You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Go to file

friedrich goerz 9680b9fbbb DEV-788: fix for using version 20.x in keycloak_compact		3 years ago
ansible-builder	feat: consolidation for harbor	4 years ago
docker/dregsy	feat: consolidation for harbor	4 years ago
group_vars	DEV-805: added postgres-02 to backup hosts file in qa and prodnso	3 years ago
host_vars	DEV-737: cleanup + scaled prodwork01 cluster	3 years ago
inventory_plugins	DEV-628 pmci: added spk bz prod configuration as host_vars file	3 years ago
kubespray@00550ba832	SC-44: added 2 new nodes + added corrected kubespray version	3 years ago
library	bugfix: connect-wordpress orchestration	4 years ago
roles	DEV-788: increased keycloak version - pimped dockercompose jinja template due...	3 years ago
scripts	MOB-367 added script for pull/tag/push images between stages	3 years ago
smardigo	DEV-526 added pmci-callback playbook for testing purposes	3 years ago
tasks	DEV-711 use servers without shared_service_network	3 years ago
templates	DEV-788: fix for using version 20.x in keycloak_compact	3 years ago
users	DEV-597 removed ssh keys	3 years ago
.gitignore	DEV-327: added several stuff for new prodnso-stage + bugfixing and improving other stuff	4 years ago
.gitlab-ci.yml	DEV-695: fixing buggy firewall stuff	3 years ago
.gitmodules	SC-44: added 2 new nodes + added corrected kubespray version	3 years ago
README.md	chore: cleanup	3 years ago
ansible-lint.cfg	chore: ansible linter	3 years ago
ansible.cfg	DEV-414: follow-up tasks prod@hetzner-incident	4 years ago
create-database-backup.yml	DEV-477 bugfix: delete wordpress database when service is deleted by portal	4 years ago
create-database.yml	MOB-148: added k8s cluster for mobene stuff	4 years ago
create-kibana-objects.yml	DEV-386: to use techn.user to scrape metrics for ssh-root-login	4 years ago
create-realm.yml	bugfix: create-realm was broken	4 years ago
create-remote-database-backup.yml	Dev 783 pg backup secondary node	3 years ago
create-server.yml	DEV-494: added hcloud as group also for dynamic SMA-instances	4 years ago
create-service.yml	DEV-319: feat: split dev/qa into own hetzner projects	4 years ago
elastic-certs.sh	DEV-338: added logstash config to deliver k8s-dockerlogs into specific indices	4 years ago
evil-remove-server.yml	DEV-647 added hetzner domain smardigo.dev	3 years ago
export-database.yml	DEV-424 export for wordpress database (maria)	4 years ago
external_monitoring.yml	DEV-735 updated default firewall rules	3 years ago
galaxy-requirements.yml	DEV-737: cleanup + scaled prodwork01 cluster	3 years ago
gitlab-mirrors.yml	spike: automated mirrors for gitlab (w.i.p.)	4 years ago
hcloud_firewall.yml	DEV-677 update hetzner firewall rules for new k8s worker node on dev	3 years ago
import-database.yml	DEV-319: feat: split dev/qa into own hetzner projects	4 years ago
info.yml	DEV-319: feat: split dev/qa into own hetzner projects	4 years ago
kubernetes.yml	NOTICKET: added stage label for better identifying of alerts	3 years ago
mobene.yml	MOB-148: added k8s cluster for mobene stuff	4 years ago
patchday.yml	DEV-729: fixing broken silencing of alerts for patchday; added rescue block to...	3 years ago
pip-requirements	DEV-579 add basic auth to prometheus stack	3 years ago
pmci-callback.yml	DEV-526 added pmci-callback playbook for testing purposes	3 years ago
pmci-empty-playbook.yml	DEV-526 added pmci-callback playbook for testing purposes	3 years ago
pmci-inventory-cluster.yml	DEV-526 added pmci-callback playbook for testing purposes	3 years ago
poetry.lock	DEV-679 New Role+Playbook for infrastructure realm	3 years ago
prodwork01-infrastructure-realm.yml	DEV-679 New Role+Playbook for infrastructure realm	3 years ago
provisioning.yml	DEV-647 added hetzner domain smardigo.dev	3 years ago
pyproject.toml	DEV-679 New Role+Playbook for infrastructure realm	3 years ago
remove-database.yml	DEV-477 bugfix: delete wordpress database when service is deleted by portal	4 years ago
remove-realm.yml	DEV-319: feat: split dev/qa into own hetzner projects	4 years ago
remove-server.yml	DEV-647 added hetzner domain smardigo.dev	3 years ago
remove-service.yml	DEV-647 added hetzner domain smardigo.dev	3 years ago
restore-database-backup.yml	DEV-477 bugfix: delete wordpress database when service is deleted by portal	4 years ago
restore-remote-database-backup.yml	DEV-647 added hetzner domain smardigo.dev	3 years ago
setup.yml	bugfix: updated ssh key configuration	4 years ago
smardigo.yml	DEV-601 added playbook for bdev demo setup	3 years ago
stage-dev	DEV-648: added addintionl k8s node	3 years ago
stage-dev-netgo-hcloud.yml	DEV-273: debugging	4 years ago
stage-devscr	SC-6 added new worker node for devscr cluster	3 years ago
stage-devscr-netgo-hcloud.yml	DEV-497: created new branch due to git-problems - dunno what exactly	4 years ago
stage-digitalocean	DEV-253: digitalocean stuff - add droplet but not idempotentgit branch git branch plz check	4 years ago
stage-ext	DEV-601 added playbook for bdev demo setup	3 years ago
stage-ext-netgo-hcloud.yml	DEV-597 removed ssh keys	3 years ago
stage-prodnso	BugfixRollout main => QA: DEV-699 fixing restore process	3 years ago
stage-prodnso-netgo-hcloud.yml	DEV-358: feat: removed hard coded loadbalancer ips	4 years ago
stage-prodwork01	DEV-679 New Role+Playbook for infrastructure realm	3 years ago
stage-prodwork01-netgo-hcloud.yml	MOB-148: added k8s cluster for mobene stuff	4 years ago
stage-qa	Rollout main=>qa 13.09.2022	3 years ago
stage-qa-netgo-hcloud.yml	DEV-358: feat: removed hard coded loadbalancer ips	4 years ago
update-docker-image.yml	MOB-367 added script for pull/tag/push images between stages	3 years ago
update-monitoring.yml	DEV-319: feat: split dev/qa into own hetzner projects	4 years ago
update-service-state.yml	DEV-319: feat: split dev/qa into own hetzner projects	4 years ago
update-ssh-config-file.yml	chore: consolidation	4 years ago
upload-database-dumb.yml	DEV-319: feat: split dev/qa into own hetzner projects	4 years ago

README.md

Prepare ansible Installation

Install needed python pip packages

pip3 install -r pip-requirements

Install needed ansible collections / roles

ansible-galaxy install -r galaxy-requirements.yml

Setup

Create/Start servers for stage-dev

ansible-playbook -i stage-dev provisioning.yml --vault-password-file ~/vault-pass
ansible-playbook -i stage-dev start.yml --vault-password-file ~/vault-pass
ansible-playbook -i stage-dev stop.yml --vault-password-file ~/vault-pass

with Poetry prefix with poetry run

Provisioning

ansible-playbook -i stage-dev setup.yml --vault-password-file ~/vault-pass -u root
ansible-playbook dynamic-provisioning.yml  --vault-password-file ~/vault-pass -e "stage=dev name=test node=01 service=connect"

with Poetry prefix with poetry run

Setup Smardigo Service

Setup/Configure a Server, Database, Realm (keycloak) and Smardigo
ansible-playbook create-server.yml -e "stage='dev' tenant_id='sken' cluster_name='test01' cluster_size='1' cluster_service='connect' stage='dev'"
ansible-playbook create-database.yml -e "stage='dev' tenant_id='sken' cluster_name='test01' cluster_size='1' cluster_service='connect' stage='dev'"
ansible-playbook create-realm.yml -e "stage='dev' tenant_id='sken' cluster_name='test01' cluster_size='1' cluster_service='connect' stage='dev' current_realm_name='sken' current_realm_display_name='S-K-E-N'"
ansible-playbook create-service.yml -e "stage='dev' tenant_id='sken' cluster_name='test01' cluster_size='1' cluster_service='connect' stage='dev' current_realm_name='sken' current_realm_display_name='S-K-E-N'"

with Poetry prefix with poetry run

Remove Smardigo Service

Remove a Server, Database, Realm (keycloak) and Smardigo
ansible-playbook remove-server.yml -e "stage='dev' tenant_id='sken' cluster_name='test01' cluster_size='1' cluster_service='connect' stage='dev'"

with Poetry prefix with poetry run

ansible-builder

AWX is used in smardigo setup do execute several playbooks due to user interaction within smardigo product. To finish ansible runs successfully we have to make sure every ansible dependency(ansible collection/role or pip package) is installed. therefore ansible-builder gave us the opportunity to configure the needed environment to exec plays successfully.

before every git-merge depending on changes concerning new ansible collections/roles and/or new pip-packages, please run the following:

cd ansible-builder/
ansible-builder build --tag dev-harbor-01.smardigo.digital/awx/awx-custom-ee --container-runtime docker

hopefully it will result in e.g.:

cd ansible-builder/
ATTENTION: to get more information plz set --verbosity 3	
ansible-builder build --tag awx-custom-ee:latest --container-runtime docker
Running command:
  docker build -f context/Dockerfile -t awx-custom-ee:latest context

Complete! The build context can be found at: /home/friedrich/sandbox/netgo_stuff/hetzner-ansible/ansible-builder/context

real	2m56,131s
user	0m0,208s
sys	0m0,102s`

you can start the docker container locally with e.g. : docker run -it --rm --mount type=bind,source="$(pwd)"/,target=/gitrepo/ awx-custom-ee:latest /bin/bash

after it, you are able to exec some ansbible-runs like: (please solve dependencies before starting to docker container) cd /gitrepo ansible-playbook -i stage-digitalocean external_monitoring.yml --ask-vault-password -u root --private-key sshkey_pw_less

export HETZNER_LABEL_SELECTOR='stage=dev'
ansible-playbook -i stage-netgo-hcloud.yml -l redis smardigo.yml --ask-vault-password  -u root --private-key sshkey_pw_less

if everything works fine, plz push the created docker container with:

docker login dev-harbor-01.smardigo.digital
docker tag XXXXXXXX dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest
docker push dev-harbor-01.smardigo.digital/awx/awx-custom-ee

TODO

Prometheus (Grafana) docker exec -i dev-prometheus-01-grafana sh -c 'grafana-cli plugins install grafana-piechart-panel' docker restart dev-prometheus-01-grafana