setup environment detauls

opencrvs · Feb 27, 2024 · 8ba32c3 · 8ba32c3
1 parent 32044ec
commit 8ba32c3
Show file tree

Hide file tree

Showing 6 changed files with 282 additions and 0 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -10,6 +10,7 @@ on:
         default: 'staging'
         options:
           - staging
+          - riku-staging
           - qa
           - development
       core-image-tag:

diff --git a/.github/workflows/provision.yml b/.github/workflows/provision.yml
@@ -10,6 +10,7 @@ on:
         required: true
         options:
           - development
+          - riku-staging
           - staging
           - qa
           - production

diff --git a/infrastructure/docker-compose.riku-staging-deploy.yml b/infrastructure/docker-compose.riku-staging-deploy.yml
@@ -0,0 +1,219 @@
+version: '3.3'
+
+#
+# Production deployments of OpenCRVS should never be exposed to the internet.
+# Instead, they should be deployed on a private network and exposed to the internet via a VPN.
+#
+# Before you deploy staging or production environments, make sure the application servers are
+# either in an internal network or protected with a firewall. No ports should be exposed to the internet.
+#
+# The VPN_HOST_ADDRESS environment variable should be set to the IP address where all inbound traffic is coming from.
+# In most cases, this is the VPN server's public IP address.
+#
+# ${VPN_HOST_ADDRESS}
+#
+
+services:
+  gateway:
+    environment:
+      - NODE_ENV=production
+      - LANGUAGES=en,fr
+      - SENTRY_DSN=${SENTRY_DSN}
+    deploy:
+      replicas: 1
+
+  workflow:
+    environment:
+      - NODE_ENV=production
+      - LANGUAGES=en,fr
+      - SENTRY_DSN=${SENTRY_DSN}
+    deploy:
+      replicas: 1
+
+  search:
+    environment:
+      - NODE_ENV=production
+      - SENTRY_DSN=${SENTRY_DSN}
+    deploy:
+      replicas: 1
+
+  metrics:
+    environment:
+      - QA_ENV=true
+      - NODE_ENV=production
+      - SENTRY_DSN=${SENTRY_DSN}
+      - MONGO_URL=mongodb://metrics:${METRICS_MONGODB_PASSWORD}@mongo1/metrics?replicaSet=rs0
+      - HEARTH_MONGO_URL=mongodb://hearth:${HEARTH_MONGODB_PASSWORD}@mongo1/hearth-dev?replicaSet=rs0
+      - DASHBOARD_MONGO_URL=mongodb://performance:${PERFORMANCE_MONGODB_PASSWORD}@mongo1/performance?replicaSet=rs0
+
+  auth:
+    environment:
+      - QA_ENV=true
+      - NODE_ENV=production
+      - SENTRY_DSN=${SENTRY_DSN}
+    deploy:
+      replicas: 1
+
+  user-mgnt:
+    environment:
+      - QA_ENV=true
+      - NODE_ENV=production
+      - SENTRY_DSN=${SENTRY_DSN}
+      - MONGO_URL=mongodb://user-mgnt:${USER_MGNT_MONGODB_PASSWORD}@mongo1/user-mgnt?replicaSet=rs0
+    deploy:
+      replicas: 1
+
+  notification:
+    environment:
+      - NODE_ENV=production
+      - LANGUAGES=en,fr
+      - SENTRY_DSN=${SENTRY_DSN}
+    deploy:
+      replicas: 1
+
+  webhooks:
+    environment:
+      - NODE_ENV=production
+      - SENTRY_DSN=${SENTRY_DSN}
+      - MONGO_URL=mongodb://webhooks:${WEBHOOKS_MONGODB_PASSWORD}@mongo1/webhooks?replicaSet=rs0
+    deploy:
+      replicas: 1
+
+  config:
+    environment:
+      - NODE_ENV=production
+      - SENTRY_DSN=${SENTRY_DSN}
+      - MONGO_URL=mongodb://config:${CONFIG_MONGODB_PASSWORD}@mongo1/application-config?replicaSet=rs0
+    deploy:
+      replicas: 1
+
+  scheduler:
+    environment:
+      - NODE_ENV=production
+      - OPENHIM_MONGO_URL=mongodb://openhim:${OPENHIM_MONGODB_PASSWORD}@mongo1/openhim-dev?replicaSet=rs0
+
+  documents:
+    environment:
+      - NODE_ENV=production
+
+  countryconfig:
+    image: ${DOCKERHUB_ACCOUNT}/${DOCKERHUB_REPO}:${COUNTRY_CONFIG_VERSION}
+    restart: unless-stopped
+    secrets:
+      - jwt-public-key.{{ts}}
+    environment:
+      - NODE_ENV=production
+      - FHIR_URL=http://hearth:3447/fhir
+      - AUTH_URL=http://auth:4040
+      - APPLICATION_CONFIG_URL=http://config:2021
+      - OPENHIM_URL=http://openhim-core:5001/fhir
+      - CONFIRM_REGISTRATION_URL=http://openhim-core:5001/confirm/registration
+      - CHECK_INVALID_TOKEN=true
+      - SENTRY_DSN=${SENTRY_DSN}
+      - SENDER_EMAIL_ADDRESS=${SENDER_EMAIL_ADDRESS}
+      - ALERT_EMAIL=${ALERT_EMAIL}
+      - SMTP_HOST=${SMTP_HOST}
+      - SMTP_PORT=${SMTP_PORT}
+      - SMTP_USERNAME=${SMTP_USERNAME}
+      - SMTP_PASSWORD=${SMTP_PASSWORD}
+      - SMTP_SECURE=${SMTP_SECURE}
+    deploy:
+      replicas: 1
+
+  client:
+    environment:
+      - DECLARED_DECLARATION_SEARCH_QUERY_COUNT=100
+    deploy:
+      replicas: 1
+
+  logstash:
+    deploy:
+      replicas: 1
+
+  apm-server:
+    deploy:
+      replicas: 1
+
+  components:
+    deploy:
+      replicas: 1
+
+  login:
+    deploy:
+      replicas: 1
+
+  hearth:
+    environment:
+      - mongodb__url=mongodb://hearth:${HEARTH_MONGODB_PASSWORD}@mongo1/hearth-dev?replicaSet=rs0
+    deploy:
+      replicas: 1
+
+  migration:
+    environment:
+      - USER_MGNT_MONGO_URL=mongodb://user-mgnt:${USER_MGNT_MONGODB_PASSWORD}@mongo1/user-mgnt?replicaSet=rs0
+      - APPLICATION_CONFIG_MONGO_URL=mongodb://config:${CONFIG_MONGODB_PASSWORD}@mongo1/application-config?replicaSet=rs0
+      - PERFORMANCE_MONGO_URL=mongodb://performance:${PERFORMANCE_MONGODB_PASSWORD}@mongo1/performance?replicaSet=rs0
+      - HEARTH_MONGO_URL=mongodb://hearth:${HEARTH_MONGODB_PASSWORD}@mongo1/hearth-dev?replicaSet=rs0
+      - OPENHIM_MONGO_URL=mongodb://openhim:${OPENHIM_MONGODB_PASSWORD}@mongo1/openhim-dev?replicaSet=rs0
+      - WAIT_HOSTS=mongo1:27017,influxdb:8086,minio:9000,elasticsearch:9200
+
+  openhim-core:
+    environment:
+      - mongo_url=mongodb://openhim:${OPENHIM_MONGODB_PASSWORD}@mongo1/openhim-dev?replicaSet=rs0
+      - mongo_atnaUrl=mongodb://openhim:${OPENHIM_MONGODB_PASSWORD}@mongo1/openhim-dev?replicaSet=rs0
+    deploy:
+      replicas: 1
+
+  openhim-console:
+    deploy:
+      replicas: 1
+
+  mongo-on-update:
+    environment:
+      - REPLICAS=1
+
+  traefik:
+    # These templates use an Automatic Certificate Management Environment (Let's Encrypt).
+    # This makes sure that the HTTPS certificates are automatically generated and renewed without manual maintenance.
+    #
+    # For your country to do this, your domain's DNS provider must be one of the ones listed here
+    # https://doc.traefik.io/traefik/https/acme/#providers
+    #
+    # If your DNS provider is not listed, you can use manually renewed certificate files instead of Let's Encrypt.
+    # To do this, remove the `environment` and `certificatesresolvers.certResolver.acme` sections and uncomment the following lines.
+    # You will also need to place your certificates in the `/data/traefik/certs` directory.
+    # Ensure that the file names match the ones defined below.
+    #
+    # volumes:
+    #   - /var/run/docker.sock:/var/run/docker.sock
+    #   - /data/traefik/certs:/certs
+    # command:
+    #   - --tls.certificates.certfile=/certs/crvs.cm.crt
+    #   - --tls.certificates.keyfile=/certs/crvs.cm.key
+    #   - --tls.certificates.stores=default
+    #   - --tls.stores.default.defaultcertificate.certfile=/certs/crvs.cm.crt
+    #   - --tls.stores.default.defaultcertificate.keyfile=/certs/crvs.cm.key
+
+    environment:
+      - GOOGLE_DOMAINS_ACCESS_TOKEN=${GOOGLE_DOMAINS_ACCESS_TOKEN}
+    command:
+      - --certificatesresolvers.certResolver.acme.dnschallenge=true
+      - --certificatesresolvers.certResolver.acme.dnschallenge.provider=googledomains
+      - --certificatesresolvers.certResolver.acme.email=riku@opencrvs.org
+      - --certificatesresolvers.certResolver.acme.storage=acme.json
+
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --providers.docker
+      - --providers.docker.swarmMode=true
+      - --api.dashboard=true
+      - --api.insecure=true
+      - --log.level=WARNING
+      - --entrypoints.web.http.redirections.entryPoint.to=websecure
+      - --entrypoints.web.http.redirections.entryPoint.scheme=https
+      - --entrypoints.web.http.redirections.entrypoint.permanent=true
+      - --serverstransport.insecureskipverify=true
+      - --entrypoints.websecure.address=:443
+      - --accesslog=true
+      - --accesslog.format=json
+      - --ping=true
diff --git a/infrastructure/known-hosts b/infrastructure/known-hosts
@@ -19,3 +19,9 @@ farajaland-staging.opencrvs.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAy
 farajaland-staging.opencrvs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfDAGFF+JoxQPIpJ6Ddp0UMRZRRLUh2ejJ/+2UVmONI
 167.172.105.70 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDtWH/bwdMAqkKHjV2Cz6WAoob0LWEeHIUfaUQ20YYetR5sN053sdy4+Jmnrkp47/PUfzrZHym/IYhb0HLZGzNue4QdPJmcyPJpxpvvOKeSD6qDeAeE/RGFvatCpnu2MUUrliMrspO5DSx2QTX99rBKG9+cTbgjizT6mbB2iEKRcjBwPV+96MG62QmzC9a0TTU5IhS5b1wv0uK6DMbuL3C+LIDVAYGOCKYt3EzkDg3zBr93mVwgauz5MIdQkPsuHUBn9+4H7ifuUR2/rPugdB8oo2YAXrMl2qN9IJjjP5F4bnP26QM6E9QEBHdKCn778LRXslY6zJ2vItSYKNRUA5h7FFqmIwu3tAjU9gZPo112iAOcHiHEIa69/pTPacIp5+j+m+7f9JGCkZjP76U5946g0BeXPg745dgSYyZZ+/aEU8UlHoOoom8EvTeUfGGntNWKonFFm3Z7A1E5CXOhdcA/C5UgBmdhFjbo8DVVD9Odhiky3VOuHUBtRcp8s1Lm6ts=
 167.172.105.70 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGHdwbr8ju1HXZ5PT031M3U7dOV2v2thdfopJNjtYVcXMGDw8wZJjf47FCNb4XXhFHpaSC2gxxiUAyiDlo9o4dQ=
+riku.opencrvs.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC20ZzBlMO/WoO/oVtKQvur3qHSkinvrvzcLIuB3qixloV5AMmQ0eZCXkjgQlVntD9w3DfXupQNk1pJmI1YRN1IYzogIEj44xIuBx1qcYuORw/xvdkZ0ZFx+cx7/Lv3EYVHD7DJJCCm8C59+BlTSw00o4Z1cIBfFBRoF0yjdOn1sd1Jp/+hwdA+WbIZIDEiMxl1Qxvlq3MVvu+F78rF5I7xXoOcEaYWeuwuve42l9uvQU80a0768cjbN3AE0J5FUCT+0RLup3zL/tMR8Oyo07tB7qO3YIhaPad3ZBzRXX9cTVS27pBUPArZnS7uplR+/D3lMvJ3LDuHCYF7+ci1VMbM5W+ufz05WHnv0fB3SRIB1fdOR81O71B3BNPZcsDpm6uUmuuL5RMvqvvbZiLQs7lEo0DtzSHnpx5MV7/qjqfBA9rG2uTKS5keMrU63qZzIhA7hk1KMl5V07F8H18mILLyv4+VHdY2aAalazIYiOpvGuI0nuGmsmEFfYHXtSeCQok=
+riku.opencrvs.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ3RQChpnC+tuVMFuaqF6hp29i7rIxu8RIumvIVEyy/QzEv4Uc29Fl4TfgiD5yCDpRLXoWdn0C8PzZNPDKN+SYw=
+riku.opencrvs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9VGCwhZsfRraQxxOQJkR8a15wZlb/G/jkSQbCRbYTW
+164.90.208.204 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC20ZzBlMO/WoO/oVtKQvur3qHSkinvrvzcLIuB3qixloV5AMmQ0eZCXkjgQlVntD9w3DfXupQNk1pJmI1YRN1IYzogIEj44xIuBx1qcYuORw/xvdkZ0ZFx+cx7/Lv3EYVHD7DJJCCm8C59+BlTSw00o4Z1cIBfFBRoF0yjdOn1sd1Jp/+hwdA+WbIZIDEiMxl1Qxvlq3MVvu+F78rF5I7xXoOcEaYWeuwuve42l9uvQU80a0768cjbN3AE0J5FUCT+0RLup3zL/tMR8Oyo07tB7qO3YIhaPad3ZBzRXX9cTVS27pBUPArZnS7uplR+/D3lMvJ3LDuHCYF7+ci1VMbM5W+ufz05WHnv0fB3SRIB1fdOR81O71B3BNPZcsDpm6uUmuuL5RMvqvvbZiLQs7lEo0DtzSHnpx5MV7/qjqfBA9rG2uTKS5keMrU63qZzIhA7hk1KMl5V07F8H18mILLyv4+VHdY2aAalazIYiOpvGuI0nuGmsmEFfYHXtSeCQok=
+164.90.208.204 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ3RQChpnC+tuVMFuaqF6hp29i7rIxu8RIumvIVEyy/QzEv4Uc29Fl4TfgiD5yCDpRLXoWdn0C8PzZNPDKN+SYw=
+164.90.208.204 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9VGCwhZsfRraQxxOQJkR8a15wZlb/G/jkSQbCRbYTW
diff --git a/infrastructure/server-setup/qa.yml b/infrastructure/server-setup/qa.yml
@@ -53,6 +53,7 @@ all:
     additional_keys_for_provisioning_user:
       - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDk15q1EI7FXqX9sgSpO7u89ZjcZV00k2yyq/9YNLk2XWHE54qPhOdaPPgJyuIhgDGQB20uDow/E8mIkPHNstX/Gp0GXn06L7fd/BfwFmFWi0YhLwvX5RaYjm1vIkCLDZrYQiH/GBP9GKMJv3DGORA1tWhFBKIerDwtDTBFC0ysT/nmHSEq1xYb5cSj55UaSyIQUjd1UgqO98OhzItXX4ZWeUil5gEC014dZxNMwM08F6X1XGsy5u6CP4CtpcMGk3fWQz+AdcL0nHZoLjXnIMBNLTyBjThQvupZFhLkKvqOxwQkzEBPjfaQQadnFg0N4rpMrUYqakkpAhgdwmemv13jZk41m5jofS+C4R2uBAb6dbPI0YiRgqaj1kSBGgEEPNhtT9Y0+nrJhmrypLxD0TnDl+hI/EfNpJd4TravCyjpsxUsLRpBp9A3rPAxkHrAt59r0rdCsp57KZ2dGPXJU0QPC30XJrVg05cOQdzPvfJn2Qsx+2JFW2cR4X+R2bWD6k9g8ItFq87DfN2LIeXArffkG735sCR12HCKkyyA8bS6HVr/nAxohb5UvN1HafLmL61gwbsv3OtVkpxT+SNqoXutDkqHW3+efu27dsGLdXsYyQxELZoKkJLJJW4ToU6jTvb3v9wqIEHjayBdGERH06SdXN38BFUMIa44MJVC61h/uw== runner@fv-az1386-243
       - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMiGYD2au1bsyZGfCCrOQUKkW1wIGbwHOef0u4BIvI30pXH6tL3rFM3lKa+7ejP6OBQznhRCPZCMIYMDLas9CGoAJxG4fv91iBcrk4i9J4Q+dhHm2PZv8Nq1d36jW5a4mwmDThR/ZRSFLKkaKl61k7iL8eCULakmYlVP618tk3f0mZ/jXsbUrBYt3YeVHvajPK2HVq0SpvoLQIHn2rtlEXzdAHEW1aD1dJLm2AtbHe1NWH7tJMjcWNjoiQGbuA/FYI4lVuJywmgYU/er7GcO2jnejLRWgXtBrpFSvPs4s34BpxNX/EnAvGyjM09f71LjZFtUT4EKz7x/Ct3CXgLGOe0UfTE68ZPVrySzIKZhrkXKEM7gvCrXroFRKY7S/2RcK/l4tFOgspRw9mXvhnDvv0SDdRzhQ5tSVmjk95C8vviDvypmZfBgtrAbBcQquDS/mrpu3CXgcj5Uhkpot7+fehIQo2qhq1I9wbTsD137JsOgZFYl93X1zE51G4eaHXtNNx7v9Sga/4dlOkQoxDkypw3fL2pR44xqJip+vE374aWYDrxa5NN64M1vt1bZqSvwyRyntbBL0P/oi2X30mO8I2pUDc0LZLzUeIqrVYiQc6CS+KB0kIHlAxQQdtPP4DC0AaRdyv5GTJ7+lF4urDjfj7YlZppX+t9n6qvQdqzjfvnQ== runner@fv-az982-41
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcVwsQR1HXCN8T+L49gL68zSXI5SENDcS1gKSuDBFDYtuShcDpdMtWbmVNK4fimWB2+2bGKDI1fdnXZ4y5N+YuvxAbBUJUmAsfMBIYvtxJPRdhfH5UYOe3BBEfG7w1Fm7xp0YwO1EuA2Bgh9xp1nyPLMdaW3jeccxJ/n7wZZ0GYEOUtNlqZJhw6l5F8gr67k1MuWlV9HMA+SrvefvL+G1PkCAd9egkhLbN0bCgPKMtEhQT+7b3bQCCOpiNp1hGQ62J59EqWaNKnXMsqr7P2vqJOABR9M3K8nNe5eR9/U5GKXFZRu2+hYfh+G9ji1PtprPRiLxbapQUw6c5QpGi2Q9xc7AChNCOfCvG9tHouyNjjfR+6e+nLdgh4LjtTt+ddRVE9mI9BG56L3AYwsQiwUtLFOI6aAMkZQqSwRMERaeKCRs5TQaiG317QyE3J/YahiLVaK34F3GbCsRGt252x7U1gl8Zm06VB/5dKD60WAjREFr1xfh7IS+j3jcKFHR20t8= provision@riku-staging
 docker-manager-first:
   hosts:
     farajaland-qa:

diff --git a/infrastructure/server-setup/riku-staging.yml b/infrastructure/server-setup/riku-staging.yml
@@ -0,0 +1,54 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# OpenCRVS is also distributed under the terms of the Civil Registration
+# & Healthcare Disclaimer located at http://opencrvs.org/license.
+#
+# Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
+all:
+  vars:
+    # This configuration variable blocks all access to the server, including SSH, except from the IP addresses specified below.
+    # This should always be set when configuring a production server if there is no other firewall in front of the server.
+    # SSH and other services should never be exposed to the public internet.
+    only_allow_access_from_addresses:
+      - 165.22.110.53
+    enable_backups: false
+    periodic_restore_from_backup: true
+    # external_backup_server_ssh_port: Defined in --extra-vars by the provisioning pipeline
+    # external_backup_server_ip: Defined in --extra-vars by the provisioning pipeline
+    users:
+      # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent
+      - name: riku
+        ssh_keys:
+          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWIF63S4f3z9wQMvWibmvl7MPuJ6EVrkP0HuvgNhcs/4DZYMcR/GRBvV4ldOSYMlBevIXycgGzNDxKJgENUuwIWanjBu7uVAHyD6+cIRD1h63qq7Cjv/2HYTfBDKOrKzPOhA6zWvKO0ZGWsjRXk5LWMCbKOkvKJCxOpj/NVBxeE4FTK5YADYPV3OSsmBtqTHrVLm2sMmShU/2hMYYswWkobidjX65+nK/X+3C+yJbHwiydVvn+QCrFlFfCLPWKe8rUpOxyxofPqWVQh6CHhHfT8okaOc9sOE8Qeip9ljo84DftJh3Xm3ynOdWK1hH2BvRvxNadWqcE1qECbkg4tx2x riku.rouvila@gmail.com
+        state: present
+        sudoer: true
+      - name: euan
+        ssh_keys:
+          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDECqHO65UpyrrO8uueD06RxGaVVq22f152Rf8qVQQAAIGAMu6gCs7ztlZ8a3yQgSEIjM/Jl1/RqIVs6CziTEef74nLFTZ5Ufz3CLRVgdebBeSBEmhTfTUV0HLkSyNzwKFpuzJxucGd72ulPvEp6eHvyJAPJz37YcU8cjaL1v05T6s2ee99li35GlDDtCzfjVV4ZPAg5JdfWuTj41RAVC0LQhk2/NB4qEu37UxGGjhRFSjBEsS5LxI9QfvgrsHpl/VOn+soH7ZkK7kS6qRgNP/uYsXRWXhHaamcl5OX68gJWTbrW6c7PCqlbCWGnsHJswCmqPIthwXXMfC7ULDNLSKG6mslAt5Dyc8/MCr3vTW7pDyr2d0FvvY86SMQUggxv3qF7TZewqfX1bhK0fMLarIxVMQ1RFo//wN9QGA+2we8rxd2Y1Kr1DBuJyuwXPfv+Exo8yNYQ+x/AYH5k6UVcSYuaB8eYmplG2KQCxt8RBFtoChrwOKNRWLqXdKyfpdp5XmnnWxPvR95gf3h3yLocVYkF0i0uvKKJ0vt8J0Ezfkdfow0B1kUg5bPXKJROX7PwbaCPdYcxyDaO6wwOigRnSmoFvkH1pLb4j1RQAXcX531CHgfN6Izi/h0mpMS4bnyIUcv2GQr+h4z4TxcCtj7qpH2y6yw7XG12jVh7TfeesXG2Q== euanmillar77@gmail.com
+        state: present
+        sudoer: true
+      - name: tameem
+        ssh_keys:
+          - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGUprcQyUFYwRto0aRpgriR95C1pgNxrQ0lEWEe1D8he haidertameem@gmail.com
+        state: present
+        sudoer: true
+      - name: ashikul
+        ssh_keys:
+          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFr/v3hUGEbc2wQsDLCmqLrwiz964yVrnLZ6kafemjmX8aRGLp1CNFvrZ674SLnXidZGMkx9d5xVvv8IdFR3R50MqSqfolF43MV34/JVHjQHh9Vk4MJT/3GIaeNmr2GQ/38qAmt2BQn1ecnb7FjNO2bFvHokLhm2wCXt+A4avuTgJe0p4e6uu01IHeIzDb5sPzZ3ID0h6jJnjEDcET+Lf5NGpCjn7YKhLhBWSSl9cXQdOGLzNzg3aBk32kgJ1beP1funSeVd0jniJPZeZRC1G/kRdqBUOHKiENtwgquzZxXzdHkZV9+4mF7YGlx6LpQdNuDpW7JADtYNldtdbexdyfrgNoRzKwyMmaKNDbeHd1FsIHSDJmGm9hCoLTM2dEtsGzgghfe0tat8sOWmsj5v2en0V8rKV+w8OQEmHtaQkgMjqmZaAnd8uWiB2xIbrUuax5Pq8zkj37xnfbRxUPOEkMlOUbhh1wzGbqeUEB7nbv/vXZxwC0b7ryMk5egBP+0ZRONsdib9RkSTr3B9uSb7iTOQftdhy+CTqqOq+6s+TyC2qnu12B1WZb9sx9jQl0mBHd9gx/FgYDs8jfIr2vF4jRkejW/moaVqvCd/FLyS91eCMXQjIXdGKWKPUUL7GEBqdZRLnYSJOqgPp9sk1+NEvMabTXlWmoUjaShq8z+o7JsQ== nileeeem36@gmail.com
+        state: present
+        sudoer: true
+docker-manager-first:
+  hosts:
+    riku-staging:
+      ansible_host: '164.90.208.204'
+      data_label: data1
+      ansible_ssh_common_args: '-J jump@165.22.110.53 -o StrictHostKeyChecking=no'
+
+# QA and staging servers are not configured to use workers.
+docker-workers: {}
+backups:
+  hosts:
+    farajaland-qa:
+      ansible_host: '165.22.110.53'