Initial commit from ansible_env_staging

ceph.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+export OS_CLOUD="felcloud_staging"
+export PULUMI_STACK="staging"
+export PULUMI_SUB_STACK="ceph"
+export PULUMI_CONFIG_PASSPHRASE_FILE="/etc/ansible/pulumi_passphrase"

ceph_vexx.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+export OS_CLOUD="vexxhost_sjc1"
+export PULUMI_STACK="staging"
+export PULUMI_SUB_STACK="ceph_vexx"
+export PULUMI_CONFIG_PASSPHRASE_FILE="/etc/ansible/pulumi_passphrase"

console.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+export OS_CLOUD="felcloud_staging"
+export PULUMI_STACK="staging"
+export PULUMI_SUB_STACK="console"
+export PULUMI_CONFIG_PASSPHRASE_FILE="/etc/ansible/pulumi_passphrase"

consolemongi.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+export OS_CLOUD="felcloud_staging"
+export PULUMI_STACK="staging"
+export PULUMI_SUB_STACK="consolemongi"
+export PULUMI_CONFIG_PASSPHRASE_FILE="/etc/ansible/pulumi_passphrase"

emine.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+export OS_CLOUD="felcloud_staging"
+export PULUMI_STACK="staging"
+export PULUMI_SUB_STACK="emine"
+export PULUMI_CONFIG_PASSPHRASE_FILE="/etc/ansible/pulumi_passphrase"

emine_vexx.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+export OS_CLOUD="vexxhost_sjc1"
+export PULUMI_STACK="staging"
+export PULUMI_SUB_STACK="emine_vexx"
+export PULUMI_CONFIG_PASSPHRASE_FILE="/etc/ansible/pulumi_passphrase"

group_vars/all

@@ -0,0 +1,83 @@
+---
+
+env: "{{ lookup('env', 'PULUMI_STACK') }}"
+application: "{{ lookup('env', 'PULUMI_SUB_STACK') }}"
+inventory_remote_user: ubuntu
+bastion_group_name: "{{ application }}_bastion"
+base_infrastructure_file_path: "{{ inventory_dir }}/infra/{{ application }}.json"
+
+# DNS resolve
+preferred_dns: "8.8.8.8"
+fallback_dns: "4.4.4.4"
+
+# infrastructure
+infrastructure_file_path: "{{ inventory_dir }}/infra/{{ application }}.json"
+
+# proxy
+proxy_user: "felcloud"
+proxy_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30353938636561343133303061303336653130383363646430616536326131393766646239393530
+          3761626633393637396436386135663034616531663135390a666134363539366465393364306230
+          38656537373438353737323430623462616332373835663837366434343739383765336361326331
+          3330643466643730660a636236376133323730336561643532393130646639386263623263323339
+          6563
+proxy_hostname: "{{ groups[bastion_group_name] | first }}"
+proxy_ip: "{{ hostvars[proxy_hostname].ansible_host }}"
+proxy_port: 3128
+
+# Keycloak
+identity_provider_url: "https://identity.felcloud.io/auth/realms"
+keycloak_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          65666165663930386564336335613430336537663837306261613439383865333635346163303034
+          3137366531316463346561383361643338613065356132340a363462666162666130396237336330
+          65356330333164333532353263653836383132653632666430383831343438666565333539646231
+          6431376161663439320a613963396263333862373932376631366334666266666137316631383530
+          66366237303837323966663630393438373962326234396335396134346233383531
+keycloak_client_secret_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          62656131303833613863613264373364633065396237636534393038633862666239313238303864
+          3834626239383435376361663366613462633361613261350a616238346138626233366366383964
+          37663763396266363133396536383039363839346265613461393032663235626133663661343466
+          3633316339656163610a343963343236336465663761373066373133653830313136326632663638
+          66653039636561383761616533356135613732373665643831333765353134326266646231353137
+          6137373234303337636333373763306535303663393137663738
+keycloak_admin_client_secret_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          62343461316462633865316334376235346234643936396137383964626136636261633865323935
+          3635366438376430356439386534333635326432643939360a386433386331303735393764646261
+          38383034333534303139363939353561303837383334303465646262353861623932333137353636
+          3035383366373131360a356636373535313164316331623632623832356262326565346461633264
+          36633763613132316335336561653338353362313865316661383933383134386439323632366238
+          3930306135383036623661363134343738626162386635313632
+
+smtp_host: "mail.felcloud.io"
+smtp_port: 465
+smtp_local_host: "{{ ansible_host }}"
+smtp_local_port: 587
+smtp_user: noreply@felcloud.io
+smtp_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          62623530623063393036386339343038303464643962363736383531636461613439316462313437
+          3931303536323666333038633432346162633231623039610a643961323934633238303636643435
+          31663635326230393330356561636266626534623962313063393764626237393765653732396464
+          3064626333393432380a616563646564383934333938613235653735303339613230323937303731
+          37613930656565306266623537333661613266636365373038663636666439626437
+
+# docker registry
+felcloud_docker_registry: "repository.felcloud.io/felcloud"
+felcloud_docker_registry_user: cloud
+felcloud_docker_registry_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30353938636561343133303061303336653130383363646430616536326131393766646239393530
+          3761626633393637396436386135663034616531663135390a666134363539366465393364306230
+          38656537373438353737323430623462616332373835663837366434343739383765336361326331
+          3330643466643730660a636236376133323730336561643532393130646639386263623263323339
+          6563
+
+## mongodb global
+#mongodb_replicaset_name: "rs0"
+#mongodb_script_local_config_path: "mongo-scripts"
+#mongodb_list_js_scripts:
+#  - "03_initaira.js"

group_vars/ceph_vexx

@@ -0,0 +1,14 @@
+---
+
+# linux users
+users:
+  - name: emine
+    group: emine
+    groups: sudo
+    shell: '/bin/bash'
+    ssh_pub_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQx/ruuz9HUmS44qSMckfpO/Gk6HukIEUO1DfxxiynMMPp6wsWSz799AgeIsu19qfG1T42hMBy1OoBKIJ91YCOKD43zHu5XoleHKZo2kXHHFsQdtZAm4WcRDMzDsbz5gNEboqKStD4bJ+74GORpnVTpypVWX8f2yahTheb38qRpAwmYOCviL4cak2d6RgVi5eWyvGsVJmcd//7301Dg2FH8l+CmSuRKRY6f27fwqvZUsWx8ZJI0z18q8IHAdqyt67WmY6dLYV+8vQLGAo50ElKPTxrIUnOUmiZZI9oaoqemH7hdiSYMUnp/26Ob0xPafcHsJT1+mqS8H3DDMJf5jsEPwSdR+3pnIMm8vwKW6PJVRZPO5p/lugza0XbPTwKWlZeb6poVs1I2pwScedPgVnLMRuWA4rtEamarPlQ2QZS04+2J3TvuOMcHI0vM/T269bTEOk7UghKz5Km3YYPrQVi728zitAc4BOzk5cxJ4GnO+ttEIHWnZT9Vn/slEHNy3NYnB1hX5a5++/fE1xC9KIBLWqiXONDHyPdsoYqrmtkc82rxkyMtwppY9vvAbkWwrSGSiGM7t/EceB2ZlC8EmzNc1tvDaYDmgGEFMDtsOBO6qNVKjxvP8fYdQgzaasarwcbCYG9VgwhEyUJVYM7s9I+VPZhkXI5ZEjXJ0uIHcbU+w== dell-xps'
+      - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINgHtvs8XWPr9T1fjhO633kR9ULro0gpnjBc+gFmrI5I emine@felcloud.io'
+
+# ceph
+ceph_public_network: "172.39.15.0/24"

group_vars/console

@@ -0,0 +1,50 @@
+---
+# console staging
+console_repo: "git.felcloud.io/billing/billing_website.git"
+console_branch: "prod"
+console_image_name: "nexus.felcloud.io/felcloud/console"
+console_version: 0.1.2
+
+# console database
+console_database_name: "billing"
+console_database_user: "billingW"
+console_database_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          34646331363564376132633734303661376433386139306438623462386633376635343664663637
+          6465363736346437333965333836643862386565616230330a646333373934343761393932383765
+          66616166663061666563363534646464313430383363613164653337663565333337303334646366
+          3338666262346263650a623037626165363730386462633331393438326131656638626430383939
+          62633637303662666366313236366461613362343961333865646465326532613432393436363335
+          3731366461653937613133383834666632633231646664623363
+console_database_url: "{{ groups['console_database'][0] }}:27017,{{ groups['console_database'][1] }}:27017,{{ groups['console_database'][2] }}:27017"
+# mongodb global
+mongodb_replicaset_name: "rs0"
+mongodb_script_local_config_path: "mongo-scripts"
+mongodb_list_js_scripts:
+  - "03_initbilling.js"
+
+# linux users
+users:
+  - name: baha
+    group: baha
+    groups: sudo
+    shell: '/bin/bash'
+    ssh_pub_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDaKdKinHqJ5bn9TqCULDEhAcSm9mbcHirRVzFNIPtGc4oPS5oc7WCtGgdv4J5YyWxEoe4Z42VpqDRHxuwdlprZYrfCVgDz5hQNiC8KQuusNFkfgjBPGH2dOvRJusIAclr2wEPUKMDh9MAlJ8NegUg/3uVs2ngXIyag6fronqzIDVCW89WqTi1EGnU69/bbXjPx2so4OYPvumSrxHYf438nR/3cRK8mXbSw43LN7xr0rgzclhZuTlXVrc2jichqI2jNJ7wmH0eQoLyf0E/ncXRR5xFdW1/rFQqQnueA0006dvqlgqsvaNPnFnFyfSpaGdZN4wj2hE2XZ+JkGeAjKswVAZHIst7xslCSZChQFAqHIs2ddtTsrd+tF1WVqpKu2MgjEwhKhu6KoKDW1D5s3Mb5CZcPANz9jyKCBKsKw++MJx74eP3LFdFFCjD6fgjT5Qi6BkhSkYWel6kP5joHNU8R+ZFX2cMUC+ZuEJIuGUMCv9q5ir/Ueh6tMJNolbNWRIs= baha@DESKTOP-AN6NC1O'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGnJJk9lvPOmJZxfpb+0k84mWA7jpBKapxtE02qwRDVQ5b6ZBCH5lr9eBU1XTppu7FXew/+VkQaf6pp8c4yCoY01QIFei+ilw+RncN92vzAVPzBPcPACPNjrvsD5pUIRxRMU21fIopQhGY+baK/rw/Gqfa8fyRK5cR07mvJ/jZQIPlOBr9pBf/mmzNCaRyo0kZb199X/VpWo8RhTNpfmx7pEvD1pSnqeMlPO7GlSqVfMSSKIUeCFW/Ne6Bwk73dOXZPLdo3qa5/6dZmoRf3V7QCbSXfxy9RQVKsjSzsxMc59XF2gr6vY8qAUnfoLhxpF4LwVi1mDQanwD7yYZ41tsP6Su1/R1qLCfEeE6rJCxAjHIc/OqeqznBp0Dxbu7Xhmy38U5iX9X70Wrv5JB77giUtf2i/OnDGtZ9n27Hm9U+n1l3CLmcYePEarD/7nOrzk2BVlih63r+ejRlTou9mwC+L7W2L8y5qhWTRVmLcvPRindxApPzL8nCWe8INlzXb6G6zY0T1f0tabh9DSeoQ67OYPjQUMJVYo3rSbQHzh6tOjin5yrBF46HQWJpwKPKxPGOPuLT84WzdmnX02MUmfy3vGBf7bVO+ViVgQPRvcgt2gKUUufWNuPOwmPKK1aSnF3KQy7u+8Vi3p/iGx8mGKIpt8J0g6C5s3WI7crFuVkuFw== baha@felcloud.tn'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6wNePNsGYOZ59RUnzUeQ3My22pfCvmNMsxpribv6yLS6ZWmfSxZJmvxqS+UBqJaw/BeT8rYiWLMrHGz3BG7AspbjBWTJlis7wARZO519hFbtlliZt4khJcOH0mEY4D2qfyqgnZlT9BvkjfkpI5wHGw/ItB9DAjtQ7BsmTF4Y7G0dxnVs69XLoji93k+ex8Rec2QDz2FoRQJLSULROnFKNmsi9SNWDiwFanVd7qf95gxQs5g/T8mFnPA9cdQtVt0zvYD+p2Y+ehHuxDRm4VVKCsg5zc14v2J3P6m98F1yMzwG2GBX4FcaD5zwE7irJXYBBBrYKwgC4L8e/8nmgnp2uyzcoNuyTPboXEyxVvT652373paaEXjL7T/01w091gI1/PYDRatzev5PTdwfFdzB83ka1NL+AdYo7zU7qo/tzDrx0bfJhiQWiVWM6hcTDRFMqhByJxZpNSaCvkuyVoplZF7rgjMAwNmt6TqXBjDCHPxlXRM0rew+5lFPvc/c+/BPMYLPhVp6HETvSt8AE3FfayOy0KG8dESsrkkzCjAUXUFKwoSaH5q4/SfK21xDc1vMBn3HM16mQoHXXNGU/ZnK/1s7rnNK0YW4UjHeBnShbwgoesALvkY+ZVDeXy9tUxoGhCsGbKGmN8i2O+j8Brq2UwBoW15ciHaNRBSMiFPVo0Q== baha@felcloud.tn'
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDMDop27cs9ACXD9+D2VSk5ePA0yvnHwiIszjhM+RyLIWGO8VEMo2SwoHkArbw0RUwfrsAA+ObnxVXiTr2ZMHUphGo/i3sjEsWMiGtP/ZXjoA/NBBPeMzWsUfNniT7cL1d7gLr3Vhm2FAzPdV6TowU6SzjUXwsCluF2klE1ygr9krEXrNJIzG+vzySwfjud+xzbKKDZQBDHRYq6RCIwdA1A1GlnqdEaUrkrNkPLIosPfqmDw0djHfwFi7gIMLI2yzinGoyFzmmSC7rUjcjia6EnJ0XxuitDGJzPPwLSIL42/0t7NoBwRch9aDkljXF0/qCNDOHpS4FxRBO23+qZemwJ5kD4Fy9I9Y2gKfcetrCcD2uMLx3Msdso4ILe/qWiX7ptRAV0PxxlEgV68UPW1h8Sujq/zuLKkLMFrrexL+wa49IcCgJNxXU5W5Ve4+SA/gUO1HSNeL9WKl95bIi37OOwIzWxP9YgSVLqLiabD+V9QMxwMrf+Dy0pfNFV9XtVBM= mongi@felcloud.tn'
+    git_user: "baha"
+    git_token: "glpat-68xbQazGGWFUpunNZk7y"
+    console_port: 9090
+    console_url: "baha-dev.felcloud.io"
+  - name: mourad
+    group: mourad
+    groups: sudo
+    shell: '/bin/bash'
+    ssh_pub_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2/vLH31aGMlGHHeFa3w5z6LKpUIHLx489RxCi23QI0tTWytDoUnglHVOzaK2yzgr9MgllVbRdxGTCx2tjhOMEKclpwn+K4+vLBBGiSKLn5qekDG/sF75/0C6j1X/uUbRGHk9k3xLLM6rXy/YWbVu3EZs6EuHqM4QMBW+lbdtVMx93ngSBTv+JN57149YSWbO8IOwg44iyIZmvGabi0cEh0+SuASnRUuk8tK/P1YrmuhUpocJXbq3FmHdkqs4Onahn9MWb5uVQUpCjgMdB8Dzh8jFBbbNGrCGTanAo4j58S2Sto3h6SVIAbkxDEEMBM1PzfjI4Ct0/NmhE7WMt7jcB ubuntu@mourad-instance'
+   # git_user: "baha"
+   # git_token: "glpat-68xbQazGGWFUpunNZk7y"
+   # console_port: 9090
+   # console_url: "baha-dev.felcloud.io"

group_vars/console_database

@@ -0,0 +1,21 @@
+---
+
+mongodb_root_user: root
+mongodb_root_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          34333139613963386461663666616630336663613631643638626665623137323332323465326632
+          3531313966376633636235373531376534643234306339370a373239393364633663366431386138
+          36663132656663393664316561306262623236326361623935613430346138353731656565396261
+          6564336464303531620a643062623464623634623565366230326531643162323034333635393966
+          37343234643931666635636637396363333432643032333536396538303832346634
+mongodb_init_database: "admin"
+
+nosqlclient_user: nosqlclient
+nosqlclient_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          34323766623465326261326662316230376633366362373938383966613237616232323433613532
+          6165643266333164386330646131396562326262626431320a663437656134633663396137356261
+          35633230633732663566306363326635336633303965343538633836303662386638363535343635
+          3737663437303932610a656434383436626264326566636336396130666265353039313165656331
+          3564
+nosqlclient_database: "nosqlclient"

group_vars/console_web

@@ -0,0 +1,30 @@
+---
+
+haproxy_local_config_path: "reverse-proxy/haproxy.cfg"
+haproxy_list_tls:
+  - wildcard.felcloud.io
+haproxy_nbproc: 1
+public_vip_address:
+  - "{{ vip_console.all_fixed_ips | first }}"
+haproxy_first_tls: "/etc/haproxy/tls/wildcard.felcloud.io.pem"
+default_backend: "baha_console"
+haproxy:
+  backends:
+  - name: nosql
+    frontend: "console-dev-db.felcloud.io"
+    servers:
+    - "acl draw-auth http_auth(basic-auth-list)"
+    - "http-request auth realm draw unless draw-auth"
+    - "server {{ groups['console_database'][0] }} {{ hostvars[groups['console_database'][0]]['ansible_host'] }}:3000"
+  - name: nexus
+    frontend: "nexus-dev.felcloud.io"
+    servers:
+    - "server {{ groups['nexus'][0] }} {{ hostvars[groups['nexus'][0]]['ansible_host'] }}:8081"
+  - name: nexus_docker_registry
+    frontend: "nexus.felcloud.io"
+    servers:
+    - "server {{ groups['nexus'][0] }} {{ hostvars[groups['nexus'][0]]['ansible_host'] }}:8082"
+  - name: baha_console
+    frontend: "baha-dev.felcloud.io"
+    servers:
+    - "server {{ groups['console_web'][0] }} {{ hostvars[groups['console_web'][0]]['ansible_host'] }}:9090"

group_vars/consolemongi

@@ -0,0 +1,38 @@
+---
+
+# console staging
+console_repo: "git.felcloud.io/billing/billing_website.git"
+console_branch: "prod"
+console_image_name: "nexus.felcloud.io/felcloud/console"
+console_version: 0.1.2
+
+# console database
+console_database_name: "billing"
+console_database_user: "billingW"
+console_database_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          34646331363564376132633734303661376433386139306438623462386633376635343664663637
+          6465363736346437333965333836643862386565616230330a646333373934343761393932383765
+          66616166663061666563363534646464313430383363613164653337663565333337303334646366
+          3338666262346263650a623037626165363730386462633331393438326131656638626430383939
+          62633637303662666366313236366461613362343961333865646465326532613432393436363335
+          3731366461653937613133383834666632633231646664623363
+console_database_url: "{{ groups['mongi_console_database'][0] }}:27017,{{ groups['mongi_console_database'][1] }}:27017,{{ groups['mongi_console_database'][2] }}:27017"
+# mongodb global
+mongodb_replicaset_name: "rs0"
+mongodb_script_local_config_path: "mongo-scripts"
+mongodb_list_js_scripts:
+  - "03_initbilling.js"
+
+# linux users
+users:
+  - name: mongi
+    group: mongi
+    groups: sudo
+    shell: '/bin/bash'
+    ssh_pub_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDMDop27cs9ACXD9+D2VSk5ePA0yvnHwiIszjhM+RyLIWGO8VEMo2SwoHkArbw0RUwfrsAA+ObnxVXiTr2ZMHUphGo/i3sjEsWMiGtP/ZXjoA/NBBPeMzWsUfNniT7cL1d7gLr3Vhm2FAzPdV6TowU6SzjUXwsCluF2klE1ygr9krEXrNJIzG+vzySwfjud+xzbKKDZQBDHRYq6RCIwdA1A1GlnqdEaUrkrNkPLIosPfqmDw0djHfwFi7gIMLI2yzinGoyFzmmSC7rUjcjia6EnJ0XxuitDGJzPPwLSIL42/0t7NoBwRch9aDkljXF0/qCNDOHpS4FxRBO23+qZemwJ5kD4Fy9I9Y2gKfcetrCcD2uMLx3Msdso4ILe/qWiX7ptRAV0PxxlEgV68UPW1h8Sujq/zuLKkLMFrrexL+wa49IcCgJNxXU5W5Ve4+SA/gUO1HSNeL9WKl95bIi37OOwIzWxP9YgSVLqLiabD+V9QMxwMrf+Dy0pfNFV9XtVBM= mongi@felcloud.tn'
+    git_user: "mongi"
+    git_token: "glpat-3XzS5sDbHBqzzhL1ZnF7"
+    console_port: 9090
+    console_url: "mongi-dev.felcloud.io"

group_vars/emine

@@ -0,0 +1,85 @@
+---
+base_infrastructure_file_path: "{{ inventory_dir }}/infra/emine.json"
+
+# docker registry
+felcloud_docker_registry: "repository.felcloud.io/felcloud"
+
+# haproxy
+haproxy_local_config_path: "reverse-proxy/haproxy.cfg"
+haproxy_list_tls:
+  - wildcard.felcloud.io
+haproxy_nbproc: 1
+public_vip_address:
+  - "{{ fip_console.address }}"
+haproxy_first_tls: "/etc/haproxy/tls/wildcard.felcloud.io.pem"
+default_backend: "console_emine"
+haproxy:
+  backends:
+  - name: nosql
+    frontend: "emine-dev-db.felcloud.io"
+    servers:
+    - "acl draw-auth http_auth(basic-auth-list)"
+    - "http-request auth realm draw unless draw-auth"
+    - "server {{ groups['emine_db'][0] }} {{ hostvars[groups['emine_db'][0]]['ansible_host'] }}:3000"
+  - name: console_emine
+    frontend: "emine-dev.felcloud.io"
+    servers:
+    - "server {{ groups['emine_web'][0] }} {{ hostvars[groups['emine_web'][0]]['ansible_host'] }}:8080"
+
+# mongodb global
+mongodb_replicaset_name: "rs0"
+mongodb_script_local_config_path: "mongo-scripts"
+mongodb_list_js_scripts:
+  - "03_initbilling.js"
+
+# mongodb
+mongodb_root_user: root
+mongodb_root_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          34333139613963386461663666616630336663613631643638626665623137323332323465326632
+          3531313966376633636235373531376534643234306339370a373239393364633663366431386138
+          36663132656663393664316561306262623236326361623935613430346138353731656565396261
+          6564336464303531620a643062623464623634623565366230326531643162323034333635393966
+          37343234643931666635636637396363333432643032333536396538303832346634
+mongodb_init_database: "admin"
+
+nosqlclient_user: nosqlclient
+nosqlclient_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          34323766623465326261326662316230376633366362373938383966613237616232323433613532
+          6165643266333164386330646131396562326262626431320a663437656134633663396137356261
+          35633230633732663566306363326635336633303965343538633836303662386638363535343635
+          3737663437303932610a656434383436626264326566636336396130666265353039313165656331
+          3564
+nosqlclient_database: "nosqlclient"
+
+# console database
+console_database_name: "billing"
+console_database_user: "billingW"
+console_database_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          34646331363564376132633734303661376433386139306438623462386633376635343664663637
+          6465363736346437333965333836643862386565616230330a646333373934343761393932383765
+          66616166663061666563363534646464313430383363613164653337663565333337303334646366
+          3338666262346263650a623037626165363730386462633331393438326131656638626430383939
+          62633637303662666366313236366461613362343961333865646465326532613432393436363335
+          3731366461653937613133383834666632633231646664623363
+console_database_url: "{{ groups['emine_db'][0] }}:27017,{{ groups['emine_db'][1] }}:27017,{{ groups['emine_db'][2] }}:27017"
+
+# linux users
+users:
+  - name: emine
+    group: emine
+    groups: sudo
+    shell: '/bin/bash'
+    ssh_pub_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQx/ruuz9HUmS44qSMckfpO/Gk6HukIEUO1DfxxiynMMPp6wsWSz799AgeIsu19qfG1T42hMBy1OoBKIJ91YCOKD43zHu5XoleHKZo2kXHHFsQdtZAm4WcRDMzDsbz5gNEboqKStD4bJ+74GORpnVTpypVWX8f2yahTheb38qRpAwmYOCviL4cak2d6RgVi5eWyvGsVJmcd//7301Dg2FH8l+CmSuRKRY6f27fwqvZUsWx8ZJI0z18q8IHAdqyt67WmY6dLYV+8vQLGAo50ElKPTxrIUnOUmiZZI9oaoqemH7hdiSYMUnp/26Ob0xPafcHsJT1+mqS8H3DDMJf5jsEPwSdR+3pnIMm8vwKW6PJVRZPO5p/lugza0XbPTwKWlZeb6poVs1I2pwScedPgVnLMRuWA4rtEamarPlQ2QZS04+2J3TvuOMcHI0vM/T269bTEOk7UghKz5Km3YYPrQVi728zitAc4BOzk5cxJ4GnO+ttEIHWnZT9Vn/slEHNy3NYnB1hX5a5++/fE1xC9KIBLWqiXONDHyPdsoYqrmtkc82rxkyMtwppY9vvAbkWwrSGSiGM7t/EceB2ZlC8EmzNc1tvDaYDmgGEFMDtsOBO6qNVKjxvP8fYdQgzaasarwcbCYG9VgwhEyUJVYM7s9I+VPZhkXI5ZEjXJ0uIHcbU+w== dell-xps'
+    console_url: emine-dev.felcloud.io
+
+# console
+console_repo: "ssh://git@git.felcloud.io:2224/billing/billing_website.git"
+console_branch: "prod"
+console_image_name: "repository.felcloud.io/felcloud/console"
+console_version: 1.0.0
+console_container_port: 8080
+console_unix_user: "{{ users[0].name }}"

group_vars/matomo_keycloak_client.yml

@@ -0,0 +1,7 @@
+---
+keycloak_url: https://auth.felcloud.io/auth/realms/Cloudnet
+keycloak_username: mourad@felcloud.tn
+keycloak_password: mourad
+client_name: matomo
+client_description: Matomo Console Authentication
+client_redirect_uri: https://matomo.example.com/

group_vars/mongi_console_database

@@ -0,0 +1,21 @@
+---
+
+mongodb_root_user: root
+mongodb_root_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          34333139613963386461663666616630336663613631643638626665623137323332323465326632
+          3531313966376633636235373531376534643234306339370a373239393364633663366431386138
+          36663132656663393664316561306262623236326361623935613430346138353731656565396261
+          6564336464303531620a643062623464623634623565366230326531643162323034333635393966
+          37343234643931666635636637396363333432643032333536396538303832346634
+mongodb_init_database: "admin"
+
+nosqlclient_user: nosqlclient
+nosqlclient_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          34323766623465326261326662316230376633366362373938383966613237616232323433613532
+          6165643266333164386330646131396562326262626431320a663437656134633663396137356261
+          35633230633732663566306363326635336633303965343538633836303662386638363535343635
+          3737663437303932610a656434383436626264326566636336396130666265353039313165656331
+          3564
+nosqlclient_database: "nosqlclient"

group_vars/mongi_console_web

@@ -0,0 +1,22 @@
+---
+
+haproxy_local_config_path: "reverse-proxy/haproxy.cfg"
+haproxy_list_tls:
+  - wildcard.felcloud.io
+haproxy_nbproc: 1
+public_vip_address:
+  - "{{ vip_console_mongi.all_fixed_ips | first }}"
+haproxy_first_tls: "/etc/haproxy/tls/wildcard.felcloud.io.pem"
+default_backend: "mongi_console"
+haproxy:
+  backends:
+  - name: nosql
+    frontend: "mongi-dev-db.felcloud.io"
+    servers:
+    - "acl draw-auth http_auth(basic-auth-list)"
+    - "http-request auth realm draw unless draw-auth"
+    - "server {{ groups['mongi_console_database'][0] }} {{ hostvars[groups['mongi_console_database'][0]]['ansible_host'] }}:3000"
+  - name: mongi_console
+    frontend: "mongi-dev.felcloud.io"
+    servers:
+    - "server {{ groups['mongi_console_web'][0] }} {{ hostvars[groups['mongi_console_web'][0]]['ansible_host'] }}:9090"

group_vars/safouene

@@ -0,0 +1,41 @@
+
+users:
+  - name: ubuntu
+    group: ubuntu
+    shell: '/bin/bash'
+    ssh_pub_keys:
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCnE9f5qZQVHiMwri4Jk/qetJ74jsZCm9owpvkTNkK2l+FnTX9QmC3HYkMkbRBNTm2a5c7YMCYPLEQfoNJefLW3UqzQmnHiCkquX1bgVF4S5c3CPF86DNC4bLtoo/62UUUqqpSiHJBx8JuaU8fNxv/rRyoGvWxg05CFEm+AEc59Ykm8g7Q6q1lNrUP43aKZp384kbXjMYJZj66oRidMi+JlQQHpFPFIhut98glKARW/HdDMOCTp21x8h8WY3mTx4YhhS7kcFpRZugv2IEwV1aoCx+ANzZzic0gMRx2i19JnaSPRu/R5ZJ2fxgVFEtODCqx4xCTLlV+B0VCSVrfWu1CJ+mtuKHFkquBRde/6gBMyBeDWUvZdljaIeMpfsIH4mKpH1ZkppQHpXqAhH7bLorb6i9dHTOhKrLH7+Cp8+VRJ2r1Gm3j3gyvqs/zEhMykBMYqnW21MSVGeX3+FM9qnPTKJ2IZmAddS2VHtFJkGe6VKmkaXTcO8R1ck4ulJ68HPE= ubuntu@k8s-controller'
+
+# haproxy
+haproxy_local_config_path: "reverse-proxy/haproxy.cfg.j2"
+haproxy_list_tls:
+  - wildcard.felcloud.io
+haproxy_nbproc: 1
+haproxy_first_tls: "/etc/haproxy/tls/wildcard.felcloud.io.pem"
+
+
+haproxy:
+  frontends:
+  - name: "{{ k8s_frontend_name }}"
+    mode: tcp
+    haproxy_ips:
+      - ip: "{{ hostvars[inventory_hostname].ansible_host }}:80"
+        tls: no
+      - ip: "{{ hostvars[inventory_hostname].ansible_host }}:443"
+        tls: yes
+
+  backends:
+  - name: "{{ k8s_backend_name }}"
+    frontend: "safouene-felcloud.io"
+    mode: tcp
+    servers:
+      - "server {{ groups[group][0] }} {{ hostvars[groups[group][0]].ansible_host }}:{{ NodePort }} check"
+      - "server {{ groups[group][1] }} {{ hostvars[groups[group][1]].ansible_host }}:{{ NodePort }} check"
+      - "server {{ groups[group][2] }} {{ hostvars[groups[group][2]].ansible_host }}:{{ NodePort }} check"
+
+  
+#vars
+k8s_master_groupname: master
+k8s_worker_groupname: worker
+NodePort: 31000
+

host_vars/haproxy.yml

@@ -0,0 +1,6 @@
+---
+k8s_backend_name: k8s_master_lb
+k8s_frontend_name: k8s_master_lb
+backend_servers: "{{ k8s_master_groupname }}"
+group: "{{ k8s_master_groupname }}"
+

host_vars/lb1.yml

@@ -0,0 +1,6 @@
+---
+k8s_backend_name: k8s_worker_lb
+k8s_frontend_name: k8s_worker_lb
+backend_servers: "{{ k8s_worker_groupname }}"
+group: "{{ k8s_worker_groupname }}"
+

host_vars/stg-bilweb-00

@@ -0,0 +1,10 @@
+---
+
+vrrp_instances:
+  - name: "vip_console"
+    state: "MASTER"
+    interface: "ens3"
+    id: 53
+    passwd: "yZnCOEa74TMgs"
+    vip: "{{ vip_console.all_fixed_ips | first }}/{{ vip_network_cidr.split('/')[1] }}"
+    priority: 200

host_vars/stg-bilweb-01

@@ -0,0 +1,10 @@
+---
+
+vrrp_instances:
+  - name: "vip_console"
+    state: "BACKUP"
+    interface: "ens3"
+    id: 53
+    passwd: "yZnCOEa74TMgs"
+    vip: "{{ vip_console.all_fixed_ips | first }}/{{ vip_network_cidr.split('/')[1] }}"
+    priority: 150

host_vars/stg-mongi-bilweb-00

@@ -0,0 +1,10 @@
+---
+
+vrrp_instances:
+  - name: "vip_console"
+    state: "MASTER"
+    interface: "ens3"
+    id: 53
+    passwd: "yZnCOEa74TMgs"
+    vip: "{{ vip_console_mongi.all_fixed_ips | first }}/{{ vip_network_cidr.split('/')[1] }}"
+    priority: 200

host_vars/stg-mongi-bilweb-01

@@ -0,0 +1,10 @@
+---
+
+vrrp_instances:
+  - name: "vip_console"
+    state: "BACKUP"
+    interface: "ens3"
+    id: 53
+    passwd: "yZnCOEa74TMgs"
+    vip: "{{ vip_console_mongi.all_fixed_ips | first }}/{{ vip_network_cidr.split('/')[1] }}"
+    priority: 150

hosts

@@ -0,0 +1 @@
+

infra/base.json

@@ -0,0 +1,3 @@
+{
+ "INTERNET_Network_ID": "e8d04c1f-0b49-4e87-a1f3-bea618782c90"
+}

infra/ceph.json

@@ -0,0 +1,112 @@
+{ 
+  "application_name": "ceph",
+  "INTERNET_Network_ID": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
+  "network": [{
+	  "name": "ceph_network",
+	  "bastion_access": "yes",
+	  "subnet": {
+		     "name":"ceph_network_subnet",
+		     "ip_version": 4,
+		     "cidr": "172.39.15.0/24",
+		     "dns_servers": ["8.8.8.8"],
+		     "linked_router": [{"router_name": "ceph_router"}]
+                  },
+          "port": [{
+                  "name": "vip_ceph",
+                  "fip_pool": "INTERNET"
+          }]
+  }],
+  "router": [{
+          "router_name": "ceph_router",
+	  "router_external_gateway": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
+	  "linked_subnets": [{
+		  "router_interface_name": "ceph_router_interface",
+		  "subnet_name": "ceph_network_subnet"}]
+  }],
+  "security_group": [
+  ],
+  "instance": [{
+	 "name": "stg-cephmon-00",
+	 "az": "FR_Roubaix",
+	 "flavor": "Atto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "mons",
+	 "network": [{"name": "ceph_network"}]
+        },
+        {
+	 "name": "stg-cephmon-01",
+	 "az": "FR_Roubaix",
+	 "flavor": "Femto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "mons",
+	 "network": [{"name": "ceph_network"}]
+	},
+        {
+	 "name": "stg-cephmon-02",
+	 "az": "FR_Roubaix",
+	 "flavor": "Femto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "mons",
+	 "network": [{"name": "ceph_network"}]
+	},
+        {
+	 "name": "stg-cephosd-00",
+	 "az": "FR_Roubaix",
+	 "flavor": "Femto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "osds",
+	 "network": [{"name": "ceph_network"}],
+	 "volume": ["osd-00"]
+	},
+        {
+	 "name": "stg-cephosd-01",
+	 "az": "FR_Roubaix",
+	 "flavor": "Femto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "osds",
+	 "network": [{"name": "ceph_network"}],
+	 "volume": ["osd-01"]
+	},
+        {
+	 "name": "stg-cephosd-02",
+	 "az": "FR_Roubaix",
+	 "flavor": "Femto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "osds",
+	 "network": [{"name": "ceph_network"}],
+	 "volume": ["osd-02"]
+	},
+        {
+	 "name": "stg-ceph-bastion-00",
+	 "az": "FR_Roubaix",
+	 "flavor": "Atto.S",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "ceph_bastion",
+	 "network": [{"name": "ceph_network"}],
+	 "fip": [{
+		 "floatingip": "fip_ceph",
+		 "pool": "INTERNET",
+		 "bastion_access": "yes"
+	 }]
+	}
+  ],
+  "volume": [
+	  {"name": "osd-00", "description": "Ceph OSD 0", "size": 200, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"},
+	  {"name": "osd-01", "description": "Ceph OSD 1", "size": 200, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"},
+	  {"name": "osd-02", "description": "Ceph OSD 2", "size": 200, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"}
+  ]
+}

infra/ceph_vexx.json

@@ -0,0 +1,225 @@
+{ 
+  "application_name": "ceph_vexx",
+  "bastion_to_use": "ceph_vexx",
+  "network": [{
+	  "name": "ceph_network",
+	  "bastion_access": "yes",
+	  "subnet": {
+		     "name":"ceph_network_subnet",
+		     "ip_version": 4,
+		     "cidr": "172.39.15.0/24",
+		     "dns_servers": ["8.8.8.8"],
+		     "linked_router": [{"router_name": "ceph_router"}]
+                  },
+          "port": [
+          ]
+  }],
+  "router": [{
+          "router_name": "ceph_router",
+	  "router_external_gateway": "0048fce6-c715-4106-a810-473620326cb0",
+	  "linked_subnets": [{
+		  "router_interface_name": "ceph_router_interface",
+		  "subnet_name": "ceph_network_subnet"}]
+  }],
+  "security_group":[
+    {
+      "name": "all_open",
+      "description": "Emine DEV environment is security group",
+      "rules": [
+        {
+          "name": "Ingress_ssh",
+          "description": "ssh traffic",
+          "direction": "ingress",
+          "port_range_max": 22,
+          "port_range_min": 22,
+          "protocol": "tcp",
+          "remote_ip_prefix": "0.0.0.0/0"
+        },
+        {
+          "name": "Ingress_http",
+          "description": "http traffic",
+          "direction": "ingress",
+          "port_range_max": 80,
+          "port_range_min": 80,
+          "protocol": "tcp",
+          "remote_ip_prefix": "0.0.0.0/0"
+        },
+        {
+          "name": "Ingress_https",
+          "description": "https traffic",
+          "direction": "ingress",
+          "port_range_max": 443,
+          "port_range_min": 443,
+          "protocol": "tcp",
+          "remote_ip_prefix": "0.0.0.0/0"
+        },
+        {
+          "name": "Ingress_squid",
+          "description": "Squid Proxy traffic",
+          "direction": "ingress",
+          "port_range_max": 3128,
+          "port_range_min": 3128,
+          "protocol": "tcp",
+          "remote_ip_prefix": "0.0.0.0/0"
+        },
+        {
+          "name": "Ingress_ping",
+          "description": "icmp traffic",
+          "direction": "ingress",
+          "port_range_max": 0,
+          "port_range_min": 0,
+          "protocol": "icmp",
+          "remote_ip_prefix": "0.0.0.0/0"
+        },
+        {
+          "name": "Ingress_nosqlclient",
+          "description": "nosqlclient traffic",
+          "direction": "ingress",
+          "port_range_max": 3000,
+          "port_range_min": 3000,
+          "protocol": "tcp",
+          "remote_ip_prefix": "0.0.0.0/0"
+        },
+        {
+          "name": "Ingress_nexus",
+          "description": "nexus repository traffic",
+          "direction": "ingress",
+          "port_range_max": 8081,
+          "port_range_min": 8081,
+          "protocol": "tcp",
+          "remote_ip_prefix": "0.0.0.0/0"
+        },
+        {
+          "name": "Ingress_nexus_docker_registry",
+          "description": "nexus repository traffic",
+          "direction": "ingress",
+          "port_range_max": 8082,
+          "port_range_min": 8082,
+          "protocol": "tcp",
+          "remote_ip_prefix": "0.0.0.0/0"
+        },
+        {
+          "name": "Ingress_ceph_osds",
+          "description": "Ceph OSDs traffic",
+          "direction": "ingress",
+          "port_range_max": 7300,
+          "port_range_min": 6800,
+          "protocol": "tcp",
+          "remote_ip_prefix": "0.0.0.0/0"
+        },
+        {
+          "name": "Ingress_ceph_mons",
+          "description": "Ceph Mons and Client traffic",
+          "direction": "ingress",
+          "port_range_max": 3300,
+          "port_range_min": 3300,
+          "protocol": "tcp",
+          "remote_ip_prefix": "0.0.0.0/0"
+        },
+        {
+          "name": "Ingress_ceph_mons_backup",
+          "description": "Ceph Mons and Client traffic",
+          "direction": "ingress",
+          "port_range_max": 6789,
+          "port_range_min": 6789,
+          "protocol": "tcp",
+          "remote_ip_prefix": "0.0.0.0/0"
+        },
+        {
+          "name": "Ingress_mongodb",
+          "description": "mongodb traffic",
+          "direction": "ingress",
+          "port_range_max": 27017,
+          "port_range_min": 27017,
+          "protocol": "tcp",
+          "remote_ip_prefix": "0.0.0.0/0"
+        }
+      ]
+    }
+  ],
+  "instance": [{
+	 "name": "stg-cephmon-00",
+	 "az": "nova",
+	 "flavor": "v3-starter-1",
+	 "image": "Ubuntu 22.04 - Cloud Image",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "mons",
+	 "network": [{"name": "ceph_network"}]
+        },
+        {
+	 "name": "stg-cephmon-01",
+	 "az": "nova",
+	 "flavor": "v3-starter-1",
+	 "image": "Ubuntu 22.04 - Cloud Image",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "mons",
+	 "network": [{"name": "ceph_network"}]
+	},
+        {
+	 "name": "stg-cephmon-02",
+	 "az": "nova",
+	 "flavor": "v3-starter-1",
+	 "image": "Ubuntu 22.04 - Cloud Image",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "mons",
+	 "network": [{"name": "ceph_network"}]
+	},
+        {
+	 "name": "stg-cephosd-00",
+	 "az": "nova",
+	 "flavor": "v3-starter-1",
+	 "image": "Ubuntu 22.04 - Cloud Image",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "osds",
+	 "network": [{"name": "ceph_network"}],
+	 "volume": ["osd-00"]
+	},
+        {
+	 "name": "stg-cephosd-01",
+	 "az": "nova",
+	 "flavor": "v3-starter-1",
+	 "image": "Ubuntu 22.04 - Cloud Image",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "osds",
+	 "network": [{"name": "ceph_network"}],
+	 "volume": ["osd-01"]
+	},
+        {
+	 "name": "stg-cephosd-02",
+	 "az": "nova",
+	 "flavor": "v3-starter-1",
+	 "image": "Ubuntu 22.04 - Cloud Image",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "osds",
+	 "network": [{"name": "ceph_network"}],
+	 "volume": ["osd-02"]
+	},
+        {
+	 "name": "stg-ceph-bastion-00",
+	 "az": "nova",
+	 "flavor": "v3-starter-1",
+	 "image": "Ubuntu 22.04 - Cloud Image",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "ceph_vexx_bastion",
+	 "network": [{
+		 "name": "ceph_network",
+		 "fip": {
+			 "name": "fip_bastion",
+			 "pool": "public"
+		 }
+	 }]
+	}
+  ],
+  "volume": [
+	  {"name": "osd-00", "description": "Ceph OSD 0", "size": 50, "availability_zone": "nova", "volume_type": "rbd"},
+	  {"name": "osd-01", "description": "Ceph OSD 1", "size": 50, "availability_zone": "nova", "volume_type": "rbd"},
+	  {"name": "osd-02", "description": "Ceph OSD 2", "size": 50, "availability_zone": "nova", "volume_type": "rbd"}
+  ]
+}

infra/console.json

@@ -0,0 +1,185 @@
+{ 
+  "application_name": "console",
+  "INTERNET_Network_ID": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
+  "network": [{
+	  "name": "admin_console",
+	  "bastion_access": "yes",
+	  "subnet": {
+		     "name":"admin_console_subnet",
+		     "ip_version": 4,
+		     "cidr": "172.53.0.0/16",
+		     "dns_servers": ["8.8.8.8"],
+		     "linked_router": [{"router_name": "console_router"}]
+                  },
+          "port": [{
+                  "name": "vip_console",
+                  "fip_pool": "INTERNET"
+          }]
+  }],
+  "router": [{
+          "router_name": "console_router",
+	  "router_external_gateway": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
+	  "linked_subnets": [{
+		  "router_interface_name": "console_admin_interface",
+		  "subnet_name": "admin_console_subnet"}]
+  }],
+  "security_group": [{
+	  "name": "secgroup_console",
+	  "description": "Console DEV environment is security group",
+	  "rules": [
+		  {"name": "Ingress_ssh",
+		   "description": "ssh traffic",
+		   "direction": "ingress",
+		   "port_range_max": 22,
+		   "port_range_min": 22,
+		   "protocol": "tcp",
+		   "remote_ip_prefix": "0.0.0.0/0"},
+		  {"name": "Ingress_http",
+		   "description": "http traffic",
+		   "direction": "ingress",
+		   "port_range_max": 80,
+		   "port_range_min": 80,
+		   "protocol": "tcp",
+		   "remote_ip_prefix": "0.0.0.0/0"},
+		  {"name": "Ingress_https",
+		   "description": "https traffic",
+		   "direction": "ingress",
+		   "port_range_max": 443,
+		   "port_range_min": 443,
+		   "protocol": "tcp",
+		   "remote_ip_prefix": "0.0.0.0/0"},
+		  {"name": "Ingress_squid",
+		   "description": "Squid Proxy traffic",
+		   "direction": "ingress",
+		   "port_range_max": 3128,
+		   "port_range_min": 3128,
+		   "protocol": "tcp",
+		   "remote_ip_prefix": "0.0.0.0/0"},
+		   {"name": "Ingress_ping",
+                   "description": "icmp traffic",
+                   "direction": "ingress",
+                   "port_range_max": 0,
+                   "port_range_min": 0,
+                   "protocol": "icmp",
+                   "remote_ip_prefix": "0.0.0.0/0"},
+		   {"name": "Ingress_nosqlclient",
+                   "description": "nosqlclient traffic",
+                   "direction": "ingress",
+                   "port_range_max": 3000,
+                   "port_range_min": 3000,
+                   "protocol": "tcp",
+                   "remote_ip_prefix": "0.0.0.0/0"},
+		   {"name": "Ingress_nexus",
+                   "description": "nexus repository traffic",
+                   "direction": "ingress",
+                   "port_range_max": 8081,
+                   "port_range_min": 8081,
+                   "protocol": "tcp",
+                   "remote_ip_prefix": "0.0.0.0/0"},
+		   {"name": "Ingress_nexus_docker_registry",
+                   "description": "nexus repository traffic",
+                   "direction": "ingress",
+                   "port_range_max": 8082,
+                   "port_range_min": 8082,
+                   "protocol": "tcp",
+                   "remote_ip_prefix": "0.0.0.0/0"},
+		  {"name": "Ingress_mongodb",
+		   "description": "mongodb traffic",
+		   "direction": "ingress",
+		   "port_range_max": 27017,
+		   "port_range_min": 27017,
+		   "protocol": "tcp",
+		   "remote_ip_prefix": "0.0.0.0/0"}
+	  ]
+  }],
+  "instance": [{
+	 "name": "stg-bilweb-00",
+	 "az": "UK_London",
+	 "flavor": "Atto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["secgroup_console"],
+	 "inventory_group": "console_web",
+	 "network": [{"name": "admin_console"}]
+        },
+        {
+         "name": "stg-bilweb-01",
+	 "az": "UK_London",
+	 "flavor": "Atto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["secgroup_console"],
+	 "inventory_group": "console_web",
+	 "network": [{"name": "admin_console"}]
+	},
+        {
+	 "name": "stg-billdb-00",
+	 "az": "FR_Roubaix",
+	 "flavor": "Femto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["secgroup_console"],
+	 "inventory_group": "console_database",
+	 "network": [{"name": "admin_console"}]
+	},
+        {
+	 "name": "stg-billdb-01",
+	 "az": "UK_London",
+	 "flavor": "Femto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["secgroup_console"],
+	 "inventory_group": "console_database",
+	 "network": [{"name": "admin_console"}]
+	},
+        {
+	 "name": "stg-billdb-02",
+	 "az": "UK_London",
+	 "flavor": "Femto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["secgroup_console"],
+	 "inventory_group": "console_database",
+	 "network": [{"name": "admin_console"}]
+	},
+        {
+	 "name": "stg-bilrep-00",
+	 "az": "UK_London",
+	 "flavor": "RAM.S",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["secgroup_console"],
+	 "inventory_group": "nexus",
+	 "network": [{"name": "admin_console"}],
+	 "volume": ["nexus_repository"]
+	},
+        {
+	 "name": "stg-conbld-00",
+	 "az": "UK_London",
+	 "flavor": "Atto.M",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["secgroup_console"],
+	 "inventory_group": "container_biuld",
+	 "network": [{"name": "admin_console"}]
+	},
+        {
+	 "name": "stg-bilbas-00",
+	 "az": "UK_London",
+	 "flavor": "Atto.S",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["secgroup_console"],
+	 "inventory_group": "console_bastion",
+	 "network": [{"name": "admin_console"}],
+	 "fip": [{
+		 "floatingip": "fip_console",
+		 "pool": "INTERNET",
+		 "bastion_access": "yes"
+	 }]
+	}
+  ],
+  "volume": [
+        {"name": "nexus_repository", "description": "Nexus volume", "size": 300, "availability_zone": "UK_London", "volume_type": "HDD SATA"}
+  ]
+}

infra/consolemongi.json

@@ -0,0 +1,96 @@
+{ 
+  "application_name": "consolemongi",
+  "INTERNET_Network_ID": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
+  "network": [{
+	  "name": "mongi_console",
+	  "bastion_access": "yes",
+	  "subnet": {
+		     "name":"mongi_console_subnet",
+		     "ip_version": 4,
+		     "cidr": "172.55.0.0/16",
+		     "dns_servers": ["8.8.8.8"],
+		     "linked_router": [{"router_name": "mongi_router"}]
+                  },
+          "port": [{
+                  "name": "vip_console_mongi",
+                  "fip_pool": "INTERNET"
+          }]
+  }],
+  "router": [{
+          "router_name": "mongi_router",
+	  "router_external_gateway": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
+	  "linked_subnets": [{
+		  "router_interface_name": "mongi_console_interface",
+		  "subnet_name": "mongi_console_subnet"}]
+  }],
+  "security_group": [
+  ],
+  "instance": [{
+	 "name": "stg-mongi-bilweb-00",
+	 "az": "FR_Roubaix",
+	 "flavor": "Atto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["secgroup_console"],
+	 "inventory_group": "mongi_console_web",
+	 "network": [{"name": "mongi_console"}]
+        },
+        {
+         "name": "stg-mongi-bilweb-01",
+	 "az": "FR_Roubaix",
+	 "flavor": "Atto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["secgroup_console"],
+	 "inventory_group": "mongi_console_web",
+	 "network": [{"name": "mongi_console"}]
+	},
+        {
+	 "name": "stg-mongi-billdb-00",
+	 "az": "FR_Roubaix",
+	 "flavor": "Femto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["secgroup_console"],
+	 "inventory_group": "mongi_console_database",
+	 "network": [{"name": "mongi_console"}]
+	},
+        {
+	 "name": "stg-mongi-billdb-01",
+	 "az": "FR_Roubaix",
+	 "flavor": "Femto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["secgroup_console"],
+	 "inventory_group": "mongi_console_database",
+	 "network": [{"name": "mongi_console"}]
+	},
+        {
+	 "name": "stg-mongi-billdb-02",
+	 "az": "FR_Roubaix",
+	 "flavor": "Femto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["secgroup_console"],
+	 "inventory_group": "mongi_console_database",
+	 "network": [{"name": "mongi_console"}]
+	},
+        {
+	 "name": "stg-mongi-bilbas-00",
+	 "az": "FR_Roubaix",
+	 "flavor": "Atto.S",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["secgroup_console"],
+	 "inventory_group": "consolemongi_bastion",
+	 "network": [{"name": "mongi_console"}],
+	 "fip": [{
+		 "floatingip": "fip_console",
+		 "pool": "INTERNET",
+		 "bastion_access": "yes"
+	 }]
+	}
+  ],
+  "volume": [
+  ]
+}

infra/emine.json

@@ -0,0 +1,87 @@
+{ 
+  "application_name": "emine",
+  "network": [{
+	  "name": "emine_network",
+	  "bastion_access": "yes",
+	  "subnet": {
+		     "name":"emine_network_subnet",
+		     "ip_version": 4,
+		     "cidr": "172.39.14.0/24",
+		     "dns_servers": ["8.8.8.8"],
+		     "linked_router": [{"router_name": "emine_router"}]
+                  },
+          "port": [
+	  ]
+  }],
+  "router": [{
+          "router_name": "emine_router",
+	  "router_external_gateway": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
+	  "linked_subnets": [{
+		  "router_interface_name": "emine_router_interface",
+		  "subnet_name": "emine_network_subnet"}]
+  }],
+  "security_group": [
+  ],
+  "instance": [{
+	 "name": "stg-emine-console-00",
+	 "az": "FR_Roubaix",
+	 "flavor": "Atto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "emine_web",
+	 "network": [{"name": "emine_network"}],
+	 "fip": [{
+		 "floatingip": "fip_console",
+		 "pool": "INTERNET"
+	 }]
+        },
+        {
+	 "name": "stg-emine-mongodb-00",
+	 "az": "FR_Roubaix",
+	 "flavor": "Femto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "emine_db",
+	 "network": [{"name": "emine_network"}]
+	},
+        {
+	 "name": "stg-emine-mongodb-01",
+	 "az": "FR_Roubaix",
+	 "flavor": "Femto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "emine_db",
+	 "network": [{"name": "emine_network"}]
+	},
+        {
+	 "name": "stg-emine-mongodb-02",
+	 "az": "FR_Roubaix",
+	 "flavor": "Femto.L",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "emine_db",
+	 "network": [{"name": "emine_network"}]
+	},
+        {
+	 "name": "stg-emine-bastion-00",
+	 "az": "FR_Roubaix",
+	 "flavor": "Atto.S",
+	 "image": "Ubuntu 20.04 LTS - Focal",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "emine_bastion",
+	 "network": [{"name": "emine_network"}],
+	 "fip": [{
+		 "floatingip": "fip_bastion",
+		 "pool": "INTERNET",
+		 "bastion_access": "yes"
+	 }]
+	}
+  ],
+  "volume": [
+  ]
+}

infra/emine_vexx.json

@@ -0,0 +1,107 @@
+{ 
+  "application_name": "emine",
+  "network": [{
+	  "name": "emine_network",
+	  "bastion_access": "yes",
+	  "subnet": {
+		     "name":"emine_network_subnet",
+		     "ip_version": 4,
+		     "cidr": "172.39.14.0/24",
+		     "dns_servers": ["8.8.8.8"],
+		     "linked_router": [{"router_name": "emine_router"}]
+                  },
+          "port": [
+	  ]
+  }],
+  "router": [{
+          "router_name": "emine_router",
+	  "router_external_gateway": "0048fce6-c715-4106-a810-473620326cb0",
+	  "linked_subnets": [{
+		  "router_interface_name": "emine_router_interface",
+		  "subnet_name": "emine_network_subnet"}]
+  }],
+  "security_group": [{
+	  "name": "all_open",
+	  "description": "Emine DEV environment is security group",
+	  "rules": [
+		  {"name": "Ingress_ssh",
+		   "description": "ssh traffic",
+		   "direction": "ingress",
+		   "port_range_max": 22,
+		   "port_range_min": 22,
+		   "protocol": "tcp",
+		   "remote_ip_prefix": "0.0.0.0/0"},
+		  {"name": "Ingress_http",
+		   "description": "http traffic",
+		   "direction": "ingress",
+		   "port_range_max": 80,
+		   "port_range_min": 80,
+		   "protocol": "tcp",
+		   "remote_ip_prefix": "0.0.0.0/0"},
+		  {"name": "Ingress_https",
+		   "description": "https traffic",
+		   "direction": "ingress",
+		   "port_range_max": 443,
+		   "port_range_min": 443,
+		   "protocol": "tcp",
+		   "remote_ip_prefix": "0.0.0.0/0"},
+		  {"name": "Ingress_squid",
+		   "description": "Squid Proxy traffic",
+		   "direction": "ingress",
+		   "port_range_max": 3128,
+		   "port_range_min": 3128,
+		   "protocol": "tcp",
+		   "remote_ip_prefix": "0.0.0.0/0"},
+		   {"name": "Ingress_ping",
+                   "description": "icmp traffic",
+                   "direction": "ingress",
+                   "port_range_max": 0,
+                   "port_range_min": 0,
+                   "protocol": "icmp",
+                   "remote_ip_prefix": "0.0.0.0/0"},
+		   {"name": "Ingress_nosqlclient",
+                   "description": "nosqlclient traffic",
+                   "direction": "ingress",
+                   "port_range_max": 3000,
+                   "port_range_min": 3000,
+                   "protocol": "tcp",
+                   "remote_ip_prefix": "0.0.0.0/0"},
+		   {"name": "Ingress_nexus",
+                   "description": "nexus repository traffic",
+                   "direction": "ingress",
+                   "port_range_max": 8081,
+                   "port_range_min": 8081,
+                   "protocol": "tcp",
+                   "remote_ip_prefix": "0.0.0.0/0"},
+		   {"name": "Ingress_nexus_docker_registry",
+                   "description": "nexus repository traffic",
+                   "direction": "ingress",
+                   "port_range_max": 8082,
+                   "port_range_min": 8082,
+                   "protocol": "tcp",
+                   "remote_ip_prefix": "0.0.0.0/0"},
+		  {"name": "Ingress_mongodb",
+		   "description": "mongodb traffic",
+		   "direction": "ingress",
+		   "port_range_max": 27017,
+		   "port_range_min": 27017,
+		   "protocol": "tcp",
+		   "remote_ip_prefix": "0.0.0.0/0"}
+	          ]
+          }
+  ],
+  "instance": [{
+	 "name": "stg-emine-vexxtest-00",
+	 "az": "nova",
+	 "flavor": "v3-starter-1",
+	 "image": "Ubuntu 20.04.3 LTS (x86_64) [2021-10-04]",
+	 "keypair": "dell XPS",
+	 "security_group": ["all_open"],
+	 "inventory_group": "emine",
+	 "network": [{"name": "emine_network"}],
+	 "fip": []
+        }
+  ],
+  "volume": [
+  ]
+}

infra/safouene.json

@@ -0,0 +1,149 @@
+{ 
+  "application_name": "safouene",
+  "network": [{
+          "name": "safouene_network",
+          "bastion_access": "yes",
+          "subnet": {
+                     "name":"saf_subnet",
+                     "ip_version": 4,
+                     "cidr": "172.16.0.0/24",
+                     "dns_servers": ["8.8.8.8"],
+                     "linked_router": [{"router_name": "safouene_router"}]
+                  }
+          }],
+
+   "router": [{
+          "router_name": "safouene_router",
+          "router_external_gateway": "0048fce6-c715-4106-a810-473620326cb0",
+          "linked_subnets": [{
+                             "router_interface_name":"saf_interface",
+                             "subnet_name":"saf_subnet"}]
+  }], 
+
+          "port": [
+          ],
+
+  "security_group": [],
+  "bastion_to_use": "safouene",
+  "instance": [{
+         "name": "kmaster1",
+         "az": "nova",
+         "flavor": "v3-starter-4",
+         "image": "Ubuntu 22.04 - Cloud Image",
+         "keypair": "saf_controller",
+         "security_group": ["safouene_sg"],
+         "inventory_group": "master",
+         "network": [{"name": "safouene_network"}]
+        },
+        {
+         "name": "kmaster2",
+         "az": "nova",
+         "flavor": "v3-starter-4",
+         "image": "Ubuntu 22.04 - Cloud Image",
+         "keypair": "saf_controller",
+         "security_group": ["safouene_sg"],
+         "inventory_group": "master",
+         "network": [{"name": "safouene_network"}]
+        },
+        {
+         "name": "kmaster3",
+         "az": "nova",
+         "flavor": "v3-starter-4",
+         "image": "Ubuntu 22.04 - Cloud Image",
+         "keypair": "saf_controller",
+         "security_group": ["safouene_sg"],
+         "inventory_group": "master",
+         "network": [{"name": "safouene_network"}]
+        },
+        {
+         "name": "kworker1",
+         "az": "nova",
+         "flavor": "v3-standard-2",
+         "image": "Ubuntu 22.04 - Cloud Image",
+         "keypair": "saf_controller",
+         "security_group": ["safouene_sg"],
+         "inventory_group": "worker",
+         "network": [{"name": "safouene_network"}]
+        },
+
+        {
+         "name": "kworker2",
+         "az": "nova",
+         "flavor": "v3-standard-2",
+         "image": "Ubuntu 22.04 - Cloud Image",
+         "keypair": "saf_controller",
+         "security_group": ["safouene_sg"],
+         "inventory_group": "worker",
+         "network": [{"name": "safouene_network"}]
+        },
+
+        {
+         "name": "kworker3",
+         "az": "nova",
+         "flavor": "v3-standard-2",
+         "image": "Ubuntu 22.04 - Cloud Image",
+         "keypair": "saf_controller",
+         "security_group": ["safouene_sg"],
+         "inventory_group": "worker",
+         "network": [{"name": "safouene_network"}]
+        },
+
+        {
+         "name": "lb1",
+         "az": "nova",
+         "flavor": "v3-starter-1",
+         "image": "Ubuntu 22.04 - Cloud Image",
+         "keypair": "saf_controller",
+         "security_group": ["safouene_sg"],
+         "inventory_group": "lb",
+         "network": [{
+                 "name": "safouene_network",
+                 "fip": {
+                         "name": "fip_lb",
+                         "pool": "public"
+                 }
+          }]
+
+         },
+
+
+        {
+         "name": "haproxy",
+         "az": "nova",
+         "flavor": "v3-starter-1",
+         "image": "Ubuntu 22.04 - Cloud Image",
+         "keypair": "saf_controller",
+         "security_group": ["safouene_sg"],
+         "inventory_group": "loadbalancer",
+         "network": [{
+                 "name": "safouene_network",
+                 "fip": {
+                         "name": "fip_haproxy",
+                         "pool": "public"
+                 }
+          }]
+
+         },
+
+
+         {
+         "name": "bastionk8s",
+         "az": "nova",
+         "flavor": "v3-starter-1",
+         "image": "Ubuntu 22.04 - Cloud Image",
+         "keypair": "saf_controller",
+         "security_group": ["safouene_sg"],
+         "inventory_group": "safouene_bastion",
+         "network": [{
+                 "name": "safouene_network",
+                 "fip": {
+                         "name": "fip_bastion",
+                         "pool": "public"
+                 }
+                }]
+        }
+
+  ],
+  "volume": [
+  ]
+}

pulumi_passphrase

@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+62303632316333616431643931383639333964323332383737666531646432643263656432326432
+3336326461306235643638626332613864646536666334640a376665393432653761353337376464
+34653230393836383062323336626331323266643639393936646237323736363364343531373538
+3530333930353631360a636433393431656165323034373832633333303966623235613231643764
+31333136353864373061353065323234373732663335373661336235336437366363316235663633
+6566663036666532313766323861643663383433343737636563

requirements.yml

@@ -0,0 +1,73 @@
+---
+
+- src: git@git.felcloud.io:felcloud/ansible_roles_base.git
+  version: 0.0.4
+  scm: git
+  accept_hostkey: yes
+  name: base
+
+- src: git@git.felcloud.io:felcloud/ansible_roles_ssh.git
+  version: 0.0.1
+  scm: git
+  accept_hostkey: yes
+  name: ssh
+
+- src: git@git.felcloud.io:felcloud/ansible_roles_haproxy.git
+  version: 0.0.1
+  scm: git
+  accept_hostkey: yes
+  name: haproxy
+
+- src: git@git.felcloud.io:felcloud/ansible_roles_keepalived.git
+  version: 0.0.1
+  scm: git
+  accept_hostkey: yes
+  name: keepalived
+
+- src: git@git.felcloud.io:felcloud/ansible_roles_docker.git
+  version: 0.0.1
+  scm: git
+  accept_hostkey: yes
+  name: docker
+
+- src: git@git.felcloud.io:felcloud/ansible_roles_console.git
+  version: 0.0.6
+  scm: git
+  accept_hostkey: yes
+  name: console
+
+- src: git@git.felcloud.io:felcloud/ansible_roles_mongodb.git
+  version: 0.0.1
+  scm: git
+  accept_hostkey: yes
+  name: mongodb
+
+- src: git@git.felcloud.io:felcloud/ansible_roles_nexus.git
+  version: 0.0.1
+  scm: git
+  accept_hostkey: yes
+  name: nexus
+
+- src: git@git.felcloud.io:felcloud/ansible_roles_ceph-init.git
+  version: main
+  scm: git
+  accept_hostkey: yes
+  name: ceph-init
+
+- src: git@git.felcloud.io:felcloud/ansible_roles_k8s_common.git
+  version: main
+  scm: git
+  accept_hostkey: yes
+  name: k8s_common
+
+- src: git@git.felcloud.io:felcloud/ansible_roles_k8s_control.git
+  version: main
+  scm: git
+  accept_hostkey: yes
+  name: k8s_control
+
+- src: git@git.felcloud.io:felcloud/ansible_roles_k8s_worker.git
+  version: main
+  scm: git
+  accept_hostkey: yes
+  name: k8s_worker

safouene.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+export OS_CLOUD="vexxhost_ams1"
+export PULUMI_STACK="staging"
+export PULUMI_SUB_STACK="safouene"
+export PULUMI_CONFIG_PASSPHRASE_FILE="/etc/ansible/pulumi_passphrase"
+