From 58ed5aa8474ecd2a29b57a17fa9eeb02ba8610c0 Mon Sep 17 00:00:00 2001 From: eemrdog Date: Tue, 15 Oct 2024 12:37:17 +0200 Subject: [PATCH 1/3] postgres install --- .../ace_box/ace_box/roles/postgres/README.md | 94 +++++++++++++++++++ .../ace_box/roles/postgres/defaults/main.yml | 20 ++++ .../roles/postgres/tasks/create-secret.yml | 43 +++++++++ .../ace_box/roles/postgres/tasks/main.yml | 56 +++++++++++ 4 files changed, 213 insertions(+) create mode 100644 user-skel/ansible_collections/ace_box/ace_box/roles/postgres/README.md create mode 100644 user-skel/ansible_collections/ace_box/ace_box/roles/postgres/defaults/main.yml create mode 100644 user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/create-secret.yml create mode 100644 user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/main.yml diff --git a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/README.md b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/README.md new file mode 100644 index 000000000..8050eb6f6 --- /dev/null +++ b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/README.md @@ -0,0 +1,94 @@ +# Role to manage PostgreSQL Database + +## main + +Deploys Postgres Database. + +## ensure-team + +Creates a Mattermost team. + +Requires vars: + +|Variable name|Description| +|---|---| +|mm_admin_token|Admin token, needs permissions to manage teams| +|mm_team_name|Name of team| +|mm_team_display_name|(Optional) display name of team| + +Sets facts: +- mm_team_id + +## ensure-channel + +Creates a Mattermost channel. + +Requires vars: + +|Variable name|Description| +|---|---| +|mm_admin_token|Admin token, needs permissions to manage channels| +|mm_team_id|Id of team the channel will be created in| +|mm_channel_name|Name of channel| +|mm_channel_display_name|(Optional) display name of channel| + +Sets facts: +- mm_channel_id + +## ensure-webhook + +Creates a Mattermost webhook. + +Requires vars: + +|Variable name|Description| +|---|---| +|mm_admin_token|Admin token, needs permissions to manage webhooks| +|mm_channel_id|Id of channel the webhook will post in| + +Sets facts: +- mm_webhook_id + +## ensure-admin + +Creates a Mattermost admin user. + +Requires vars: + +|Variable name|Description| +|---|---| +|mm_admin_email|Admin user email| +|mm_admin_name|Admin user name| +|mm_admin_password|Admin user password| + +By default, Mattermost requires certain characters to be included in a password. A random password can be created with: + +``` +mm_admin_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_numeric=1, min_special=1, override_special='!#$%&()*+,-./:;<=>?@[]^_`|~', length=12) }}" +``` + +## ensure-user + +Creates a Mattermost (non-admin) user. + +Requires vars: + +|Variable name|Description| +|---|---| +|mm_user_email|User email| +|mm_user_name|User name| +|mm_user_password|User password| + +## ensure-token + +Creates a Mattermost user token. User can either be "regular" or "admin". + +Requires vars: + +|Variable name|Description| +|---|---| +|mm_user_name|User name| +|mm_token_name|Token name| + +Sets facts: +- mm_token diff --git a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/defaults/main.yml b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/defaults/main.yml new file mode 100644 index 000000000..cbe038587 --- /dev/null +++ b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/defaults/main.yml @@ -0,0 +1,20 @@ +# Copyright 2024 Dynatrace LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +postgres_namespace: "postgres" +postgres_user: "admin" +postgres_db: "mattermost" +postgres_size: "8Gi" +postgres_root_creds_secret_name: "ace-postgres-initial-admin-password" diff --git a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/create-secret.yml b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/create-secret.yml new file mode 100644 index 000000000..b5c620a89 --- /dev/null +++ b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/create-secret.yml @@ -0,0 +1,43 @@ +# Copyright 2024 Dynatrace LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: Generate admin password + include_role: + name: config-v2 + tasks_from: set-var + vars: + var_key_to_set: "postgres_password" + var_value_to_set: "{{ lookup('ansible.builtin.password', '/dev/null') }}" + when: postgres_password is not defined + +- name: Create PostgreSQL namespace + kubernetes.core.k8s: + api_version: v1 + kind: Namespace + name: "{{ postgres_namespace }}" + state: present + +- name: Create PostgreSQL admin secret + kubernetes.core.k8s: + name: "{{ postgres_root_creds_secret_name }}" + api_version: v1 + kind: Secret + state: present + namespace: "{{ postgres_namespace }}" + resource_definition: + type: Opaque + data: + username: "{{ 'admin' | b64encode }}" + password: "{{ postgres_password | b64encode }}" diff --git a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/main.yml b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/main.yml new file mode 100644 index 000000000..e9e3fdf54 --- /dev/null +++ b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/main.yml @@ -0,0 +1,56 @@ +# Copyright 2024 Dynatrace LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- + +- include_tasks: create-secret.yml + +- name: Add Bitnami Helm repository + become: true + become_user: root + shell: helm repo add bitnami https://charts.bitnami.com/bitnami + +- name: Update Helm repositories + become: true + become_user: root + shell: helm repo update + +- name: Install PostgreSQL using Helm + become: true + become_user: root + kubernetes.core.helm: + name: postgres + chart_ref: bitnami/postgresql + release_namespace: postgres + create_namespace: false + values: + global: + postgresql: + postgresqlUsername: "{{ postgres_user }}" + postgresqlPassword: "{{ postgres_password }}" + postgresqlDatabase: "{{ postgres_db }}" + persistence: + enabled: true + size: {{ postgres_size }} + wait: true + wait_timeout: 15m + +- name: Print PostgreSQL connection details + debug: + msg: + - "PostgreSQL Username: {{ postgres_user }}" + - "PostgreSQL Password: {{ postgres_password }}" + - "PostgreSQL Database: {{ postgres_db }}" + - "PostgreSQL Host: postgres.postgres.svc.cluster.local" + - "PostgreSQL Port: 5432" \ No newline at end of file From 67606e7c3d97f00b2b455521f8b0b24abb749933 Mon Sep 17 00:00:00 2001 From: eemrdog Date: Tue, 15 Oct 2024 15:16:11 +0200 Subject: [PATCH 2/3] optimizations on the role --- .../ace_box/ace_box/roles/postgres/README.md | 100 +++--------------- .../ace_box/roles/postgres/defaults/main.yml | 4 +- .../roles/postgres/tasks/create-secret.yml | 43 -------- .../ace_box/roles/postgres/tasks/main.yml | 39 ++----- 4 files changed, 21 insertions(+), 165 deletions(-) delete mode 100644 user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/create-secret.yml diff --git a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/README.md b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/README.md index 8050eb6f6..594a52a6f 100644 --- a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/README.md +++ b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/README.md @@ -1,94 +1,18 @@ -# Role to manage PostgreSQL Database +# Postgres Role -## main +This currated role can be used to install PostgreSQL database on a Kubernetes cluster. -Deploys Postgres Database. +### Deploying Postgres -## ensure-team - -Creates a Mattermost team. - -Requires vars: - -|Variable name|Description| -|---|---| -|mm_admin_token|Admin token, needs permissions to manage teams| -|mm_team_name|Name of team| -|mm_team_display_name|(Optional) display name of team| - -Sets facts: -- mm_team_id - -## ensure-channel - -Creates a Mattermost channel. - -Requires vars: - -|Variable name|Description| -|---|---| -|mm_admin_token|Admin token, needs permissions to manage channels| -|mm_team_id|Id of team the channel will be created in| -|mm_channel_name|Name of channel| -|mm_channel_display_name|(Optional) display name of channel| - -Sets facts: -- mm_channel_id - -## ensure-webhook - -Creates a Mattermost webhook. - -Requires vars: - -|Variable name|Description| -|---|---| -|mm_admin_token|Admin token, needs permissions to manage webhooks| -|mm_channel_id|Id of channel the webhook will post in| - -Sets facts: -- mm_webhook_id - -## ensure-admin - -Creates a Mattermost admin user. - -Requires vars: - -|Variable name|Description| -|---|---| -|mm_admin_email|Admin user email| -|mm_admin_name|Admin user name| -|mm_admin_password|Admin user password| - -By default, Mattermost requires certain characters to be included in a password. A random password can be created with: - -``` -mm_admin_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_numeric=1, min_special=1, override_special='!#$%&()*+,-./:;<=>?@[]^_`|~', length=12) }}" +```yaml +- include_role: + name: postgres ``` -## ensure-user - -Creates a Mattermost (non-admin) user. - -Requires vars: - -|Variable name|Description| -|---|---| -|mm_user_email|User email| -|mm_user_name|User name| -|mm_user_password|User password| - -## ensure-token - -Creates a Mattermost user token. User can either be "regular" or "admin". - -Requires vars: - -|Variable name|Description| -|---|---| -|mm_user_name|User name| -|mm_token_name|Token name| +Variables that can be set are as follows: -Sets facts: -- mm_token +```yaml +--- +postgres_namespace: "postgres" +postgres_size: "8Gi" +``` \ No newline at end of file diff --git a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/defaults/main.yml b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/defaults/main.yml index cbe038587..fb2d7247f 100644 --- a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/defaults/main.yml +++ b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/defaults/main.yml @@ -14,7 +14,5 @@ --- postgres_namespace: "postgres" -postgres_user: "admin" -postgres_db: "mattermost" postgres_size: "8Gi" -postgres_root_creds_secret_name: "ace-postgres-initial-admin-password" + diff --git a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/create-secret.yml b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/create-secret.yml deleted file mode 100644 index b5c620a89..000000000 --- a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/create-secret.yml +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2024 Dynatrace LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -- name: Generate admin password - include_role: - name: config-v2 - tasks_from: set-var - vars: - var_key_to_set: "postgres_password" - var_value_to_set: "{{ lookup('ansible.builtin.password', '/dev/null') }}" - when: postgres_password is not defined - -- name: Create PostgreSQL namespace - kubernetes.core.k8s: - api_version: v1 - kind: Namespace - name: "{{ postgres_namespace }}" - state: present - -- name: Create PostgreSQL admin secret - kubernetes.core.k8s: - name: "{{ postgres_root_creds_secret_name }}" - api_version: v1 - kind: Secret - state: present - namespace: "{{ postgres_namespace }}" - resource_definition: - type: Opaque - data: - username: "{{ 'admin' | b64encode }}" - password: "{{ postgres_password | b64encode }}" diff --git a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/main.yml b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/main.yml index e9e3fdf54..d50d2d456 100644 --- a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/main.yml +++ b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/main.yml @@ -14,43 +14,20 @@ --- -- include_tasks: create-secret.yml - - name: Add Bitnami Helm repository - become: true - become_user: root - shell: helm repo add bitnami https://charts.bitnami.com/bitnami - -- name: Update Helm repositories - become: true - become_user: root - shell: helm repo update + kubernetes.core.helm_repository: + name: bitnami + repo_url: "https://charts.bitnami.com/bitnami" - name: Install PostgreSQL using Helm - become: true - become_user: root kubernetes.core.helm: name: postgres chart_ref: bitnami/postgresql - release_namespace: postgres - create_namespace: false + release_namespace: "{{ postgres_namespace }}" + create_namespace: true + wait: true + wait_timeout: 10m values: - global: - postgresql: - postgresqlUsername: "{{ postgres_user }}" - postgresqlPassword: "{{ postgres_password }}" - postgresqlDatabase: "{{ postgres_db }}" persistence: enabled: true - size: {{ postgres_size }} - wait: true - wait_timeout: 15m - -- name: Print PostgreSQL connection details - debug: - msg: - - "PostgreSQL Username: {{ postgres_user }}" - - "PostgreSQL Password: {{ postgres_password }}" - - "PostgreSQL Database: {{ postgres_db }}" - - "PostgreSQL Host: postgres.postgres.svc.cluster.local" - - "PostgreSQL Port: 5432" \ No newline at end of file + size: "{{ postgres_size }}" From bf1134982e4bb9d720f2419ccdc1f04d45743f70 Mon Sep 17 00:00:00 2001 From: eemrdog Date: Wed, 16 Oct 2024 13:03:07 +0200 Subject: [PATCH 3/3] bitnami/postgres chart version added --- .../ace_box/ace_box/roles/postgres/defaults/main.yml | 1 + .../ace_box/ace_box/roles/postgres/tasks/main.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/defaults/main.yml b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/defaults/main.yml index fb2d7247f..f83fdce00 100644 --- a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/defaults/main.yml +++ b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/defaults/main.yml @@ -13,6 +13,7 @@ # limitations under the License. --- +postgres_chart_version: "16.0.1" # https://github.com/bitnami/charts/tree/main/bitnami/postgresql postgres_namespace: "postgres" postgres_size: "8Gi" diff --git a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/main.yml b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/main.yml index d50d2d456..d4211609e 100644 --- a/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/main.yml +++ b/user-skel/ansible_collections/ace_box/ace_box/roles/postgres/tasks/main.yml @@ -23,6 +23,7 @@ kubernetes.core.helm: name: postgres chart_ref: bitnami/postgresql + version: "{{ postgres_chart_version }}" release_namespace: "{{ postgres_namespace }}" create_namespace: true wait: true