feat: add playbooks and inventory

.gitignore

@@ -1,2 +1,3 @@
 /.idea
 .vscode/
+.DS_Store

examples/multi-node-production-atlassian/README.md

@@ -2,7 +2,6 @@
 
 This is an example configuration for an artemis cluster consisting of three artemis nodes. In this example the cluster uses Jira, Bitbucket and Bamboo as external systems.
 
-
 # Setup
 
 Steps to uses this ansible configuration:

examples/multi-node-production-icl/README.md

@@ -1 +1,10 @@
-TODO
+# Artemis multi node setup / artemis cluster setup
+
+This is an example configuration for an artemis cluster consisting of three artemis nodes. In this example the cluster uses LocalCI and LocalVC.
+
+## Setup
+
+### Install all dependencies
+
+```bash
+ansible-galaxy install -r requirements.yml --force

examples/multi-node-production-icl/group_vars/artemis_cluster.yml

@@ -64,9 +64,18 @@ broker:
   url: "[fcfe:0:0:0:0:0:b:1]" # Your broker VM hostname (e.g., Wireguard IP)
   username: brokeruser
   password: # FIXME: Set a secure password
+  proxy:
+    generate_dh_param: false
+    ssl_certificate_path: # FIXME fullchain.pem
+    ssl_certificate_key_path: #FIXME privkey.pem
 
 registry:
   url: "[fcfe:0:0:0:0:0:b:2]" # Your registry VM hostname (e.g., Wireguard IP)
+  proxy:
+    generate_dh_param: false
+    ssl_certificate_path: # FIXME fullchain.pem
+    ssl_certificate_key_path: #FIXME privkey.pem
+
 
 artemis_jhipster_jwt: # FIXME: Set a secure JWT secret for JWT creation
 artemis_jhipster_registry_password: # FIXME: Set a secure password
@@ -121,6 +130,16 @@ mysql_users:
     password: "{{ artemis_database_password }}"
     priv: "*.*:ALL"
 
+##############################################################################
+# Firewall Configuration (Optional)
+##############################################################################
+# Management Networks - used to allow SSH / HTTP access to Hosts and services
+firewall_management_network_ipv4: ""
+firewall_management_network_ipv6: ""
+# Monitoring Service
+firewall_monitoring_host_ipv4: ""
+firewall_monitoring_host_ipv6: ""
+
 ##############################################################################################
 # Deployment User (Optional)
 ##############################################################################################

examples/multi-node-production-icl/inventory

@@ -0,0 +1,26 @@
+[artemis_cluster_nodes]
+artemis-cluster-node0.example.com
+artemis-cluster-node1.example.com
+artemis-cluster-node2.example.com
+
+[artemis_cluster_broker]
+artemis-cluster-broker.example.com
+
+[artemis_cluster_db]
+artemis-cluster-db.example.com
+
+[artemis_cluster_proxy]
+artemis-cluster-proxy.example.com
+
+[artemis_cluster_storage]
+artemis-cluster-storage.example.com
+
+[artemis_cluster_registry]
+artemis-cluster-registry.example.com
+
+[artemis_cluster:children]
+artemis_cluster_nodes
+artemis_cluster_broker
+artemis_cluster_db
+artemis_cluster_proxy
+artemis_cluster_storage

examples/multi-node-production-icl/playbooks/artemis-cluster-broker.yml

@@ -0,0 +1,26 @@
+---
+
+- name: Setup Artemis Broker
+  hosts: artemis_cluster_broker
+
+  roles:
+    - role: ls1intum.artemis.broker
+
+    - role: ls1intum.artemis.proxy
+      vars:
+        proxy_site_template: reverse_proxy
+        proxy_generate_dh_param: "{{ broker.proxy.generate_dh_param }}"
+        proxy_ssl_certificate_path: "{{ broker.proxy.ssl_certificate_path }}"
+        proxy_ssl_certificate_key_path: "{{ broker.proxy.ssl_certificate_key_path }}"
+        proxy_target_port: 8761
+
+    - role: ls1intum.artemis.firewall
+      tags: firewall
+      vars:
+        firewall_hostgroup: broker
+        # Management Networks - used to allow SSH / HTTP access to Hosts and services
+        management_network_ipv4: "{{ firewall_management_network_ipv4 }}"
+        management_network_ipv6: "{{ firewall_management_network_ipv6 }}"
+        # Monitoring Service
+        monitoring_host_ipv4: "{{ firewall_monitoring_host_ipv4 }}"
+        monitoring_host_ipv6: "{{ firewall_monitoring_host_ipv6 }}"

examples/multi-node-production-icl/playbooks/artemis-cluster-complete-setup.yml

@@ -0,0 +1,24 @@
+---
+# Cluster Network
+- import_playbook: artemis-cluster-network-setup.yml
+
+# Cluster Wireguard
+- import_playbook: artemis-cluster-wireguard.yml
+
+# Cluster Storage
+- import_playbook: artemis-cluster-storage.yml
+
+# Cluster Database
+- import_playbook: artemis-cluster-db.yml
+
+# Cluster Broker
+- import_playbook: artemis-cluster-broker.yml
+
+# Cluster Registry
+- import_playbook: artemis-cluster-registry.yml
+
+# Cluster Proxy
+- import_playbook: artemis-cluster-proxy.yml
+
+# Cluster Artemis Nodes
+- import_playbook: artemis-cluster-nodes.yml

examples/multi-node-production-icl/playbooks/artemis-cluster-db.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Setup
+  hosts: artemis_cluster_db
+
+  roles:
+    - role: geerlingguy.mysql
+      become: true
+
+    - role: ls1intum.artemis.mysqld_exporter
+      become: true
+
+    - role: ls1intum.artemis.firewall
+      tags: firewall
+      vars:
+      # Management Networks - used to allow SSH / HTTP access to Hosts and services
+        management_network_ipv4: "{{ firewall_management_network_ipv4 }}"
+        management_network_ipv6: "{{ firewall_management_network_ipv6 }}"
+      # Monitoring Service
+        monitoring_host_ipv4: "{{ firewall_monitoring_host_ipv4 }}"
+        monitoring_host_ipv6: "{{ firewall_monitoring_host_ipv6 }}"

examples/multi-node-production-icl/playbooks/artemis-cluster-network-setup.yml

@@ -0,0 +1,70 @@
+---
+
+
+- name: Setup Cluster Network and NAT on Nodes
+  hosts: artemis_cluster_nodes
+
+  roles:
+    - role: mrlesmithjr.netplan
+      netplan_configuration:
+        network:
+          version: 2
+          ethernets:
+            ens18:
+              addresses:
+                - "{{ wireguard_host_ipv6_address }}/64"
+                - "{{ host_ipv4_address }}"
+              nameservers:
+                addresses:
+                  - "{{ dns_ipv4_address }}"
+              routes:
+                - to: 172.16.0.0/12
+                  via: 172.24.70.254
+                - to: 131.159.0.0/16
+                  via: 172.24.70.254
+                - to: default
+                  via: 172.24.70.250
+                - to: default
+                  via: "fd00::ffff:1"
+
+    - role: tomereli.proxy
+      http_proxy: "http://proxy.in.tum.de:8080"
+      https_proxy: "http://proxy.in.tum.de:8080"
+      become: true
+
+- name: Setup Cluster Network and Forward Proxy
+  hosts: artemis_cluster:!artemis_cluster_proxy:!artemis_cluster_nodes
+
+  roles:
+    - role: mrlesmithjr.netplan
+      netplan_configuration:
+        network:
+          version: 2
+          ethernets:
+            ens18:
+              addresses:
+                - "{{ wireguard_host_ipv6_address }}/64"
+              dhcp4: true
+
+    - role: tomereli.proxy
+      http_proxy: "http://proxy.in.tum.de:8080"
+      https_proxy: "http://proxy.in.tum.de:8080"
+      become: true
+
+
+- name: Setup Proxy Network
+  hosts: artemis_cluster_proxy
+
+  roles:
+    - role: mrlesmithjr.netplan
+      netplan_configuration:
+        network:
+          version: 2
+          ethernets:
+            ens18:
+              dhcp4: true
+              dhcp6: true
+            ens19:
+              addresses:
+                - "{{ host_ipv4_address }}"
+                - "{{ wireguard_host_ipv6_address }}/64"

examples/multi-node-production-icl/playbooks/artemis-cluster-nodes.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Setup Artemis Nodes
+  hosts: artemis_cluster_nodes
+
+  roles:
+    - role: ls1intum.artemis.storage_client
+      tags:
+        - storage
+
+    - role: ls1intum.artemis.artemis
+      tags:
+        - artemis
+
+    - role: ls1intum.artemis.firewall
+      tags: firewall
+      vars:
+        firewall_hostgroup: nodes
+        # Management Networks - used to allow SSH / HTTP access to Hosts and services
+        management_network_ipv4: "{{ firewall_management_network_ipv4 }}"
+        management_network_ipv6: "{{ firewall_management_network_ipv6 }}"
+        # Monitoring Service
+        monitoring_host_ipv4: "{{ firewall_monitoring_host_ipv4 }}"
+        monitoring_host_ipv6: "{{ firewall_monitoring_host_ipv6 }}"

examples/multi-node-production-icl/playbooks/artemis-cluster-proxy.yml

@@ -0,0 +1,26 @@
+---
+
+- name: Setup Artemis Load Balancer / Reverse Proxy
+  hosts: artemis_cluster_proxy
+
+  roles:
+    - role: ls1intum.artemis.proxy
+      vars:
+        proxy_available_nodes:
+          - hostname: "[fcfe::a:1]"
+            weight: 1
+          - hostname: "[fcfe::a:2]"
+            weight: 1
+          - hostname: "[fcfe::a:3]"
+            weight: 1
+
+    - role: ls1intum.artemis.firewall
+      tags: firewall
+      vars:
+        firewall_hostgroup: proxy
+        # Management Networks - used to allow SSH / HTTP access to Hosts and services
+        management_network_ipv4: "{{ firewall_management_network_ipv4 }}"
+        management_network_ipv6: "{{ firewall_management_network_ipv6 }}"
+        # Monitoring Service
+        monitoring_host_ipv4: "{{ firewall_monitoring_host_ipv4 }}"
+        monitoring_host_ipv6: "{{ firewall_monitoring_host_ipv6 }}"

examples/multi-node-production-icl/playbooks/artemis-cluster-registry.yml

@@ -0,0 +1,27 @@
+---
+
+- name: Setup Artemis Registry
+  hosts: artemis_cluster_registry
+
+  roles:
+    - role: ls1intum.artemis.registry
+
+    - role: ls1intum.artemis.proxy
+      tags: proxy
+      vars:
+        proxy_site_template: reverse_proxy
+        proxy_generate_dh_param: "{{ registry.proxy.generate_dh_param }}"
+        proxy_ssl_certificate_path: "{{ registry.proxy.ssl_certificate_path }}"
+        proxy_ssl_certificate_key_path: "{{ registry.proxy.ssl_certificate_key_path }}"
+        proxy_target_port: 8761
+
+    - role: ls1intum.artemis.firewall
+      tags: firewall
+      vars:
+        firewall_hostgroup: broker
+        # Management Networks - used to allow SSH / HTTP access to Hosts and services
+        management_network_ipv4: "{{ firewall_management_network_ipv4 }}"
+        management_network_ipv6: "{{ firewall_management_network_ipv6 }}"
+        # Monitoring Service
+        monitoring_host_ipv4: "{{ firewall_monitoring_host_ipv4 }}"
+        monitoring_host_ipv6: "{{ firewall_monitoring_host_ipv6 }}"

examples/multi-node-production-icl/playbooks/artemis-cluster-storage.yml

@@ -0,0 +1,17 @@
+---
+
+- name: Setup Artemis shared storage provider
+  hosts: artemis_cluster_storage
+
+  roles:
+    - role: ls1intum.artemis.storage_provider
+
+    - role: ls1intum.artemis.firewall
+      tags: firewall
+      vars:
+        # Management Networks - used to allow SSH / HTTP access to Hosts and services
+        management_network_ipv4: "{{ firewall_management_network_ipv4 }}"
+        management_network_ipv6: "{{ firewall_management_network_ipv6 }}"
+        # Monitoring Service
+        monitoring_host_ipv4: "{{ firewall_monitoring_host_ipv4 }}"
+        monitoring_host_ipv6: "{{ firewall_monitoring_host_ipv6 }}"

examples/multi-node-production-icl/playbooks/artemis-cluster-wireguard.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Setup Cluster Network
+  hosts: artemis_cluster
+
+  roles:
+    - role: ls1intum.artemis.wireguard
+      become: true
+      vars:
+        wireguard_hostgroup: "{{ groups.artemis_cluster }}"

examples/multi-node-production-icl/playbooks/node-update-config.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Setup Artemis Nodes
+  hosts: artemis_cluster_nodes
+
+  roles:
+
+    - role: ls1intum.artemis.artemis
+      vars:
+        artemis_force_no_restart: true
+        only_update_artemis_config: true

examples/multi-node-production-icl/playbooks/nodes_start_artemis.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Start Artemis service
+  hosts: artemis_cluster_nodes
+  serial: 1
+  tasks:
+    - name: Start artemis service
+      become: true
+      service:
+        name: artemis
+        state: started
+
+    - name: Wait for 20 seconds
+      pause:
+        seconds: 20

examples/multi-node-production-icl/playbooks/nodes_stop_artemis.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Stop Artemis service
+  hosts: artemis_cluster_nodes
+  tasks:
+    - name: Stop artemis service
+      become: true
+      service:
+        name: artemis
+        state: stopped

examples/multi-node-production-icl/requirements.yml

@@ -0,0 +1,11 @@
+roles:
+  - src: geerlingguy.docker
+
+  - src: geerlingguy.mysql
+
+  - name: cloudalchemy.mysqld_exporter
+    src: https://github.com/ls1admin/ansible-mysqld_exporter.git
+
+  - src: mrlesmithjr.netplan
+
+  - src: tomereli.proxy