#0 | onpremise etl deployment (security env)

avniproject · Jan 3, 2024 · 31fe8b9 · 31fe8b9
1 parent 2408e53
commit 31fe8b9
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 5 deletions.
diff --git a/configure/Makefile b/configure/Makefile
@@ -122,6 +122,9 @@ encrypt: check-vault-pwd-file
 	cp group_vars/vagrant-secret-vars.yml group_vars/vagrant-secret-vars.yml.enc
 	cp group_vars/onpremise-secret-vars.yml group_vars/onpremise-secret-vars.yml.enc
 
+etl-onpremise: check-app-zip-path check-vault-pwd-file
+	APPLICATION_ZIP_PATH=$(app_zip_path) APPLICATION_ZIP_FILE_NAME=etl-1.0.0-SNAPSHOT.jar ansible-playbook onpremise_etl_servers.yml -i inventory/onpremise  --vault-password-file ${VAULT_PASSWORD_FILE}
+
 etl-staging: check-app-zip-path check-vault-pwd-file
 	APPLICATION_ZIP_PATH=$(app_zip_path) APPLICATION_ZIP_FILE_NAME=etl-1.0.0-SNAPSHOT.jar ansible-playbook staging_etl_servers.yml -i inventory/staging  --vault-password-file ${VAULT_PASSWORD_FILE}
 

diff --git a/configure/group_vars/onpremise_vars.yml b/configure/group_vars/onpremise_vars.yml
@@ -8,13 +8,14 @@ ufw_allowed_ports:
   - "443"
   - "3000"
   - "8021"
+  - "8022"
 
 ## ETL server variables
-etl_appserver_app_url: "app.security.lfe.avniproject.org"
+etl_appserver_app_url: "etl.security.lfe.avniproject.org"
 
 bugsnag_stage: "on-premise"
-
-etl_allowed_origins: "app.security.lfe.avniproject.org"
+int_appserver_app_url: "etl.security.lfe.avniproject.org"
+etl_allowed_origins: "https://app.security.lfe.avniproject.org"
 avni_idp_type: "keycloak"
 scheduled_job_trigger_misfire_threshold: "2700000"
 scheduled_job_repeat_interval: "60"
@@ -38,7 +39,7 @@ avni_server_cache_ttl_seconds: "600"
 avni_server_cache_max_weight: "1000"
 avni_server_show_sql: "false"
 avni_server_idp_type: "keycloak"
-avni_server_etl_service_origin: "https://app.security.lfe.avniproject.org/etl"
+avni_server_etl_service_origin: "https://etl.security.lfe.avniproject.org/etl"
 avni_csrf_enabled: "true"
 avni_web_validhosts: "app.security.lfe.avniproject.org"
 openchs_csp_enabled: "true"
@@ -57,3 +58,4 @@ mb_jetty_port: "3000"
 mb_db_type: "postgres"
 mb_db_port: "5432"
 java_timezone: "Asia/Kolkata"
+java_apt_package: openjdk-17-jdk #for ETL. Comment for avni-server
diff --git a/configure/inventory/onpremise b/configure/inventory/onpremise
@@ -2,7 +2,7 @@
 ssh.app.security.lfe.avniproject.org ansible_user=ubuntu ansible_port=22 ansible_ssh_private_key_file=~/.ssh/lfe-infra.pem
 
 [etlservers]
-ssh.app.security.lfe.avniproject.org ansible_user=ubuntu ansible_port=22 ansible_ssh_private_key_file=~/.ssh/lfe-infra.pem
+etl.security.lfe.avniproject.org ansible_user=ubuntu ansible_port=22 ansible_ssh_private_key_file=~/.ssh/lfe-infra.pem
 
 [keycloak_server]
 keycloak.security.lfe.avniproject.org ansible_user=ubuntu ansible_port=22 ansible_ssh_private_key_file=~/.ssh/lfe-infra.pem

diff --git a/configure/onpremise_etl_servers.yml b/configure/onpremise_etl_servers.yml
@@ -0,0 +1,21 @@
+---
+
+- name: Configure etl servers
+  hosts: etlservers
+  become: yes
+  become_user: root
+  remote_user: "{{ etl_appserver_user }}"
+  vars:
+    update_apt_cache: yes
+  vars_files:
+    - group_vars/basic_vars.yml
+    - group_vars/onpremise_vars.yml
+    - group_vars/onpremise-secret-vars.yml.enc
+  roles:
+#    - base     # Required if int server is not pre deployed.
+#    - security # Required if int server is not pre deployed.
+#    - jdk      # Required if int server is not pre deployed.
+#    - nginx    # Required if int server is not pre deployed.
+#    - certbot  # Required if int server is not pre deployed.
+    - etl_appserver
+    - nginx_appserver