You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
189 lines
6.3 KiB
YAML
189 lines
6.3 KiB
YAML
---
|
|
### tags:
|
|
### update_certs
|
|
### update_deployment
|
|
|
|
- name: "Creating smardigo user token"
|
|
smardigo_user_token:
|
|
secret: "{{ connect_jwt_secret }}"
|
|
user_id: "{{ connect_client_admin_username }}"
|
|
register: smardigo_user_token_result
|
|
delegate_to: 127.0.0.1
|
|
become: false
|
|
tags:
|
|
- update_deployment
|
|
|
|
- name: "Creating iam user token"
|
|
smardigo_user_token:
|
|
secret: "{{ iam_jwt_secret }}"
|
|
user_id: "{{ connect_client_admin_username }}"
|
|
realm: "{{ current_realm_name }}"
|
|
client_id: "{{ connect_oidc_client_id }}"
|
|
register: iam_user_token_result
|
|
delegate_to: 127.0.0.1
|
|
become: false
|
|
tags:
|
|
- update_deployment
|
|
|
|
- name: "Setting smardigo_auth_token_value and iam_auth_token_value as fact"
|
|
ansible.builtin.set_fact:
|
|
smardigo_auth_token_value: "{{ smardigo_user_token_result.token }}"
|
|
iam_auth_token_value: "{{ iam_user_token_result.token }}"
|
|
tags:
|
|
- update_deployment
|
|
|
|
# Generate Traefik labels for customer specific domains
|
|
- name: "Configure Traefik for customer domains"
|
|
when:
|
|
- connect_customer_urls | length > 0
|
|
tags:
|
|
- update_deployment
|
|
block:
|
|
- name: "Create additional Traefik labels for customer url"
|
|
ansible.builtin.set_fact:
|
|
connect_labels_customer_urls:
|
|
- '"traefik.http.routers.{{ connect_id }}-extern-{{ customer_url | replace(".", "-") }}.service={{ connect_id }}"'
|
|
- '"traefik.http.routers.{{ connect_id }}-extern-{{ customer_url | replace(".", "-") }}.rule=Host(`{{ customer_url }}`)"'
|
|
- '"traefik.http.routers.{{ connect_id }}-extern-{{ customer_url | replace(".", "-") }}.entrypoints=websecure"'
|
|
- '"traefik.http.routers.{{ connect_id }}-extern-{{ customer_url | replace(".", "-") }}.tls=true"'
|
|
- '"traefik.http.routers.{{ connect_id }}-extern-{{ customer_url | replace(".", "-") }}.tls.certresolver={{ "letsencrypt-http" if (customer_url in connect_customer_urls_extern) else "letsencrypt" }}"'
|
|
loop: "{{ connect_customer_urls }}"
|
|
register: connect_labels_customer_urls_result
|
|
loop_control:
|
|
loop_var: customer_url
|
|
tags:
|
|
- update_deployment
|
|
|
|
- name: "Extract Traefik labels for customer urls"
|
|
ansible.builtin.set_fact:
|
|
connect_labels_additional: "{{ connect_labels_additional | default([]) + connect_labels_customer_url.ansible_facts.connect_labels_customer_urls }}"
|
|
loop: "{{ connect_labels_customer_urls_result.results }}"
|
|
loop_control:
|
|
loop_var: connect_labels_customer_url
|
|
tags:
|
|
- update_deployment
|
|
|
|
- name: "Setup customer specific firewall rules for <{{ inventory_hostname }}>"
|
|
block:
|
|
- name: "Configure customer specific firewall rules for <{{ inventory_hostname }}>"
|
|
ansible.builtin.set_fact:
|
|
connect_customer_firewall_entries:
|
|
- name: "customer-access-to-{{ inventory_hostname }}"
|
|
state: present
|
|
rules: "{{ connect_customer_firewall_entry_rules }}"
|
|
apply_to:
|
|
- type: server
|
|
server:
|
|
id: "{{ stage_server_id }}"
|
|
- name: "Setup customer specific firewall rules for <{{ inventory_hostname }}>"
|
|
ansible.builtin.include_role:
|
|
name: hetzner-ansible-hcloud
|
|
tasks_from: configure-firewall2
|
|
loop: "{{ connect_customer_firewall_entries }}"
|
|
loop_control:
|
|
loop_var: firewall_object
|
|
|
|
- name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>"
|
|
include_role:
|
|
name: hetzner-ansible-dns
|
|
vars:
|
|
record_data: "{{ stage_server_ip }}"
|
|
record_name: "{{ connect_id }}"
|
|
|
|
- name: "Setup DNS configuration at DigitalOcean"
|
|
ansible.builtin.include_role:
|
|
name: hetzner-ansible-dns
|
|
vars:
|
|
dns: digitalocean
|
|
record_data: "{{ stage_server_ip }}"
|
|
record_name: "{{ item.split('.')[:-2] | join('.') }}"
|
|
domain: "{{ item.split('.')[-2:] | join('.') }}"
|
|
when:
|
|
- connect_customer_urls_digitalocean | length > 0
|
|
loop: "{{ connect_customer_urls_digitalocean }}"
|
|
|
|
- name: "Setup DNS configuration at Hetzner"
|
|
ansible.builtin.include_role:
|
|
name: hetzner-ansible-dns
|
|
vars:
|
|
dns: hetzner
|
|
record_data: "{{ stage_server_ip }}"
|
|
record_name: "{{ item.split('.')[:-2] | join('.') }}"
|
|
domain: "{{ item.split('.')[-2:] | join('.') }}"
|
|
when:
|
|
- connect_customer_urls_hetzner | length > 0
|
|
loop: "{{ connect_customer_urls_hetzner }}"
|
|
|
|
- name: "Check if {{ connect_id }}/docker-compose.yml exists"
|
|
stat:
|
|
path: "{{ service_base_path }}/{{ connect_id }}/docker-compose.yml"
|
|
register: check_docker_compose_file
|
|
tags:
|
|
- update_deployment
|
|
|
|
- name: "Stop {{ connect_id }}"
|
|
community.docker.docker_compose:
|
|
project_src: "{{ service_base_path }}/{{ connect_id }}"
|
|
state: absent
|
|
when: check_docker_compose_file.stat.exists
|
|
tags:
|
|
- update_deployment
|
|
|
|
- name: "Deploy docker templates for {{ connect_id }}"
|
|
include_role:
|
|
name: hetzner-ansible-sma-deploy
|
|
tasks_from: templates
|
|
vars:
|
|
current_config: "_docker"
|
|
current_base_path: "{{ service_base_path }}"
|
|
current_destination: "{{ connect_id }}"
|
|
current_owner: "{{ docker_owner }}"
|
|
current_group: "{{ docker_group }}"
|
|
current_docker: "{{ connect_docker }}"
|
|
tags:
|
|
- update_deployment
|
|
|
|
- name: "Deploy service templates for {{ connect_id }}"
|
|
include_role:
|
|
name: hetzner-ansible-sma-deploy
|
|
tasks_from: templates
|
|
vars:
|
|
current_config: "connect"
|
|
current_base_path: "{{ service_base_path }}"
|
|
current_destination: "{{ connect_id }}"
|
|
current_owner: "{{ docker_owner }}"
|
|
current_group: "{{ docker_group }}"
|
|
tags:
|
|
- update_deployment
|
|
|
|
- name: "Deploy certificate templates for {{ connect_id }}"
|
|
include_role:
|
|
name: hetzner-ansible-sma-deploy
|
|
tasks_from: templates
|
|
vars:
|
|
current_config: "elastic-certs/{{ stage }}-certs/ca"
|
|
current_base_path: "{{ service_base_path }}"
|
|
current_destination: "{{ connect_id }}/certs/ca"
|
|
current_owner: "{{ docker_owner }}"
|
|
current_group: "{{ docker_group }}"
|
|
cleanup_destination: "true"
|
|
tags:
|
|
- update_certs
|
|
|
|
- name: "Restart {{ connect_id }}"
|
|
community.docker.docker_compose:
|
|
project_src: "{{ service_base_path }}/{{ connect_id }}"
|
|
restarted: yes
|
|
build: no
|
|
tags:
|
|
- never
|
|
- update_certs
|
|
|
|
- name: "Update {{ connect_id }}"
|
|
community.docker.docker_compose:
|
|
project_src: "{{ service_base_path }}/{{ connect_id }}"
|
|
state: present
|
|
pull: yes
|
|
tags:
|
|
- update_deployment
|