wireapp · amitsagtani97 · Nov 4, 2024 · Nov 5, 2024 · Nov 5, 2024 · Nov 7, 2024
@@ -48,7 +48,7 @@ jobs:
       - name: Build and upload wire-server-deploy container
         run: |
           container_image=$(nix-build --no-out-link -A container)
-          skopeo copy --dest-creds "$DOCKER_LOGIN" \
+          skopeo copy --retry-times 10 --dest-creds "$DOCKER_LOGIN" \
             docker-archive:"$container_image" \
             "docker://quay.io/wire/wire-server-deploy:${{ steps.upload_name.outputs.UPLOAD_NAME }}"
         env:

@@ -51,7 +51,7 @@ jobs:
         run: |
           container_image=$(nix-build --no-out-link -A container)
 
-          skopeo copy --dest-creds "$DOCKER_LOGIN" \
+          skopeo copy --retry-times 10 --dest-creds "$DOCKER_LOGIN" \
             docker-archive:"$container_image" \
             "docker://quay.io/wire/wire-server-deploy:${{ steps.upload_name.outputs.UPLOAD_NAME }}"
         env:
@@ -63,10 +63,10 @@ jobs:
         env:
           HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
 
-      - name: Clean up hetzner environment; just in case
-        if: always()
-        run: (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform init && terraform destroy -auto-approve)
-        env:
-          HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
+#      - name: Clean up hetzner environment; just in case
+#        if: always()
+#        run: (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform init && terraform destroy -auto-approve)
+#        env:
+#          HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
 
 
diff --git a/bin/offline-cluster.sh b/bin/offline-cluster.sh
@@ -11,8 +11,10 @@ ls $ANSIBLE_DIR/inventory/offline
 
 if [ -f "$ANSIBLE_DIR/inventory/offline/hosts.ini" ]; then
   INVENTORY_FILE="$ANSIBLE_DIR/inventory/offline/hosts.ini"
+  cat "$INVENTORY_FILE"
 elif [ -f "$ANSIBLE_DIR/inventory/offline/inventory.yml" ]; then
   INVENTORY_FILE="$ANSIBLE_DIR/inventory/offline/inventory.yml"
+  cat "$INVENTORY_FILE"
 else
   echo "No inventory file in ansible/inventory/offline/. Please supply an $ANSIBLE_DIR/inventory/offline/inventory.yml or $ANSIBLE_DIR/inventory/offline/hosts.ini"
   exit -1
@@ -50,10 +52,10 @@ ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/sync_time.yml -v
 ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/kubernetes.yml --skip-tags bootstrap-os,preinstall,container-engine,multus
 
 # Deploy all other services which don't run in kubernetes.
-ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/cassandra.yml
-ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/elasticsearch.yml
-ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/minio.yml
-ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/restund.yml
+ansible-playbook -i $INVENTORY_FILE -vvv $ANSIBLE_DIR/cassandra.yml
+ansible-playbook -i $INVENTORY_FILE -vvv $ANSIBLE_DIR/elasticsearch.yml
+ansible-playbook -i $INVENTORY_FILE -vvv $ANSIBLE_DIR/minio.yml
+ansible-playbook -i $INVENTORY_FILE -vvv $ANSIBLE_DIR/restund.yml
 
 # create helm values that tell our helm charts what the IP addresses of cassandra, elasticsearch and minio are:
-ansible-playbook -i $INVENTORY_FILE $ANSIBLE_DIR/helm_external.yml --skip-tags=rabbitmq-external
+ansible-playbook -i $INVENTORY_FILE -vvv $ANSIBLE_DIR/helm_external.yml --skip-tags=rabbitmq-external
diff --git a/offline/cd.sh b/offline/cd.sh
@@ -2,16 +2,18 @@
 
 set -euo pipefail
 
-function cleanup {
-  (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform destroy -auto-approve)
-  echo done
-}
-trap cleanup EXIT
+# function cleanup {
+#   (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform destroy -auto-approve)
+#   echo done
+# }
+# trap cleanup EXIT
 (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform init ; terraform apply -auto-approve )
 adminhost=$(cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform output adminhost)
 adminhost="${adminhost//\"/}" # remove extra quotes around the returned string
 ssh_private_key=$(cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform output ssh_private_key)
 
+echo "adminhost: $adminhost"
+echo "$ssh_private_key"
 eval `ssh-agent`
 ssh-add - <<< "$ssh_private_key"
 

@@ -42,7 +42,7 @@ resource "hcloud_server" "redis" {
   count       = 0
   name        = "redis${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx11"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)
@@ -53,7 +53,7 @@ resource "hcloud_server" "restund" {
   count       = 2
   name        = "restund${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx11"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)
@@ -64,7 +64,7 @@ resource "hcloud_server" "minio" {
   count       = 3
   name        = "minio${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx11"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)
@@ -75,7 +75,7 @@ resource "hcloud_server" "cassandra" {
   count       = 3
   name        = "cassandra${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx21"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)
@@ -86,7 +86,7 @@ resource "hcloud_server" "elasticsearch" {
   count       = 3
   name        = "elasticsearch${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx11"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)

diff --git a/terraform/examples/wire-server-deploy-offline-hetzner/.terraform.lock.hcl b/terraform/examples/wire-server-deploy-offline-hetzner/.terraform.lock.hcl
@@ -20,6 +20,49 @@ locals {
     - iptables -A OUTPUT -o eth0 -p udp --dport 123 -j ACCEPT
     - ip6tables -A OUTPUT -o eth0 -p udp --dport 123 -j ACCEPT
 
+    # Cassandra (inbound and outbound)
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 9042 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9042 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 9042 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 9042 -j ACCEPT
+
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 9160 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9160 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 9160 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 9160 -j ACCEPT
+
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 7000 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 7000 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 7000 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 7000 -j ACCEPT
+
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 7199 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 7199 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 7199 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 7199 -j ACCEPT
+
+    # Elasticsearch (inbound and outbound)
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 9300 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9300 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 9300 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 9300 -j ACCEPT
+
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 9200 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9200 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 9200 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 9200 -j ACCEPT
+
+    # MinIO (inbound and outbound)
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 9000 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9000 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 9000 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 9000 -j ACCEPT
+
+    - iptables -A OUTPUT -o eth0 -p tcp --dport 9092 -j ACCEPT
+    - ip6tables -A OUTPUT -o eth0 -p tcp --dport 9092 -j ACCEPT
+    - iptables -A INPUT -i eth0 -p tcp --sport 9092 -j ACCEPT
+    - ip6tables -A INPUT -i eth0 -p tcp --sport 9092 -j ACCEPT
+
     # Drop all other traffic
     - iptables -A OUTPUT -o eth0 -j DROP
     - ip6tables -A OUTPUT -o eth0 -j DROP
@@ -63,7 +106,7 @@ resource "hcloud_server" "adminhost" {
   name        = "adminhost-${random_pet.adminhost.id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx42"
+  server_type = "cpx41"
   user_data   = <<-EOF
   #cloud-config
   apt:
@@ -98,7 +141,7 @@ resource "hcloud_server" "assethost" {
   name        = "assethost-${random_pet.assethost.id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx42"
+  server_type = "cpx41"
   user_data   = local.disable_network_cfg
 }
 
@@ -118,7 +161,7 @@ resource "hcloud_server" "restund" {
   name        = "restund-${random_pet.restund[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx11"
+  server_type = "cx22"
   user_data   = local.disable_network_cfg
 }
 
@@ -139,7 +182,7 @@ resource "hcloud_server" "kubenode" {
   name        = "kubenode-${random_pet.kubenode[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx42"
+  server_type = "cpx41"
   user_data   = local.disable_network_cfg
 }
 
@@ -160,7 +203,7 @@ resource "hcloud_server" "cassandra" {
   name        = "cassandra-${random_pet.cassandra[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx11"
+  server_type = "cx22"
   user_data   = local.disable_network_cfg
 }
 
@@ -181,7 +224,7 @@ resource "hcloud_server" "elasticsearch" {
   name        = "elasticsearch-${random_pet.elasticsearch[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx11"
+  server_type = "cx22"
   user_data   = local.disable_network_cfg
 }
 
@@ -202,7 +245,7 @@ resource "hcloud_server" "minio" {
   name        = "minio-${random_pet.minio[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx11"
+  server_type = "cx22"
   user_data   = local.disable_network_cfg
 }
 

@@ -65,7 +65,7 @@ output "static-inventory" {
         }
       }
       vars = {
-        cassandra_network_interface = "ens10"
+        cassandra_network_interface = "eth0"
       }
     }
     cassandra_seed = {
@@ -79,7 +79,7 @@ output "static-inventory" {
         }
       }
       vars = {
-        elasticsearch_network_interface = "ens10"
+        elasticsearch_network_interface = "eth0"
       }
     }
     elasticsearch_master = {
@@ -93,7 +93,7 @@ output "static-inventory" {
         }
       }
       vars = {
-        minio_network_interface = "ens10"
+        minio_network_interface = "eth0"
       }
     }
     restund = {
@@ -104,7 +104,7 @@ output "static-inventory" {
         }
       }
       vars = {
-        restund_network_interface = "ens10"
+        restund_network_interface = "eth0"
       }
     }