--- ### tags: ### update_certs ### update_deployment - name: "Creating smardigo user token" smardigo_user_token: secret: "{{ connect_jwt_secret }}" user_id: "{{ connect_client_admin_username }}" register: smardigo_user_token_result delegate_to: 127.0.0.1 become: false tags: - update_deployment - name: "Creating iam user token" smardigo_user_token: secret: "{{ iam_jwt_secret }}" user_id: "{{ connect_client_admin_username }}" realm: "{{ current_realm_name }}" client_id: "{{ connect_oidc_client_id }}" register: iam_user_token_result delegate_to: 127.0.0.1 become: false tags: - update_deployment - name: "Setting smardigo_auth_token_value and iam_auth_token_value as fact" ansible.builtin.set_fact: smardigo_auth_token_value: "{{ smardigo_user_token_result.token }}" iam_auth_token_value: "{{ iam_user_token_result.token }}" tags: - update_deployment # Generate Traefik labels for customer specific domains - name: "Configure Traefik for customer domains" when: - connect_customer_urls | length > 0 tags: - update_deployment block: - name: "Create additional Traefik labels for customer url" ansible.builtin.set_fact: connect_labels_customer_urls: - '"traefik.http.routers.{{ connect_id }}-extern-{{ customer_url | replace(".", "-") }}.service={{ connect_id }}"' - '"traefik.http.routers.{{ connect_id }}-extern-{{ customer_url | replace(".", "-") }}.rule=Host(`{{ customer_url }}`)"' - '"traefik.http.routers.{{ connect_id }}-extern-{{ customer_url | replace(".", "-") }}.entrypoints=websecure"' - '"traefik.http.routers.{{ connect_id }}-extern-{{ customer_url | replace(".", "-") }}.tls=true"' - '"traefik.http.routers.{{ connect_id }}-extern-{{ customer_url | replace(".", "-") }}.tls.certresolver={{ "letsencrypt-http" if (customer_url in connect_customer_urls_extern) else "letsencrypt" }}"' loop: "{{ connect_customer_urls }}" register: connect_labels_customer_urls_result loop_control: loop_var: customer_url tags: - update_deployment - name: "Extract Traefik labels for customer urls" ansible.builtin.set_fact: connect_labels_additional: "{{ connect_labels_additional | default([]) + connect_labels_customer_url.ansible_facts.connect_labels_customer_urls }}" loop: "{{ connect_labels_customer_urls_result.results }}" loop_control: loop_var: connect_labels_customer_url tags: - update_deployment - name: "Setup customer specific firewall rules for <{{ inventory_hostname }}>" block: - name: "Configure customer specific firewall rules for <{{ inventory_hostname }}>" ansible.builtin.set_fact: connect_customer_firewall_entries: - name: "customer-access-to-{{ inventory_hostname }}" state: present rules: "{{ connect_customer_firewall_entry_rules }}" apply_to: - type: server server: id: "{{ stage_server_id }}" - name: "Setup customer specific firewall rules for <{{ inventory_hostname }}>" ansible.builtin.include_role: name: hetzner-ansible-hcloud tasks_from: configure-firewall2 loop: "{{ connect_customer_firewall_entries }}" loop_control: loop_var: firewall_object - name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>" include_role: name: hetzner-ansible-dns vars: record_data: "{{ stage_server_ip }}" record_name: "{{ connect_id }}" - name: "Setup DNS configuration at DigitalOcean" ansible.builtin.include_role: name: hetzner-ansible-dns vars: dns: digitalocean record_data: "{{ stage_server_ip }}" record_name: "{{ item.split('.')[:-2] | join('.') }}" domain: "{{ item.split('.')[-2:] | join('.') }}" when: - connect_customer_urls_digitalocean | length > 0 loop: "{{ connect_customer_urls_digitalocean }}" - name: "Setup DNS configuration at Hetzner" ansible.builtin.include_role: name: hetzner-ansible-dns vars: dns: hetzner record_data: "{{ stage_server_ip }}" record_name: "{{ item.split('.')[:-2] | join('.') }}" domain: "{{ item.split('.')[-2:] | join('.') }}" when: - connect_customer_urls_hetzner | length > 0 loop: "{{ connect_customer_urls_hetzner }}" - name: "Check if {{ connect_id }}/docker-compose.yml exists" stat: path: "{{ service_base_path }}/{{ connect_id }}/docker-compose.yml" register: check_docker_compose_file tags: - update_deployment - name: "Stop {{ connect_id }}" community.docker.docker_compose: project_src: "{{ service_base_path }}/{{ connect_id }}" state: absent when: check_docker_compose_file.stat.exists tags: - update_deployment - name: "Deploy docker templates for {{ connect_id }}" include_role: name: hetzner-ansible-sma-deploy tasks_from: templates vars: current_config: "_docker" current_base_path: "{{ service_base_path }}" current_destination: "{{ connect_id }}" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" current_docker: "{{ connect_docker }}" tags: - update_deployment - name: "Deploy service templates for {{ connect_id }}" include_role: name: hetzner-ansible-sma-deploy tasks_from: templates vars: current_config: "connect" current_base_path: "{{ service_base_path }}" current_destination: "{{ connect_id }}" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" tags: - update_deployment - name: "Deploy certificate templates for {{ connect_id }}" include_role: name: hetzner-ansible-sma-deploy tasks_from: templates vars: current_config: "elastic-certs/{{ stage }}-certs/ca" current_base_path: "{{ service_base_path }}" current_destination: "{{ connect_id }}/certs/ca" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" cleanup_destination: "true" tags: - update_certs - name: "Restart {{ connect_id }}" community.docker.docker_compose: project_src: "{{ service_base_path }}/{{ connect_id }}" restarted: yes build: no tags: - never - update_certs - name: "Update {{ connect_id }}" community.docker.docker_compose: project_src: "{{ service_base_path }}/{{ connect_id }}" state: present pull: yes tags: - update_deployment