From ea79481f806dd706171ff69ecf871c7c2d96b64a Mon Sep 17 00:00:00 2001 From: Riku Rouvila Date: Tue, 27 Feb 2024 17:17:03 +0200 Subject: [PATCH] setup environment detauls --- .github/workflows/deploy.yml | 1 + .github/workflows/provision.yml | 1 + .../docker-compose.riku-staging-deploy.yml | 219 ++++++++++++++++++ infrastructure/known-hosts | 6 + infrastructure/server-setup/qa.yml | 1 + infrastructure/server-setup/riku-staging.yml | 54 +++++ 6 files changed, 282 insertions(+) create mode 100644 infrastructure/docker-compose.riku-staging-deploy.yml create mode 100644 infrastructure/server-setup/riku-staging.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 867d6849a..36eed07bb 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -10,6 +10,7 @@ on: default: 'staging' options: - staging + - riku-staging - qa - development core-image-tag: diff --git a/.github/workflows/provision.yml b/.github/workflows/provision.yml index cb3ba4c06..9d28b1517 100644 --- a/.github/workflows/provision.yml +++ b/.github/workflows/provision.yml @@ -10,6 +10,7 @@ on: required: true options: - development + - riku-staging - staging - qa - production diff --git a/infrastructure/docker-compose.riku-staging-deploy.yml b/infrastructure/docker-compose.riku-staging-deploy.yml new file mode 100644 index 000000000..3e4a1f121 --- /dev/null +++ b/infrastructure/docker-compose.riku-staging-deploy.yml @@ -0,0 +1,219 @@ +version: '3.3' + +# +# Production deployments of OpenCRVS should never be exposed to the internet. +# Instead, they should be deployed on a private network and exposed to the internet via a VPN. +# +# Before you deploy staging or production environments, make sure the application servers are +# either in an internal network or protected with a firewall. No ports should be exposed to the internet. +# +# The VPN_HOST_ADDRESS environment variable should be set to the IP address where all inbound traffic is coming from. +# In most cases, this is the VPN server's public IP address. +# +# ${VPN_HOST_ADDRESS} +# + +services: + gateway: + environment: + - NODE_ENV=production + - LANGUAGES=en,fr + - SENTRY_DSN=${SENTRY_DSN} + deploy: + replicas: 1 + + workflow: + environment: + - NODE_ENV=production + - LANGUAGES=en,fr + - SENTRY_DSN=${SENTRY_DSN} + deploy: + replicas: 1 + + search: + environment: + - NODE_ENV=production + - SENTRY_DSN=${SENTRY_DSN} + deploy: + replicas: 1 + + metrics: + environment: + - QA_ENV=true + - NODE_ENV=production + - SENTRY_DSN=${SENTRY_DSN} + - MONGO_URL=mongodb://metrics:${METRICS_MONGODB_PASSWORD}@mongo1/metrics?replicaSet=rs0 + - HEARTH_MONGO_URL=mongodb://hearth:${HEARTH_MONGODB_PASSWORD}@mongo1/hearth-dev?replicaSet=rs0 + - DASHBOARD_MONGO_URL=mongodb://performance:${PERFORMANCE_MONGODB_PASSWORD}@mongo1/performance?replicaSet=rs0 + + auth: + environment: + - QA_ENV=true + - NODE_ENV=production + - SENTRY_DSN=${SENTRY_DSN} + deploy: + replicas: 1 + + user-mgnt: + environment: + - QA_ENV=true + - NODE_ENV=production + - SENTRY_DSN=${SENTRY_DSN} + - MONGO_URL=mongodb://user-mgnt:${USER_MGNT_MONGODB_PASSWORD}@mongo1/user-mgnt?replicaSet=rs0 + deploy: + replicas: 1 + + notification: + environment: + - NODE_ENV=production + - LANGUAGES=en,fr + - SENTRY_DSN=${SENTRY_DSN} + deploy: + replicas: 1 + + webhooks: + environment: + - NODE_ENV=production + - SENTRY_DSN=${SENTRY_DSN} + - MONGO_URL=mongodb://webhooks:${WEBHOOKS_MONGODB_PASSWORD}@mongo1/webhooks?replicaSet=rs0 + deploy: + replicas: 1 + + config: + environment: + - NODE_ENV=production + - SENTRY_DSN=${SENTRY_DSN} + - MONGO_URL=mongodb://config:${CONFIG_MONGODB_PASSWORD}@mongo1/application-config?replicaSet=rs0 + deploy: + replicas: 1 + + scheduler: + environment: + - NODE_ENV=production + - OPENHIM_MONGO_URL=mongodb://openhim:${OPENHIM_MONGODB_PASSWORD}@mongo1/openhim-dev?replicaSet=rs0 + + documents: + environment: + - NODE_ENV=production + + countryconfig: + image: ${DOCKERHUB_ACCOUNT}/${DOCKERHUB_REPO}:${COUNTRY_CONFIG_VERSION} + restart: unless-stopped + secrets: + - jwt-public-key.{{ts}} + environment: + - NODE_ENV=production + - FHIR_URL=http://hearth:3447/fhir + - AUTH_URL=http://auth:4040 + - APPLICATION_CONFIG_URL=http://config:2021 + - OPENHIM_URL=http://openhim-core:5001/fhir + - CONFIRM_REGISTRATION_URL=http://openhim-core:5001/confirm/registration + - CHECK_INVALID_TOKEN=true + - SENTRY_DSN=${SENTRY_DSN} + - SENDER_EMAIL_ADDRESS=${SENDER_EMAIL_ADDRESS} + - ALERT_EMAIL=${ALERT_EMAIL} + - SMTP_HOST=${SMTP_HOST} + - SMTP_PORT=${SMTP_PORT} + - SMTP_USERNAME=${SMTP_USERNAME} + - SMTP_PASSWORD=${SMTP_PASSWORD} + - SMTP_SECURE=${SMTP_SECURE} + deploy: + replicas: 1 + + client: + environment: + - DECLARED_DECLARATION_SEARCH_QUERY_COUNT=100 + deploy: + replicas: 1 + + logstash: + deploy: + replicas: 1 + + apm-server: + deploy: + replicas: 1 + + components: + deploy: + replicas: 1 + + login: + deploy: + replicas: 1 + + hearth: + environment: + - mongodb__url=mongodb://hearth:${HEARTH_MONGODB_PASSWORD}@mongo1/hearth-dev?replicaSet=rs0 + deploy: + replicas: 1 + + migration: + environment: + - USER_MGNT_MONGO_URL=mongodb://user-mgnt:${USER_MGNT_MONGODB_PASSWORD}@mongo1/user-mgnt?replicaSet=rs0 + - APPLICATION_CONFIG_MONGO_URL=mongodb://config:${CONFIG_MONGODB_PASSWORD}@mongo1/application-config?replicaSet=rs0 + - PERFORMANCE_MONGO_URL=mongodb://performance:${PERFORMANCE_MONGODB_PASSWORD}@mongo1/performance?replicaSet=rs0 + - HEARTH_MONGO_URL=mongodb://hearth:${HEARTH_MONGODB_PASSWORD}@mongo1/hearth-dev?replicaSet=rs0 + - OPENHIM_MONGO_URL=mongodb://openhim:${OPENHIM_MONGODB_PASSWORD}@mongo1/openhim-dev?replicaSet=rs0 + - WAIT_HOSTS=mongo1:27017,influxdb:8086,minio:9000,elasticsearch:9200 + + openhim-core: + environment: + - mongo_url=mongodb://openhim:${OPENHIM_MONGODB_PASSWORD}@mongo1/openhim-dev?replicaSet=rs0 + - mongo_atnaUrl=mongodb://openhim:${OPENHIM_MONGODB_PASSWORD}@mongo1/openhim-dev?replicaSet=rs0 + deploy: + replicas: 1 + + openhim-console: + deploy: + replicas: 1 + + mongo-on-update: + environment: + - REPLICAS=1 + + traefik: + # These templates use an Automatic Certificate Management Environment (Let's Encrypt). + # This makes sure that the HTTPS certificates are automatically generated and renewed without manual maintenance. + # + # For your country to do this, your domain's DNS provider must be one of the ones listed here + # https://doc.traefik.io/traefik/https/acme/#providers + # + # If your DNS provider is not listed, you can use manually renewed certificate files instead of Let's Encrypt. + # To do this, remove the `environment` and `certificatesresolvers.certResolver.acme` sections and uncomment the following lines. + # You will also need to place your certificates in the `/data/traefik/certs` directory. + # Ensure that the file names match the ones defined below. + # + # volumes: + # - /var/run/docker.sock:/var/run/docker.sock + # - /data/traefik/certs:/certs + # command: + # - --tls.certificates.certfile=/certs/crvs.cm.crt + # - --tls.certificates.keyfile=/certs/crvs.cm.key + # - --tls.certificates.stores=default + # - --tls.stores.default.defaultcertificate.certfile=/certs/crvs.cm.crt + # - --tls.stores.default.defaultcertificate.keyfile=/certs/crvs.cm.key + + environment: + - GOOGLE_DOMAINS_ACCESS_TOKEN=${GOOGLE_DOMAINS_ACCESS_TOKEN} + command: + - --certificatesresolvers.certResolver.acme.dnschallenge=true + - --certificatesresolvers.certResolver.acme.dnschallenge.provider=googledomains + - --certificatesresolvers.certResolver.acme.email=riku@opencrvs.org + - --certificatesresolvers.certResolver.acme.storage=acme.json + + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + - --providers.docker + - --providers.docker.swarmMode=true + - --api.dashboard=true + - --api.insecure=true + - --log.level=WARNING + - --entrypoints.web.http.redirections.entryPoint.to=websecure + - --entrypoints.web.http.redirections.entryPoint.scheme=https + - --entrypoints.web.http.redirections.entrypoint.permanent=true + - --serverstransport.insecureskipverify=true + - --entrypoints.websecure.address=:443 + - --accesslog=true + - --accesslog.format=json + - --ping=true diff --git a/infrastructure/known-hosts b/infrastructure/known-hosts index edb968243..11e568c17 100644 --- a/infrastructure/known-hosts +++ b/infrastructure/known-hosts @@ -19,3 +19,9 @@ farajaland-staging.opencrvs.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAy farajaland-staging.opencrvs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfDAGFF+JoxQPIpJ6Ddp0UMRZRRLUh2ejJ/+2UVmONI 167.172.105.70 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDtWH/bwdMAqkKHjV2Cz6WAoob0LWEeHIUfaUQ20YYetR5sN053sdy4+Jmnrkp47/PUfzrZHym/IYhb0HLZGzNue4QdPJmcyPJpxpvvOKeSD6qDeAeE/RGFvatCpnu2MUUrliMrspO5DSx2QTX99rBKG9+cTbgjizT6mbB2iEKRcjBwPV+96MG62QmzC9a0TTU5IhS5b1wv0uK6DMbuL3C+LIDVAYGOCKYt3EzkDg3zBr93mVwgauz5MIdQkPsuHUBn9+4H7ifuUR2/rPugdB8oo2YAXrMl2qN9IJjjP5F4bnP26QM6E9QEBHdKCn778LRXslY6zJ2vItSYKNRUA5h7FFqmIwu3tAjU9gZPo112iAOcHiHEIa69/pTPacIp5+j+m+7f9JGCkZjP76U5946g0BeXPg745dgSYyZZ+/aEU8UlHoOoom8EvTeUfGGntNWKonFFm3Z7A1E5CXOhdcA/C5UgBmdhFjbo8DVVD9Odhiky3VOuHUBtRcp8s1Lm6ts= 167.172.105.70 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGHdwbr8ju1HXZ5PT031M3U7dOV2v2thdfopJNjtYVcXMGDw8wZJjf47FCNb4XXhFHpaSC2gxxiUAyiDlo9o4dQ= +riku.opencrvs.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC20ZzBlMO/WoO/oVtKQvur3qHSkinvrvzcLIuB3qixloV5AMmQ0eZCXkjgQlVntD9w3DfXupQNk1pJmI1YRN1IYzogIEj44xIuBx1qcYuORw/xvdkZ0ZFx+cx7/Lv3EYVHD7DJJCCm8C59+BlTSw00o4Z1cIBfFBRoF0yjdOn1sd1Jp/+hwdA+WbIZIDEiMxl1Qxvlq3MVvu+F78rF5I7xXoOcEaYWeuwuve42l9uvQU80a0768cjbN3AE0J5FUCT+0RLup3zL/tMR8Oyo07tB7qO3YIhaPad3ZBzRXX9cTVS27pBUPArZnS7uplR+/D3lMvJ3LDuHCYF7+ci1VMbM5W+ufz05WHnv0fB3SRIB1fdOR81O71B3BNPZcsDpm6uUmuuL5RMvqvvbZiLQs7lEo0DtzSHnpx5MV7/qjqfBA9rG2uTKS5keMrU63qZzIhA7hk1KMl5V07F8H18mILLyv4+VHdY2aAalazIYiOpvGuI0nuGmsmEFfYHXtSeCQok= +riku.opencrvs.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ3RQChpnC+tuVMFuaqF6hp29i7rIxu8RIumvIVEyy/QzEv4Uc29Fl4TfgiD5yCDpRLXoWdn0C8PzZNPDKN+SYw= +riku.opencrvs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9VGCwhZsfRraQxxOQJkR8a15wZlb/G/jkSQbCRbYTW +164.90.208.204 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC20ZzBlMO/WoO/oVtKQvur3qHSkinvrvzcLIuB3qixloV5AMmQ0eZCXkjgQlVntD9w3DfXupQNk1pJmI1YRN1IYzogIEj44xIuBx1qcYuORw/xvdkZ0ZFx+cx7/Lv3EYVHD7DJJCCm8C59+BlTSw00o4Z1cIBfFBRoF0yjdOn1sd1Jp/+hwdA+WbIZIDEiMxl1Qxvlq3MVvu+F78rF5I7xXoOcEaYWeuwuve42l9uvQU80a0768cjbN3AE0J5FUCT+0RLup3zL/tMR8Oyo07tB7qO3YIhaPad3ZBzRXX9cTVS27pBUPArZnS7uplR+/D3lMvJ3LDuHCYF7+ci1VMbM5W+ufz05WHnv0fB3SRIB1fdOR81O71B3BNPZcsDpm6uUmuuL5RMvqvvbZiLQs7lEo0DtzSHnpx5MV7/qjqfBA9rG2uTKS5keMrU63qZzIhA7hk1KMl5V07F8H18mILLyv4+VHdY2aAalazIYiOpvGuI0nuGmsmEFfYHXtSeCQok= +164.90.208.204 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ3RQChpnC+tuVMFuaqF6hp29i7rIxu8RIumvIVEyy/QzEv4Uc29Fl4TfgiD5yCDpRLXoWdn0C8PzZNPDKN+SYw= +164.90.208.204 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH9VGCwhZsfRraQxxOQJkR8a15wZlb/G/jkSQbCRbYTW diff --git a/infrastructure/server-setup/qa.yml b/infrastructure/server-setup/qa.yml index 3c35b4f79..077483eb5 100644 --- a/infrastructure/server-setup/qa.yml +++ b/infrastructure/server-setup/qa.yml @@ -53,6 +53,7 @@ all: additional_keys_for_provisioning_user: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDk15q1EI7FXqX9sgSpO7u89ZjcZV00k2yyq/9YNLk2XWHE54qPhOdaPPgJyuIhgDGQB20uDow/E8mIkPHNstX/Gp0GXn06L7fd/BfwFmFWi0YhLwvX5RaYjm1vIkCLDZrYQiH/GBP9GKMJv3DGORA1tWhFBKIerDwtDTBFC0ysT/nmHSEq1xYb5cSj55UaSyIQUjd1UgqO98OhzItXX4ZWeUil5gEC014dZxNMwM08F6X1XGsy5u6CP4CtpcMGk3fWQz+AdcL0nHZoLjXnIMBNLTyBjThQvupZFhLkKvqOxwQkzEBPjfaQQadnFg0N4rpMrUYqakkpAhgdwmemv13jZk41m5jofS+C4R2uBAb6dbPI0YiRgqaj1kSBGgEEPNhtT9Y0+nrJhmrypLxD0TnDl+hI/EfNpJd4TravCyjpsxUsLRpBp9A3rPAxkHrAt59r0rdCsp57KZ2dGPXJU0QPC30XJrVg05cOQdzPvfJn2Qsx+2JFW2cR4X+R2bWD6k9g8ItFq87DfN2LIeXArffkG735sCR12HCKkyyA8bS6HVr/nAxohb5UvN1HafLmL61gwbsv3OtVkpxT+SNqoXutDkqHW3+efu27dsGLdXsYyQxELZoKkJLJJW4ToU6jTvb3v9wqIEHjayBdGERH06SdXN38BFUMIa44MJVC61h/uw== runner@fv-az1386-243 - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMiGYD2au1bsyZGfCCrOQUKkW1wIGbwHOef0u4BIvI30pXH6tL3rFM3lKa+7ejP6OBQznhRCPZCMIYMDLas9CGoAJxG4fv91iBcrk4i9J4Q+dhHm2PZv8Nq1d36jW5a4mwmDThR/ZRSFLKkaKl61k7iL8eCULakmYlVP618tk3f0mZ/jXsbUrBYt3YeVHvajPK2HVq0SpvoLQIHn2rtlEXzdAHEW1aD1dJLm2AtbHe1NWH7tJMjcWNjoiQGbuA/FYI4lVuJywmgYU/er7GcO2jnejLRWgXtBrpFSvPs4s34BpxNX/EnAvGyjM09f71LjZFtUT4EKz7x/Ct3CXgLGOe0UfTE68ZPVrySzIKZhrkXKEM7gvCrXroFRKY7S/2RcK/l4tFOgspRw9mXvhnDvv0SDdRzhQ5tSVmjk95C8vviDvypmZfBgtrAbBcQquDS/mrpu3CXgcj5Uhkpot7+fehIQo2qhq1I9wbTsD137JsOgZFYl93X1zE51G4eaHXtNNx7v9Sga/4dlOkQoxDkypw3fL2pR44xqJip+vE374aWYDrxa5NN64M1vt1bZqSvwyRyntbBL0P/oi2X30mO8I2pUDc0LZLzUeIqrVYiQc6CS+KB0kIHlAxQQdtPP4DC0AaRdyv5GTJ7+lF4urDjfj7YlZppX+t9n6qvQdqzjfvnQ== runner@fv-az982-41 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcVwsQR1HXCN8T+L49gL68zSXI5SENDcS1gKSuDBFDYtuShcDpdMtWbmVNK4fimWB2+2bGKDI1fdnXZ4y5N+YuvxAbBUJUmAsfMBIYvtxJPRdhfH5UYOe3BBEfG7w1Fm7xp0YwO1EuA2Bgh9xp1nyPLMdaW3jeccxJ/n7wZZ0GYEOUtNlqZJhw6l5F8gr67k1MuWlV9HMA+SrvefvL+G1PkCAd9egkhLbN0bCgPKMtEhQT+7b3bQCCOpiNp1hGQ62J59EqWaNKnXMsqr7P2vqJOABR9M3K8nNe5eR9/U5GKXFZRu2+hYfh+G9ji1PtprPRiLxbapQUw6c5QpGi2Q9xc7AChNCOfCvG9tHouyNjjfR+6e+nLdgh4LjtTt+ddRVE9mI9BG56L3AYwsQiwUtLFOI6aAMkZQqSwRMERaeKCRs5TQaiG317QyE3J/YahiLVaK34F3GbCsRGt252x7U1gl8Zm06VB/5dKD60WAjREFr1xfh7IS+j3jcKFHR20t8= provision@riku-staging docker-manager-first: hosts: farajaland-qa: diff --git a/infrastructure/server-setup/riku-staging.yml b/infrastructure/server-setup/riku-staging.yml new file mode 100644 index 000000000..0e9a8d565 --- /dev/null +++ b/infrastructure/server-setup/riku-staging.yml @@ -0,0 +1,54 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at https://mozilla.org/MPL/2.0/. +# +# OpenCRVS is also distributed under the terms of the Civil Registration +# & Healthcare Disclaimer located at http://opencrvs.org/license. +# +# Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS. +all: + vars: + # This configuration variable blocks all access to the server, including SSH, except from the IP addresses specified below. + # This should always be set when configuring a production server if there is no other firewall in front of the server. + # SSH and other services should never be exposed to the public internet. + only_allow_access_from_addresses: + - 165.22.110.53 + enable_backups: false + periodic_restore_from_backup: true + # external_backup_server_ssh_port: Defined in --extra-vars by the provisioning pipeline + # external_backup_server_ip: Defined in --extra-vars by the provisioning pipeline + users: + # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent + - name: riku + ssh_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWIF63S4f3z9wQMvWibmvl7MPuJ6EVrkP0HuvgNhcs/4DZYMcR/GRBvV4ldOSYMlBevIXycgGzNDxKJgENUuwIWanjBu7uVAHyD6+cIRD1h63qq7Cjv/2HYTfBDKOrKzPOhA6zWvKO0ZGWsjRXk5LWMCbKOkvKJCxOpj/NVBxeE4FTK5YADYPV3OSsmBtqTHrVLm2sMmShU/2hMYYswWkobidjX65+nK/X+3C+yJbHwiydVvn+QCrFlFfCLPWKe8rUpOxyxofPqWVQh6CHhHfT8okaOc9sOE8Qeip9ljo84DftJh3Xm3ynOdWK1hH2BvRvxNadWqcE1qECbkg4tx2x riku.rouvila@gmail.com + state: present + sudoer: true + - name: euan + ssh_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDECqHO65UpyrrO8uueD06RxGaVVq22f152Rf8qVQQAAIGAMu6gCs7ztlZ8a3yQgSEIjM/Jl1/RqIVs6CziTEef74nLFTZ5Ufz3CLRVgdebBeSBEmhTfTUV0HLkSyNzwKFpuzJxucGd72ulPvEp6eHvyJAPJz37YcU8cjaL1v05T6s2ee99li35GlDDtCzfjVV4ZPAg5JdfWuTj41RAVC0LQhk2/NB4qEu37UxGGjhRFSjBEsS5LxI9QfvgrsHpl/VOn+soH7ZkK7kS6qRgNP/uYsXRWXhHaamcl5OX68gJWTbrW6c7PCqlbCWGnsHJswCmqPIthwXXMfC7ULDNLSKG6mslAt5Dyc8/MCr3vTW7pDyr2d0FvvY86SMQUggxv3qF7TZewqfX1bhK0fMLarIxVMQ1RFo//wN9QGA+2we8rxd2Y1Kr1DBuJyuwXPfv+Exo8yNYQ+x/AYH5k6UVcSYuaB8eYmplG2KQCxt8RBFtoChrwOKNRWLqXdKyfpdp5XmnnWxPvR95gf3h3yLocVYkF0i0uvKKJ0vt8J0Ezfkdfow0B1kUg5bPXKJROX7PwbaCPdYcxyDaO6wwOigRnSmoFvkH1pLb4j1RQAXcX531CHgfN6Izi/h0mpMS4bnyIUcv2GQr+h4z4TxcCtj7qpH2y6yw7XG12jVh7TfeesXG2Q== euanmillar77@gmail.com + state: present + sudoer: true + - name: tameem + ssh_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGUprcQyUFYwRto0aRpgriR95C1pgNxrQ0lEWEe1D8he haidertameem@gmail.com + state: present + sudoer: true + - name: ashikul + ssh_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFr/v3hUGEbc2wQsDLCmqLrwiz964yVrnLZ6kafemjmX8aRGLp1CNFvrZ674SLnXidZGMkx9d5xVvv8IdFR3R50MqSqfolF43MV34/JVHjQHh9Vk4MJT/3GIaeNmr2GQ/38qAmt2BQn1ecnb7FjNO2bFvHokLhm2wCXt+A4avuTgJe0p4e6uu01IHeIzDb5sPzZ3ID0h6jJnjEDcET+Lf5NGpCjn7YKhLhBWSSl9cXQdOGLzNzg3aBk32kgJ1beP1funSeVd0jniJPZeZRC1G/kRdqBUOHKiENtwgquzZxXzdHkZV9+4mF7YGlx6LpQdNuDpW7JADtYNldtdbexdyfrgNoRzKwyMmaKNDbeHd1FsIHSDJmGm9hCoLTM2dEtsGzgghfe0tat8sOWmsj5v2en0V8rKV+w8OQEmHtaQkgMjqmZaAnd8uWiB2xIbrUuax5Pq8zkj37xnfbRxUPOEkMlOUbhh1wzGbqeUEB7nbv/vXZxwC0b7ryMk5egBP+0ZRONsdib9RkSTr3B9uSb7iTOQftdhy+CTqqOq+6s+TyC2qnu12B1WZb9sx9jQl0mBHd9gx/FgYDs8jfIr2vF4jRkejW/moaVqvCd/FLyS91eCMXQjIXdGKWKPUUL7GEBqdZRLnYSJOqgPp9sk1+NEvMabTXlWmoUjaShq8z+o7JsQ== nileeeem36@gmail.com + state: present + sudoer: true +docker-manager-first: + hosts: + riku-staging: + ansible_host: '164.90.208.204' + data_label: data1 + ansible_ssh_common_args: '-J jump@165.22.110.53 -o StrictHostKeyChecking=no' + +# QA and staging servers are not configured to use workers. +docker-workers: {} +backups: + hosts: + farajaland-qa: + ansible_host: '165.22.110.53'