[Update] update environment

2022-07-13 15:29:50 +01:00 · 2022-07-13 15:29:50 +01:00 · ebd6761fea
commit ebd6761fea
parent 7ec82e6355
18 changed files with 365 additions and 182 deletions
--- a/billing.sh
+++ b/billing.sh
@ -1,5 +0,0 @@
 #!/bin/bash
 export OS_CLOUD="felcloud_cli"
 export PULUMI_STACK="staging"
 export PULUMI_SUB_STACK="billing"
 export PULUMI_CONFIG_PASSPHRASE_FILE="$PWD/env.d/$PULUMI_STACK/pulumi_passphrase"
--- a/console.sh
+++ b/console.sh
@ -0,0 +1,5 @@
 #!/bin/bash
 export OS_CLOUD="felcloud_staging"
 export PULUMI_STACK="felcloud_staging"
 export PULUMI_SUB_STACK="console"
 export PULUMI_CONFIG_PASSPHRASE_FILE="$PWD/env.d/$PULUMI_STACK/pulumi_passphrase"
--- a/group_vars/all
+++ b/group_vars/all
@ -1,6 +1,6 @@
 ---
-env: staging
+env: "{{ lookup('env', 'PULUMI_STACK') }}"
 application: "{{ lookup('env', 'PULUMI_SUB_STACK') }}"
 bastion_group_name: "{{ application }}_bastion"
@ -13,7 +13,93 @@ infrastructure_file_path: "{{ inventory_dir }}/infra/{{ application }}.json"
 # proxy
 proxy_user: "felcloud"
-proxy_passwd: "ijo7mgHEWjytM"
+proxy_passwd: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          30353938636561343133303061303336653130383363646430616536326131393766646239393530
          3761626633393637396436386135663034616531663135390a666134363539366465393364306230
          38656537373438353737323430623462616332373835663837366434343739383765336361326331
          3330643466643730660a636236376133323730336561643532393130646639386263623263323339
          6563
 proxy_hostname: "{{ groups[bastion_group_name] | first }}"
 proxy_ip: "{{ hostvars[proxy_hostname].ansible_host }}"
 proxy_port: 3128
 # linux users
 users:
  - name: baha
    group: baha
    groups: sudo
    shell: '/bin/bash'
    ssh_pub_keys:
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDaKdKinHqJ5bn9TqCULDEhAcSm9mbcHirRVzFNIPtGc4oPS5oc7WCtGgdv4J5YyWxEoe4Z42VpqDRHxuwdlprZYrfCVgDz5hQNiC8KQuusNFkfgjBPGH2dOvRJusIAclr2wEPUKMDh9MAlJ8NegUg/3uVs2ngXIyag6fronqzIDVCW89WqTi1EGnU69/bbXjPx2so4OYPvumSrxHYf438nR/3cRK8mXbSw43LN7xr0rgzclhZuTlXVrc2jichqI2jNJ7wmH0eQoLyf0E/ncXRR5xFdW1/rFQqQnueA0006dvqlgqsvaNPnFnFyfSpaGdZN4wj2hE2XZ+JkGeAjKswVAZHIst7xslCSZChQFAqHIs2ddtTsrd+tF1WVqpKu2MgjEwhKhu6KoKDW1D5s3Mb5CZcPANz9jyKCBKsKw++MJx74eP3LFdFFCjD6fgjT5Qi6BkhSkYWel6kP5joHNU8R+ZFX2cMUC+ZuEJIuGUMCv9q5ir/Ueh6tMJNolbNWRIs= baha@DESKTOP-AN6NC1O'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGnJJk9lvPOmJZxfpb+0k84mWA7jpBKapxtE02qwRDVQ5b6ZBCH5lr9eBU1XTppu7FXew/+VkQaf6pp8c4yCoY01QIFei+ilw+RncN92vzAVPzBPcPACPNjrvsD5pUIRxRMU21fIopQhGY+baK/rw/Gqfa8fyRK5cR07mvJ/jZQIPlOBr9pBf/mmzNCaRyo0kZb199X/VpWo8RhTNpfmx7pEvD1pSnqeMlPO7GlSqVfMSSKIUeCFW/Ne6Bwk73dOXZPLdo3qa5/6dZmoRf3V7QCbSXfxy9RQVKsjSzsxMc59XF2gr6vY8qAUnfoLhxpF4LwVi1mDQanwD7yYZ41tsP6Su1/R1qLCfEeE6rJCxAjHIc/OqeqznBp0Dxbu7Xhmy38U5iX9X70Wrv5JB77giUtf2i/OnDGtZ9n27Hm9U+n1l3CLmcYePEarD/7nOrzk2BVlih63r+ejRlTou9mwC+L7W2L8y5qhWTRVmLcvPRindxApPzL8nCWe8INlzXb6G6zY0T1f0tabh9DSeoQ67OYPjQUMJVYo3rSbQHzh6tOjin5yrBF46HQWJpwKPKxPGOPuLT84WzdmnX02MUmfy3vGBf7bVO+ViVgQPRvcgt2gKUUufWNuPOwmPKK1aSnF3KQy7u+8Vi3p/iGx8mGKIpt8J0g6C5s3WI7crFuVkuFw== baha@felcloud.tn'
    git_user: "baha"
    git_token: "glpat-68xbQazGGWFUpunNZk7y"
    console_port: 9090
    console_url: "baha-dev.felcloud.io"
 # console
 # console staging
 console_repo: "git.felcloud.io/billing/billing_website.git"
 console_branch: "dev"
 console_image_name: "nexus.felcloud.io/felcloud/console"
 console_version: 0.1.2
 # console database
 console_database_name: "billing"
 console_database_user: "billingW"
 console_database_passwd: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          34646331363564376132633734303661376433386139306438623462386633376635343664663637
          6465363736346437333965333836643862386565616230330a646333373934343761393932383765
          66616166663061666563363534646464313430383363613164653337663565333337303334646366
          3338666262346263650a623037626165363730386462633331393438326131656638626430383939
          62633637303662666366313236366461613362343961333865646465326532613432393436363335
          3731366461653937613133383834666632633231646664623363
 console_database_url: "{{ groups['console_database'][0] }}:27017,{{ groups['console_database'][1] }}:27017,{{ groups['console_database'][2] }}:27017"
 # Keycloak
 identity_provider_url: "https://identity.felcloud.io/auth/realms"
 keycloak_password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          65666165663930386564336335613430336537663837306261613439383865333635346163303034
          3137366531316463346561383361643338613065356132340a363462666162666130396237336330
          65356330333164333532353263653836383132653632666430383831343438666565333539646231
          6431376161663439320a613963396263333862373932376631366334666266666137316631383530
          66366237303837323966663630393438373962326234396335396134346233383531
 keycloak_client_secret_key: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          62656131303833613863613264373364633065396237636534393038633862666239313238303864
          3834626239383435376361663366613462633361613261350a616238346138626233366366383964
          37663763396266363133396536383039363839346265613461393032663235626133663661343466
          3633316339656163610a343963343236336465663761373066373133653830313136326632663638
          66653039636561383761616533356135613732373665643831333765353134326266646231353137
          6137373234303337636333373763306535303663393137663738
 keycloak_admin_client_secret_key: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          62343461316462633865316334376235346234643936396137383964626136636261633865323935
          3635366438376430356439386534333635326432643939360a386433386331303735393764646261
          38383034333534303139363939353561303837383334303465646262353861623932333137353636
          3035383366373131360a356636373535313164316331623632623832356262326565346461633264
          36633763613132316335336561653338353362313865316661383933383134386439323632366238
          3930306135383036623661363134343738626162386635313632
 smtp_host: "mail.felcloud.io"
 smtp_port: 465
 smtp_local_host: "{{ ansible_host }}"
 smtp_local_port: 587
 smtp_user: noreply@felcloud.io
 smtp_passwd: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          62623530623063393036386339343038303464643962363736383531636461613439316462313437
          3931303536323666333038633432346162633231623039610a643961323934633238303636643435
          31663635326230393330356561636266626534623962313063393764626237393765653732396464
          3064626333393432380a616563646564383934333938613235653735303339613230323937303731
          37613930656565306266623537333661613266636365373038663636666439626437
 # docker registry
 felcloud_docker_registry: "nexus.felcloud.io/felcloud"
 # mongodb global
 mongodb_replicaset_name: "rs0"
 mongodb_script_local_config_path: "mongo-scripts"
--- a/group_vars/console_database
+++ b/group_vars/console_database
@ -0,0 +1,21 @@
 ---
 mongodb_root_user: root
 mongodb_root_passwd: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          34333139613963386461663666616630336663613631643638626665623137323332323465326632
          3531313966376633636235373531376534643234306339370a373239393364633663366431386138
          36663132656663393664316561306262623236326361623935613430346138353731656565396261
          6564336464303531620a643062623464623634623565366230326531643162323034333635393966
          37343234643931666635636637396363333432643032333536396538303832346634
 mongodb_init_database: "admin"
 nosqlclient_user: nosqlclient
 nosqlclient_passwd: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          34323766623465326261326662316230376633366362373938383966613237616232323433613532
          6165643266333164386330646131396562326262626431320a663437656134633663396137356261
          35633230633732663566306363326635336633303965343538633836303662386638363535343635
          3737663437303932610a656434383436626264326566636336396130666265353039313165656331
          3564
 nosqlclient_database: "nosqlclient"
--- a/group_vars/console_web
+++ b/group_vars/console_web
@ -0,0 +1,30 @@
 ---
 haproxy_local_config_path: "reverse-proxy/haproxy.cfg"
 haproxy_list_tls:
  - wildcard.felcloud.io
 haproxy_nbproc: 1
 public_vip_address:
  - "{{ vip_console.all_fixed_ips | first }}"
 haproxy_first_tls: "/etc/haproxy/tls/wildcard.felcloud.io.pem"
 default_backend: "baha_console"
 haproxy:
  backends:
  - name: nosql
    frontend: "console-dev-db.felcloud.io"
    servers:
    - "acl draw-auth http_auth(basic-auth-list)"
    - "http-request auth realm draw unless draw-auth"
    - "server {{ groups['console_database'][0] }} {{ hostvars[groups['console_database'][0]]['ansible_host'] }}:3000"
  - name: nexus
    frontend: "nexus-dev.felcloud.io"
    servers:
    - "server {{ groups['nexus'][0] }} {{ hostvars[groups['nexus'][0]]['ansible_host'] }}:8081"
  - name: nexus_docker_registry
    frontend: "nexus.felcloud.io"
    servers:
    - "server {{ groups['nexus'][0] }} {{ hostvars[groups['nexus'][0]]['ansible_host'] }}:8082"
  - name: baha_console
    frontend: "baha-dev.felcloud.io"
    servers:
    - "server {{ groups['console_web'][0] }} {{ hostvars[groups['console_web'][0]]['ansible_host'] }}:9090"
--- a/group_vars/k8scontrol
+++ b/group_vars/k8scontrol
@ -1,18 +0,0 @@
 ---
 haproxy_local_config_path: "reverse-proxy/haproxy.cfg"
 haproxy_list_tls:
  - wildcard.felcloud.io
 haproxy_nbproc: 1
 public_vip_address:
  - "{{ vip_k8s.all_fixed_ips | first }}"
 haproxy_first_tls: "/etc/haproxy/tls/wildcard.felcloud.io.pem"
 default_backend: "kubernetes"
 haproxy:
  backends:
  - name: kubernetes
    frontend: "k8s.felcloud.io"
    servers:
    - "server {{ groups['k8scontrol'][0] }} {{ hostvars[groups['k8scontrol'][0]]['ansible_host'] }}:6443"
    - "server {{ groups['k8scontrol'][1] }} {{ hostvars[groups['k8scontrol'][1]]['ansible_host'] }}:6443"
    - "server {{ groups['k8scontrol'][2] }} {{ hostvars[groups['k8scontrol'][2]]['ansible_host'] }}:6443"
--- a/host_vars/prd-k8sctl-01
+++ b/host_vars/prd-k8sctl-01
@ -1,10 +0,0 @@
 ---
 vrrp_instances:
  - name: "vip_k8s"
    state: "BACKUP"
    interface: "ens3"
    id: 53
    passwd: "yZnCOEa74TMgs"
    vip: "{{ vip_k8s.all_fixed_ips | first }}/{{ vip_network_cidr.split('/')[1] }}" 
    priority: 150
--- a/host_vars/stg-bilweb-00
+++ b/host_vars/stg-bilweb-00
@ -1,10 +1,10 @@
 ---
 vrrp_instances:
-  - name: "vip_k8s"
+  - name: "vip_console"
    state: "MASTER"
    interface: "ens3"
    id: 53
    passwd: "yZnCOEa74TMgs"
-    vip: "{{ vip_k8s.all_fixed_ips | first }}/{{ vip_network_cidr.split('/')[1] }}"
+    vip: "{{ vip_console.all_fixed_ips | first }}/{{ vip_network_cidr.split('/')[1] }}"
    priority: 200
--- a/host_vars/stg-bilweb-01
+++ b/host_vars/stg-bilweb-01
@ -1,10 +1,10 @@
 ---
 vrrp_instances:
-  - name: "vip_k8s"
+  - name: "vip_console"
    state: "BACKUP"
    interface: "ens3"
    id: 53
    passwd: "yZnCOEa74TMgs"
-    vip: "{{ vip_k8s.all_fixed_ips | first }}/{{ vip_network_cidr.split('/')[1] }}"
+    vip: "{{ vip_console.all_fixed_ips | first }}/{{ vip_network_cidr.split('/')[1] }}"
    priority: 150
--- a/infra/billing.json
+++ b/infra/billing.json
@ -1,20 +0,0 @@
 { 
  "application_name": "billing",
  "INTERNET_Network_ID": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
  "router": [
 	{"router_name": "billing_router", "router_external_gateway": "e8d04c1f-0b49-4e87-a1f3-bea618782c90", "linked_subnets": [{"router_interface_name": "billing_admin_interface", "subnet_name": "admin_billing_subnet"}] }
  ],
  "network": [
        {"name": "admin_billing", "bastion_access": "yes", "subnet": {"name":"admin_billing_subnet", "ip_version": 4, "cidr": "172.50.0.0/16", "dns_servers": ["8.8.8.8"], "linked_router": [{"router_name": "billing_router"}]}}
  ],
  "instance": [
        {"name": "prd-bildat-00", "az": "UK_London", "flavor": "Atto.L", "inventory_group": "bildat","network": [{"name": "admin_billing"}]},
        {"name": "prd-bildat-01", "az": "FR_Roubaix", "flavor": "Atto.L", "inventory_group": "bildat","network": [{"name": "admin_billing"}]},
        {"name": "prd-bildat-02", "az": "UK_London", "flavor": "Atto.L", "inventory_group": "bildat","network": [{"name": "admin_billing"}]},
        {"name": "prd-bilweb-00", "az": "UK_London", "flavor": "Atto.S", "inventory_group": "bilweb","network": [{"name": "admin_billing"}]},
        {"name": "prd-bilweb-01", "az": "FR_Roubaix", "flavor": "Atto.S", "inventory_group": "bilweb","network": [{"name": "admin_billing"}]},
        {"name": "prd-bilbas-00", "az": "UK_London", "flavor": "Atto.S", "inventory_group": "billing_bastion","fip": [{"floatingip": "fip_bil_bas", "pool": "INTERNET", "bastion_access": "yes"}], "network": [{"name": "admin_billing"}]}
  ],
  "volume": [
  ]
 }
--- a/infra/console.json
+++ b/infra/console.json
@ -0,0 +1,185 @@
 { 
  "application_name": "console",
  "INTERNET_Network_ID": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
  "network": [{
 	  "name": "admin_console",
 	  "bastion_access": "yes",
 	  "subnet": {
 		     "name":"admin_console_subnet",
 		     "ip_version": 4,
 		     "cidr": "172.53.0.0/16",
 		     "dns_servers": ["8.8.8.8"],
 		     "linked_router": [{"router_name": "console_router"}]
                  },
          "port": [{
                  "name": "vip_console",
                  "fip_pool": "INTERNET"
          }]
  }],
  "router": [{
          "router_name": "console_router",
 	  "router_external_gateway": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
 	  "linked_subnets": [{
 		  "router_interface_name": "console_admin_interface",
 		  "subnet_name": "admin_console_subnet"}]
  }],
  "security_group": [{
 	  "name": "secgroup_console",
 	  "description": "Console DEV environment is security group",
 	  "rules": [
 		  {"name": "Ingress_ssh",
 		   "description": "ssh traffic",
 		   "direction": "ingress",
 		   "port_range_max": 22,
 		   "port_range_min": 22,
 		   "protocol": "tcp",
 		   "remote_ip_prefix": "0.0.0.0/0"},
 		  {"name": "Ingress_http",
 		   "description": "http traffic",
 		   "direction": "ingress",
 		   "port_range_max": 80,
 		   "port_range_min": 80,
 		   "protocol": "tcp",
 		   "remote_ip_prefix": "0.0.0.0/0"},
 		  {"name": "Ingress_https",
 		   "description": "https traffic",
 		   "direction": "ingress",
 		   "port_range_max": 443,
 		   "port_range_min": 443,
 		   "protocol": "tcp",
 		   "remote_ip_prefix": "0.0.0.0/0"},
 		  {"name": "Ingress_squid",
 		   "description": "Squid Proxy traffic",
 		   "direction": "ingress",
 		   "port_range_max": 3128,
 		   "port_range_min": 3128,
 		   "protocol": "tcp",
 		   "remote_ip_prefix": "0.0.0.0/0"},
 		   {"name": "Ingress_ping",
                   "description": "icmp traffic",
                   "direction": "ingress",
                   "port_range_max": 0,
                   "port_range_min": 0,
                   "protocol": "icmp",
                   "remote_ip_prefix": "0.0.0.0/0"},
 		   {"name": "Ingress_nosqlclient",
                   "description": "nosqlclient traffic",
                   "direction": "ingress",
                   "port_range_max": 3000,
                   "port_range_min": 3000,
                   "protocol": "tcp",
                   "remote_ip_prefix": "0.0.0.0/0"},
 		   {"name": "Ingress_nexus",
                   "description": "nexus repository traffic",
                   "direction": "ingress",
                   "port_range_max": 8081,
                   "port_range_min": 8081,
                   "protocol": "tcp",
                   "remote_ip_prefix": "0.0.0.0/0"},
 		   {"name": "Ingress_nexus_docker_registry",
                   "description": "nexus repository traffic",
                   "direction": "ingress",
                   "port_range_max": 8082,
                   "port_range_min": 8082,
                   "protocol": "tcp",
                   "remote_ip_prefix": "0.0.0.0/0"},
 		  {"name": "Ingress_mongodb",
 		   "description": "mongodb traffic",
 		   "direction": "ingress",
 		   "port_range_max": 27017,
 		   "port_range_min": 27017,
 		   "protocol": "tcp",
 		   "remote_ip_prefix": "0.0.0.0/0"}
 	  ]
  }],
  "instance": [{
 	 "name": "stg-bilweb-00",
 	 "az": "UK_London",
 	 "flavor": "Atto.L",
 	 "image": "Ubuntu 20.04 LTS - Focal",
 	 "keypair": "dell XPS",
 	 "security_group": ["secgroup_console"],
 	 "inventory_group": "console_web",
 	 "network": [{"name": "admin_console"}]
        },
        {
         "name": "stg-bilweb-01",
 	 "az": "UK_London",
 	 "flavor": "Atto.L",
 	 "image": "Ubuntu 20.04 LTS - Focal",
 	 "keypair": "dell XPS",
 	 "security_group": ["secgroup_console"],
 	 "inventory_group": "console_web",
 	 "network": [{"name": "admin_console"}]
 	},
        {
 	 "name": "stg-billdb-00",
 	 "az": "FR_Roubaix",
 	 "flavor": "Femto.L",
 	 "image": "Ubuntu 20.04 LTS - Focal",
 	 "keypair": "dell XPS",
 	 "security_group": ["secgroup_console"],
 	 "inventory_group": "console_database",
 	 "network": [{"name": "admin_console"}]
 	},
        {
 	 "name": "stg-billdb-01",
 	 "az": "UK_London",
 	 "flavor": "Femto.L",
 	 "image": "Ubuntu 20.04 LTS - Focal",
 	 "keypair": "dell XPS",
 	 "security_group": ["secgroup_console"],
 	 "inventory_group": "console_database",
 	 "network": [{"name": "admin_console"}]
 	},
        {
 	 "name": "stg-billdb-02",
 	 "az": "UK_London",
 	 "flavor": "Femto.L",
 	 "image": "Ubuntu 20.04 LTS - Focal",
 	 "keypair": "dell XPS",
 	 "security_group": ["secgroup_console"],
 	 "inventory_group": "console_database",
 	 "network": [{"name": "admin_console"}]
 	},
        {
 	 "name": "stg-bilrep-00",
 	 "az": "UK_London",
 	 "flavor": "RAM.S",
 	 "image": "Ubuntu 20.04 LTS - Focal",
 	 "keypair": "dell XPS",
 	 "security_group": ["secgroup_console"],
 	 "inventory_group": "nexus",
 	 "network": [{"name": "admin_console"}],
 	 "volume": ["nexus_repository"]
 	},
        {
 	 "name": "stg-conbld-00",
 	 "az": "UK_London",
 	 "flavor": "Atto.M",
 	 "image": "Ubuntu 20.04 LTS - Focal",
 	 "keypair": "dell XPS",
 	 "security_group": ["secgroup_console"],
 	 "inventory_group": "container_biuld",
 	 "network": [{"name": "admin_console"}]
 	},
        {
 	 "name": "stg-bilbas-00",
 	 "az": "UK_London",
 	 "flavor": "Atto.S",
 	 "image": "Ubuntu 20.04 LTS - Focal",
 	 "keypair": "dell XPS",
 	 "security_group": ["secgroup_console"],
 	 "inventory_group": "console_bastion",
 	 "network": [{"name": "admin_console"}],
 	 "fip": [{
 		 "floatingip": "fip_console",
 		 "pool": "INTERNET",
 		 "bastion_access": "yes"
 	 }]
 	}
  ],
  "volume": [
        {"name": "nexus_repository", "description": "Nexus volume", "size": 300, "availability_zone": "UK_London", "volume_type": "HDD SATA"}
  ]
 }
--- a/infra/kubernetes.json
+++ b/infra/kubernetes.json
@ -1,21 +0,0 @@
 { 
  "application_name": "kubernetes",
  "INTERNET_Network_ID": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
  "router": [
 	{"router_name": "k8s_router", "router_external_gateway": "e8d04c1f-0b49-4e87-a1f3-bea618782c90", "linked_subnets": [{"router_interface_name": "k8s_admin_interface", "subnet_name": "k8s_admin_subnet"}] }
  ],
  "network": [
        {"name": "kubernetes", "bastion_access": "yes", "subnet": {"name":"k8s_admin_subnet", "ip_version": 4, "cidr": "172.129.0.0/16", "dns_servers": ["8.8.8.8"], "linked_router": [{"router_name": "k8s_router"}]}, "port": [{"name": "vip_k8s", "fip_pool": "INTERNET"}]}
  ],
  "instance": [
        {"name": "prd-k8sctl-00", "az": "UK_London", "flavor": "Atto.M", "inventory_group": "k8scontrol", "network": [{"name": "kubernetes", "allowed_address_pairs": ["vip_k8s"] }]},
        {"name": "prd-k8sctl-01", "az": "FR_Roubaix", "flavor": "Atto.M", "inventory_group": "k8scontrol", "network": [{"name": "kubernetes", "allowed_address_pairs": ["vip_k8s"] }]},
        {"name": "prd-k8sctl-02", "az": "UK_London", "flavor": "Atto.M", "inventory_group": "k8scontrol", "network": [{"name": "kubernetes", "allowed_address_pairs": ["vip_k8s"] }]},
        {"name": "prd-k8swrk-00", "az": "UK_London", "flavor": "Atto.L", "inventory_group": "k8sworker", "network": [{"name": "kubernetes"}]},
        {"name": "prd-k8swrk-01", "az": "FR_Roubaix", "flavor": "Atto.L", "inventory_group": "k8sworker", "network": [{"name": "kubernetes"}]},
        {"name": "prd-k8swrk-02", "az": "UK_London", "flavor": "Atto.L", "inventory_group": "k8sworker", "network": [{"name": "kubernetes"}]},
        {"name": "prd-k8sbas-00", "az": "UK_London", "flavor": "Atto.S", "inventory_group": "kubernetes_bastion","fip": [{"floatingip": "fip_k8sbas", "pool": "INTERNET", "bastion_access": "yes"}], "network": [{"name": "kubernetes"}]}
  ],
  "volume": [
  ]
 }
--- a/infra/openstack.json
+++ b/infra/openstack.json
@ -1,39 +0,0 @@
 { 
  "application_name": "openstack",
  "INTERNET_Network_ID": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
  "router": [
        {"router_name": "openstack_router", "router_external_gateway": "e8d04c1f-0b49-4e87-a1f3-bea618782c90", "linked_subnets": [{"router_interface_name": "openstack_admin_interface", "subnet_name": "admin_subnet"}]}
  ],
  "network": [
        {"name": "admin_openstack", "bastion_access": "yes", "subnet": {"name":"admin_subnet", "ip_version": 4, "cidr": "172.30.0.0/16", "dns_servers": ["8.8.8.8"], "linked_router": [{"router_name": "openstack_router"}]}},
        {"name": "public", "subnet": {"name":"public_subnet", "ip_version": 4, "cidr": "172.31.0.0/16"}},
        {"name": "storage", "subnet": {"name":"storage_subnet", "ip_version": 4, "cidr": "172.32.0.0/16"}},
        {"name": "storage_replication", "subnet": {"name":"storep_subnet", "ip_version": 4, "cidr": "172.33.0.0/16"}}
  ],
  "instance": [
        {"name": "prd-ctl-00", "az": "FR_Roubaix", "flavor": "Atto.L", "inventory_group": "ctl","network": [{"name": "admin_openstack"}, {"name": "storage"}]},
        {"name": "prd-ctl-01", "az": "FR_Roubaix", "flavor": "Atto.L", "inventory_group": "ctl","network": [{"name": "admin_openstack"}, {"name": "storage"}]},
        {"name": "prd-ctl-02", "az": "UK_London", "flavor": "Atto.L", "inventory_group": "ctl","network": [{"name": "admin_openstack"}, {"name": "storage"}]},
        {"name": "prd-dep-00", "az": "FR_Roubaix", "flavor": "Atto.S", "inventory_group": "openstack_bastion","fip": [{"floatingip": "fip_deploy", "pool": "INTERNET", "bastion_access": "yes"}], "network": [{"name": "admin_openstack"}, {"name": "storage"}]},
        {"name": "prd-sto-00", "az": "FR_Roubaix", "flavor": "Atto.S", "inventory_group": "osds","network": [{"name": "admin_openstack"}, {"name": "storage"}, {"name": "storage_replication"}], "volume": ["osd00", "osd01"]},
        {"name": "prd-sto-01", "az": "FR_Roubaix", "flavor": "Atto.S", "inventory_group": "osds","network": [{"name": "admin_openstack"}, {"name": "storage"}, {"name": "storage_replication"}], "volume": ["osd02", "osd03"]},
        {"name": "prd-sto-02", "az": "FR_Roubaix", "flavor": "Atto.S", "inventory_group": "osds","network": [{"name": "admin_openstack"}, {"name": "storage"}, {"name": "storage_replication"}], "volume": ["osd04", "osd05"]},
        {"name": "prd-sto-03", "az": "UK_London", "flavor": "Atto.S", "inventory_group": "osds","network": [{"name": "admin_openstack"}, {"name": "storage"}, {"name": "storage_replication"}], "volume": ["osd06", "osd07"]},
        {"name": "prd-sto-04", "az": "UK_London", "flavor": "Atto.S", "inventory_group": "osds","network": [{"name": "admin_openstack"}, {"name": "storage"}, {"name": "storage_replication"}], "volume": ["osd08", "osd09"]},
        {"name": "prd-sto-05", "az": "UK_London", "flavor": "Atto.S", "inventory_group": "osds","network": [{"name": "admin_openstack"}, {"name": "storage"}, {"name": "storage_replication"}], "volume": ["osd10", "osd11"]}
  ],
  "volume": [
 	  {"name": "osd00", "description": "Ceph OSD", "size": 50, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"},
 	  {"name": "osd01", "description": "Ceph OSD", "size": 50, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"},
 	  {"name": "osd02", "description": "Ceph OSD", "size": 50, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"},
 	  {"name": "osd03", "description": "Ceph OSD", "size": 50, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"},
 	  {"name": "osd04", "description": "Ceph OSD", "size": 50, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"},
 	  {"name": "osd05", "description": "Ceph OSD", "size": 50, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"},
 	  {"name": "osd06", "description": "Ceph OSD", "size": 50, "availability_zone": "UK_London", "volume_type": "HDD SATA"},
 	  {"name": "osd07", "description": "Ceph OSD", "size": 50, "availability_zone": "UK_London", "volume_type": "HDD SATA"},
 	  {"name": "osd08", "description": "Ceph OSD", "size": 50, "availability_zone": "UK_London", "volume_type": "HDD SATA"},
 	  {"name": "osd09", "description": "Ceph OSD", "size": 50, "availability_zone": "UK_London", "volume_type": "HDD SATA"},
 	  {"name": "osd10", "description": "Ceph OSD", "size": 50, "availability_zone": "UK_London", "volume_type": "HDD SATA"},
 	  {"name": "osd11", "description": "Ceph OSD", "size": 50, "availability_zone": "UK_London", "volume_type": "HDD SATA"}
  ]
 }
--- a/53
+++ b/53
@ -1,37 +1,26 @@
-#---- start billing inventory ----
+#---- start console inventory ----
-[bildat]
+[console_web]
-prd-bildat-00 ansible_host=172.50.0.238 ansible_user=ubuntu
+stg-bilweb-00 ansible_host=172.53.3.53 ansible_user=ubuntu
-prd-bildat-01 ansible_host=172.50.0.27 ansible_user=ubuntu
+stg-bilweb-01 ansible_host=172.53.1.161 ansible_user=ubuntu
 prd-bildat-02 ansible_host=172.50.1.162 ansible_user=ubuntu
-[bilweb]
+[console_database]
-prd-bilweb-00 ansible_host=172.50.2.220 ansible_user=ubuntu
+stg-billdb-00 ansible_host=172.53.3.141 ansible_user=ubuntu
-prd-bilweb-01 ansible_host=172.50.3.195 ansible_user=ubuntu
+stg-billdb-01 ansible_host=172.53.3.232 ansible_user=ubuntu
 stg-billdb-02 ansible_host=172.53.3.78 ansible_user=ubuntu
-[billing_bastion]
+[console_bastion]
-prd-bilbas-00 ansible_host=172.50.2.44 ansible_user=ubuntu
+stg-bilbas-00 ansible_host=172.53.3.126 ansible_user=ubuntu
-[billing:children]
+[nexus]
-billing_bastion
+stg-bilrep-00 ansible_host=172.53.0.130 ansible_user=ubuntu
 bilweb
 bildat
 #---- end billing inventory ----
 #---- start kubernetes inventory ----
 [k8scontrol]
 prd-k8sctl-00 ansible_host=172.129.3.103 ansible_user=ubuntu
 prd-k8sctl-01 ansible_host=172.129.3.56 ansible_user=ubuntu
 prd-k8sctl-02 ansible_host=172.129.0.60 ansible_user=ubuntu
-[k8sworker]
+[container_biuld]
-prd-k8swrk-00 ansible_host=172.129.1.110 ansible_user=ubuntu
+stg-conbld-00 ansible_host=172.53.0.185 ansible_user=ubuntu
 prd-k8swrk-01 ansible_host=172.129.2.189 ansible_user=ubuntu
 prd-k8swrk-02 ansible_host=172.129.3.134 ansible_user=ubuntu
-[kubernetes_bastion]
+[console:children]
-prd-k8sbas-00 ansible_host=172.129.0.95 ansible_user=ubuntu
+container_biuld
-
+nexus
-[kubernetes:children]
+console_bastion
-kubernetes_bastion
+console_database
-k8sworker
+console_web
-k8scontrol
+#---- end console inventory ----
 #---- end kubernetes inventory ----
--- a/kubernetes.sh
+++ b/kubernetes.sh
@ -1,5 +0,0 @@
 #!/bin/bash
 export OS_CLOUD="felcloud_cli"
 export PULUMI_STACK="staging"
 export PULUMI_SUB_STACK="kubernetes"
 export PULUMI_CONFIG_PASSPHRASE_FILE="$PWD/env.d/$PULUMI_STACK/pulumi_passphrase"
--- a/openstack.sh
+++ b/openstack.sh
@ -1,5 +0,0 @@
 #!/bin/bash
 export OS_CLOUD="felcloud_cli"
 export PULUMI_STACK="staging"
 export PULUMI_SUB_STACK="openstack"
 export PULUMI_CONFIG_PASSPHRASE_FILE="$PWD/env.d/$PULUMI_STACK/pulumi_passphrase"
--- a/12
+++ b/12
@ -1,7 +1,7 @@
 $ANSIBLE_VAULT;1.1;AES256
-39306138313765623361313334353336336239386235333631363464383532633661373866396132
+62303632316333616431643931383639333964323332383737666531646432643263656432326432
-6162623733386661383865333664323833613964343862390a626562353064626265393338363361
+3336326461306235643638626332613864646536666334640a376665393432653761353337376464
-30333836646462393966313934303161663366323838626236336531306364363337653162633064
+34653230393836383062323336626331323266643639393936646237323736363364343531373538
-3033366331613266390a646438316365313139333766623730613737396234336334336331376666
+3530333930353631360a636433393431656165323034373832633333303966623235613231643764
-61333437333131656561663031373264376364326434363132616564356564323761363233353063
+31333136353864373061353065323234373732663335373661336235336437366363316235663633
-3137613634383032383065656339396331623065613535663730
+6566663036666532313766323861643663383433343737636563
--- a/requirements.yml
+++ b/requirements.yml
@ -10,22 +10,12 @@
  scm: git
  accept_hostkey: yes
 - src: ssh://git@git.felcloud.io:2224/ansible_roles/k8s_common.git
  version: 0.0.1
  scm: git
  accept_hostkey: yes
 - src: ssh://git@git.felcloud.io:2224/ansible_roles/k8s_control.git
  version: 0.0.1
  scm: git
  accept_hostkey: yes
 - src: ssh://git@git.felcloud.io:2224/ansible_roles/k8s_worker.git
  version: 0.0.1
  scm: git
  accept_hostkey: yes
 - src: ssh://git@git.felcloud.io:2224/ansible_roles/keepalived.git
  version: 0.0.1
  scm: git
  accept_hostkey: yes
 - src: ssh://git@git.felcloud.io:2224/ansible_roles/console.git
  version: 0.0.1
  scm: git
  accept_hostkey: yes