diff --git a/infrastructure/known-hosts b/infrastructure/known-hosts index e69de29bb..d8ef68d71 100644 --- a/infrastructure/known-hosts +++ b/infrastructure/known-hosts @@ -0,0 +1,24 @@ +countryconfig-qa.opencrvs.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDLo7yuZHVSqxskhSsUIh6ChKXS66xP56p255gpx9Aspw4/ZkACUILJsqn2jHZm6RBGMWyQpUVQEsU7WPofmlh5e/zHCv9fgrE4AE4sefAvbx0TfiFiBa7aYsSeBSS8258B2QCiJ94dHEcPFNEeIsr2XgZCYZnPLDMGaLjf+epDsq//WFib615zlptkzYU8CAe/XYK0jn/BjMWxa1gvUCrLhCZpLkk69R5xuypqqm8jhPpjPF580o3XNiMaPPJOAkuxI9jHivn+QAC+2+SjE+DANpDn7Trsx1omxvmqaIVrq9L0gL6srndnCYL46Y824yialtoJzK1gDB0eo51HPHQ2tAgmSnm7EaHFzRNlafi7sfWKcyGqdD5luHRk4fcex1aoDIJkN8L1E/G0VxQHSGq9GS8FtBm0t5SLaEzKONBJgJgohellff4fzMn4y9gqOiFrczHxVGy+5NGgz8qDaScvbbIWB3gQ78NmSUWfPwahcU8qpUfbM1MaC0daBeO9JWE= +countryconfig-qa.opencrvs.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIZHrywPqTLM4XLpISxLnBmZaw6imnbEua8lORFWkM5KKgHmcRRX+f6a+FLKDf8RSPdSKM8nEyyEwFvbkVSe0Zw= +countryconfig-qa.opencrvs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQUrrywTdiheGzeCqPXa3wFVX62tAbIPEE2Z9mIkt9N +167.99.195.231 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDLo7yuZHVSqxskhSsUIh6ChKXS66xP56p255gpx9Aspw4/ZkACUILJsqn2jHZm6RBGMWyQpUVQEsU7WPofmlh5e/zHCv9fgrE4AE4sefAvbx0TfiFiBa7aYsSeBSS8258B2QCiJ94dHEcPFNEeIsr2XgZCYZnPLDMGaLjf+epDsq//WFib615zlptkzYU8CAe/XYK0jn/BjMWxa1gvUCrLhCZpLkk69R5xuypqqm8jhPpjPF580o3XNiMaPPJOAkuxI9jHivn+QAC+2+SjE+DANpDn7Trsx1omxvmqaIVrq9L0gL6srndnCYL46Y824yialtoJzK1gDB0eo51HPHQ2tAgmSnm7EaHFzRNlafi7sfWKcyGqdD5luHRk4fcex1aoDIJkN8L1E/G0VxQHSGq9GS8FtBm0t5SLaEzKONBJgJgohellff4fzMn4y9gqOiFrczHxVGy+5NGgz8qDaScvbbIWB3gQ78NmSUWfPwahcU8qpUfbM1MaC0daBeO9JWE= +167.99.195.231 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIZHrywPqTLM4XLpISxLnBmZaw6imnbEua8lORFWkM5KKgHmcRRX+f6a+FLKDf8RSPdSKM8nEyyEwFvbkVSe0Zw= +167.99.195.231 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQUrrywTdiheGzeCqPXa3wFVX62tAbIPEE2Z9mIkt9N +countryconfig-dev.opencrvs.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7LI8EaR3X+FkOhWk/XKbMPLcJptU2bMbreG1IdaBCXR41AuT3hHHFaQA1uGhLFLWXzEtyJYMkSzA6m+f3b6CxVjPHJYZg0RPiZ3I4oIgr38oDFmI5O/atwhDHHun+iWwItgHWDRoY2kdk2N4z40QbAui54VEC2QHvqcy4voojbUjeengvANuvLxTfi+OmtoJSvyuqw+H44Jwx13x+u+w3VwxaJZgfm2tSnxk0dX/JNfEytbZ/ETVmyQ4Jj/DOWmdHfxjf2FMZqM/GpIpS/d+znOFhV80MTKueAy0m60DZqHH6dU0hog0itABoy9sC08n5+SA8oksbJKQDWHd0nqOC6fVIzVMB0TZfYZIng6wxz7ib4hVGBXnR8UbZQOXgI5lNnx5+uExOgbjMWlMSpbVgbaqSbJ9MNwM9ow94NysEbq0WLVR4y3fq/V6R2JehTRJUBhdOLSSDdc8gKd7aO4yoM3obNsiwEYVMdh+3qvpmuSrETJ1mr0xjaD5PWqvmOxU= +countryconfig-dev.opencrvs.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHlwBqj3/5hG0ojbulQhzyuLgLPw3/pCKYC163loS9j+FxFc3uxn6d82YUfwyjXpjmt8yFJ20XOJk7M6UNNjj0U= +countryconfig-dev.opencrvs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGth3TLOxuVWXh0UUKY3fJMj4MCSxlQHThfhN0nI/ORB +157.245.36.178 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7LI8EaR3X+FkOhWk/XKbMPLcJptU2bMbreG1IdaBCXR41AuT3hHHFaQA1uGhLFLWXzEtyJYMkSzA6m+f3b6CxVjPHJYZg0RPiZ3I4oIgr38oDFmI5O/atwhDHHun+iWwItgHWDRoY2kdk2N4z40QbAui54VEC2QHvqcy4voojbUjeengvANuvLxTfi+OmtoJSvyuqw+H44Jwx13x+u+w3VwxaJZgfm2tSnxk0dX/JNfEytbZ/ETVmyQ4Jj/DOWmdHfxjf2FMZqM/GpIpS/d+znOFhV80MTKueAy0m60DZqHH6dU0hog0itABoy9sC08n5+SA8oksbJKQDWHd0nqOC6fVIzVMB0TZfYZIng6wxz7ib4hVGBXnR8UbZQOXgI5lNnx5+uExOgbjMWlMSpbVgbaqSbJ9MNwM9ow94NysEbq0WLVR4y3fq/V6R2JehTRJUBhdOLSSDdc8gKd7aO4yoM3obNsiwEYVMdh+3qvpmuSrETJ1mr0xjaD5PWqvmOxU= +157.245.36.178 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHlwBqj3/5hG0ojbulQhzyuLgLPw3/pCKYC163loS9j+FxFc3uxn6d82YUfwyjXpjmt8yFJ20XOJk7M6UNNjj0U= +157.245.36.178 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGth3TLOxuVWXh0UUKY3fJMj4MCSxlQHThfhN0nI/ORB +countryconfig-staging.opencrvs.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDLgdqbx1Rzps3iv5m9upZCw6+Bralsd3ziKQnSRcexiuSIGuTmjuVoNMqTyENWwvE8lh//1vOZfWu7OufDHDaymWVPMf4XANx0kLeITYfwFAkP6RkXkoiv/IW0VGCy/NxkO3971Qr2jLWhdhS5jBsq6qk/a8dnbZcklNqSxXSX+JQbfibvenYrtSnr1yBRQ4sxr0hzncqCoykTb4imV7imxEa2PvgDuiy1VRtndx3x2h4Y2VkWeFUXngmqx4fq/EpmSSoLq2MHefzKlrPxTpAVHEwXv6hFoUV0g5p9X/W0lvWU1RKAwlkVpybrt+lELd7U+W2Py4IeeDeiBEbmydYCeJWVAZS+eSGXCtPeexEIOSbKaN1FUNLHSVbvEjx8DSnN/81+yhQ+Yy3GActIgwr8yuEnKNncwvxIv8HgVzo/ElgT389lRj9ge87CZ+VoaU7GK05EUvOlXLhBKQw8CuwqmlFjLNmHRdt0bIEk40El5Pl/WeI3MVPBRL9Ce+DzYVU= +countryconfig-staging.opencrvs.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNNFRRBk6hRw1EA1dAlEWJV+YhXRRjjMO3VWOD5rktxjD5L1EMhnh089Dk0j+XEi4ahUdTe4Qq1Hd8MBCcp374A= +countryconfig-staging.opencrvs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcT3GvEt+mwoDEB1ny7qTklw5AbejZ9hMMnXTeBLPgI +178.128.172.42 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDLgdqbx1Rzps3iv5m9upZCw6+Bralsd3ziKQnSRcexiuSIGuTmjuVoNMqTyENWwvE8lh//1vOZfWu7OufDHDaymWVPMf4XANx0kLeITYfwFAkP6RkXkoiv/IW0VGCy/NxkO3971Qr2jLWhdhS5jBsq6qk/a8dnbZcklNqSxXSX+JQbfibvenYrtSnr1yBRQ4sxr0hzncqCoykTb4imV7imxEa2PvgDuiy1VRtndx3x2h4Y2VkWeFUXngmqx4fq/EpmSSoLq2MHefzKlrPxTpAVHEwXv6hFoUV0g5p9X/W0lvWU1RKAwlkVpybrt+lELd7U+W2Py4IeeDeiBEbmydYCeJWVAZS+eSGXCtPeexEIOSbKaN1FUNLHSVbvEjx8DSnN/81+yhQ+Yy3GActIgwr8yuEnKNncwvxIv8HgVzo/ElgT389lRj9ge87CZ+VoaU7GK05EUvOlXLhBKQw8CuwqmlFjLNmHRdt0bIEk40El5Pl/WeI3MVPBRL9Ce+DzYVU= +178.128.172.42 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNNFRRBk6hRw1EA1dAlEWJV+YhXRRjjMO3VWOD5rktxjD5L1EMhnh089Dk0j+XEi4ahUdTe4Qq1Hd8MBCcp374A= +178.128.172.42 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcT3GvEt+mwoDEB1ny7qTklw5AbejZ9hMMnXTeBLPgI +countryconfig.opencrvs.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrrqp2TAaxUVzL+hqg98GDSgM+ZHEGH0FwCNr9wFaQcEmukeQ8LpXm+sjfB6E2H1DojrLqlpaLORE5JZ6LpMYmXAOxSQZ+sGI08T2+7mMW54DLsT2abZJgOoBuBlLaNR8+RBO6Sa+Zc8GG8mRdqjE94LaFNDg8UQwWVey5WkYhUcS6V1GBrqjdfhZI6zXE5H2FVNMTwCOiSzD/42ApG6hjNRFvLe6yVJKTZdK7Ct4XkGt+S9RHcoXwjcB+TyskMe4wMPpkG1qcUdV0oqPdbu11RF7GnowPCdsLUxDs1NoxJ2NmA+OF9HxjzAWjYWfosLWEGe3yofrDNwb5RoBCHZoLlonIENFJCDmgvH660cNQzFtcoHbxIzwoNIYQoTMe+6rk8Bg1S82K23zay5P0x0wwAzdyvirIjL4vERtMwDqZ/xKneyv9/HW76yvaQPncWhayozHHGOYXZCd/ncYFjVLjgffUH6j4bEJ0mzzUmUtrv4CS3z4TNQkHSfjhs8X4qc0= +countryconfig.opencrvs.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLJ345xrwP31HWkAhTcR4NBAZWxWMGFblyVRn6w8adafiMVyb9ITVr3JFmi1x2qJ+0xulQuQCHMFoJswwb7aNOw= +countryconfig.opencrvs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGD16HhnM+upySDHE5SNhfOes7DYF27PbxPHYkmLx7E9 +167.172.57.239 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrrqp2TAaxUVzL+hqg98GDSgM+ZHEGH0FwCNr9wFaQcEmukeQ8LpXm+sjfB6E2H1DojrLqlpaLORE5JZ6LpMYmXAOxSQZ+sGI08T2+7mMW54DLsT2abZJgOoBuBlLaNR8+RBO6Sa+Zc8GG8mRdqjE94LaFNDg8UQwWVey5WkYhUcS6V1GBrqjdfhZI6zXE5H2FVNMTwCOiSzD/42ApG6hjNRFvLe6yVJKTZdK7Ct4XkGt+S9RHcoXwjcB+TyskMe4wMPpkG1qcUdV0oqPdbu11RF7GnowPCdsLUxDs1NoxJ2NmA+OF9HxjzAWjYWfosLWEGe3yofrDNwb5RoBCHZoLlonIENFJCDmgvH660cNQzFtcoHbxIzwoNIYQoTMe+6rk8Bg1S82K23zay5P0x0wwAzdyvirIjL4vERtMwDqZ/xKneyv9/HW76yvaQPncWhayozHHGOYXZCd/ncYFjVLjgffUH6j4bEJ0mzzUmUtrv4CS3z4TNQkHSfjhs8X4qc0= +167.172.57.239 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLJ345xrwP31HWkAhTcR4NBAZWxWMGFblyVRn6w8adafiMVyb9ITVr3JFmi1x2qJ+0xulQuQCHMFoJswwb7aNOw= +167.172.57.239 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGD16HhnM+upySDHE5SNhfOes7DYF27PbxPHYkmLx7E9 diff --git a/infrastructure/server-setup/development.yml b/infrastructure/server-setup/development.yml index bb41b723e..4a75f63d7 100644 --- a/infrastructure/server-setup/development.yml +++ b/infrastructure/server-setup/development.yml @@ -11,16 +11,16 @@ all: users: # @todo this is where you define which development team members have access to the server. # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent - - name: my-user + - name: euan ssh_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= user@example.com + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDECqHO65UpyrrO8uueD06RxGaVVq22f152Rf8qVQQAAIGAMu6gCs7ztlZ8a3yQgSEIjM/Jl1/RqIVs6CziTEef74nLFTZ5Ufz3CLRVgdebBeSBEmhTfTUV0HLkSyNzwKFpuzJxucGd72ulPvEp6eHvyJAPJz37YcU8cjaL1v05T6s2ee99li35GlDDtCzfjVV4ZPAg5JdfWuTj41RAVC0LQhk2/NB4qEu37UxGGjhRFSjBEsS5LxI9QfvgrsHpl/VOn+soH7ZkK7kS6qRgNP/uYsXRWXhHaamcl5OX68gJWTbrW6c7PCqlbCWGnsHJswCmqPIthwXXMfC7ULDNLSKG6mslAt5Dyc8/MCr3vTW7pDyr2d0FvvY86SMQUggxv3qF7TZewqfX1bhK0fMLarIxVMQ1RFo//wN9QGA+2we8rxd2Y1Kr1DBuJyuwXPfv+Exo8yNYQ+x/AYH5k6UVcSYuaB8eYmplG2KQCxt8RBFtoChrwOKNRWLqXdKyfpdp5XmnnWxPvR95gf3h3yLocVYkF0i0uvKKJ0vt8J0Ezfkdfow0B1kUg5bPXKJROX7PwbaCPdYcxyDaO6wwOigRnSmoFvkH1pLb4j1RQAXcX531CHgfN6Izi/h0mpMS4bnyIUcv2GQr+h4z4TxcCtj7qpH2y6yw7XG12jVh7TfeesXG2Q== euanmillar77@gmail.com state: present sudoer: true docker-manager-first: dev: - qa: # @todo set this to be the hostname of your target server - ansible_host: '44.44.44.44' # @todo set this to be the IP address of your server + opencrvs-countryconfig-dev: # @todo set this to be the hostname of your target server + ansible_host: '157.245.36.178' # @todo set this to be the IP address of your server data_label: data1 # for manager machines, this should always be "data1" # Development servers are not configured to use workers. diff --git a/infrastructure/server-setup/production.yml b/infrastructure/server-setup/production.yml index 57f052224..28bf34f3f 100644 --- a/infrastructure/server-setup/production.yml +++ b/infrastructure/server-setup/production.yml @@ -21,34 +21,34 @@ all: enable_backups: true only_allow_access_from_addresses: # @todo place the IP address of your VPN server or other explicitly allowed traffic sources here - - 55.55.55.55 # example VPN server IP address + - 167.99.195.231 # example VPN server IP address users: # @todo this is where you define which development team members have access to the server. # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent - - name: my-user + - name: euan ssh_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= user@example.com + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDECqHO65UpyrrO8uueD06RxGaVVq22f152Rf8qVQQAAIGAMu6gCs7ztlZ8a3yQgSEIjM/Jl1/RqIVs6CziTEef74nLFTZ5Ufz3CLRVgdebBeSBEmhTfTUV0HLkSyNzwKFpuzJxucGd72ulPvEp6eHvyJAPJz37YcU8cjaL1v05T6s2ee99li35GlDDtCzfjVV4ZPAg5JdfWuTj41RAVC0LQhk2/NB4qEu37UxGGjhRFSjBEsS5LxI9QfvgrsHpl/VOn+soH7ZkK7kS6qRgNP/uYsXRWXhHaamcl5OX68gJWTbrW6c7PCqlbCWGnsHJswCmqPIthwXXMfC7ULDNLSKG6mslAt5Dyc8/MCr3vTW7pDyr2d0FvvY86SMQUggxv3qF7TZewqfX1bhK0fMLarIxVMQ1RFo//wN9QGA+2we8rxd2Y1Kr1DBuJyuwXPfv+Exo8yNYQ+x/AYH5k6UVcSYuaB8eYmplG2KQCxt8RBFtoChrwOKNRWLqXdKyfpdp5XmnnWxPvR95gf3h3yLocVYkF0i0uvKKJ0vt8J0Ezfkdfow0B1kUg5bPXKJROX7PwbaCPdYcxyDaO6wwOigRnSmoFvkH1pLb4j1RQAXcX531CHgfN6Izi/h0mpMS4bnyIUcv2GQr+h4z4TxcCtj7qpH2y6yw7XG12jVh7TfeesXG2Q== euanmillar77@gmail.com state: present sudoer: true docker-manager-first: hosts: - prod-01: # @todo set this to be the hostname of your target server - ansible_host: '22.22.22.22' # todo set this to be the hostname of your target server + opencrvs-countryconfig-prod-01: # @todo set this to be the hostname of your target server + ansible_host: '167.172.57.239' # todo set this to be the hostname of your target server data_label: data1 # @todo as production servers are not directly accessible from the internet, you need to use a jump server to access them. - ansible_ssh_common_args: '-J jump@55.55.55.55 -o StrictHostKeyChecking=no' + ansible_ssh_common_args: '-J jump@countryconfig-qa.opencrvs.org -o StrictHostKeyChecking=no' # @todo We recommend you add 2-4 workers for a scaled production deployment # This should depend on the size of your country and the number of end users. docker-workers: hosts: prod-02: # @todo set this to be the hostname of your target server - ansible_host: '33.33.33.33' + ansible_host: '134.122.110.42' data_label: data2 - ansible_ssh_common_args: '-J jump@55.55.55.55 -o StrictHostKeyChecking=no' + ansible_ssh_common_args: '-J jump@countryconfig-qa.opencrvs.org -o StrictHostKeyChecking=no' backups: hosts: - qa: - ansible_host: '66.66.66.66' + opencrvs-countryconfig-backup: + ansible_host: '167.99.92.15' diff --git a/infrastructure/server-setup/qa.yml b/infrastructure/server-setup/qa.yml index 3069e11b0..8e491210e 100644 --- a/infrastructure/server-setup/qa.yml +++ b/infrastructure/server-setup/qa.yml @@ -11,9 +11,9 @@ all: users: # @todo this is where you define which development team members have access to the server. # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent - - name: my-user + - name: euan ssh_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= user@example.com + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDECqHO65UpyrrO8uueD06RxGaVVq22f152Rf8qVQQAAIGAMu6gCs7ztlZ8a3yQgSEIjM/Jl1/RqIVs6CziTEef74nLFTZ5Ufz3CLRVgdebBeSBEmhTfTUV0HLkSyNzwKFpuzJxucGd72ulPvEp6eHvyJAPJz37YcU8cjaL1v05T6s2ee99li35GlDDtCzfjVV4ZPAg5JdfWuTj41RAVC0LQhk2/NB4qEu37UxGGjhRFSjBEsS5LxI9QfvgrsHpl/VOn+soH7ZkK7kS6qRgNP/uYsXRWXhHaamcl5OX68gJWTbrW6c7PCqlbCWGnsHJswCmqPIthwXXMfC7ULDNLSKG6mslAt5Dyc8/MCr3vTW7pDyr2d0FvvY86SMQUggxv3qF7TZewqfX1bhK0fMLarIxVMQ1RFo//wN9QGA+2we8rxd2Y1Kr1DBuJyuwXPfv+Exo8yNYQ+x/AYH5k6UVcSYuaB8eYmplG2KQCxt8RBFtoChrwOKNRWLqXdKyfpdp5XmnnWxPvR95gf3h3yLocVYkF0i0uvKKJ0vt8J0Ezfkdfow0B1kUg5bPXKJROX7PwbaCPdYcxyDaO6wwOigRnSmoFvkH1pLb4j1RQAXcX531CHgfN6Izi/h0mpMS4bnyIUcv2GQr+h4z4TxcCtj7qpH2y6yw7XG12jVh7TfeesXG2Q== euanmillar77@gmail.com state: present sudoer: true @@ -25,22 +25,13 @@ all: two_factor: false ssh_keys: # if yes, then this should list the public keys of the private keys that are used when connecting to the production servers. - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= provision@github-runner-243 # example provision user key - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= provision@github-runner-244 # example provision user key - - # If the machine is repurposed to also be the backup host, we need to add more keys to the authorized_keys file so that - # when the application servers get provisioned, the provision user of this machine can be used. - # - # @todo remove this key if the machine is not used as a backup host. - # Otherwise, add the public key of the private key that's used for the "provision" user on the server of which backups this machine hosts. - additional_keys_for_provisioning_user: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= provision@github-runner-243 # example provision user key - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= provision@github-runner-244 # example provision user key + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZUeSJJO/qU/G5YyGGKqr1+8AvSXswWfhNLPh2NjvQi3lPtMV0sCGd5O+a50Ov8J1/VSBvDPNzRlKyqlBGkblBIIjIxzWPwqqx+2sKxxLcziktl3Obkd2AcWyyD7m438Fn7bEommS29vRUw0/MhK7WrcBe+wjb/4yFd3wNEQ+aHyOvQu0+HU2SdvZIz06QDwlqd55GnQc2i4GuERNKgtXWCI9NLUq15X+Rb5YOA28zLoJSb+dr0MY1aAF/fVeNAZCTuU3ak8KDglidyth4+M9xBwhD449nMZpulgvJFFrwFIASVM9fM+l+m/jsUQph0rMEv3aYI5SIhd581HXQ1HE+yl0xEGTPE/5Skjibd8XzEBepTQEOc9nVqAsosxskQkQGM94sEHifPidpW9WTYyzM0bpIgbnxhytmMNo4bteedE2OxZ6UTGxhnin1z5GA7PSOFAIL4wE1m9BNKI950a5kG3qmym0rqK7iy4EkwYycqTr3KYh/QYQ41jNZHRX5ODE= provision@opencrvs-countryconfig-prod-01 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCfYIHKvcxgJoGRr6Wd7aw9u/ISULsSZ8UyIaO2PHZlHcxJSZelyTxVwFFR5CXl7qpFxvzgeEvf1wmMXggP5EMYkD2RHSqojanI4XtqIpF3U6/ITi3auAKW/QDDxJJnwE1zYmmPQKmbMg2jEARzDgBkulcs8b+QxnYzycaGyWjAoVmGI4F+iIrmm9VMydC6QhutglMPt8WcAfGaX6pwNGcbeT5ehyRMhwQzLPfZYosIDtM1rtgkycw7O32UwOOJtPE6UnSoP0JmR9EIUhMi4gr9Rs3y+yg1RpdS2/zzODkzYe4J1gLl+dkbfrGpMs40S8AhJsGW4VN+Py11rVmMg6ded2d6ODpsNBuTbJgRADv38M53slbsMsVrRi6g0S/gzXPGwiYwi4ISTboeaXhXuKb+nMJ3AZoAgabwvtM0ChTl80AEcOvs6XTJ7KqRu8y2XEJZyEdrjiJJzs40j6aWFl+f+lqz3piciUa8hrYjL7gMkRDT5SYgG1BGkK0ImTZWT5s= provision@opencrvs-countryconfig-staging docker-manager-first: hosts: - qa: # @todo set this to be the hostname of your target server - ansible_host: '55.55.55.55' # @todo set this to be the IP address of your server + opencrvs-countryconfig-qa: # @todo set this to be the hostname of your target server + ansible_host: '167.99.195.231' # @todo set this to be the IP address of your server data_label: data1 # for manager machines, this should always be "data1" # QA and staging servers are not configured to use workers. diff --git a/infrastructure/server-setup/staging.yml b/infrastructure/server-setup/staging.yml index b4778341d..77b664667 100644 --- a/infrastructure/server-setup/staging.yml +++ b/infrastructure/server-setup/staging.yml @@ -19,25 +19,25 @@ all: # SSH and other services should never be exposed to the public internet. only_allow_access_from_addresses: # @todo place the IP address of your VPN server or other explicitly allowed traffic sources here - - 55.55.55.55 # example VPN server IP address + - 167.99.195.231 # example VPN server IP address enable_backups: false periodic_restore_from_backup: true users: # @todo this is where you define which development team members have access to the server. # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent - - name: my-user + - name: euan ssh_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= user@example.com + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDECqHO65UpyrrO8uueD06RxGaVVq22f152Rf8qVQQAAIGAMu6gCs7ztlZ8a3yQgSEIjM/Jl1/RqIVs6CziTEef74nLFTZ5Ufz3CLRVgdebBeSBEmhTfTUV0HLkSyNzwKFpuzJxucGd72ulPvEp6eHvyJAPJz37YcU8cjaL1v05T6s2ee99li35GlDDtCzfjVV4ZPAg5JdfWuTj41RAVC0LQhk2/NB4qEu37UxGGjhRFSjBEsS5LxI9QfvgrsHpl/VOn+soH7ZkK7kS6qRgNP/uYsXRWXhHaamcl5OX68gJWTbrW6c7PCqlbCWGnsHJswCmqPIthwXXMfC7ULDNLSKG6mslAt5Dyc8/MCr3vTW7pDyr2d0FvvY86SMQUggxv3qF7TZewqfX1bhK0fMLarIxVMQ1RFo//wN9QGA+2we8rxd2Y1Kr1DBuJyuwXPfv+Exo8yNYQ+x/AYH5k6UVcSYuaB8eYmplG2KQCxt8RBFtoChrwOKNRWLqXdKyfpdp5XmnnWxPvR95gf3h3yLocVYkF0i0uvKKJ0vt8J0Ezfkdfow0B1kUg5bPXKJROX7PwbaCPdYcxyDaO6wwOigRnSmoFvkH1pLb4j1RQAXcX531CHgfN6Izi/h0mpMS4bnyIUcv2GQr+h4z4TxcCtj7qpH2y6yw7XG12jVh7TfeesXG2Q== euanmillar77@gmail.com state: present sudoer: true docker-manager-first: hosts: - staging: # @todo set this to be the hostname of your target server - ansible_host: '11.11.11.11' # todo set this to be the hostname of your target server + opencrvs-countryconfig-staging: # @todo set this to be the hostname of your target server + ansible_host: '178.128.172.42' # todo set this to be the hostname of your target server data_label: data1 # @todo as production servers are not directly accessible from the internet, you need to use a jump server to access them. - ansible_ssh_common_args: '-J jump@55.55.55.55 -o StrictHostKeyChecking=no' + ansible_ssh_common_args: '-J jump@countryconfig-qa.opencrvs.org -o StrictHostKeyChecking=no' # This staging servers is configured to only use one server docker-workers: {} @@ -46,5 +46,5 @@ docker-workers: {} # @todo if you do not intend to set up automatic sync from the backup server, you can remove this section. backups: hosts: - qa: - ansible_host: '66.66.66.66' # set this to be the IP address of your backup server + opencrvs-countryconfig-backup: # @todo set this to be the hostname of your backup server + ansible_host: '167.99.92.15' # set this to be the IP address of your backup server