harbor"
+
+filebeat_inputs:
+- type: log
+  paths:
+    - /var/log/harbor/portal.log
+  fields:
+    harbor: true
+    harbor-component: harbor-portal
+- type: log
+  paths:
+    - /var/log/harbor/exporter.log
+  fields:
+    harbor: true
+    harbor-component: harbor-exporter
+- type: log
+  paths:
+    - /var/log/harbor/redis.log
+  fields:
+    harbor: true
+    harbor-component: redis
+- type: log
+  paths:
+    - /var/log/harbor/registryctl.log
+  fields:
+    harbor: true
+    harbor-component: registryctl
+- type: log
+  paths:
+    - /var/log/harbor/chartmuseum.log
+  fields:
+    harbor: true
+    harbor-component: chartmuseum
+- type: log
+  paths:
+    - /var/log/harbor/trivy-adapter.log
+  fields:
+    harbor: true
+    harbor-component: trivy-adapter
+- type: log
+  paths:
+    - /var/log/harbor/postgresql.log
+  fields:
+    harbor: true
+    harbor-component: harbor-db
+- type: log
+  paths:
+    - /var/log/harbor/jobservice.log
+  fields:
+    harbor: true
+    harbor-component: harbor-jobservice
+- type: log
+  paths:
+    - /var/log/harbor/proxy.log
+  fields:
+    harbor: true
+    harbor-component: nginx
+- type: log
+  paths:
+    - /var/log/harbor/registry.log
+  fields:
+    harbor: true
+    harbor-component: registry
+- type: log
+  paths:
+    - /var/log/harbor/core.log
+  fields:
+    harbor: true
+    harbor-component: harbor-core

group_vars/k8s_cluster/plain.yml

@@ -1,9 +1,11 @@
 ---
 
-ip: "{{ stage_private_server_ip | default('-') }}"
+ip: "{{ stage_private_server_ip | default('### use dynamic inventory ###') }}"
 
 ### parameters used by kubespray ###
 
+kube_version: v1.23.16
+
 cloud_provider: external
 kube_network_plugin: calico
 kube_proxy_metrics_bind_address: 0.0.0.0:10249
@@ -22,5 +24,16 @@ helm_enabled: true
 #TODO configuration migration needed
 #krew_enabled: true
 
+kube_service_addresses: 10.233.0.0/18
+kube_pods_subnet: 10.233.64.0/18
+kube_network_node_prefix: 24
+
+## Automatically renew K8S control plane certificates on first Monday of each month
+auto_renew_certificates: true
+# First Monday of each month
+# auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00"
+
+unsafe_show_logs: true
+
 additional_pip_dependencies:
   - kubernetes

group_vars/keycloak/plain.yml

@@ -3,7 +3,7 @@
 hetzner_server_type: cx11
 hetzner_server_labels: "stage={{ stage }} service=keycloak"
 
-keycloak_postgres_host: "{{ shared_service_postgres_01_hostname }}"
+keycloak_postgres_host: "{{ shared_service_postgres_primary }}"
 keycloak_postgres_database: "{{ stage }}_keycloak"
 keycloak_postgres_username: "{{ keycloak_postgres_database }}"
 keycloak_postgres_password: "keycloak-postgres-admin"

group_vars/kube_control_plane/plain.yml

@@ -1,9 +1,8 @@
 ---
 
-hetzner_server_type: "{{ hetzner_server_type_kube_master | default('cpx21') }}"
+hetzner_server_type: "{{ hetzner_server_type_kube_cpl | default('cpx21') }}"
 hetzner_server_labels: "stage={{ stage }} service=kube_control_plane"
 
 docker_enabled: false
 traefik_enabled: false
 filebeat_enabled: false
-node_exporter_enabled: false

group_vars/kube_node/plain.yml

@@ -6,4 +6,3 @@ hetzner_server_labels: "stage={{ stage }} service=kube_node"
 docker_enabled: false
 traefik_enabled: false
 filebeat_enabled: false
-node_exporter_enabled: false

group_vars/logstash/plain.yml

@@ -1,5 +1,6 @@
 ---
-
 hetzner_server_labels: "stage={{ stage }} service=logstash"
 
 traefik_enabled: false
+
+logstash_ssl_enabled: true

group_vars/management/plain.yml

@@ -1,53 +1,3 @@
 ---
 
 hetzner_server_type: cx21
-
-connect_image_version: "latest"
-
-connect_admin_username: "{{ management_admin_username }}"
-connect_admin_password: "{{ management_admin_password }}"
-connect_workflow_env: "stage:{{ stage }};smardigoUserToken:{{ smardigo_auth_token_value }}"
-connect_process_search_module: "external"
-connect_oidc_client_secret: "{{ management_oidc_client_secret }}"
-spring_profiles_include: "prod,postgres,elastic,swagger"
-
-tenant_id: "{{ management_oidc_realm }}"
-cluster_size: "1"
-cluster_name: "{{ management_oidc_client_id }}"
-current_realm_name: "management"
-current_realm_display_name: "Stage Management"
-
-postgres_acls:
-  - name: "{{ connect_postgres_database }}"
-    password: "{{ connect_postgres_password }}"
-    trusted_cidr_entry: "{{ shared_service_network }}"
-
-current_realm_clients: [
-  {
-    name: '{{ management_oidc_client_id }}',
-    clientId: "{{ management_oidc_client_id }}",
-    admin_url: '',
-    root_url: '',
-    redirect_uris: [
-        "{{ http_s }}://{{ connect_base_url }}/*"
-    ],
-    secret: '{{ management_oidc_client_secret }}',
-    web_origins: [
-      "{{ http_s }}://{{ connect_base_url }}"
-    ],
-  }
-]
-
-current_realm_users: [
-  {
-    "username": "{{ management_admin_username }}",
-    "password": "{{ management_admin_password }}",
-    "email": "{{ connect_admin_email }}",
-    "requiredActions": []
-  }
-]
-current_realm_admin_user:
-  username: "{{ management_realm_admin_username }}"
-  password: "{{ management_realm_admin_password }}"
-  email: "{{ connect_admin_email }}"
-  requiredActions: []

group_vars/maria/plain.yml

@@ -7,6 +7,9 @@ mysql_databases: []
 
 mysql_users: []
 
-docker_enabled: false
 traefik_enabled: false
-filebeat_enabled: false
+
+filebeat_maria_enabled: true
+
+custom_plattform_users:
+  - '{{ backupuser_user_name }}'

group_vars/pdns/plain.yml

@@ -1,20 +0,0 @@
----
-
-hetzner_server_type: cx11
-hetzner_server_labels: "stage={{ stage }} service=pdns"
-
-pdns_id: "{{ inventory_hostname }}-pdns"
-pdns_postgres_id: "{{ inventory_hostname }}-postgres-pdns"
-pdns_recursor_id: "{{ inventory_hostname }}-recursor-pdns"
-pdns_admin_id: "{{ inventory_hostname }}-admin-pdns"
-pdns_admin_postgres_id: "{{ inventory_hostname }}-admin-postgres-pdns"
-#pdns_api_key: "< see vault >"
-
-pdns_postgres_host: "{{ shared_service_postgres_01_hostname }}"
-pdns_postgres_database: "{{ stage }}_pdns"
-pdns_postgres_username: "{{ pdns_postgres_database }}"
-pdns_postgres_password: "pdns-postgres-admin"
-
-pdns_admin_postgres_database: "{{ stage }}_pdns_admin"
-pdns_admin_postgres_username: "{{ pdns_admin_postgres_database }}"
-pdns_admin_postgres_password: "pdns-admin-postgres-admin"

group_vars/postgres/plain.yml

@@ -1,10 +1,18 @@
 ---
-
 hetzner_server_type: cpx11
-hetzner_server_labels: "stage={{ stage }} service=postgres"
+hetzner_server_labels: "stage={{ stage }} service=postgres role={{ server_type }}"
 
 postgres_acls: []
 
-docker_enabled: false
 traefik_enabled: false
-filebeat_enabled: false
+
+filebeat_postgres_enabled: true
+
+custom_plattform_users:
+  - "{{ backupuser_user_name }}"
+
+postgres_homedir: "/var/lib/postgresql"
+
+postgres_pgdatadir_lvm_hcloudvol_size: 10
+postgres_pgdatadir_lvm_hcloudvol_count: 1
+postgres_pgdatadir_lvm_hcloudvol_mountpath: "{{ postgres_homedir }}"

group_vars/postgres01/plain.yml

@@ -0,0 +1,3 @@
+---
+shared_service_postgres_primary: "{{ stage }}-postgres01-01"
+shared_service_postgres_secondary: "{{ stage }}-postgres01-02"

group_vars/postgres02/plain.yml

@@ -0,0 +1,3 @@
+---
+shared_service_postgres_primary: "{{ stage }}-postgres02-01"
+shared_service_postgres_secondary: "{{ stage }}-postgres02-02"

group_vars/redis/plain.yml

@@ -1,11 +0,0 @@
----
-hetzner_server_type: cx11
-hetzner_server_labels: "stage={{ stage }} service=redis"
-
-docker_enabled: false
-traefik_enabled: false
-
-redis_bind_interface: 0.0.0.0
-redis_maxmemory: '{{ ansible_memtotal_mb * 0.8 | int }}'
-
-redis_exporter_ip: "{{ ansible_ens10.ipv4.address | default('127.0.0.1') }}"

group_vars/restore/plain.yml

@@ -0,0 +1,15 @@
+---
+hetzner_server_type: "{{ hetzner_server_type_restore_database | default('cpx21') }}"
+hetzner_server_labels: "stage={{ stage }} service=restore database_engine={{ database_engine | default('') }}"
+
+docker_enabled: false
+traefik_enabled: false
+filebeat_enabled: false
+node_exporter_enabled: false
+
+custom_plattform_users:
+  - "{{ backupuser_user_name }}"
+
+# postgresql related
+# defining type of server (master|slave|restore)
+server_type: restore

group_vars/stage_demompmx/awx.yml

@@ -0,0 +1,6 @@
+---
+awx_admin_username: "awx-admin"
+awx_admin_password: "{{ awx_admin_password_vault }}"
+
+awx_hetzner_ansible_revision: "prodnso"
+awx_custom_ee_image: "/prodnso/awx/awx-custom-ee"

group_vars/stage_demompmx/bootstrap.yml

@@ -0,0 +1,14 @@
+---
+harbor_bootstrap_helm_url: "prodnso-harbor-01.smardigo.digital/infrastructure"
+harbor_bootstrap_helm_name: "infrastructure"
+harbor_bootstrap_username: "{{ harbor_bootstrap_username_vault }}"
+harbor_bootstrap_password: "{{ harbor_bootstrap_password_vault}}"
+
+gitea_bootstrap_url: "https://demompmx-gitea.smardigo.digital/demompmx/demompmx-argocd"
+gitea_bootstrap_username: "{{ gitea_admin_username }}"
+gitea_bootstrap_password: "{{ gitea_admin_password }}"
+
+custom_ip_whitelist:
+  - "5.75.131.94"
+  - "116.203.156.144"
+  - "91.107.225.163"

group_vars/stage_demompmx/connect.yml

@@ -0,0 +1,6 @@
+---
+connect_ribbon_display: "demo only"
+smardigo_default_theme: "/themes/mpm-x.json"
+
+connect_name: "mpm eXecution"
+connect_language_code: "en"

group_vars/stage_demompmx/database.yml

@@ -0,0 +1,18 @@
+---
+stage_database_management_connect_name: "{{ stage }}_infrastructure_management_connect"
+stage_database_management_connect_password: "connect-postgres-admin"
+stage_database_management_keycloak_name: "{{ stage }}_infrastructure_management_keycloak"
+stage_database_management_keycloak_password: "keycloak-postgres-admin"
+stage_database_management_gitea_name: "{{ stage }}_infrastructure_management_gitea"
+stage_database_management_gitea_password: "gitea-postgres-admin"
+
+stage_postgres_acls:
+  - name: "{{ stage_database_management_connect_name }}"
+    password: "{{ stage_database_management_connect_password }}"
+    trusted_cidr_entry: "{{ shared_service_network }}"
+  - name: "{{ stage_database_management_keycloak_name }}"
+    password: "{{ stage_database_management_keycloak_password }}"
+    trusted_cidr_entry: "{{ shared_service_network }}"
+  - name: "{{ stage_database_management_gitea_name }}"
+    password: "{{ stage_database_management_gitea_password }}"
+    trusted_cidr_entry: "{{ shared_service_network }}"

group_vars/stage_demompmx/firewall.yml

@@ -0,0 +1,143 @@
+---
+hcloud_firewall_objects:
+   -
+     name: "{{ stage }}-default"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: icmp
+        port: ''
+        source_ips: '{{ ip_whitelist }}'
+        destination_ips: []
+        description: ICMP allowed
+     -
+        direction: in
+        protocol: tcp
+        port: '22'
+        source_ips: '{{ ip_whitelist }}'
+        destination_ips: []
+        description: SSH allowed
+     -
+        direction: in
+        protocol: tcp
+        port: '80'
+        source_ips: '{{ ip_whitelist }}'
+        destination_ips: []
+        description: HTTP allowed
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: '{{ ip_whitelist }}'
+        destination_ips: []
+        description: HTTPS allowed
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }}'
+   -
+     name: "{{ stage }}-monitoring"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: tcp
+        port: '9080-9085'
+        source_ips: '{{ ip_whitelist + [ lookup("community.general.dig", stage + "-prometheus-01." + domain ) + "/32"]  }}'
+        destination_ips: []
+        description: 'Server/Service Monitoring'
+     -
+        direction: in
+        protocol: tcp
+        port: '9001'
+        source_ips: '{{ ip_whitelist }}'
+        destination_ips: []
+        description: 'PgAdmin'
+     -
+        direction: in
+        protocol: tcp
+        port: '9187'
+        source_ips: '{{ ip_whitelist }}'
+        destination_ips: []
+        description: 'Postgres-Exporter'
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }}'
+   -
+     name: "{{ stage }}-monitoring-extern-https"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips:
+         - "{{ lookup('community.general.dig', 'dev-blackbox-01.smardigo.digital' ) }}/32"
+        destination_ips: []
+        description: null
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service=connect'
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service=keycloak'
+   -
+     name: "{{ stage }}-access-to-kubernetes-api"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: tcp
+        port: '6443'
+        source_ips: "{{ ip_whitelist }}"
+        destination_ips: []
+        description: "Allow access for whitelisted ips"
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service=kube_control_plane'
+   -
+     name: "{{ stage }}-access-to-connect"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: 
+          - '0.0.0.0/0'
+        destination_ips: []
+        description: "Whitelisting ALL(also from UNTRUST) incoming HTTPS traffic for connect-instance(s)"
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service=connect'
+
+
+hcloud_firewall_objects_keycloak:
+   -
+     name: "{{ stage }}-access-to-keycloak"
+     state: present
+     rules:
+     -
+        direction: in
+        protocol: tcp
+        port: '443'
+        source_ips: 
+          - '0.0.0.0/0'
+        destination_ips: []
+        description: "Whitelisting ALL(also from UNTRUST) incoming HTTPS traffic for keycloak-instance(s))"
+     apply_to:
+     -
+       type: label_selector
+       label_selector:
+         selector: 'stage={{ stage }},service=keycloak'

group_vars/stage_demompmx/gitea.yml

@@ -0,0 +1,5 @@
+---
+gitea_admin_username: "gitea-admin"
+gitea_admin_password: "{{ gitea_admin_password_vault }}"
+gitea_postgres_username: "gitea-postgres"
+gitea_postgres_password: "{{ gitea_postgres_password_vault }}"

group_vars/stage_demompmx/grafana.yml

@@ -0,0 +1,4 @@
+---
+grafana_signing_secret: "{{ grafana_signing_secret_vault }}"
+grafana_admin_username: "grafana-admin"
+grafana_admin_password: "{{ grafana_admin_password_vault }}"

group_vars/stage_demompmx/kubernetes.yml

@@ -0,0 +1,7 @@
+---
+
+kubernetes_with_externaldns: true
+kubernetes_with_certmanager: true
+kubernetes_with_ingress: true
+kubernetes_with_gitea: true
+kubernetes_with_awx: true

group_vars/stage_demompmx/logging.yml

@@ -0,0 +1,2 @@
+---
+logstash_ssl_enabled: false

group_vars/stage_demompmx/management.yml

@@ -0,0 +1,6 @@
+---
+management_configurations:
+  - pmci
+  - backup
+
+connect_connection_harbor_url: "{{ shared_service_url_harbor }}/v2/prodnso/"

group_vars/stage_demompmx/plain.yml

@@ -0,0 +1,39 @@
+---
+stage: "demompmx"
+
+hetzner_server_type_kube_cpl: cpx21
+hetzner_server_type_kube_node: cpx31
+
+custom_stage_plattform_users:
+  - "hp.wissenbach"
+
+# TODO read configuration with hetzner rest api
+shared_service_network: "10.0.0.0/16"
+
+netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}"
+netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"
+
+pgadmin4_admin_username: "{{ pgadmin4_admin_email }}"
+pgadmin4_admin_password: "{{ pgadmin4_admin_password_vault }}"
+
+shared_service_hostname_gitea: "{{ shared_service_kube_hostname_gitea }}"
+shared_service_hostname_harbor: "{{ shared_service_kube_hostname_harbor }}"
+
+shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain_env }}"
+shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain_env }}"
+
+connect_jwt_enabled: true
+connect_jwt_secret: "06aa5b66a2e241b7af934035df79e8a8"
+iam_jwt_enabled: true
+iam_jwt_secret: "b9bb2282a3284bf291173ef202928004"
+
+harbor_admin_username: "{{ harbor_admin_username_vault }}"
+harbor_admin_password: "{{ harbor_admin_password_vault }}"
+
+shared_service_url_kibana: "{{ shared_service_kube_url_kibana }}"
+shared_service_hostname_kibana: "{{ shared_service_kube_hostname_kibana }}"
+
+elastic_admin_username: "{{ elastic_admin_username_vault }}"
+elastic_admin_password: "{{ elastic_admin_password_vault }}"
+
+shared_service_elastic_stack_01_hostname: "demompmx-connect-data.smardigo.digital:443"

group_vars/stage_demompmx/prometheus.yml

@@ -0,0 +1,15 @@
+---
+prometheus_admin_username: "prometheus-admin"
+prometheus_admin_password: "{{ prometheus_admin_password_vault }}"
+prometheus_admin_password_htpasswd: "{{ prometheus_admin_password_htpasswd_vault }}"
+
+alertmanager_admin_username: "alertmanager-admin"
+alertmanager_admin_password: "{{ alertmanager_admin_password_vault }}"
+alertmanager_admin_password_htpasswd: "{{ alertmanager_admin_password_htpasswd_vault }}"
+
+# federation for k8s prometheus -> stage prometheus
+prometheus_federation_enabled: false
+
+prometheus_alertmanager_enabled: false
+prometheus_prom2teams_enabled: false
+prometheus_grafana_enabled: false

group_vars/stage_demompmx/services.yml

@@ -0,0 +1,13 @@
+---
+shared_service_url_harbor: "{{ shared_service_kube_url_harbor }}"
+shared_service_hostname_logstash: "{{ stage }}-logstash.{{ domain_env }}"
+
+shared_service_custom_additional_hosts:
+  - name: "demompmx-connect-data.smardigo.digital"
+    ip: "{{ shared_service_kube_loadbalancer_private_ip }}"
+  - name: "{{ shared_service_hostname_logstash }}"
+    ip: "{{ shared_service_loadbalancer_logstash_private_ip }}"
+
+iam_image_name: '{{ shared_service_hostname_harbor }}/prodnso/smardigo/iam-app'
+connect_image_name: "{{ shared_service_hostname_harbor }}/prodnso/smardigo/connect-whitelabel-app"
+wordpress_image_name: "{{ shared_service_hostname_harbor }}/prodnso/smardigo/wordpress"

group_vars/stage_demompmx/vault.yml

@@ -0,0 +1,134 @@
+$ANSIBLE_VAULT;1.1;AES256
+66666630626564383030363137383662346134643436386338333064386665326531373866326231
+6362376464343063353137633437363032383138633563380a663561373261373933343839323863
+39326631663232633761666465313131663039326362383438376362623336343031303639623861
+3638633065393834390a383231653764313061616164346364376565663137663963343639343561
+33333465373966646561376335333662373663316531663166303534626536623437613364633964
+64343835386237393236363535336661386638333936343437363666636330316531333630633230
+38663239306235663061353039393764646461383937326631343866396164633331326233313632
+36323563373434626661653366626161393436346637323032396166323230653665653338343663
+32376339356362343931613866353865653036353261616365303466353238353130633534306434
+37656239373733336165656134396333656135383334633363316665666537333030326263333334
+35383731323366643665633262396530326263303061383264393662396365316261333534333830
+61346333303138313139633039653530386264303937323661323465336331393133373530373132
+63366434316537313339333035313431363262613939616435626338656465613361613638313630
+65646635363633656439643034376262363565316436303230623738323436633164396533353461
+36386133633063636539323466346666616530386236656330393764666365333266323661373565
+66616135373964623236623963323961313466343736666334313236386637663237616562633165
+63363532386532333866326638613437363866306661626534373161323764383138663032656262
+61613661396535613633326231336133653861316462316436303761666238393431366438346130
+38373666316530376563306132393631383965326666366439346138376638383162653139323630
+39376536396535623133383461383034323333633964643062343333373334663539373464383230
+33313661373037353063386566353334356430303935363231346635636434393232623265663938
+66613734303239343235386630303139363762343265333534333239386361613063613363383130
+37393763643266323232613063383939636433376339343330303366393233656435646362343061
+62373531313664356266333930336135626531326438393165343133616563653936353361323462
+38383165636465393731376337323738663366303436363530386131313564316234316432316431
+34643261656135363638306535393962343630633865303865383763633763663930636363366132
+36326636356230663338376338646136633434386164646434323835353938646465653134306666
+64346465383264316333346661363363346666633930386438626230623937313865626565653664
+37616464313565353836636363333833323132313038386333663130656333323531363263373835
+62626630366236663437346537366161646533333037366238366536643262343261343466326431
+37326662643863306434383438636465623033656666316534626131336261643538333731393766
+65623533353734643465646434656262613564633232623334336661303038633565636632393461
+63633164313635333938643364313634636365343261353037666665366661363837313533386435
+66333837316632373265306231613162386263333136386361626232346435623634333161393439
+37303166343330633462346637303865626332623164303961346263323562626462383030623763
+66623561346538383263363366353263336539383935666535633636343537636533636530376364
+34666338356534323365363535333635336537646234633761386230633232353662653136336664
+66666235633439336562393039643535623265646262353264303138653961663833656165636666
+38323862326465383062363133613533633166376465373663656663323336636336656637386434
+62336632323861373362333032353134386437343561353031383531613465653132323066353832
+33373839643333336336336536636236303763383263363133333762316439653630663661343033
+38613231373035373131653632636439653035346336343963666537633033396239356462616435
+31393561383261616462343635373935623366386631386631646532333530376436343137623265
+66313134363762623933313231633136386138353763333262333963373462633832303231386664
+39303766333234363634366433633938626562363636326233383764623936373331643964363965
+30373931633062306237656633306433346561303930313536336264663466656261376262663130
+31636462666164396639363332373366313334316635643933393433363664646331363734643838
+61303632343262663839663663396663323262626337623862653761363765663135363365373431
+31643130646331383235666464623264363433643835306331313638663039376462353035313532
+36383566373639333036363538636632633632626164343161666435666162343434333134323131
+62313664626261386364323231303139333866376236316130343165313362646637333764383435
+39353435353465643463316437633064363133326533346234383163636661336461383164623435
+32616537316366303634613435313961633566633838306232363032383538346435366230633863
+34313230313466326361653734363939666662353333616330306134303537613566383465643937
+30636530343063393065373563366534376332356332393537613030666436313930643032303538
+61303437343331626234353462643264616635623362323563396339666438303332393761363030
+34663438346636326364643338616539643465333463616465636330353035636533396332633637
+37393136356564333932303439343036326464663339303165333036373630616363623361386566
+61323634663835333966323563623931663131653562616166383463633132623237643265313964
+62643431626165643133393762393661623866356533646465393864616164663466306234323965
+37643061633331366630373766666337656339343330383236656533636637393439623632613766
+30643563356132393137623132616131383637613461623536353933393737346562643837303534
+61663966656638383133363439393163343136663664343135646134323537343562306439303438
+64343933396561613739653734663238306664386564343035393764373534623234336537313333
+37303230333131643739393330313466333461626639656261623461653830636334366132343266
+39613839323839356334303762623931633739643232376537636465356630623861633636613434
+32333331346433366435636366333761393165303436353739663965396664333830333263666134
+30313533636663393936613762366231646132643835623537636232383465343566346466646130
+66363238613136613138663131613965656262386264343635376436643437343664316663643333
+35386662663134313339396637663233616435613139303334333063623764326265316538613561
+38353537653438653139636233316632393033626539373239363130613566313433356236373734
+66333833386635343566373933356363303865623732323637326532353264386239373732663632
+66383933623338663563383239356464653034636534306430376337666465313965363336356235
+64653666623532666437363438643035326365386338333663623366376131346363636134613830
+34373833383233666536373936633237353663306137366630366536666238613039643461333530
+37343764376433643239623464656362336162353363623766613336393532303537633836313266
+33623666376630623861396434323163376433376539643164393732386463313332393132326239
+34363363666463316233313538656530396265363037363937613230393566636130343733653530
+36376339666636643264303765383332303632653862373264356362323038343163666138666236
+39393038346339313832303362366633653662386261303431343961393336333931383133393366
+65383238633738646338386466393864653933366333666639393761613934663135313761356466
+31363864666435333364623931646637666632353266623864373766333138316266636662646165
+36313530396464366161653532313065353864383432613238363064666134323661653036393032
+65366432376230326530316464663233373961393536313264363138623938326565333033616161
+38393433313763383761343663376433396330313864393132336264663739613436373536313631
+64336339616437376339396134373430616561643466333436333635633864646561643532623661
+31633738633831343661366336613539366466653163386564623735393864633133663831623336
+33613566323735326563313431623238636537386430323130383161643633303766356239373832
+65343132306665326562393663663530383730643735366430323838353836356163613339356564
+65653438613938313032626463363065663030636330623731303337373363353330656532636436
+32333337373838636534366463373831653636633561666664333436373632616534666334396430
+32316634633131346235333633373430653063633966363864646137613962353739323165643932
+39653631343266383666616233316164633738303139636563333832316565323137326538616563
+62386539343039626635636534663738363866343130303837626364623662646138303633636262
+31386134623962353030396633363134366430633636643862616665363539323432626232633132
+62653035653563366533303064653961376365636664343862636131663765393565396162663366
+35373635373364383239393832323737323230636261643064356162323366636662363539353031
+36333463383638613135663934343739346637333939626364306136373438663938643439646531
+62393530626164656465356562656666356364343165316464623731353530616636336235303564
+36356165313331343332643339633330313436313133333262333362346563316162616266393566
+39316564313430656336343233373631353733663535613563623736346337653863623166376635
+66636237613334393563333230613937393939633066636635396432303434626630663064666434
+34326130613432626631373566383633613636653263356232616536373265633730356635616361
+66376461363630623361366266376130373861336463326362373066343932353936626666663265
+63643635633866353361303838353733626532353238336364393131636538613030656261303266
+31346432356262326262306634303536363337663837313466613335623231643034343233656134
+64616632326562653532666532356263643732333664666264373939633266653964326235376337
+37306262373539303261613237373239663231393333356430613764366432353763356466636630
+61633364633634666334313262653665363133393630666633343532643764663838333132383761
+34306235666537663132333031613538306131653736336433306634343836653731343938336162
+62363463666366336132623130323363636466616431363364323764343536313338366137396134
+65326264616238303566336531303235626661356431623935346332613334303062363334393461
+38323364663534373532353537306164343337323835333466633563396262633363643732656237
+61393762323139643636613832393734373634353431346263326466353337316135393564616435
+36646439643535373037656135366664353637663464616361326265633634646237613764666261
+64633236643932373234393261386263383834303937333538353661656364353162316539333062
+31663361373031356335363038613339663038666432333833313630326465316335303936643436
+36303063656636333634366533383439326431333334613564353333616132653731396335386664
+65623039366661656262333161386537346463643437633164326438636563313734663734613063
+61396335653165363665663236623632613232623166666639386135356230656531646532623562
+30353063663638666664393834333632366239653333656331633661666563386563313934336631
+32306133316133376663316134326331326435306534386665613831363966636266313061376632
+66386238353961323166323565643439623866393136666637373063613866316561353030356463
+31333061643031306133323534633661623633626337336265636436646638653235363835663064
+38343437353836663439343938373233633431353636636564366131353633643663343030336330
+37613935623536303463663266303338646566313139353165356133396635623539643234623165
+31643331393539623634323763316531663434636335633135626466393366616638636236363266
+64323937396164313136376335633563663831366631623066323564383961373563666531633335
+37363634363566353165313539656638656231636164646364356638373066326663633762346436
+63316237386462326434636132653664613031386338616131616330303265653433316265303432
+63613938643761363935396462366163373133373561323737643134633531316636646634323164
+35376666613565643265346232376365373631633734383838393265626236626430316532306562
+6339

group_vars/stage_demompmx/vault_backup.yml

@@ -0,0 +1,28 @@
+$ANSIBLE_VAULT;1.1;AES256
+39306464316231633561666232626464316634306164653164663731373232636433343564306266
+3864333037326533646163383034313733356561336564630a346339376435616538303662636461
+32396538333437633363653533333234666231613936373336356164386563653061663234613233
+3238643332353530380a396162653561373032333333633438313930663539303039623336333766
+61346666613639333038336336633233646338356461663738653866303562656638626264363330
+36666532353434316262336436333136626333366464613534636235633762343362626430616431
+39396264353962366463393530323734383638666262393030336463303863633235633234333365
+39636434303535346266653733633864613436613066306130386639323762346331366336613537
+34313261373962353065326434306639656337643562323538373666366438376239613432333832
+30313262663637386630363830386231353733636131366635643064313539353739336438353431
+39303866363532646136626530353733363131343738383164383830663333643431613834633966
+32333065363833373562633037333030633765323762656438383263633666653466636231323739
+65353937353033613462343666303835386534633662623132656630663864326564613062656135
+30653030333230623531353466333933633634393966386565363366336235666436613938383061
+63666639373936323537373835643938386531626535373931383136386630613063353061656237
+33353865313535306437663834666361306538616533313834336632343934376231643665303030
+36643037633438323964386662326263396361343535383166633137303166353433316335333539
+61383837303664663864396661386434316630626137386662356230636639303037343436313030
+34313562343534383233373939613332323630303131373564333365306439353637316237663433
+37306539653334373636656561626637376362336137633333383434366364383538636263663533
+31303766646135323666343133353938313865343531656662643263333263303435666134373437
+35383032386338373462316133376335313931626263393166633562623265636530636631323435
+65343833613030633262623636346266623962323537363635396238663965653661653138666562
+63386164323130313763313136623636653266306439393333663833363537313236383839326261
+65306636393031643039653830333539383566353063323562663062353137353632393130633066
+65613833383863356138303834346435396365613762643336373065303766636633343832653166
+356366613430343266616461363534383531

group_vars/stage_demompmx/vault_env.yml

@@ -0,0 +1,428 @@
+$ANSIBLE_VAULT;1.1;AES256
+38353633373562333036326331636434373461626261376561623364613066363936306466633432
+3032626635396462616631363438363536356232653361640a643436323036333764663964636438
+34613037633636386233663462386133316238363035633262326138633332663637363936636530
+6463656361636131330a646262633164373761303466393931393965323363343233633362323937
+63613362653562633162303838303939316530346364633362383965386239613436343237313631
+37383931613230363730383961643135366166363064663933343064383632656335303062626230
+36303361326333386135643461653934623639633236333030613665326530663135386638363033
+31393432396435376433623265303130646132646366633264356334313937386361633539373232
+31383733646163613336646463303132636363643836646366313364323163653939346663363362
+39333231376263633965656338646532633432656337333337646637363264313865393935373262
+64356265353837323033616239613135616334313433376333363234646238376462633432383935
+66383235343166626265616135353732396266366339353665373336353663646435336133326434
+66373339346465373339663664306561333434363863373736303663616466333236666533633932
+31333563313463323664663663306262333236363935646332313263623861646139313635313739
+32343864386439663833306363313031313866663738646435386531333365343464613463616131
+65313866323635363730343031653833333535653338333538363836626136633134383332336236
+62653536613634316539306537383435623138343766396136623934303134373337313332656238
+33626536636262616331303532633536316563623766636634616335363062643135393535613835
+62343461366266383230313131663832343831353736373436613735313532623139353730303763
+63643562393964343434333935356564376233336164363263376662633333653663623534346233
+31373136376230373835623062633334396233396361643666636166386132353839313464666466
+33393966303934313865326164653439626231313163343130373635633365626561303935393536
+35343637313538653137393263306561383037643565363431653038613735636531666538646233
+32333730363266333037616635643464376636613336653333393235653363353961353761326661
+31386331346439356465663464653463363131336133633730323837326364316432313566326632
+36333131626535323566646663336664653261313039613131373639346635326665363466666535
+30663463613034313732363133353530353365303266613861343230313231373363643361366636
+36383632663366373161346635653866613965373563613739313564626536616464366264356137
+63636161313936396136363762643634383466663631616462313966643263656639616333613037
+30343530666630343962353065373465303962666263636234373535303637313232663333333663
+65383763303036663032663738366365323965346265643335363930623464386337343963353932
+36303166636232396362386665386635646161333166363963313563333239353261393832303766
+34386562303762623439356537623837646334366562313733393032613265633734666262303937
+34393739643563353063333964613437613737646430323761623363376634326239316536306461
+35396636643865363962396533396636303361653735313938386331666664326130353665383465
+61353531653231363331363239363936663761346531653937643538326263653436333431336133
+30663366333538633462356333613066613139646662656134646635323161666165616430356133
+35363661376537383532393731393362376661646436333939633933323965613738326262353132
+32333336643164316439643135343437663037336661643165393566333731393238363863333162
+36326439626139316164396562386537353561643061343461373466353963326366326264646561
+63666563623435633638633663636466633765613733303363316633383064303833643539633964
+38613438633134626636633037316230386630626630343431353138333064316263323238623834
+39396263376134303935643464373639666134656561653832653730616637333337643937396362
+30383066336237666437333036626664303364616533373561373661353137326637333132393230
+31373933386331323166333065333132353131333630323839633565636532373466613233376132
+62363438313738306563613565656262363838623236653734636237666331343965643037363938
+62346237373333333434616131623438636361656134373931386266373537626333623665326533
+62333931343365376163373265363534386138316364656436626265303266613636376364343638
+32633034656638373665653338333830316665643963613339613661393039326561653436646637
+66353235653731353066356437353834653164363062363537623436373132623836313462373430
+66343066646561343264356537343333393437343664353230646232633332663439346664373030
+37663231333838646362326232663064623431613462636365306235373236333063623662323037
+63663563643262353864376262363362303835326634326338646632636432353231633233383839
+30326563636536313738363134633061633763643934636362343738333838383737333137343035
+30623461346338623765363830626234653237313837336533313866336563613030353835396563
+35613134643262663561653065346434663438653234393733376232353563363538643136643032
+66656161626262373038316366326131393163623566323366363138306261613837396265626635
+61393163656330383931376263663134666666626439623734613435343635313636363330613961
+35316366393630323561383136663433353139393631326663326238316330616539376262386630
+30643032616162663162306366363435636530633731623935353838313464643831306665316232
+32353363313330303835373931353765646162373131366562313961333037623735323363333261
+62376337343263376337623262393835343639623362356465323831383234386530373266626633
+34633663356534656135613966346532336263616261376262386165643265633034356666316632
+65323361326235396630663463353632373533386266633536393033333931633862363434613633
+62326534663265323735616664613461376465623066326335646438356130356462396435356265
+35653465613738383732373462326330336464643236323764303633646130393463366433356463
+62623439313661656333333932623966636362343738663535393965393462663262343436336561
+39383738353937343638373837626236653333643366346231393138616634646262346362376338
+36616139346630303563623464393763333161656562316539626162313438623732623439303937
+63616235303838666438333239666632633737313563383233346162633763353238313866313434
+63636363666339383338366462326437393563373461303330616264353065326161386634646463
+37346364663462646363323363333233643239376635356438323736353461333763343461386435
+30663332336636353731343363363461646132623431396332623363343734316539376664643161
+39633165626563363861383664393066653431343963363330383830643830616264623030333230
+35656563656337623833313834623666613136386161366462363433336266633637386664623864
+62393061303462373663653161653237353935373637633838653630396663313331316539353532
+33316435633163333131353565303530373766343535303431326538623963653338393661373566
+31303265373866346561653132303564636565326264336631663864333866636338323561386365
+38356536306338656662616238633735373034333230613564316331363431623163323033666439
+62396632386661383036646162656531343334323036376235386165373864626562306133336330
+31366562313538313964336464326665316632613966383263373935616665616164643839386663
+65363264653461666538363865633463363737373663366535383262333963353066343937343430
+37663763373064666239396134333133393561386662373330303830383762323664396465623436
+36333936646639303366633638623634363365303531613634303731653539646438363335333934
+31323131633135653936356566653831396434353064306435393163653030396666656336316566
+35363637343932616265333963623064346130326265666538363339646131313435613965386336
+30373338356365356563366663633165393766393335636366353531626238316533306464306565
+61353566316261636264663637643632323861613031643537386539383066623531366337383736
+32346338363338356434623538356239646361643065306365626235363264326162613663393564
+35383136396262353831383062316535346231303765626564666362646334373934636566656664
+31623639666566656236393136666633313233393563656234306561396434643432653439613562
+30313432346466363630383533643538646139666332313764353639636664363262616136643234
+64336337376261656361336564333563323539376534633161633536386666303433353465303665
+39363639373230383466313932336331643561343261356161633166333836393437633661656564
+39393538363534336430353839363338386666396133313331306266303030393465373964333731
+36636131376334653863633938353336613465313263303730363936656666346534356635346266
+33636138663264346362626337396364376533616334313465333733346266316635646433626164
+65353063646536396539323534656338353639626335363666313630363535306339373432613063
+37303036376463383137613263633735363632646463666165663962623532646363306438616165
+63653464326361333438353566393436316265383830656435316263626437623536613339656165
+62666461316534373962633930613339643731333463316631313837666566666462336639343535
+65343039636264633834336234663566336232326364376537613336373965366563636462666634
+61663539343137306230343031313739316135656666363665393036646431326332656165656464
+30343635346431306466393633313539336363373162326133666533636539613164626537306365
+36643766326534366261313335366434616166333962316363313831336130643832646534353838
+32626636383765333331333934343538643431633831653430353930626633393131626530386539
+64313037633863303363316261393334343236333332653866333633613735666236656637313639
+31643363393931373962343165666530653266643635333361323565393563316361643032393737
+39383464396164663165666462326663323933313131383265343732633930373164346366323438
+61653830613333623736303461636461316634356463303863306331336265303166646634633530
+64303933636261353331353466343838663862306431333062653463316633613165316564643332
+37666561643063656630363734633264376562313566383161383863366166386633333035333737
+62353235346131666534306337656461326464636363613566303862636631363464343066366231
+39666432333064313431323765313566663035396464336562653564373066656662386439356233
+37663335386133616138306364343361303762316362343935366338376464383232666636633230
+63636662323337373561613561326533386461303738643662373535396266313537343862663363
+35663563643239653036303364636661383830323439313433303537646532613162633763306263
+37383966356665393137346264646466323263633362336333656539356332633833613365373439
+66653330643566623434386439333764636336383236666134386563316136306162633636366337
+66326534323038656662346433623237633532666434636134323031373063646432383737623637
+34326361383938373432373138363031336461643635323862303930636538363465643066323030
+32363430356239636139626565356265653337353630333237613866626635663531333066333739
+33653035616439323037393035373132393733346665613835616339633666303035653235663432
+33663431343832386665396665376466653539323135386536373064373361356431636562393136
+37333133353265663739623332633231643964383266643465636638353231653264616137333039
+30353937333336303631313362646537613134616434313564643530343463383035346136323231
+37666361373566383563383234623635373764343737326530313933386230303331356234306666
+30316364393039326566653565303163356164333165386237633036316535393564313562653832
+39613362393965646238626164316331633139626532343736326363323639326532366561616265
+38356536613435636466373363353032316233383630643439303563623566363035326338626235
+32313131353637666161343233356561373332363964333631306363613238383339616162313362
+61633436356335343863623464356331643739393864353632633138303935386438643264633963
+31656336323233616263633934376332623233623132353035363339306536633538626134633239
+31666561616138393365633934373663373032646338616665633734616131373838646232313830
+66646366653537386238303661323233643532653263373338306636653665633762366162353563
+38326537393165643638313034633961356539313262306664653630633635333337383630303636
+36633136356465383165663533633366623636643234656262323832353162346338633934623531
+63383531376566343233353839636436353133326463383338346136373634663732366364656639
+66373530636431383061623536613732613734343236636434306431303737386662623132666133
+39356664316535333133623632646530643063343335393532663265353437666366313934373838
+64346238353533323634366462613935333334396234383039303734616134616538393665306133
+31393634313137383431326665376435333661336630316331636132326165303033656133376631
+62626165343939313539363434376465623262623133633531353539653962336165613135343661
+32306636613137393030643236643235643064363865646537336638386637633236663334623131
+36316331653165333166613765323730653663326630666237613833626331636633653661653865
+38313266336439353331663238353066376332356237393731383633343162333330663666386135
+38373266626564383635356265353861396636326634383139383331336132383430643933356339
+30363166356339353766626662316336663461636131373163313135323333393839363138346335
+37663730363861623938346331666166626530616634656631396364343936333838333034333938
+32623738353261343933333935623439663333656663653232313761386138383862643062643461
+64343139323064653963326463356339343930336130316334343637386532663962656638303033
+65626134333830643333396261663831633437643931396437613239626638326338313330646136
+63343136323261333762346439616166653364633439633435333935353264643535333334643362
+61376666343637386630653936623161356133373537326236636161316561663866323031366361
+36663362636432393066323238653262386431663235363933346363376631303639366534303538
+37383534626132383065363736333733333033333965663434356430343562363539303664646364
+61623964396261623463366338383230616533383130386638396332333263336134636338663137
+32393934386539323537653639393534643830313864636235333466663432633338623730643739
+65303465613433313439373066326533356665333833653130623932386264343766313464626562
+32613166366337316165343665333066643839626265643565396536393433326132326534363837
+36653962353830643662316335363761643139343933623766333536303533386330373162373865
+30376537633032353165373332623265363764636536386437646531383232393336303135356164
+62353664326430653034643562353837363538333238373735396235306366613636623862373633
+32373263373639313066366334376466323939663165306365353233376633653639323531636665
+63363633386266643137303964613835666431353832313535303165613535656534316434343132
+35383534303039323362306630633533396433356139666137643966316532323165306435363765
+35363065623363633139396361653130373861346530613964656537396438376132373763313733
+33663836303831323763623538643436316431306139663338336665656539656263333561626464
+35356237366365303338323632663234386538343133373062613131363864616430336566306362
+32666235393461356334643039343632376231653031643531623435643861323032643161663063
+64326335666533626234653462626130303261393736316461636131636263343230353531306632
+64643365626133653061323830323364373736356439666531656536336566326561616633626438
+66353033656537376563333631633235646437333030353230646430646564613366653336646536
+30393261373530363532646364646232316266316335353964396135636639643263373831333832
+63356237363266343733623661653634353631366366303833366132653836353935353137623363
+35393166656534386630626437333163663566383339613638616639313931393739636361313238
+65396233393463363035356631306638356137326561616332363430646630346664316532663361
+63376461383239306466346566626566633037343566646638363531643361636538343430393832
+39353032346463393538336130373037356561643762306461353364306665643066643339616164
+30613766363539383766383963346139366665353165306331363464376630323864633565366437
+37393433313262623936643337343739356434613664353038623432376166663031616434306437
+64353062343461343562613165666333646539633736333434616632303031636437316261393532
+64386330636232316632666337363539353836346530333334396566643335356430613639376461
+65653634326330363265333633366539316335316236306364336532306633636431623532343165
+61326461646165623963316264323764373464363665336233356439666537656662656636616232
+30343535363362316337383861366338383962366139623265336538653231656561643630316435
+38636634383561356130656536653362643133346432613239663639373461313232393434386163
+39356636653732643862643838363566393830633535646261393361346330326462356639396636
+34303566336364346436373336376332313636396534396632663930326364393830393333323134
+66653432366233326166626165663130343264393939333039323166626266303333636361303831
+66663231393864383830333439613534303565396539643632366533303535393835643162616530
+37303730383761393463323761306363646561386663333635386665366634613461303731373233
+38383239353434376163373033336165346536316331623635656431373564356537376633356235
+66643665626364303135346134323537336261343337656638633865336130326437313432363433
+32353930383663306639373035363061363931633763643532623165316436653230663966343830
+36316139326663316135623839306461373865623136386262323337633538363632333035333939
+61306665356432643839636466643738396338383038373134316135613363656235373762323261
+66343663346163653565666332356139353733643134363935306362356663383064356562383261
+36633734653430613164303939616364333430326632363361363262643138336632633731353837
+32663762333062616330646263373663336364346261303937666162663331656133616264633866
+64303432613362653661643737343463316464383830393163336166633431326330383935386564
+33636634356161663937343462626563343330323530376139383731373839386139313361613063
+30626433386163653334643630336639636265383366626333326433653638396265323032333838
+65343834626531646165346534353835633736336437386231396131343162333731316339613561
+39363164663733663063333061303432393731343361366236356165363065666362623834396337
+34376665663861396562386135373331363962306433303762663361383430623139626231316564
+30363439353634376333326235316362343633393234356561343230343032666534663636376136
+30373830613932616338633139396264643930373962396239363635623731326139646263613533
+39616634633831356632373362356663333564376239396562646530363066653365383438323465
+61656530616336396136613065323536303930393538623162613330653838303664646630316334
+30313566396430623964623638346633393265663236333764336461363234363031343235653937
+33636437623933626466343137393764376336613236353538313563333762396535623832623838
+63646638316563376663663737346630613936326363623636386532643733313263313665343639
+38356563623164343139393730306363646536353565313733623931373837373266633064303964
+63653763393931656266613562333562323262633831303566646239646136636230376465623733
+37336334323364313064376364353162393039633862623532346432353361663839613037323032
+33633730303632633838393038613031613564363539363361616331633033386663333236666266
+65303738393063363963313931363963353834373762306662323866663231616466333061336233
+30663734613530383233393065336631653163663733326532633763353030626163636463303636
+35393739313439616363393164646338653038646462643030656339393563303766326634616234
+62343030353235613635666636366436393166383965316334613532626631323237623365346437
+61306634373061656130313239653662303463303333643964626363363036323233623765326361
+37333638356161383463393962383763326533316232333066303236633533323262386162383963
+38333130393239633132353039383762346635666331366333653333643466333337386466386133
+35353366366632396163643066383234623233396365383134383434383331376634653765666365
+65623864653433343436316330363231353034376430386434316466316138666163326266303362
+65666563363639376236353438306634303738323235623234323835663630396261326536633136
+62633561316665623635303034323238376138316532303863346234663761623664633261393261
+31313964306436663165623731666463373134383635346563383866333230326363343730383732
+61623830333332666638623530326561333937373233653365663233333065376264633739333261
+34393163363932393734346366336566663233633936653436643936626232623432343837313335
+32643966616636613964613765653564613937326532633164313033313462363233363435306337
+35393166653539643735613464343765346464343162313939353364336338663064303166333661
+38303332653963333465616531313535393931316534356463623233333135613662643530373132
+31363363346335373035653835393935626337646334333165363234636433643236333666326162
+31346633383438316534633437663930313362393862333366636362303632346662353461323434
+31323861633530353530333834646364356532313631303865663538643961336266656539613164
+39643730366531323632343237316235623264613232336561316339633739343864646132313034
+38653661376134353361663566353434333765663464303637386364623231633435626134313264
+61613563643536343733313531363135626132306161363236643639623333653236326664663635
+35363334346436306532386261656339323165313439633235303561386165376166653831303930
+62616162623436636532646533386434633433323530626566623032666633613236393133306464
+61306231393065376635663833333062326636626131373532653531613339303463663735633564
+31353065663831383762616564313564316461643037366633386336613561303265613764356163
+32356537393463323034616136346165346336613566646339393863316639653266623531613131
+65373665626166663732363365336437356130313261643837646134653631633937633030386339
+34346438353737653537626666306437626465623133323738373037343539373732346133363832
+36343638363161343138396431313037663962623531353666363333366164313434343631633838
+33663165653531613364653262346330333432636361343162306163616637656665303362323136
+63363739313532373335666566393961653563613063393464623936663735663931366130356338
+36366630386261313461613331616636636637643537326639336134386438663031396239616265
+33383731396564393538376334386339303732326538623066303536393866383733333866343039
+35613638373630383432313266353432336234303863616531343334306362306463643964316136
+62336231373935393163353139343939653739653536613534323662633531346463613635613965
+63383035393231343434313135613236326566646633653637353361333239386236636436356631
+61663130363433346665643764613266663264376636373436313739353237323035306539383364
+35336461303436343737323366376665323238363130636436643332663130353637326633623035
+38656337373762353936626262396639323634383233623661636331663665303836613138373232
+37363432633265613732616531623334633334303830396165633838646434346438623463666139
+37313439306565666562636461623961643663333936363631323364353733663965666131333265
+30303265633638616331333763353861373137626139366361366535353664393433313333616330
+63663432316431323238646234363361643464393039366361303130656532353734336138313533
+38313339386232633834363166343032396637663532333437376563643434626331643439313962
+66343834336431333962643733653033646137626138363236613962303835386530653130633762
+36323364393433613762373132333031616166616265633332346430373633653933663765656434
+62373532643331363530623866333133313337653362363864366565626436306438623431323364
+65393333303631333234646136653233393362343637643766663861646434373665393738663336
+31393164316439653231656133343439313336653936663464363462663832313139663935646439
+31386462343665613434396662326135656232386162386138666239613530356636633835316663
+61363964623962663837656265363039343865353834386136366365616266333239616232313433
+34386632356361333466376137313831666635343035303762613336633539656265666536626336
+33303066366436363835323463323433353337326539363330663738643033356232656162306134
+31386432396131383832303936626364636531613132663664303863633935643966656634626161
+62666531323539373430353735653937346638616334386236623937356533306663313464623133
+66633833623166313434373335326637616236323333376335353637336264613665343934366431
+31386134373432383539363663643434613365656162393532383231613165316464316166376230
+64633430656638316466636365616130396365626466336431316330633636373537336438333037
+32343265313334363465643035393962373862393265656233386463306663316563666164653665
+36356435366231366139313361366366666565653766646437636238323165316634656662653664
+31373434346165373132633761386362316635653466643463663661373037336161366462366166
+30393235663935333862646666616665343062633062663731613765346639396639366163393139
+62326664356132333134376239383837646339613761326435376434373865643134623265353564
+61313664663334356262313839666661623034343335653562303164653363303964396436663364
+31323364313733356338613131376564313961663331376164653366633734323532356536393535
+32336564353839656465316266663034383663343934396336363534373137353438353961303864
+34303663633235663364636266643535343730653236643931323733326464313533646332343031
+65643333623466333435313437373036346335653066623064316662393631316539633066353266
+63633537316230653862613865346163353931303266353634323132386639623039663836356362
+38646439383630313437323236303133633134643232393962666238393430363036356162646634
+36353166303062363933323338363236636432396136323865353562336163353038646135386531
+36393939646237336462363232323632316164376334616535373765633138343862313330303961
+66373639393666333365383033663533633162343962333461626361613461636461646166306433
+35356638656234643766373537666137366665656261666566646431666465663539663632386635
+64356364326435343566646232363730356238373739356562346661353931313639326463666436
+63356239326638613737633764343561376239323933643631616162353532393463366535623134
+30623431333832643765653738613131323935383065316633653663643237313966636333323131
+36326164356635303162653361356132316433633461623537616464653138323339343934333662
+35333233633631623633306262303166346434376134653463643230626236653338356634386232
+37336432616333646530333732363630336463636361646339643166353132373838623533663535
+64623232633539343035323165303137656636646631363863663033656461313831656139303538
+65373935343337653766373337656462333235626166613465643032343261636364666133656361
+31633038643236666662616434626435396535343130323239343039356664623862376138316662
+37336635386333633661343837616231343462633734386364636139646439626562363735336436
+62313835376464623164323937663561346434396662353864613665316436643033386162366531
+66323338643561623134633665333163623436303336383631666464373136386261616135623063
+37626633626635633061643761626562313762653761373637363465383935623331643032653238
+34653432326133633837373930646232633762323736393237613433353030663134393235363335
+39633763363864303135653131633731363736373764623131633731613861313735396335336533
+35306432626633326264643033326661393430316437636135333866623634636632646366616563
+37663161666664386563363864363836313335356234373136346663383335616130346134653163
+65396135366262303030626363313164366238633062323231616663316536626436643366363133
+38333136626131353136633161326333356536643366623362363463666337326638663766633434
+61373933366338366563326166313139666537316433643137626663636561316431623331343636
+66373831643065643033346135643834353636363131353532393539383836623336386631626561
+65306139393939646666383136326534313036313330303034333762306637336638616237336139
+66363133363966646163393234356261386531636539646135313139336337323934663731336465
+34303330333330323838653434653861303163646662353932663337646166616266373932343937
+61343464626335633734363564656134316337356631366230313337376531376662343663623462
+31616364653131356532303234636633376437656636666432396435633837306337303530613465
+33306661663461303334626566613439393531366135663738303762323265633632393562626530
+63643638333037646635653063343362633064333330323138386562666632376330323762653834
+65376334623465396636646365356133363237386131346365306337623664336238613730643033
+31633138623731333639313034396339303439353166326138653264343531383265623139303932
+35643263306438336638626432646163313436626237653930353430643139303433373264646539
+36376635326632336664366233363364646561663765313964363462623032383965653135613937
+38363965633132373533386261373435346531626433373633376266353734363463373239663566
+62356534613932383434636139376363343865363236376263323239626138356433663865336433
+37626563393332303762313837666134616133656634333734613833326636346435323237613733
+37616630313034396432623132343737353464316361376462646133653463303738646536333362
+32613431313165353031383232303163393837633531616433343865633239353361343763656361
+36616262346339636335623965396563626565333037626434393064373963626434313930346563
+64323938393065326464346663646664643266663663363863343930656562343463366330666638
+65383365333639316637303464623032363032646431633139363330623834383737323762346430
+65353136646430383135623331663835613332356635653832303939646462343630386234376162
+35373235353239376535323234646433346531363834363861663134623233646463326531323834
+36313638653632303336646335356264393634383536623261323536373631386361666535663639
+34646565306161633263363830653439306431646630633531353863643437376133643165623330
+35386564633736613938326332396139623766313235336561353438383265366366636164643832
+35666639336465376465393537363233393561393765653533633830393262393130353366383638
+33316261646562396565656361326535666638613863326466323231326162313532336338373335
+30303766636161323134623464373764633132326132616637333631393963616361623537643666
+61613233613434613535343663363536333363353061313561623438306230333166383935326236
+65386535636530393030643933386266643635636630313137633837626665656437653665313737
+38316334356438303866643635663064633637353562613036343036613133343066326237666639
+65633662656561623561623366343439386635343565333761393731396163366533636565313832
+66613438663034373232376166383133376436613161663731313231383638613230363565653366
+35666339303636623139316239396330636665656663623635366538666364343337666661363665
+38396437313637643939313134376338613961636665313464613861323532386562626438633537
+31663238633231356530613438313663303962343863666333633162636662656631363933343633
+33313833306131353164386137303764306639316433663035313264303462376437376433333762
+64343736653931393831333439353966353136323166303065653839386435386531633733336566
+36623762323664373438333163303033313366356561363065613962333765346666303138313862
+66333437653863383462663165343936343538333937646266326535316561383761313565336138
+64393266323739356539386262363230363164663339383839346163623139633561633635336363
+30356237326433643135353165613162383635326235363566386632373035396566336463626338
+33303939653461313430363334666466366137326362323835386466303164336665623461663961
+61353034666565663531323532636339346630323461363165613330626266313437306363663363
+34633838333834393734333162626436346263663436343765653739333439376339373531363065
+66333439656633353636326262643337343838343635323536343562633564643863613132336532
+30393733323834303335373038343561343962396265383035396334336336303562653563343135
+33363565646331623762643163306364303362353531386332646435313864346639343961663863
+38643036343864333966366665346139323237323232643437396161373034623964306565656164
+32313261333539633733653862636439306164633537356137663131616666363435353238373366
+65316365656262366162336434333337613936333031356434323731343365616363626531303439
+31353538306533333666316336376435376632656230323632666537306430303561333533303437
+34616166623061626531343633373931363738366532353164653639636134313334356539613663
+37646331336137666636613532653730633065633466613662353036326531633831643964326539
+65386162343632363639653537373466623535356539626632633765376539636333623637393335
+38386665333134336266306434353339653031396239326533356334353537633737643166643931
+62366330656562396333373736616132343836343931353333326663633639663437393961643238
+36656233666436643865623665383265633631356233313861326635343032373939363738656431
+30393765323734326435633830613931363736653031623063393361396661313163393035393834
+61613034333564653231323339326263643936323562343932646638396662336635393239366462
+35363061303062353263313263613837643432396531303837636338623831356632343232623661
+65643266363238653066346166616134643830666364663435633133626266353064333233653862
+65346434633864623965313537323436383661326534376639366365313634343033326261663038
+32633536306335616266303336386239393764323432633933656332623035656532643138633861
+31373432366437616631663038633036663731643139363065376130626230316262313766316564
+35633064623063393164643862636661386139613934386563643437383838346139616466653736
+61613532633831323136396531323263633836363434393565303835306334633162323430663333
+30343832313133383438323636643739613033666630623461646265366133346439666433356538
+61343532333731373032373632396335636234646164656139386361306531666166353765363035
+37616131626236353935323539616165396635666437323937326135346531643236303563656163
+66386238333136306236386362626138366633383663663239323132663265333938383335643939
+66363739626331363561383961623534323435363038633536376530393239633535643032386136
+30346366666233633839323536663661646536653663366466313231326338373232613735306330
+61313431663865383737363465646437613163653830353033396231313063306438633339363031
+64333065333461633365613664353836366233316234396333386439333836393662306233376465
+36326437303338376161366131323733666563666130373130326634353039643264323034303631
+30623564663134343433376535333962316333326432393339653834303566666365343961386533
+35663439306330306262326339376262386136336662336335366432383064313761663965323362
+38303065303630393866626665323632623930386265343630656536383332383234623132303137
+34306564656666383031356337336462393331666164333462653163386530303630333035633365
+39326265303538643330663739616437663834313934383034616533373336353135383961396631
+65333264643363653537653436643630663636396239343037396666313662356133626162663039
+31326330636439333537376230633664316430353263333438613831303533383062373039346264
+32336230633632353433373030353062356266626535346632313366303333326336326265616665
+36373430323936613265666334633636383231646237363337643039303639346138313137666163
+35646539313664303832346566646564373639376365663461633066356563393637363037663432
+34623632373734306461373338643232383432356430646633306536333637346336333631333163
+36383236393161656662363632363532326533333636656532383762303165633463393130336461
+31666538666162393237646331393738653536653061396231633262396461663737343664366138
+35353430336563336264666434646332643932303562313735613762376236646134616532653865
+36343464303165306162393262356464633630373964653866303065623564303631333436356331
+33343662663964356339633466376531633038666566373062343635336266333432646231633262
+33323831383639303363383163383737303661306333346432353439353237663332303739316466
+33653138333762353066646432363937613836383166623666366438386236353364643534633530
+64303035316331323566376462393039643665316362386264623765666531366366353566633231
+30393066633633303363616433363332623162613133386637613766336364363237633262643664
+38643566396537643839316636646662343836636163663538653935373637653966656338613161
+34663334303833313331393933613436373337383833346233636233656166613264383933336664
+63643335666661343933636338363466346539666463343535333034393463343737336130383861
+36653136363166376239316536643364643164373866663038386234643263386366616562346465
+61646535653435353132323733323164333162363963326164366563383832313465666537363166
+32373838333139643461396637346566323866626230306134663762626238343961363538646131
+33643362643033613234383361323263306535666532366262343264303565353663303639636632
+62643362353136376164346134646334373134653438323861326533616338333230316364326631
+33376233623965343065626462366363393564376165326330386638343937323564636132326230
+33323836366366373764616565613336353833306564306131363063356633386264663435633964
+62623262303831336461653466356230393736333662663637613736616266363735326630333337
+34306439373436393361326335366166316230346264326565643130303462333065333835663739
+30333836343431333439626135333139363536323632393932303362663139386566626539333466
+35306535303737336163636465346130376135383062383536383034643565316465353234663732
+36346332623766343261636436376333626262646662356530356230633933376136306266663037
+31313566613761393964376136306364386533333961363365643034376631333932333738613339
+37616161353466633133396138613165333964663566303131666230386664656165613263333234
+326265313639383738306139396163643561

group_vars/stage_demompmx/vault_gpg.yml

@@ -0,0 +1,50 @@
+$ANSIBLE_VAULT;1.1;AES256
+35663039656132663032623634373031383463316634336661636262666431393539356339363437
+6238663736393833326232633138383566373963363037620a373633663335393538376562363266
+34613834646466396566633534333335313631393039323862363331353963646533353263643035
+3066353737393739660a376234386639653765653466383334343864306431656430613864313461
+37623066373537653330616166373661393530393938326238353631323637636161373834623037
+39616334323734356134373465343965363839316165313561336232336565353861623738636162
+35613338373763626637643337396461656166393834323566666661323964323861306566653137
+63333264663165663039623863623734633033643339366437303864633834663664353132373533
+61313462383230346139636430343531623361373766323636336564316435633863636133303537
+39343238396536343134616463333565386561323232656432316532363630373163336338643734
+32343333376332636632386136663565346462663565623161313666303937396362366532616539
+39333931633935333034633166376662376439303230373032666537366332393235653364343438
+36383238633830383434316663663833343462333838626331333038623362306636383663663139
+64663635666332396433313139663734653036343138353834316535393662343230313837363932
+30613465353233353762356533626461353431386434393138653031343139323561343365303561
+63303632366662626536613038323734646138386638336339623133316630343838343230303061
+65636333396638336465653365316466303864356461643964656334396164356439666562613331
+37613337666136363537376265633731383766663761646238666631376662613536666334376261
+31613162623265343334326261353433613931353331343534306131346533653161623635333461
+61646334373737343035356563636665643637323031323562353337356666313936633764626464
+66323734313861636265343038666638656132313563376362613262356561336236343936393936
+39303161306566613663313630386362313731306132616335336631393062303632333966356462
+35343835633237623032303237386431333637333937666165303364383361363062323562393862
+31323732363436666465373761623730653363303964323134336362373164643331383232393563
+38376134623932396334626533363436663262336466316437373933313064623131376433613432
+30666431363664366233393739643133646335366530623034343530666662316538666231306664
+31323666313139633166373764386631353961633735666235333666313737306334626237323235
+64613539313034306364343534613034383439323435356638353335313164313264626633643839
+64343162616366363730396334306630633838326534373538373238313765303633636365393461
+63633930336234346265626238656432643561303439333737343735306662653164663533666166
+39313534333862346261343337313934366461313138343837613936613530326532653936303663
+64613832363536333436323932633835336633313138643361333063636161663230383534653061
+61306535396537323664613363666630613835396633396237643436633233633634393265303463
+32323939333734386534376632373934646633376361633938613866633861663461643935646634
+31643830613334656237303236646538313834613638656136383464313364336534616239646234
+61303664323061396233376235366233633262326264383163633533663161366165646134396666
+64393161333535336661633562326631626235623761323130626463343131376630316634303664
+63636132303666313831333130303735396332356461386364383363386139396337353363303061
+62343636326134336635666365396331333738643038323237386232613435316464323365646536
+64396539393237336336633264393831333965303530343730366638643861393665383466393931
+36636536366564333638316432613764393837353666356362343138656365363063373161303839
+33343134646333306433313234386231303965613738316462663532343266626533333033353766
+31346130336461613363323232316564343636363036303735326263613866633836646333303339
+38376534363534316438653564353731653865363734353066623262333166633430363536653764
+37646338643931323234623439393230396130633735303661663661653930616364383739386136
+37643136363831633435386134383264666336346363353239653031333638656134336633643035
+62333337383436366166313331613463633562646533363665376635323337636532616630376435
+31653132613366666165343939643063623330666566626538663865313038656631336638303866
+34353836346639663939656139306432343130343861336633653335396531376564

group_vars/stage_demompmx/vault_maria.yml

@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+36393464623938323038663334356463323365353533393336383432636330616461666165306263
+6630643962613833643331313163323130383037313361320a656464303663363166633435326261
+61613565353462366634383330363639326361666332353866363830393431356531393930363465
+3839383831353733330a363061313761316261623363623962316563373262396137336232343334
+34376639366330306639303136376236643164663730323531343236623364313766653833323938
+31333432656261633835363365333232653166633536643762613536383833633764396532616462
+30353239333761323438626631623436353563346130313038326433326466303761663533353933
+36623566383861633665336337373936303566306266376430373865346236636434626333303264
+3561

group_vars/stage_demompmx/vault_postgres.yml

@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+65656638316434663066316265653231653037616465653633313665333537633062326265353237
+3730363261386331356431653336383531336565373331630a336431303535366239623061333663
+63333832653730643634373639393930363036353435666434343663393365633130323235643430
+3434653836386561340a643932376436626533323762663764646663323532376462343862653231
+65393532303639616663306364636530316136366632623862663430313732353033663236323563
+62306239626135643935373232363266386639326532306138386631386361313834353632643438
+33316439613235313465646265356239623230623431373064386130353539353231666535393462
+36383739613231373533663435636266383335343565666561646537313530306363303735376164
+3838

group_vars/stage_dev/argocd.yml

@@ -1,7 +0,0 @@
----
-
-awx_operator_revision: "main"
-awx_smardigo_revision: "main"
-
-jaeger_operator_revision: "main"
-jaeger_smardigo_revision: "main"

group_vars/stage_dev/awx.yml

@@ -1,3 +0,0 @@
----
-
-awx_hetzner_ansible_revision: "master"

group_vars/stage_dev/plain.yml

@@ -1,374 +0,0 @@
----
-
-stage: "dev"
-
-# TODO read configuration with hetzner rest api
-shared_service_network: "10.0.0.0/16"
-shared_service_elastic_01: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-elastic-stack-elastic-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_elastic_02: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-elastic-stack-elastic-02' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_elastic_03: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-elastic-stack-elastic-03' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_logstash_01: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-elastic-stack-logstash-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_harbor_ip: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-harbor-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_pdns_ip: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-pdns-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_mail_ip: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-mail-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_pg_master_ip: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-postgres-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_pg_slave_ip: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-postgres-02' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_maria_ip: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-maria-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_keycloak_ip: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-keycloak-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_iam_ip: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-iam-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_webdav_ip: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-webdav-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_gitea_ip: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-gitea-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_redis_ip: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-redis-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_kube_master_01: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-kube-master-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_kube_master_02: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-kube-master-02' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_kube_master_03: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-kube-master-03' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_kube_node_01: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-kube-node-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_kube_node_02: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-kube-node-02' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_kube_node_03: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-kube-node-03' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-shared_service_management_ip: "{{ stage_server_infos
-  | selectattr('name', 'match', stage + '-management-01' )
-  | map(attribute='private_ip')
-  | list
-  | first
-  | default('-') }}"
-
-shared_service_kube_ip: "{{ stage_private_ingress_loadbalancer_ip | default('-') }}"
-
-shared_service_maria_hostname: "{{ stage }}-maria-01"
-shared_service_postgres_01_hostname: "{{ stage }}-postgres-01"
-shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01"
-shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02"
-shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03"
-shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01"
-
-kube_master_01_hostname: "{{ stage }}-kube-master-01.{{ domain }}"
-kube_master_02_hostname: "{{ stage }}-kube-master-02.{{ domain }}"
-kube_master_03_hostname: "{{ stage }}-kube-master-03.{{ domain }}"
-kube_node_01_hostname: "{{ stage }}-kube-node-01.{{ domain }}"
-kube_node_02_hostname: "{{ stage }}-kube-node-02.{{ domain }}"
-kube_node_03_hostname: "{{ stage }}-kube-node-03.{{ domain }}"
-
-shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain }}"
-shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain }}"
-shared_service_gitea_hostname: "{{ stage }}-gitea-01.{{ domain }}"
-shared_service_redis_hostname: "{{ stage }}-redis-01.{{ domain }}"
-shared_service_kube_argocd_hostname: "{{ stage }}-kube-argocd.{{ domain }}"
-shared_service_kube_awx_hostname: "{{ stage }}-kube-awx.{{ domain }}"
-shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain }}"
-shared_service_kube_jaeger_collector_hostname: "{{ stage }}-kube-jaeger-collector.{{ domain }}"
-shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain }}"
-shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}"
-shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}"
-shared_service_harbor_hostname: "{{ stage }}-harbor-01.{{ domain }}"
-
-management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}"
-
-keycloak_server_url: "https://{{ shared_service_keycloak_hostname }}"
-
-shared_service_hosts: [
-  {
-    ip: "127.0.1.1",
-    name: "{{ inventory_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_elastic_01 }}",
-    name: "{{ shared_service_elastic_stack_01_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_elastic_02 }}",
-    name: "{{ shared_service_elastic_stack_02_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_elastic_03 }}",
-    name: "{{ shared_service_elastic_stack_03_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_logstash_01 }}",
-    name: "{{ shared_service_elastic_stack_logstash_01_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_maria_ip }}",
-    name: "{{ shared_service_maria_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_pg_master_ip }}",
-    name: "{{ shared_service_postgres_01_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_harbor_ip }}",
-    name: "{{ shared_service_harbor_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_mail_ip }}",
-    name: "{{ shared_service_mail_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_keycloak_ip }}",
-    name: "{{ shared_service_keycloak_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_iam_ip }}",
-    name: "{{ shared_service_iam_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_webdav_ip }}",
-    name: "{{ shared_service_webdav_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_gitea_ip }}",
-    name: "{{ shared_service_gitea_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_redis_ip }}",
-    name: "{{ shared_service_redis_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_kube_master_01 }}",
-    name: "{{ kube_master_01_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_kube_master_02 }}",
-    name: "{{ kube_master_02_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_kube_master_03 }}",
-    name: "{{ kube_master_03_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_kube_node_01 }}",
-    name: "{{ kube_node_01_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_kube_node_02 }}",
-    name: "{{ kube_node_02_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_kube_node_03 }}",
-    name: "{{ kube_node_03_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_pdns_ip }}",
-    name: "{{ shared_service_pdns_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_kube_ip }}",
-    name: "{{ shared_service_kube_argocd_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_kube_ip }}",
-    name: "{{ shared_service_kube_awx_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_kube_ip }}",
-    name: "{{ shared_service_kube_prometheus_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_kube_ip }}",
-    name: "{{ shared_service_kube_jaeger_collector_hostname }}"
-  },
-  {
-    ip: "{{ shared_service_management_ip }}",
-    name: "{{ management_service_connect_hostname }}"
-  }
-]
-
-# TODO read configuration with hetzner rest api
-elastic_stack_network: {
-  dev-elastic-stack-elastic-01: "{{ shared_service_elastic_01 }}",
-  dev-elastic-stack-elastic-02: "{{ shared_service_elastic_02 }}",
-  dev-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}",
-}
-
-harbor_oidc_realm: "harbor"
-harbor_oidc_client_id: "harbor"
-harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
-harbor_oidc_admin_username: "harbor-admin"
-harbor_oidc_admin_password: "harbor-admin"
-
-postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'"
-
-connect_image_version: "8.5.47"
-iam_image_version: "latest"
-
-management_oidc_realm: "management"
-management_oidc_client_id: "smardigo"
-
-smardigo_management_url: "{{ http_s }}://{{ management_service_connect_hostname }}/api/v1/scopes/{{ scope_id }}/processes/{{ process_instance_id }}/messages"
-
-connect_jwt_enabled: true
-connect_jwt_secret: "908ae14462d049d3be84964ef379c7c6"
-webdav_jwt_enabled: true
-webdav_jwt_secret: "5646aee6dadc4c19b15f4b65f1e6549f"
-iam_jwt_enabled: true
-iam_jwt_secret: "456ae14462d049d3be76439ef379c7c6"
-
-keycloak_admin_username: "keycloak-admin"
-keycloak_admin_password: "keycloak-admin"
-
-# Note: all dollar signs in the hash need to be doubled for escaping.
-# To create user:password pair, it's possible to use this command:
-# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
-# TODO should be part of the automation (htpasswd -nb <username> <password>)
-traefik_admin_username: "traefik-admin"
-traefik_admin_password: "$apr1$nJfFcFaI$ylS3Qa9BWAvhrMo5tWiD9."
-
-grafana_admin_username: "grafana-admin"
-grafana_admin_password: "grafana-admin"
-grafana_user_smardigo_login: "smardigo"
-grafana_user_smardigo_password: "smardigo"
-grafana_signing_secret: "{{ grafana_signing_secret_vault }}"
-
-pgadmin4_admin_username: "{{ pgadmin4_admin_email }}"
-pgadmin4_admin_password: "pgadmin-admin"
-
-management_admin_username: "management-admin"
-management_admin_password: "management-admin"
-management_realm_admin_username: "management-realm-admin"
-management_realm_admin_password: "management-realm-admin"
-
-harbor_admin_username: "{{ harbor_admin_username_vault }}"
-harbor_admin_password: "{{ harbor_admin_password_vault }}"
-harbor_postgresql_password: "{{ harbor_postgresql_password_vault }}"
-
-harbor_username: "{{ docker_registry_username_vault }}"
-harbor_token: "{{ docker_registry_token_vault }}"
-
-elastic_admin_username: "{{ elastic_admin_username_vault }}"
-elastic_admin_password: "{{ elastic_admin_password_vault }}"
-
-postgres_replicator_user_password: "{{ postgres_replicator_user_password_vault }}"
-
-mysql_root_username: "{{ mysql_root_username_vault }}"
-mysql_root_password: "{{ mysql_root_password_vault }}"
-
-gitea_admin_username: "gitea-admin"
-gitea_admin_password: "gitea-admin"
-gitea_realm_admin_username: "gitea-realm-admin"
-gitea_realm_admin_password: "gitea-realm-admin"
-
-argocd_admin_username: "argocd-admin"
-argocd_admin_password: "argocd-admin"
-argo_keycloak_client_secret: "{{ argo_keycloak_client_secret_vault }}"
-argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}"
-
-netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}"
-netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"
-
-management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}"
-
-# smardigo automation DEV gpg key
-# https://git.dev-at.de/smardigo-hetzner/communication-keys/
-# push mirror: https://dev-gitea-01.smardigo.digital/gitea-admin/communication-keys/
-gpg_key_smardigo_automation__private: '{{ gpg_key_smardigo_automation__private__vault }}'
-
-iam_opentracing_jaeger_enabled: true
-iam_opentracing_jaeger_http_sender_url: "http://{{ shared_service_kube_jaeger_collector_hostname }}/api/traces"
-webdav_opentracing_jaeger_enabled: true
-webdav_opentracing_jaeger_http_sender_url: "http://{{ shared_service_kube_jaeger_collector_hostname }}/api/traces"
-connect_opentracing_jaeger_enabled: true
-connect_opentracing_jaeger_http_sender_url: "http://{{ shared_service_kube_jaeger_collector_hostname }}/api/traces"

group_vars/stage_dev/vault.yml

@@ -1,779 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-64313261303235643266396261353762393033313738313362353831653039333130613035373062
-6335316432616166306339353434383436346332316632620a366236623765366330386461623535
-31383932633834336165663039633234646535613132623163643138376165666633323965313535
-6439653166353261300a353333303461326538323630376235343064353035376434323431636462
-35333338633835373863323765353035643931376536633066653730613333386439373431393662
-32666465323934336634373131326430306538303965616637393333376639363136383435666264
-65616363316638653461376466616264383133346166613961653565353632643133353039383233
-33666330656264303831346432326463396333313833363030333833353639623330616364303361
-38633430356238646339353831343139316165663337623434343037356336633838666466636335
-66666232353465653363363132313664303632343938336165383230353864613339656463343638
-65376534336564633563643662636633363231363461663934383533643166336663396538316662
-66626133343739356366386430333038383265383330313566643238613632633736623636393366
-62373831316265343236326138303762616639633330323236366162326661383766623264636138
-62646665333930663337363231383462306638306161656463333232343061313361636463663463
-39343666663039393233653465363638623731353430613638393964306436333931653534653865
-31343330643437616466323132633637626663633463363933616365623733666334396431396563
-32393536653264343566633966386161386662386239333534626336396631373234376534653636
-38653431333633613338623533613533646336656530623065353736633364363234353537633939
-65656566646239386136656233366366373366343566303535303966643131303866633934616135
-65613336316331346435356265356634363339643138633665656163303639313861653266356134
-64366662636130646131396331613335306264643534323464323430623739653666363432343539
-31316662303063393032393965353662613339346531303364336362656239393136316235343739
-31386137303732633036663765396464623235303038326264636331373266613633373537653634
-66306632313935353762643235633331343233363966353834356436366332376162616530613332
-35623931393563656338343932343338333737303932363464393538336465616337636463333961
-33636533336431623433336330346232666563333432313730653834383266616339643838303232
-34653133666533363337653439666665323832356339343134373036633336333561326364306666
-64363930343039383937646436303866376563343861333130353139363533343337616639613433
-66326431333738643334333263326633373166316536636338316561313665346136373462366334
-35373163383266616134633562336432333266373865306639616637613366393133643339336163
-37376531626231303464303061316164396336663136633334353765656334656537333331643036
-32653866643730626237316637333437366337343831383433653131626639626232383330376238
-61326366346565363130623436623564616461653463633031313065653366336332666132323030
-34663438636434646665313637663962613036653162346239336531393539353330396162393363
-33633861663234353866353936613135306131613136653264643066616630663762383132616236
-61336161353036626330396265666139643839383765316133626466346635306566373437306639
-64643236316562373765313533383533643434303966373161636563663561376461643734663031
-37323130386365633939623938373732643831313065633336643063326539313564346332356162
-33666430386234626464336666303931646331323365333337616365623734313761383839623961
-61373463633539313164626131656366366634326533663731323631303236623634396431356665
-62316139323032653838643565356431663364376432626363386232653131316162636433386566
-30313364613736656535623861636133643438623365353335343264333735623165303434353734
-35656531326332376135646336656337373332663162623730376562613138633130613963643665
-36396330633530343536313331653737636230326661363534333636613565383263386162313332
-63653636613833363538373437333437343332623037616665666135383731613065646237383033
-34626430656337613761363236636333643039323533343665643061663938363236346633373139
-37306238656436633564396562373530363732313434623033356665333262343937653236346533
-34303634363665333530666361613731313531663637306633663965636365353366326565633731
-31623762313663303735633632396561366466393938303134646236616465653862356565313036
-39333963383765346664613935303831646662376665346330366561666430326261353635666338
-31653361366264306337326162323361333434336430646434363130623865623139373638363261
-66353532343131376661623738336438623438386162346665366438323238386265303362353839
-30306661316437393562316532363465633736666332396538613164373962373734626437363766
-61366535666163623030633431363435303832376231306537303834303162396361326132396631
-66383665386361613833376263336430313531646361333363323539613033623130336336613861
-37323461643266356238316639613464366635316564326561663334656231323565663733653033
-66373735633538646231656161613662356430326631353338613337316236333332303434636532
-63336630366464373337353164313232346438376465346539643034306564303839373436393265
-37666264353464623361303038663634653338363161633662326630343935616337313331313164
-37346366653135376566643038333435376636393839353533353261336566336634353039616236
-35393862333736633333643661303536346662326437663231356362643964663663646535626137
-64376437313134396362653938356233653135633634656363343334363263636335356634383535
-65303439316261323432366236393434303637373737323933373038353265636632373466656135
-61343934373939663337316465316134326132353137393866316365393363646465396231646164
-63613933306133656165303530633338383265336363396430653732346638346331376333383334
-36376665343435646531313664616431393435653832646139353436376165306637313538373930
-63623931366362343261316132623135396239323136626336323030336532396265393135646461
-61366332663132653632623731393463626336653865303866646133653739366266396334326538
-64363035636331343930346534373365393664396438393036383866353761613935626539393535
-63353731366636666439373663346435656632326336396332356264393139316534656533346631
-31303964653039333063393737663865386132356636646531383037303464666139313363623839
-62393430326635323331633830386130313538643139643433653630313636373866646439373161
-62623832643937633036633034386136353239356431313639303232643962653361623965383437
-62393466353733353763313237643632396536636137323030313162363333633362353366363534
-61613165386539363136666436653962373231353535623063666464663530646539316434343662
-61653835346330636162643537636337373961366535343235623765323264366261393337663538
-34366637353437396632633837393265303130396333633363313963313538616339353461373338
-32343435373236653136383063353237626532363635343363623430363235356438343264643963
-36323366643864376561653239313761313361653136316564376638303435333762643963396333
-37343935623632383637363966656336643136373165323338613465363761656132386130313761
-65306138336437366264396465333861393937366131646532393535366335613239383439316639
-32393235616266326664343435333530333435303135363463303366303134393338383838656635
-34613332626533396432636166643336386339613239386334653237646534343134616466643136
-32373438646637666562663236303362323565376137396134346238313062633165313364303263
-65616434343630306265326238313334306230636434393061636336623734393333336531646338
-66343461386561323139613634313631373266663866343163333039653939303339613636666337
-65333434393261323665356563653230653462616239343432393137386662396230613230643535
-37613563613039653839656231313039316432633665643632393733333338356631653966333965
-61376662346136306235633431633337613838336363383434616161323366646435663463643361
-34323164646463623439386233626566303531353764373431613339396131396366353861343261
-36346136626566323531613362353834653836336561366664663833653730363036646563643833
-38643038343233356634396465303565363233666239306162666434636564353237353039303937
-61366564323430623731663930366230323363663661353239663539363132633765633037626332
-32636161373964616332616165346562653865386366326138643132356131376138653766323731
-63353830653361613332633634646137643963383637326564636232356465393838363331623962
-65366539366639613866323432613334656130646266663365346536316138323736633563353465
-36393962656335633561363636343034313062303539626339323334373936386336303863633531
-31663035356264633935656365643835636235393739343431643138303064663266333962323864
-61613838396534313064646636346339383663356238616564653863643830383166333166306663
-30336431336664346534373462393962366138323036646330313035613366333839356138373163
-39346237386231396664633636386262363730326139326463643732613733373964373537363734
-62323066616230633530386432646466346335633430613865633936383863376335373835326166
-36613633643933663361353436663938323364383833633333356431326662363663626435303336
-63323736383361343632373364383134636138306536636532646637303837336630386434663632
-62393263303635343664643135383361633930613562343766383835396639613535323330363433
-38613864666539353533633838363663323738656463313337316262356163653930373864306365
-30333665623164363637303938396161306138393839363239333835313364613535623964336639
-34343536666365393365303533643663393536623234666139636164303234616232626562346331
-62653462323333353030626265333162323536343830646136303763356638373939616230366430
-38313734653462646630623930373332613439313238666464353534363365376539666564336634
-32353538383233353564313139353632616236633830306638633134643462323961373639633263
-35643732386132376330643131353730306239323566323037633630326233373261613435383533
-32313434643835646337326565316535363238343935313865306264636130356161633861386638
-31323935666234376334623630303132383662623539326564643966643736366534636432636264
-66646335663139336632363032366435666363383839633965613162363266613065313530363431
-64646536666163343234363264646436616237356432356361373539646237656136333063366361
-35316537623863343166636432373163393462623762346333373766316133643764313765393031
-35636366326139386136363033653134303039613731626164643738373361363863353531643964
-38323636393537363364663564343231643937383661323736643035343830333735636362623037
-39353134306331313663623634666566306236623264656138316137363338313662383464616338
-34636432336332333931623736383366376239336665383633366162616130373363646431333361
-34333538363836613361343963323437623430623237626330363739316131663032353435646464
-66396137323366653239326433633161353332303361343333333130336231643665616566623433
-32636435636235396661646166303762343065303733656439616361363638613130336139313265
-32303661373765656534636434653962653435396363663462326431376435306239623266636331
-64346266383765303065373061316462396334316338353538333765306236616630376463336162
-35613131383832613538393166663363303930376163343265393038653765396266363764313838
-66343837376464376465393531353562366265643862303839623462306436303036653765313363
-32633132353466383766333531666137303038646638366163316439383531383634306564306665
-66363639363035663634333161613539346633636232393536376233396266616430343336626139
-33643930333062306531623137656234613165323739326265663534303661336363343630303965
-63386439303333383566373834383438633736376564316130653533656338363061653133666662
-64396362623336653963666433643963663964333334303536616339323534343634353533626161
-36306133303431616236613538616532666665656464613533343166633432376531353630623633
-37663733626166343963643238303962633237623162366363653261633238303434613236356461
-39363063383734393735356462363963666139373531343938613032343136306161323837633865
-34326430333931323731316430633361373436333333376632306231383263656366376431333535
-36343865386337303739366662376133663461636138643938333530363634636564303064633666
-65326265373437623561336566616233666533383161663834373664633566336639363261626562
-39383732613561303435353432346162373961613562303465356564653937643266333961383331
-63643433356339626362356333303338623434626133343966323331313230636465386237613939
-33353433643062656666363439643065313038373933316564393536333337653232356161306361
-38393165363065323030633964633964306263303264313565656432613561613933306432306233
-64353961636165663335333235306437366432623836313364356139353461613439333633326262
-39346634343632383935346632626139626662616332633030393738613032363861343337643130
-65643062313139373766386462666461633835346330643531316366393531376534613138353162
-35656131303839636439373735373232316633653732636166326237336439383730656633663666
-61636236333936323339333961363734653439633463373464616632626166653265666230363136
-30656163636561333531303039303330656438326638356465373530643434383466636630613832
-62643661333563356361633036336539326461323930663065323766383232346132303166386437
-36356538353762613366393435393039326535613061366632313139323132346335613238333134
-35323138346336303031396339336438336435313435333662643730323666303130643962346539
-33353937396337633164306363313539333631623337626665613434333535326136616530623237
-36343439383037383637396665623364313430353738613564646661303062323765623138306338
-31663236373166353432383661353562356564346535363032643035323236666164303436343430
-61326165326166633164393935343237356631303332316161366132393932393763343862633565
-65353832376437623264363136383136313765646539613535666463633766393663346237613336
-30626638363834366538366139613766393939393931343933346634643039666531653732393731
-38313862363866616265323366313762376232316363653462333539386562343137666630663964
-36646563623439623333303362313565386133633735663734333337316638363364313436393235
-65653038656435303034643030316262376664366465353831633738633135323161323866653137
-64613637343836653438303336626137313331376166383062653130373266643036623961663539
-39373530333335303463633831343339636638313335663336383764356439323833343937346566
-62656231303134363263616338313064613833383731396466343235636265333839343461613337
-32363064303739353531666534393531646135363838313631353339323964373534383066636632
-61616664376230323633626466613164656565666631336634363431346366633235316565336164
-34666532636465623465646636616134343930323766653031623261633030656431626133383532
-64616532656538643131626332383832346165366130616134633335306638643037636265326633
-33623538343035346630393865646133656262633034346232343535323937653164646233376233
-32653564633666326139653231383233643032323564336365663833313239373265623936383833
-34336466623439333165633332626632623062373361333633313865653462626664366532333964
-30646637353961393734343862326630316436633135396661353135663762643466313235303135
-31343663363532326535653532633465663530326339623062346465646330343534643662643065
-62356161356362613765326536343565653838366164646562316461323438663037663739383930
-32313239643334633465373963313635646635343734636538613438613039353634303836326539
-64323564343032313962393839353561336434376134376331646136626137353933373963336661
-34316139353932623133346135623936663664623565323739366234663332376162343434393162
-32346533343333623333336433633861346631653262616534376166316534306539393432316237
-62366631623233323035326433343838613064666361333730353861363964396162363530353837
-65666639343030663462663035636666653034343039636530613739623965313938323030666232
-64373364376364663162323737656631613739613035386137663230326338646662636533646435
-63646463366131333838643334613866313236623839646330373930623439356538353230633034
-30313632396338353834613833393863616136356534303533623934633737653466643433376163
-34623436383331363633363531333830636162363363393638313538623464623964323434303139
-38303333393939373530656463616337653031353530636537303963383339313831396564303431
-34363135353832306264623862643635333434653163306434643163376565346264393665326135
-61316664313037363936376562326431353630633535326237396562366131393735323135316461
-62613232366234383766383166363637376535663363323766313931333361306438333463396132
-62643962383865656661613362613337376462343565643034323764666164326630393534363236
-33333665376531646565656263313032613935346131373263346635663463313238313965386432
-36613365313934636636343337653530393061346364363462376633306331326333636265633831
-66653262653336323137303934656338313430313935366566323665373163326662326335663339
-31653166393765323739633133386337383264303564343161393432353230373466343661376139
-31633361363734396537646433316165613438333566303530343434363361366235353537306531
-37316539366166313061633566366132396262323734663736376563383666373239333339656137
-63613165653961383266356539653939373966313132323438306134613730616666633264643935
-32623039346266346332613065353337613133316162653937376263373465643063666462356535
-30653261653765316366636236653165623062653666633639376663363666643537353531633664
-36323436626362316266643562656462343332633234336539356632346337306265616331303836
-66616138366366393931386164356636646433666664663432343838303237316431366165336261
-33306266346635323432333865343534623261623262616337336134333330353036396539636135
-31326536616466643639646135343663636335643338383338346433633434653435626331343937
-39346235313636343462383833656562323133343936316365363131653830633532353737343838
-65383034376130396666343132633038383033386436646338303534633133633461613262356363
-63613533656132336331373237636461616331663132613132616330393934363230623137666664
-31653231363266383136666561613434373130336336646233646334613331316565393738616330
-65376639643136663334366533663837663461356562613365393532336166383333633937643266
-34346135343362316330313832376161323665333730626632663062356664323864356363393665
-64636163653964393933613637626137316235373866643134333236306265623033313032393739
-65663439303130386362313132333965366130386362623361303330616332663534363938626466
-34386166653537623663383639616431393165323830363730356563646233353463616533623433
-39386531376363313931626131323830313531383562346261383966366632373966643664396164
-31636438313134353738363565613132383434613766306266393834643066663837393434386563
-66633637303932623334373739393764336638396665666633326430653461383030303966663663
-65613962613237323061613863623237393662633836366635346165383536326633333632623238
-30333636633931353834366262326563373333636131303033663634656138636364643433303463
-38613232633030346161353333313861363964353731396164303666363535313865376331373266
-38343538616465636433666664623739363764663431633565393239316661393164326635366135
-65613037376331643236363661346264663366333961633365303237373434653537633837323334
-65306538363030653831303662643361366533326134633636386431326338646133363137613166
-33393063373635623333346466326464346335343238626532323738366336383138356362373562
-36646163313366646539373134643131363233383133613030653762363831656535633736353962
-64386363623561363561636661393762333232353161366336393633636532396632353734383733
-39303261656364326137343833306131626564653439303133373839633336636232323333666533
-30646336333334333738363065353263333437613038616237313063636432356633323830663064
-63326335336434316263363866376133656538363030323531333532366638396264313231353838
-36613366346238376533363032386336386438333063336634663336393230613961656536353537
-65663463353838393563396562643063346539623835666366303731633830303865363166666534
-65353663336662336264313161303333613466333733343236666530383962616138613632356361
-36666434363765653833636230313237376661366562343864306331306535373461333163393561
-66323066376636376432613236346466306635343731373665396330613966613238346234306363
-65313634313664356166636661643233306238343864353038306339306235393735356665306235
-33313366386563393165313837383862656131343135366633346333343165353761356235303136
-37666133356233336432623830376165303535306163646166393561613630653635313363346532
-63646330303464646564373539613236643763613662393535353738656164656438653532333762
-63343764333132313763366535366634623633633631646533353836353835646437363031633534
-38356630613637376339646434313632303631383534306138366661376365626165643466623363
-63666361633930323763373331643564346336656165393662646336653933393836366436393238
-34373834303336366131653666623238656664633762623135303161633031656437343738313539
-32653234626266336135333630393734636463303032346534663834316661613162666634336131
-64313934346430613832313134383432303366386139373739323430333433326136346235373964
-31353030333137303335643465336537356433386265373039623265363463633633373833303535
-33303137653262316436613738336235656637653066303633646538353665393933376639616635
-65393331336563386362356137653766366337313732333562306136356233643231333534646265
-62383234396632313234633234363133653362646664666364313334633935336436326436643463
-63356630333935313961636236663761343636626161386533366462393833393566346662386564
-30653436353532306534616132353561306363393561343531333661613036613763386332383963
-65366361353931383264643564323135636438616330653761376665633663333232656465386265
-39326531323964346362383830646234316263613561363362393032636237316239623039323131
-35636462613236346231323834333361313635646162383564656333323165653936316435366461
-37356366613362346232346439393366393264616561653736376230316330303035356338326339
-32353366636131343466646661383335666430323730643333303961363937386365666666313035
-39373830626564633231336635636431363337363030346630303532653665316536636234393432
-61666334356134303664336638316232383035363663373962346662666565343261636262373065
-65393432363961333938636330363230353339633134333238386662626331656237336164336165
-62396134613762626439383032303334633836346165663936316633616662303862346133376135
-33316138333038666361666130336361313530323235303938353665626631323265343932663333
-36343661346337383433333565326265383232653537323862393432326438333138346364343837
-66376234633563303962333636353532663937633963643264366430653264336137353938343066
-38613335663039613236343434633465393264653863393930373336626463626432323763636634
-39643638626361373137336463353663333138303266383162323730323066646262366436363332
-62636239303437333639326233383364383139336438306138633864353938316332643538643930
-31386265386365373432386538386662333438376661643162333132636630613366393133323432
-38663936633337303935653731373637653532646232366363356537633337613036336666393933
-37616335393164326538383666383961336363663435356262636136346534396238653738626433
-30663430333736336565616165323161616336396534353062336163376665613764353234303836
-66393966356362376266363166656664393330386433323262333464313234636233316164376436
-35626363343265323836333534633337303338303538623366643131326537386165383834663430
-66313136303765373937353437396336326361653033623634613166353263653634386237626434
-31393933333936646566356161386133336138633563306235303737633637633663303931653237
-30303635363930373431656535383833646232363237326337316136343237306162633161633734
-36383166363062313435616466383233643361373739306265643630383737343832343665646534
-31656362303661346531666664333162316433373237303531383730353763353433393166386365
-36356530303838623436663335653062663033353961653932306130663931343833336363333563
-37633030366331653461613731663337643461393433363366616162326635356133623065346235
-31646436656134363230646130653738613234303637376363343138343762643763333839646233
-63306630626461666530383236353463323537333231333130376532366364653539363332623135
-34303537363035383165366536613936343833396530613663656537636435383163333535633636
-64336330343366646434383764313132633636346238303136613666343239346261653730643132
-61343832613532643264626232333930663364646232333262353939336361323866323537313662
-30383036363136376538386137656534306539316366386230316436326238396432666132333862
-36363862316339333033373362346661396133363665633137383161356162313430323335343235
-65663566326339653135613936373435393163633333363337383637656432343866353062613961
-35656561343930653138356664373637663636323066316365306465303639326463323331616633
-33306263633766323962356630663763313034666639393466373538613039313932333639653433
-65623266643337363630636334653661326632386462616531346530633430366133376339633761
-62363833303964343934393165336633393336373832623731666161383562623036383965626231
-63373037366133373064353435386232666162303735323131393338303165323030613862336335
-31313732623565313434626166306335363933626364323339616235336466613065623431646230
-66636162316333656638666662386638653932613538336538643163623436313666363331653934
-62663366636461613130336132326636646232643138333935326435393739623562353330366136
-37306539663261656461363830306566663761613861623733306265383766303439653733343865
-31663230636465633262383431646166353034373237326639616336643966663761393036373061
-39653737633231396666343161336563303162313737393039353836316137343164613133336432
-63376436646633636164636166643864356538366162623637643635613530623066323932393632
-39656464313630306462626161313164613566363639346434643136356533396532376662323064
-61633532303164363163633430376161333734323538306439666535366637643133383534646339
-32626261356439383536353265313064313336313337633665666136356261373533666435636139
-61373130626439333134323931646166626535373836323833373465613066343137323762656466
-35663864353361643139323165363337353436356236373934623030373338656232326236316362
-35313030333833363861646530613864366163656665396139323539653531653531663732303635
-63616334323631623930666638633031303562326633616162326166633332663939633961376337
-64663432363535353666363339316363343336333336303138336365663735656664623039623961
-38636236323636633062393836373465616366616166336439333364633533323139383238623462
-63623935343237656663383263306632666565333537663165353962623266633661363662666162
-31656539363930666533623033346331613634643634326562393336386461343363306637653163
-32643536643962663762393135636265366635313564336664666130383335396261356564393738
-65363831613866643463663061306231313764633034333437366635663065393039366635333332
-64323232653235313639323130346262326231306132623430616466666164333533646665326564
-32353731366230663831333439396266373531316334363062363462396266363131383832353265
-61393835666165613733643438613265373663323238613866313935356634646365626465653933
-64363462343766633230623830663737313030616339313833313839643434383937373266323137
-63396362323739363639636664336237646635376130343232316162613032306635396162336663
-38633261396338396538376264386538363964396263616664356162376639653931316264323861
-66373937663730323162396364306336306536323536363364633731633265306666383335303138
-63323937633161323166306436393437376265343165343863343764333763633134313161386462
-61343932616431373736396566343333343733366235376335636562336363353166326531633930
-32346266376638366462316439396339633134333836393261663136366538653037393931333434
-64613738323933313664373431613439383333623239303465363263333837303862353466313439
-37343433323330366138666166353237323236326537376362313737633237303434613639363062
-33343632376539653536366439646462623163386334346332653361313637643238323239393335
-39346330353639663361326161303666393763613238336162633164393065343531666134633731
-33333262313066373739393965333539653863663130323632343334313530396136633765623637
-62636238663831616262383031336639373166626165623731386637616136313265363465383961
-65396435323966636364333631306363313564313165633735306235633363306332316634326166
-63343562306330343365646266613235303534323438623637616261326136353330613639393832
-36356163663865373932346463366634643539656330303837653538333834626438333461663338
-61623365636162623733373631636665346363306362613561376234383466376532633964363866
-34656132343262303131323461626530653462616637646130613634613834623036663065306331
-62646462383530626361393434303166383661356234323036366536643366393162313038656466
-66373066623732316438633662336333623339646666343062376366323337363966616566626135
-30383065646232393437393434346165383163643539646531393563623138663861633034343931
-33626235626230643465613735633333326433643634653163303463326239636539666163613963
-38633639313665613662346438656265363536366231393838373738623964303265306462396432
-35623035363965343461653663626466616538306139653337323561373866363063663461333730
-30386366313765363665376561383139353834653466323734613635666362663232653235613130
-66336130343934313731643738663266656665666266343935386130316666623433666532613663
-39363765643931626237323065656230616536643535373665353261313264613165663764333737
-66396237623630323162666332663564353165663437616361636432376235613739396130303961
-31333034396232313865356534343261383538666163333965373230313538333165346336393839
-35306163383366646536643535333935336537616263633666643337646539343961656539643566
-30636232373932316265613834376430653762386533613232623132613037636366363236333231
-63653561623134363661666239613565616462393365316366333837336639366465646639356638
-34383336623533366565393064626532613730623836306539316439343366356636383434646665
-39336338633265333430666361346536376365343434613565383634353231646330613637366539
-62623334336262633365613462393432306366346634386462373432386261616439656466306561
-35386131616134653563303464303635353861633933306139653732346535336361303463646361
-35663363626331626263306230363361656335353833333061623436343332383239613335363231
-36653063313931626537633234393134306563646631663630386630393237326130336534366339
-35333532306439333263313135303634656632366439666163326363663265646632626535373664
-37333736363233653566323235666461313138313732323534356162386662663931633561303734
-62663462353436666436633665346264616366336435643630653035643737663662646630306165
-65306461336262363832616666656463333137346330646538323031373130643237383263376435
-32623134646235363862346633336438383366313863376262643233303238356533393136343362
-37633261653936356530383935366131363964303938336261303462306332663265343735623333
-62313739396463663538656161376239363837383563643030343931313131386630623663343664
-61633863656333663263303237396234383566633464353637316163316530643964643234376336
-61376230383261636463633336666562356637636133386531323836303031393666343837633661
-63336531666363353234653166333161623938613138393061303737383262326136393362333638
-62663037656363636437373635373332393730323934613261363262383132363732623034633934
-39383438313363333939646638316631353736653131336633336665303034366330663666646437
-64643430356631333136333861663731663666623166663761306166613232353066646165343665
-38306566633966613361373462326236323661663235346165313061623763663663393530366237
-36393735646464373162646261386330666533303831373330326436393930383964323833646239
-38623964646563396437666433663336323437333662343230386536303437623931633230333264
-38626164636161346232653437666432366139656239336535393263623664626339376166376361
-63373837323663653165343736656236623830373161646633616539376531633866336636323264
-66323731353831383962373534393236653334353864383338313634303862643638376435653734
-64623063343134633866313539643538363136313933323236316233323930656436326163613932
-30306666353239633032376333393366346237376561356637383434643736643838373733333439
-63363337353435313932663833393431653661323363623736316232643733663761363039666666
-61336562646530333938653333363365313733373562653338396162613731363437376663373634
-66633561646635383662643564316332366132343133386138343431343435633839386431613363
-61356561383232636532313134316433333937353331326636633130643134306266663562323461
-39393061303861323164353966643830666530346439313763363034376532383034656231633234
-62376264386539626638366661383862383830333065306436613231353861333565653131653866
-64616234623239633364373537623363306364633062376432333963393438663563336335343836
-34376566616133373261343337336561653432646538346662666661343836633533383738646561
-65636637343732303564343836393830376265343361353433376631353465653161353339303130
-36373966316263346534616632363838626131306561613237643135373530613137386335313439
-39333565663734313536633635313433356630373466666334613630303332626139383238366636
-31316131666133643535643334386165653165613937333563363334633038303536646432643461
-62623366386635633534333834663435653834386539666138333932363864643337343832383135
-61356233616332633536623662336332313934316532656366653233653464343830636337306636
-33623039313330616266613338383135383866633633383461386263383033303237383465323833
-36643931323136343531613835333939346634656131313864313034383062666635636362373831
-61393961383164326130633765373364363163353132643837363631643539313239633165386462
-32366333313539666139363438346432616639613135306533393332366362653233326337393265
-65613032376362326464343763636137333336396135353130643365343462653733333466663166
-65346239666466643539643735336238626663663232393164643630383237666338356664636633
-36343930323734613038326139313132313861313261626563613837323565666561373933633338
-38333462646231646265326536653532646465623930383033323365353933353162326663383566
-65333763333839663861373134636337623939356334353764383263353565363831366233393865
-63663830383265646363613133323139333666636161333937333832653432663165656137653865
-62646237313261656633386264303431313933663939666366623535653134363132343632316664
-35373061366361323835303237336539306233336239303734363939666531623039666565373738
-66623563636135336430313966633062343234323761636135373666663833643265363861363763
-62623733376437366432326232643939353165653630323333646536623766623831336230303436
-63346538303563363032643332343761626463376261633566336538333133393664376666613164
-64613033363832353261316530613362313934666234663730666434333963336233366132633065
-63323134636663633538636164383036326338643363623533303833626331653863663331373735
-38346363303531343238643561316365343839663661323066373837363436346461346462616134
-31353536323330656166646663653137626164373932656665623863343730336232663035306238
-37666433353666613533663631393738626537616665353432303863386430633531633434383165
-30636365653638643364626335323665366334333166343363613433666633643230666531323439
-33616566343638326663383439336332396536313034303039616162323463643636383930646361
-32643239373332366334616637303736396532653933376335643438623036393533353035386134
-30356462363037373435313538623738323561323764663938313738653963363735663334336461
-66643835313535313234363332353230326530323662613233303134663134346363323661316338
-32363231373633333335613666626564646461326665336633313939613861306366613661633861
-64396334323766656535643433626264306664663439383837626265623931623239313664663462
-35633339363435383562326465623865373831346430363538373864643063326138653966633438
-61353037303330613033383539386632633737356631643861303932613634353039376437643863
-64363136663934636535343632343732656262393334373730396339643466633066336265623039
-35396436393638666632643538626338366132343362373433363536383237336237366264653335
-65303161653864613636653234326165396563643931316337386136643364313931376361626365
-36366531346638323936663335356139323164663133663134356430663363333539336665396334
-35303831316137323938633131346532323332663534373766623035363439626435626436323934
-66613932366137333036626365346530626537386631396238396362393236663536653336613262
-30396433366237613763316133663937313236323139333830623132613331623839643039333066
-62303636643339353664633832656637666636643762643935313765653130326535646363393964
-30316337386333383462306563316538396464323431303436646563313263626630323035313236
-34363133643236306339633933623138633632663633653936383733396665333666653166366231
-62643831656166623665336265626239633064383630303030343338636165333834326333323831
-34353163646436313339363137336234373039383838666366353636386165313233636666303035
-39643833363530313035373263633062613131333436343931333233666531366436613738656362
-33316230646465646636613334316266643662333737333462653735336463653639343932616633
-36653838623063396634316662383136663833366465653161366530306238613730353034353333
-61356438366231303430323131633034376635653935323238366131653464303335316439336263
-36363234316661386563653064623932343837666462616663356134633265373934396561316532
-32386166653737363633366232633038613439656566333265373738356231353961353830376165
-61316133643733373263646662613535366231386439656135383965306566336430376431636361
-34376436366132316231663263643530383866623138363631373161373134373534653331343533
-33636530303461363963633735643865666662616631393861373266653163653561366565396333
-61623763383133346663613661333933316562336663663432386564346430333632343138363737
-62353031656433396332613430333236323937366364336232613062343936663362366438353238
-38636364343133376135663462363232646230326335643764303932613236613334643731356339
-61346164383865373233396432663765636132386436613266323331353735366333383333383765
-37396566343161346364623834303839353363313336653333623364303933666631366337323065
-31643566613636643265353238343736323065333964653433373534343935396563326234613131
-65613237653461323432363036313765316461303266396138343666646331633362313636376665
-39616237396230643330663036663831356262663537306131363235356166643866376165303335
-31363438336462656636643036613836653738633661396439396262656466336237656361666161
-35623663343839616137313665336230633464633630383431303765303539353034623231366563
-39336437626664303138616335623336303064623138623632383962396666656437646433353362
-38356165386564663435383061313931316334343661316237643138623564643862383535663237
-39633539316535666132663033313432636565616630356634393536376162636534666634323730
-33633165653166393037316131363439393736633763386263353530316433353665656163633739
-31373563386235393565366536643765333465303339616265666633346566336439646336303635
-63386532303230633333633666633734363365396665343430323864626338663665373661326530
-63643834343831363237636564373137303634626338653062363062343330356466633161623239
-65646437663865316333383338633933323265613134383939356663633833323635383631366137
-33633836336139303932373935353938333130323461326161653139353564326661666566656262
-62646437336138316466623561623830386338393231626663613963366636366263346631623438
-36333135636635306239653033356233343930336333393332643633313138623866303562316565
-33353931303434653138323332666633646463306332316536643566633132613064363862633930
-32623466303134623837376631353564356561366166353765623963393937643039333466363262
-61313062356335396561333462373636393662303236623532636435663034336565303731636134
-61336161303136653431366265633930646432653938326561396434373666333566393632653130
-64386335306366353261346232663136333366656363386533393938383536366261623766323331
-31383030326330343038336533383165383034366635393065343735323561646237353864316635
-37323163313231366631636132333765643961356137366439613737366666383036626338366564
-31326232613063303232666439643961616665633765616361623236353265353966636638373336
-66643330363536353734396230353239303566653863616166646635306165613962356364336237
-64373932396661336633313639666138346366373136383966643035633831626532366336333331
-39363639363733653161636134343737363731333164646566376363323338373932343939366362
-63633963346464393831663337643562353265323133323630646662393732323661386461646236
-33356633313930626238363734376561613466643064613936333962336135663231646665633663
-66336136376435336239656339343730643664363362323330356232313665373833653233316432
-38326632386465356137393764343661313435343730643461366433643764363133663036333731
-66356464643161633462623163323533663864316336353665316366323330613937343466316337
-30376661396362616265653731656362326163333833366261663863663931386433383239333761
-38326535636163326336646337616431333466623635393034643266623038666133353961336231
-34616333343630373334363538313863306333353261383361383235643636636536383935646331
-31613631636531663736333437316132383730373431646535316633613866613662646561653637
-33316363323137353566636665363237333736373433386238323562373032303662373337323366
-36323434363935333735373133363264656635613636383630393964343933323866333738343861
-66663762303334613062666262373938333435366164613431663630313661636333396561616337
-39623836636630333134373233393164623536646536363139303039373937636136366262306630
-62396365306235616261353066323530343936366139326435636562316566663537366532323563
-36353831326634366465613866646338376630343835363632633734366136643064343234616530
-33353461386637383666623635316638613232396539653564326330646235343532353934336332
-34343365383735353830653538613364376239306439663636333862373663333266303763393635
-37613766353566316536623237336331313735643936363532343730633339613336313332323265
-63663034376465656431343062623835393033333635663432666439616233643939343635376131
-35376434653461616162366432666530383261366136366535623765623938643137633866343234
-61373938396538393864633737656330383061366530616337313136353131393766343963633331
-63623862626362366665373539313532616139356563386362656464643335616461313064366531
-61343639653331373766386434383863373839363835646262336136313330613462663437303135
-63303738303264393834323339623662366432643736613030323434653537353664646534376664
-65623237303933636537643435636366303838346535373938626332396166386666363165306565
-62366134613832323034666233393638363665306265303130306137366466306231343534633533
-37333966653335303630376530633930366433623533396363356230626635623736336334653166
-32336663303132663235396166306433393039663430666334373136363237616339396464333430
-37383230633462663330326432653065396362313933343663636232326631323134386363636463
-66663164303061366638303462393732663235616336393931313466613533333532646633653837
-32613566633264363565366464333831373032663232636638663935396233663562663134626664
-64313861363631386132653737643033653538663863396464656265396433363836373030393430
-63633434656362323663663164313766306235336164376532346238633630303864326464386438
-31376665326137333964363861653235613830393463353061626335303036383038333632396435
-30653532353738333063366334663830623235663030386639646134646437373265633431313830
-61646338636439366431343535313366643037373432656466373731626639633065623962386562
-35653637363735356237623233306638646464633533643736396533666166303666623836313132
-34623731366361346166383162613566613466336164643035393037653930333339333831306561
-37373335616532303139633435343936623635393737316235626130336362396434393233366334
-66306361656230363363303832393830336331396334316230333032666466363734646265663733
-63613638306239366334663262393438363138643539373033333037393164646338386462633631
-37663865623263393538313731376363633630633264653131386637323033313461316664383030
-35316166363565653537623463343032633632643463386564623532376135363933343265323338
-31623632623835666361616165393761613330343131333830623462653663626166366665366562
-31343633656339636333323261316535396563376165383831373036373733313131353734326532
-30626136613037636638633837303536633030616364636235623931666538616433353638623731
-30373833393764356563613831636435393035623764303934353061306466343030353136353735
-61663136333662623733643466633331623938653437303139343363643239303563346234623438
-33656162383466336362633561383962383963616631613862633966333766613031636264353663
-63393139393334343232386534346431393765323631653061313665326236616362373631393864
-32646233373232346539613236613936636631333237353066646661336661643166663630356264
-30646636616636366232396234343039346330323761633938663831643731633637326632656430
-34303837316332633930303063363730373662633737343732366231663330303661383837373030
-39313436373739366465366330303639353962646235613938656463353033643736353163393737
-30643837376361336161343330663564646561333039633339386164633561393830373936333637
-30663662643963636230396261373534616139636233643430303031326635653539626636336265
-35613839343635306462306561303934616463363864663262383536333233306633343065343962
-66663330633665353433303038316232323733383462356333353463393234613461313430353738
-39303531383431343235306563343435353838383666613935313332313431613238363134313930
-39336631393031626630663635636166333230373132346235313438376235393465653437383762
-33366132333465336638313438353136326433623331316534353637616537373963303232623739
-39646561336265393333636538663965623933373563663830356534343432363665656233616362
-35333038393836383035613138653636356339636533316335356639623830386339613763356565
-30636135323139646430393632366464643964663932316631313362363132336330303833356137
-31316262356538663635383130663662616434323037646636366562636366326637383433613036
-38623134663264353362326331666536336139313036613262636530303636626161666534306336
-37333461323265336437383239336561613839303462663562303765653365306237383439636639
-63333932373465313237313035326235323437623836343830363332353865346132663262633636
-61336330616564643564663334643232386161643831363664633737363264393230633336656230
-62623738376464613530386339656166383665626533653934663330633666623837343564646531
-34646166663865306664303530663035353166343230393233376235643161626137646333633961
-61666165636239306166336330653639313938643634633331633766343539336131393864633561
-61616637366330393762386630313334663466353930643630393532643061383339663130636330
-32663232386238616363616466623631316535613335626265633639613231353166336433633233
-61616239643535363532626363326363373232396131653165323638336230313733653839663639
-64656236383030303539366331636438343237663065306266383335636237656361343164316337
-36306630363463393564666164636536303563376266386163326334366437316237313530353336
-66393632316431383164343438333764656537373537636238336332353030313839613161653830
-37353134303864313763366230313136396561653961323037303263643035636137333135393938
-30653539373662396265386565623766396266383162363230646362626665613631646234346137
-35626563363761623630633433356339323835323535376365326131386435346463313930333636
-36316336343739643566646133386162313731346561636533313936393538386664303964613931
-64356430633364326133623530373232656165396233303330666630363763313030303333393734
-35393834366531343332353939623564306139303734326335373038353337663734633639333536
-36376439326365343638346130336436363164376232386432656639333963663335663934346266
-64356436333938346530376366303166623563356661383234373663386461323438663332306465
-33373837326136633465616166366134653235303561626537666434393461303864653966366262
-38623636643430663663656630326161643465633264613435666666646433343831336261373431
-32633266383962336337643231353333313236356331313734313162616632666538346332613234
-33333039343262353834323537366165343964383465633961386633653337393764363761376239
-32646633343639353733633233313533393231376161386136653139636331616438393365376330
-39646364343730636662376165303861646439346636313136323232396664613237623065643834
-31386464393431626161356163386439373066613637653938313939653536363933386662656230
-39316636636363363061363062313833313330373734636363303236323836383062633933393833
-35386265633730613932656363346362613637363862323136396661633134356230613231336338
-66626634333034663566613062363035326134623437626338356333306165363839323030353135
-62353634323639653936613736666166356464643232393232396536636637633635623938613930
-35346135373439363161336632656335656135333266626132386137663730633462383032663938
-32666130366437343737313861363565373834616531653334313331363633303234646432303835
-31303661396466653535653036626666623062313131333863383237363039343966396532616330
-64353066323035343539346561366664376634643166346130303263316663633361313763346139
-38393963656236636234376433623965643531633761623039393465396638653139336635653365
-64613637333137373763666630393435373561663664386165316537343162326537343636366666
-32626334303466326463303665636238366631623830663635643162396236626361653033393934
-66373462313133386635646630393631366563303762366162353365323361616638353461646334
-31663634353963356363373466313732323365343563393634313334326638663138646263613838
-64353863306332346565663430396163393833636436323832656632623235343836363431623932
-62353735613864643832666535373831363865343366353561623736373338336533373438386135
-35333263653931623333656532353964656335343234323935313832363332343333626463393664
-31393061393938613665663966363866363536303865343938303137643935383633353436613230
-38626565363834306631663938333738653766643262626166326334323937663933373062363934
-62643364643238306234333330366362353161636436626138626364323239343333396462333039
-34326332393237616439373036626664623435363561333739363039623539613530386263653361
-30626461613336386538363530636234373231386138326465663338356462356365333439373261
-34646635353363373534323233356465336234326333373337353161666166366434353037376431
-32623235633464313962396263386335303138626232316664656436326334623661353461663663
-39323866336466353232376232643163653830633562376332623831353130336363333437373237
-35383066366538313863633936613264666264663030373764323732313862356666666362316234
-63623935636366643264356662396365313339376136343361653930326638643666626362636238
-66633736353933663436663062646536313561323235356233613161323838343235336434323732
-32356630626435623839313330343762386261333036376364643930633136616130366165323362
-39393938393166313732303236633164376232326364373930636237636661356232663934643034
-66666361613232383435633336646661366366366665363361636266336137613732633735356361
-63336636353335383239393031343665663630613863663930323564653632393035333365363762
-35343839663632363464623366333131343566306437373461333334396132396234653466666564
-33353361323431336266383431326334636334373534613636336533303465613766336635643830
-37653834633762353431373763336566663264613363373765356439636565386539623133343535
-65303461616338303663353837356138663639663062633962623130626461316435306138613035
-34316537303061316436623339383237303563643230343462613437653933636331323162666639
-37316265313763383031636265396130653466363732356162326630653530306164343538393730
-31393934636633666162396535353537393233666231376565623165356337373932396564356238
-32323930396261396533396562303962306534303962306539333535393564363266626533376263
-66313734356365313934333937353234316535363134303864346432363532346633366539333332
-61356334643732303766623564383764336239333166346639393233383439633634313832326531
-65303030383035646235353730366166393464343336333933393339373962366261613062356566
-62613331313733646365313932343933376238323034666135353064646233383362313764343564
-34373862656162333238353361353061393334366134613533373562613031366636653836666563
-65363234396537303263636262646364306366303630383263643934643031393866376438653837
-39646363383730356164646336386438613261376338623662363333666338333965313763333161
-61383136636265666562346634343334646339346335353466623030626237633031333033636536
-65323165323835353030616231363433353037343539313435396165386666396364643763653539
-34653463343665646264336464326334616164366565353532333933346536653837633065323738
-34626161643664383564306331666166313937396434366465303733653233613331633566636262
-64356635386665316437333731383331333739306164353965656464653363393661353239343364
-66363535323730393162376438353138353938336265376263346332636563393065353061646665
-39393437386261386432383762323366623864396163353936623436396135363139626137333365
-30336639303661333262616562653762623431313561343735336632653838313063623938316633
-38313265353434623033623433313630356265396332626638303430316432326137346164623237
-33386365356234616235633465633836623065313661653539353933646634653532393661373536
-31643834653364663761326338613434383036323865613161616534613462313230326563613434
-30636264653766303530663061623034343362613833333037613236613430346434316139373930
-32383262356638653462376534396561393666613966383337646335663461623938633761363061
-38353564663766343435356334396138303066393262383131616335383630353837646330383232
-30616538663733323164663035396436393633626365326639373162366330656531366131343138
-61313035353634336232343434383161646238613235633738333762393730356663323435303336
-35616265346261323233616236386330303730656139393365636233623238663865383265363364
-30336364623039353630303432306366343434623738653738316539373232613063326233346139
-65323664346631626337303938626235656534663335643137336435383565383530656663653532
-61383066376139636135653635346232383363303864303261666538393465616365613835616264
-32356462353435306337386134343038343131353938646165643561666466323762623363316430
-30376536316430613332383865653237656565396533656263356463633534646238313766353565
-62633539653233653435623964653032633535646530303638646637326139643261613963393236
-37373132363462353332636437313633323065653339383663303162383733623465383964323237
-33323738396332383430646331353832636437626466336236653763346335336438303438383639
-33613739663764393635663736633135373934346631626438353862653166303935376138613036
-30343562346366383261626539616266383338396339333964373632343866643937383733613435
-35393766383339343838643631373139613364326239623134336330616238323566386438613431
-37653563623365376663656566313763656530626138366666343637346465646163623866663532
-33343862383461353862353264653364376630363065616365343364646261633264656563313434
-65303635636134333363356363313036666232333738363437633166653337383734316131366339
-61633931383365346130323633386631386437326264366332653035643831346539383532633466
-62306362323866343366303761623735306133323933346532653036336538306433363638653338
-62316138666635346566396530623266323933323764346262383365653737303362666235653763
-64626161626538333466623436656137613462653333333137376230633234613633316164303362
-39333564383465623261376531616133303036643664323161363136333934376335616165333137
-34666337336264356666616666653335656636363037303237346137626364333834373865363036
-31373532623330323332323030323463373733623063643531353932306462383932613532376664
-32333134643733366466656463353662393932323564333131653364646437396339343436366438
-37626561343164613638316335316630633833336235303439626236636462643364303834633434
-62376164383138343330316536353030396635383264666661643138343262373234306664346533
-37626566333764323731303334383630663433363766633862336534363261323362333462316334
-39306462363430663435353162616465313036333864623530663831626564366465333034353836
-37303164383333353166663837626535393537333237396334646432643837373465356330346362
-62646365393138303531356430356563643636383061333764616335633031663461626337633161
-36323230363461353036636166613231623566336333336666663831653964656634366630303363
-34383131656663653331336361316133643866303538343837623766306263393963643932393061
-32666238313434326534313932333732356531336331313065336539663663363063343965373934
-33383635303862616632623864333533313564383630356234663166633935393066343831643063
-32396138383764303231353765313631376630626637363430343164663434313937626532363063
-35396134346131646138646138333663623066313139373863396336653232633562323937323164
-34356664323662366634363663333736383564363462666531663435313736343364646533663238
-36383464353765616231613034306236396165663038656563623835663162623966653131373166
-63633033393664326534363766656135623961323234383264336432643066326164303563363232
-64356362393261646465343866376633333635373936653663313465303965653333373631363765
-34353638656566626139393331613635663833666238333834376435326565623962636131376637
-37323062613465346538633061303837323139623132656533653634393030386537366666346230
-34356264343363626633313164393063653462323534613531636230353364343135336337633630
-36626465316566376339376335373263333633336438333932656163386663653064613033666338
-31623835363934323132623832613063333634336263306235613837343865656362653839633935
-63373565366337323361646639326663373933386338656136303465353465303761623334333762
-61323666643735306530393466353231373834643538663738383637306663386561366565323565
-33366364313064636535383430623035356335393534356363336133376439336236326663356532
-34336563396233336130393761626438633535386163303162376237366534643764323936316462
-65326231326338353637643436343834336464313434353737323735343563616635663366656532
-38653932613466376365633032393839363033333331616362373639643663326230383034306461
-31353166393662643638363663383437353230383436616639363364323932623565646434353332
-32636238663838386530323037373734313831353061633834323737303632663031366433393532
-32363164306162613738643439653137633762633664333535313762616130343033623866353230
-38303336336334656531353563306331633231316164386366323065356439326562613231663637
-31383234393735626236376566363236396165326330343362376563383932323562313136656433
-66663736383263626134303164666637363561626335643833663532336364646430356333326235
-33323730373664376138386231386564376362643236303938323037383932613637383536363036
-31393338373261303565663464313131366430643438353938343466643266626665653430396364
-65623536343937313133386162653663326230316161303365373632623032376539643930323931
-35333762393264636536386434366463353833383130356236653735316362303064616464613662
-62393334363063356266356361663162353734653838323539366466663737383761333937393366
-66643062323133353139663331646636623166303765353632366363623032356433646630326437
-66663633643538353032653365373063663437383536626566656337323563366164663364326435
-30346464643861656335653161636531336232323336373131356462326434383736316435613665
-38626537643263383731613835396665343539643333626533383838656336633932393564303464
-32663461383830323639333030643636376432373034616232306231313063653865303935623533
-63303231303331623130396565303936306361653434623533666162666639303363653137353134
-63333261656534386531343439383764323161653635386231336461303934363831643735303961
-33383565333435633938616263393936356639313735346666366566303339306564656132646163
-32313135646561356334633363336535386462323432636462636333353230306534343037343463
-64373438356237633063326636323863383764626561633833623065613632616234373062333337
-39373466333962346531363434363735393338623833643633353137303435653737396231643539
-34326236613363386465306461656630613134316636303336343766363234326435613065653031
-36633039303339663737646261656666396366316534623762633931663832353763346462613831
-61656639346665323663646531393263366635376163366432613261656164303635383364306661
-63623862343866323662383865386363646635363633393464343738303365383132663534343035
-37353836396535383564656664386531636466336661396134656331663030343834326132323431
-30376362316530353265323031366137373532633165373563393965323237366636363731323631
-38636135633665303635333132363839353036633834366332653638353264333737326436343162
-35393231323166643438303961366539623430623438383464343434393135623836346361623538
-38633330663636303131306135626161626361666131353035316436636336666365373436633263
-31326330646630356534313030623234623366353538316532653334663534356363316563636134
-31643465633762613634326337383837666530386461363330323232333731663438393037336532
-35306236306164346134623232343566323066373131653633313932306130633530643337616533
-35353236343166383262393863613937653933356134656330313266636239613234356435613665
-64376565633037343536633139333064653635313334623861613132313161326638313730656562
-31393663353564333666356564646663646662663039663966356533353662643436623835373835
-37366134336562663034633763336533393434336665333635353535653838386537343763623165
-37653438376235666232373366616534346362643639376662613665386633633039313965636165
-66623539346539363562323432613661626238656435643238386261313232333265633836373635
-37336565386636336364373437343638663362383861353331323936656331623134386364376233
-36633430656330316535346230653533333131306134316532613939383138363936643261363636
-36343036333062303631353331326234326665316165366631646230623138386335333333666533
-66663065396262643439663534363764363362353036613035636634333062653161613266343630
-37633538616136666431636332653335306263373166373032653263656466356539613339326336
-33336437376262373164633565616539393738373437663665393066303933313634373536373236
-33323564636462323534656366303939353064623238303437653638343239636564343932323630
-66663432636562646236363837333665646637363865353630323735363333653430386535643730
-38303231656564313638316664636631636437333536353962666530393833306239306464333066
-36383736613530376262363839353666626137666166313232303165363437623837333238366136
-31393535663032393336393634393239313262656563396339396336633536313765636534653433
-65386661653562666534313534353431353135616662373036336436653430386436386636623661
-65653836626434656465326135353764303261663065333235663637343030366639303038376330
-39323065613131333034643130326339313166393738383363346632393133383937303431313030
-37303430323231613837366439653330306238633634666239373837323035613739336530366532
-63663062613632333062626136646330653837353064366539336665306466343363366563633366
-37656230643736663238353361353838303363343436373366303665343066343566356661383931
-33356632386561326235373366633165333339396634343562303234313632663732313237383831
-33316463313939613664633461646432653136616662666537633363356238666637646566306434
-64303531376536396137383332343938373862666165393663623661306664336166343664373435
-30343062366537316633306630613262353064383736316236623634366465343534356465386332
-34386563303336346530346631396130666637386235653032646531303737623031396330653334
-33623564356565393361323536323866303834383565383764373862303139316234653636626432
-61303264633032643939366534643233636634303164643932626336383766666365343965633734
-62303732343330636331316462646339306531373266373232323831373431366633333333646334
-34323530303638303435323837383262383166316536653561383063336531376163303934306536
-30366438653739316361383364663161323631616637663865396565356166303837663030633163
-64623535663063623862313638616438333633636461313131373262353466656665333666616234
-38343961666433623635316334626634636565323763323339363633646263333734396631313437
-37353637373933373262376135343236303135633930373664663834396531363037313630353730
-30333037383833613964636337393234303535623161623065343631616235373838373430653735
-33396666323733366337303764663462393137363436653232333166386136353233336231306138
-38383533353136356165383032383462663961363533356134653530396565326537656364653066
-33646362346539306638643339303661333538333564313466343764383232323835316431366262
-39353666323037386466383530643865353364653738626466376435393364633961343163623938
-36656131316139383664353833353331313562313465623433336336366530373266646538666238
-64343534646133346562613666326237373832363162356233623932626662343633323863356431
-65323765366265633964363162383132353433353664363535616162626164363361653233383862
-37623039316239616166666535623964366537656164323530333235363538393764623334393830
-65323831346663306365396636313739626164383962623136333262343263613634636661663632
-33396337333562343430306631343561633638386432343939343532613066653834373834653064
-33373630623437623764656431353636613234323563653238613563333936656461396539663863
-62656136333664303232366338323239333039616236646533393135646264643962393761323130
-32633138326639613137623130353339333036646663313038356661636238616531623266656535
-36363733396634353134313632623265643766346533626636623366616432626334363637336532
-65316163343833646630376463626536303264363964333530616561626430663732623462346363
-66373161383262653635373336303564356162633161323033336566646563613436323237333565
-61333164393364353633623863383061316336613735356436306266386438316632656264323839
-35646132623561353563353838643736336365646631656263306238646630363932356661376236
-61343164396561613739616536393634363830646233366535376365646131666464363331646563
-38313633393830646632353865323836313663623630613038313437306134353364383230313132
-35663032353936326162623436623332373834323964333932646639383361633961646436613430
-32333437313832336431663733316432373936623664326531346532326130653630643266393233
-36616536303735313139346561336662663833653464363661363865396337393837373337396664
-39373637633332346339623439353833613765616531633038316339643565356365333331343234
-34303132396264383835616464373339303263373966386432323137383234356539323362383034
-65393666306639333065373061353333393837626437653336393039343165393133646261383437
-66623734343935663365643637393030333862656438626665316364343637353731343864623630
-37323831386232313037356339346538346531323966313764343165333361316435386661343736
-37636462656366323232363262626164613662376339336534636134643438346532626165383834
-39633135346661353363626566383064366664666432613663636165376365633065633735626438
-66643766393134633861643666323863306639373963333161636238386139316665653830366134
-62656631346436356635313330316161393931646333623761366439616463363530373233306462
-39313466373061623832643038663537646131666135313662363330373065623439653732646463
-37653931323766373939366339373761383137343230613564623637393132363864356339326666
-65386534326666323032336434643862353834353134386532343537386134626263643931343563
-3536623333623932363835376365393661613939303735316639

group_vars/stage_devnso/awx.yml

@@ -0,0 +1,3 @@
+---
+
+awx_hetzner_ansible_revision: "main"

group_vars/stage_devnso/bootstrap.yml

@@ -0,0 +1,9 @@
+---
+harbor_bootstrap_helm_url: "prodnso-harbor-01.smardigo.digital/infrastructure"
+harbor_bootstrap_helm_name: "infrastructure"
+harbor_bootstrap_username: "{{ harbor_bootstrap_username_vault }}"
+harbor_bootstrap_password: "{{ harbor_bootstrap_password_vault}}"
+
+gitea_bootstrap_url: "https://devnso-gitea-01.smardigo.digital/devnso/devnso-argocd"
+gitea_bootstrap_username: "{{ gitea_admin_username }}"
+gitea_bootstrap_password: "{{ gitea_admin_password }}"

group_vars/stage_devnso/database.yml

@@ -0,0 +1,18 @@
+---
+stage_database_management_connect_name: "{{ stage }}_management_smardigo_connect"
+stage_database_management_connect_password: "connect-postgres-admin"
+stage_database_management_keycloak_name: "{{ stage }}_keycloak"
+stage_database_management_keycloak_password: "keycloak-postgres-admin"
+stage_database_management_gitea_name: "{{ stage }}_gitea"
+stage_database_management_gitea_password: "gitea-postgres-admin"
+
+stage_postgres_acls:
+  - name: "{{ stage_database_management_connect_name }}"
+    password: "{{ stage_database_management_connect_password }}"
+    trusted_cidr_entry: "{{ shared_service_network }}"
+  - name: "{{ stage_database_management_keycloak_name }}"
+    password: "{{ stage_database_management_keycloak_password }}"
+    trusted_cidr_entry: "{{ shared_service_network }}"
+  - name: "{{ stage_database_management_gitea_name }}"
+    password: "{{ stage_database_management_gitea_password }}"
+    trusted_cidr_entry: "{{ shared_service_network }}"

group_vars/stage_devnso/kubernetes.yml

@@ -0,0 +1,6 @@
+---
+
+kubernetes_with_externaldns: true
+kubernetes_with_certmanager: true
+kubernetes_with_ingress: true
+kubernetes_with_awx: true

group_vars/stage_devnso/management.yml

@@ -0,0 +1,6 @@
+---
+stage_database_management_connect_name: "{{ stage }}_management_smardigo_connect"
+stage_database_management_connect_password: "connect-postgres-admin"
+
+management_oidc_realm: "management"
+management_oidc_client_id: "smardigo"

group_vars/stage_devnso/plain.yml

@@ -0,0 +1,65 @@
+---
+stage: "devnso"
+stage_kube: "devnso"
+
+# TODO read configuration with hetzner rest api
+shared_service_network: "10.0.0.0/16"
+
+shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01"
+shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02"
+shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03"
+
+shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain_env }}"
+shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain_env }}"
+
+connect_jwt_enabled: true
+connect_jwt_secret: "908ae14462d049d3be84964ef379c7c6"
+iam_jwt_enabled: true
+iam_jwt_secret: "456ae14462d049d3be76439ef379c7c6"
+
+grafana_admin_username: "grafana-admin"
+grafana_admin_password: "{{ grafana_admin_password_vault }}"
+
+grafana_signing_secret: "{{ grafana_signing_secret_vault }}"
+
+pgadmin4_admin_username: "{{ pgadmin4_admin_email }}"
+pgadmin4_admin_password: "{{ pgadmin4_admin_password_vault }}"
+
+harbor_admin_username: "{{ harbor_admin_username_vault }}"
+harbor_admin_password: "{{ harbor_admin_password_vault }}"
+harbor_postgresql_password: "{{ harbor_postgresql_password_vault }}"
+
+elastic_admin_username: "{{ elastic_admin_username_vault }}"
+elastic_admin_password: "{{ elastic_admin_password_vault }}"
+
+gitea_admin_username: "gitea-admin"
+gitea_admin_password: "{{ gitea_admin_password_vault }}"
+gitea_realm_admin_username: "gitea-realm-admin"
+gitea_realm_admin_password: "gitea-realm-admin"
+
+awx_admin_username: "awx-admin"
+awx_admin_password: "{{ awx_admin_password_vault }}"
+
+prometheus_admin_username: "prometheus-admin"
+prometheus_admin_password: "{{ prometheus_admin_password_vault }}"
+prometheus_admin_password_htpasswd: "{{ prometheus_admin_password_htpasswd_vault }}"
+
+alertmanager_admin_username: "alertmanager-admin"
+alertmanager_admin_password: "{{ alertmanager_admin_password_vault }}"
+alertmanager_admin_password_htpasswd: "{{ alertmanager_admin_password_htpasswd_vault }}"
+
+netgo_msteams_hook_cd: "{{ netgo_msteams_hook_cd_vault }}"
+netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"
+
+management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}"
+
+# smardigo automation {{ stage }} gpg key
+# https://git.dev-at.de/smardigo-hetzner/communication-keys/
+# push mirror: https://{{ stage }}-gitea-01.smardigo.digital/gitea-admin/communication-keys/
+gpg_key_smardigo_automation__private: "{{ gpg_key_smardigo_automation__private__vault }}"
+
+custom_stage_plattform_users:
+  - hp.wissenbach
+
+custom_stage_hetzner_ssh_keys:
+  - "ext.hans-peter.wissenbach@netgo.de"