Wpb 24292 update inventory (#885)

* fix wpb-24292: remove old unused prod/hosts.example.ini

* fix wpb-24292: update 99-static file with latest inventory

* fix wpb-24292: enable group vars for dmz-k8s inventory

* fix wpb-24292: add a sample inventory for dmz-k8s cluster

* fix wpb-24292: add changelog for prod ansible inventory changes

Author: mohitrajain

ansible/inventory/dmz-k8s/group_vars/all/offline.yml

@@ -0,0 +1 @@
+../../../offline/group_vars/all/offline.yml

ansible/inventory/dmz-k8s/hosts.ini

@@ -0,0 +1,23 @@
+# A sample inventory file for a secondary k8s cluster dedicated to DMZ services like calling
+[all:vars]
+ansible_user=demo
+# if you choose to avoid passing passwords in the above format, you can also setup ansible_ssh_private_key_file and allow sudo access to ansible_user
+# ansible_ssh_private_key_file="ssh/id_ed25519"
+
+[assethost]
+assethost ansible_host=10.1.1.2
+
+[kube-node]
+dmz-kubenode1  ansible_host=10.1.1.3 etcd_member_name=dmz-kubenode1 ip=10.1.1.3 node_labels="{'wire.com/role': 'sftd'}" node_annotations="{'wire.com/external-ip': '1.1.1.1'}"
+dmz-kubenode2 ansible_host=10.1.1.4 etcd_member_name=dmz-kubenode2 ip=10.1.1.4 node_labels="{'wire.com/role': 'coturn'}"
+dmz-kubenode3 ansible_host=10.1.1.5 etcd_member_name=dmz-kubenode3 ip=10.1.1.5
+
+[kube-master:children]
+kube-node
+
+[etcd:children]
+kube-master
+
+[k8s-cluster:children]
+kube-master
+kube-node

ansible/inventory/offline/99-static

@@ -1,207 +1,105 @@
-# In this section, add all machines in this installation.
-#
-# Ansible connects to the machine on `ansible_host`
-#
-# The machines talk to eachother on `ip`
-#
-# !!! if `ip` is not provided, ansible will default to the IP of the default
-# interface. Which is probably not what you want
-#
-# <hostname> ansible_host=<internal_ip>
-[all]
-# kubenode1 ansible_host=100.89.110.8  ip=10.114.0.10
-# kubenode2 ansible_host=100.154.219.107 ip=10.114.0.8
-# kubenode3 ansible_host=100.227.143.169 ip=10.114.0.2
-# You could add more if capacity is needed
-# kubenode4 ....
-
-# cassandra1 ansible_host=XXXX
-# cassandra2 ansible_host=XXXX
-# cassandra3 ansible_host=XXXX
-
-# elasticsearch1 ansible_host=XXXX
-# elasticsearch2 ansible_host=XXXX
-# elasticsearch3 ansible_host=XXXX
-#
-# minio1 ansible_host=XXXX
-# minio2 ansible_host=XXXX
-# minio3 ansible_host=XXXX
-#
-# rabbitmq1 ansible_host=XXXX
-# rabbitmq2 ansible_host=XXXX
-# rabbitmq3 ansible_host=XXXX
-#
-# postgresql1 ansible_host=XXXX
-# postgresql2 ansible_host=XXXX
-# postgresql3 ansible_host=XXXX
-
-# If you are in an offline environment, add an assethost here, from which
-# artifacts are served
+# Add hosts to the groups below. Use `ansible_host` for SSH and `ip` for node-to-node traffic.
+# If `ip` is omitted, Ansible falls back to the default interface address.
 # assethost ansible_host=100.89.14.74 ip=10.114.0.9
 
-# If you need to tunnel ssh connections through a bastion host (because your
-# nodes are not directly reachable from the machine running ansible), define a
-# bastion host as well, and uncomment the [bastion] section below.
-#
-# bastion ansible_host=XXXX ansible_user=some_user
-
-
 # Below variables are set for all machines in the inventory.
 [all:vars]
 # If you need to ssh as a user that's not the same user as the one running ansible
-# ansible_user=<some_user>
-# ansible_password=<some password>
-# ansible_sudo_pass=<some password>
-# Keep in mind this user needs to be able to sudo passwordless.
+ansible_user=<some_user>
+ansible_password=<some password>
+ansible_become_pass=<some password>
+# This user must be allowed to sudo.
 # ansible_user = root
-#
-# Usually, you want to have a separate keypair to ssh to these boxes,
-# and tell ansible where it is by setting `ansible_ssh_private_key_file`.
-# ansible_ssh_private_key_file = ./dot_ssh/id_ed25519
-# Note adding it to the ssh agent won't work in scenarios where ansible
-# execution is wrapped through a container, as the ssh-agent socket isn't
-# accessible there.
-
-## In the next four sections, Cassandra, elasticsearch, rabbitmq, and MinIO need
-#  the name of the interface you want database services to run on
-#  specified. While this can be used to specify a private network just
-#  for databases, you must specify the interface name you want to run
-#  services on, even in the case that it is the only interface on the box.
-
-# Note: for offline configurations, this is required. the impact is that dns
-# on the physical kubenodes does not perform requests against the kubernetes
-# cluster, prefering the network provided DNS settings.
-# resolvconf_mode: none
 
-[cassandra:vars]
-# cassandra_network_interface = enp1s0
-# setting either cassandra backup directive to 'True' below requires a valid s3 bucket name as well
-# also, enabling backups will install `awscli` via pip, which requires an internet connection
-# cassandra_backup_enabled = False
-# cassandra_incremental_backup_enabled = False
-# cassandra_backup_s3_bucket = <bucketname>
+# if you choose to avoid passing passwords in the above format, you can also setup ansible_ssh_private_key_file and allow sudo access to ansible_user
+# ansible_ssh_private_key_file="ssh/id_ed25519"
 
-[postgresql:vars]
-postgresql_network_interface = enp1s0
-repmgr_node_config:
-  postgresql1:  # Maps to postgresql_rw group
-    node_id: 1
-    priority: 150
-    role: primary
-  postgresql2:  # Maps to first postgresql_ro
-    node_id: 2
-    priority: 100
-    role: standby
-  postgresql3:  # Maps to second postgresql_ro
-    node_id: 3
-    priority: 50
-    role: standby
+[assethost]
+assethost ansible_host=10.1.1.1
 
-[elasticsearch:vars]
-# elasticsearch_network_interface = enp1s0
+# Cassandra nodes.
+[cassandra]
+cassandra1 ansible_host=10.1.1.17
+cassandra2 ansible_host=10.1.1.2
+cassandra3 ansible_host=10.1.1.16
 
-[minio:vars]
-# minio_network_interface = enp1s0
+# One Cassandra seed node.
+[cassandra_seed]
+cassandra1
 
-### No longer used. generated by the nginz section of values/wire-server/values.yaml instead.
-#prefix = "example-"
-#domain = "example.com"
-#deeplink_title = "example.com environment"
+[cassandra:vars]
+cassandra_network_interface = enp1s0
 
-# Rabbitmq specific variables
-[rmq-cluster:vars]
-# host name here must match each node's actual hostname
-rabbitmq_cluster_master: rabbitmq1
-# rabbitmq_network_interface = enp1s0
+# Elasticsearch nodes.
+[elasticsearch]
+elasticsearch1 ansible_host=10.1.1.9
+elasticsearch2 ansible_host=10.1.1.15
+elasticsearch3 ansible_host=10.1.1.19
+
+[elasticsearch:vars]
+elasticsearch_network_interface = enp1s0
 
-# For the following groups, add all nodes defined above to the sections below.
-# Define any additional variables that should be set for these nodes.
+[elasticsearch_master:children]
+elasticsearch
 
-# Uncomment this is you use the bastion host
-# [bastion]
-# bastion
+# Kubernetes nodes. Add `node_labels` or `node_annotations` here when needed.
+[kube-node]
+kubenode1 ansible_host=10.1.1.3 etcd_member_name=kubenode1 ip=10.1.1.3
+kubenode2 ansible_host=10.1.1.4 etcd_member_name=kubenode2 ip=10.1.1.4
+kubenode3 ansible_host=10.1.1.8 etcd_member_name=kubenode3 ip=10.1.1.8
+# Additional worker nodes.
+# kubenode4 ansible_host=10.1.1.88 etcd_member_name=kubenode4 ip=10.1.1.88
 
 # Add all nodes that should be the master
-[kube-master]
-# kubenode1
-# kubenode2
-# kubenode3
+[kube-master:children]
+kube-node
 
-[etcd]
 # !!! There MUST be an UNEVEN amount of etcd servers
-#
-# Uncomment if etcd and kubernetes are colocated
-#
-# kubenode1 etcd_member_name=etcd1
-# kubenode2 etcd_member_name=etcd2
-# kubenode3 etcd_member_name=etcd3
-#
-# Uncomment if etcd cluster is separately deployed from kubernetes masters
-# etcd1 etcd_member_name=etcd1
-# etcd2 etcd_member_name=etcd2
-# etcd3 etcd_member_name=etcd3
-
-# Add all worker nodes here
-[kube-node]
-# kubenode1
-# kubenode2
-# kubenode3
-
-# Additional worker nodes can be added
-# You can label and annotate nodes. E.g. when deploying SFT you might want to
-# deploy it only on certain nodes due to the public IP requirement.
-# kubenode4 node_labels="{'wire.com/role': 'sftd'}" node_annotations="{'wire.com/external-ip': 'XXXX'}"
-# kubenode5 node_labels="{'wire.com/role': 'sftd'}" node_annotations="{'wire.com/external-ip': 'XXXX'}"
+[etcd:children]
+kube-master
 
-# leave this group as is
 [k8s-cluster:children]
 kube-master
 kube-node
 
-# Add all cassandra nodes here
-[cassandra]
-# cassandra1
-# cassandra2
-# cassandra3
-
-# add a cassandra seed
-[cassandra_seed]
-# cassandra1
-
-# Add all elasticsearch nodes here
-[elasticsearch]
-# elasticsearch1
-# elasticsearch2
-# elasticsearch3
-
-# leave this as is
-[elasticsearch_master:children]
-elasticsearch
-
-# Add all minio nodes here
+# MinIO nodes.
 [minio]
-# minio1
-# minio2
-# minio3
+minio1 ansible_host=10.1.1.6
+minio2 ansible_host=10.1.1.7
+minio3 ansible_host=10.1.1.20
 
-# Add all rabbitmq nodes here
-[rmq-cluster]
-# host names here must match each node's actual hostname
-# rabbitmq1
-# rabbitmq2
-# rabbitmq3
+[minio:vars]
+minio_network_interface = enp1s0
 
-# Add all postgresql nodes here
+# PostgreSQL nodes.
 [postgresql]
-postgresql1
-postgresql2
-postgresql3
+postgresql1 ansible_host=10.1.1.11
+postgresql2 ansible_host=10.1.1.5
+postgresql3 ansible_host=10.1.1.12
+
+[postgresql:vars]
+postgresql_network_interface=enp7s0
+wire_dbname=wire-server
+# Keys in `repmgr_node_config` must match the PostgreSQL hostnames above.
+repmgr_node_config={"postgresql1":{"node_id":1,"priority":150,"role":"primary"},"postgresql2":{"node_id":2,"priority":100,"role":"standby"},"postgresql3":{"node_id":3,"priority":50,"role":"standby"}}
 
-# Add all postgresql primary nodes here
+# Primary PostgreSQL node.
 [postgresql_rw]
 postgresql1
 
-# Add all postgresql read-only nodes here i.e. replicas
+# Standby PostgreSQL nodes.
 [postgresql_ro]
 postgresql2
 postgresql3
+
+# RabbitMQ nodes.
+[rmq-cluster]
+# host name here must match each node's actual hostname
+rabbitmq1 ansible_host=10.1.1.18
+rabbitmq2 ansible_host=10.1.1.13
+rabbitmq3 ansible_host=10.1.1.14
+
+# `rabbitmq_cluster_master` must match one host in [rmq-cluster].
+[rmq-cluster:vars]
+rabbitmq_cluster_master=rabbitmq1
+rabbitmq_network_interface=enp7s0