fix(link): depend on frontend nginx

playbooks/link.yml

@@ -27,6 +27,14 @@
         group: "{{ podman_prometheus_podman_rootless_user }}"
         mode: "0444"
       become: true
+    - name: Podman CDR Link | Update legacy instance list for Prometheus
+      ansible.builtin.template:
+        src: oldlink_sd.yml
+        dest: "/home/{{ podman_prometheus_podman_rootless_user }}/file-configs/oldlink.yml"
+        owner: "{{ podman_prometheus_podman_rootless_user }}"
+        group: "{{ podman_prometheus_podman_rootless_user }}"
+        mode: "0444"
+      become: true
 
 - name: Legacy Link | Set up ClouDNS monitoring of legacy (Docker Compose) Link instances
   hosts:

playbooks/templates/oldlink_sd.yml

@@ -0,0 +1,9 @@
+---
+{% for host in groups['legacy_link'] %}
+- targets:
+    - "{{ hostvars[host].vpc_ip | default(host) }}:9100"
+  labels:
+    job: node
+    app: legacy_link
+    instance: "{{ host }}"
+{% endfor %}

roles/podman_link/defaults/main.yml

@@ -1,6 +1,6 @@
 # podman_link_podman_rootless_user:
 podman_link_web_hostname: "{{ inventory_hostname }}"
-podman_link_stack_version: 3.3.2
+podman_link_stack_version: 3.4.2-beta.3
 podman_link_postgres_zammad_user: postgres
 podman_link_postgres_zammad_database: zammad_production
 podman_link_postgres_link_user: link
@@ -13,7 +13,6 @@ podman_link_postgres_link_database: link
 podman_link_opensearch_memory_limit: 2048
 podman_link_setup_mode: false
 podman_link_leafcutter_enabled: false
-podman_link_dashboard_url: ""
 podman_link_zammad_api_token: ""
 # podman_link_nextauth_secret:
 # podman_link_google_client_id:
@@ -26,5 +25,3 @@ podman_link_zammad_api_token: ""
 podman_link_postgres_zammad_postgresql_host: zammad-postgresql
 podman_link_postgres_zammad_es_host: opensearch
 podman_link_postgres_zammad_memcached_server: zammad-memcached:11211
-# podman_link_opensearch_hub_ip:
-# podman_link_opensearch_spoke_ip:

roles/podman_link/tasks/main.yml

@@ -8,23 +8,6 @@
     mode: "0444"
   become: true
 
-- name: Allow access from hub to spoke to Opensearch using firewalld rich rule
-  ansible.posix.firewalld:
-    rich_rule: >-
-      rule family="ipv4"
-      source address="{{ podman_link_opensearch_hub_ip }}"
-      destination address="{{ podman_link_opensearch_spoke_ip }}"
-      port protocol="tcp" port="{{ item }}" accept
-    permanent: true
-    state: enabled
-  with_items:
-    - 9200
-    - 9300
-  when:
-    - podman_link_opensearch_hub_ip is defined
-    - podman_link_opensearch_spoke_ip is defined
-  become: true
-
 - name: Podman CDR Link | PATCH | Install podman and verify rootless podman user
   ansible.builtin.include_role:
     role: sr2c.core.podman_host
@@ -85,18 +68,6 @@
   notify:
     - Restart Link
 
-# Opensearch Dashboards runs with UID/GID 1000 inside the container
-- name: Podman CDR Link | PATCH | Install Opensearch Dashboards configuration
-  ansible.builtin.template:
-    src: home/opensearch-dashboards.yml
-    dest: "/home/{{ podman_link_podman_rootless_user }}/opensearch-dashboards.yml"
-    mode: "0400"
-    owner: "{{ _podman_link_user_subuid_start + 999 }}"
-    group: "{{ _podman_link_user_subgid_start + 999 }}"
-  become: true
-  notify:
-    - Restart Link
-
 # Zammad runs with UID/GID 1000 inside the container
 - name: Podman CDR Link | PATCH | Install Zammad database configuration file
   ansible.builtin.template:
@@ -253,7 +224,6 @@
   with_items:
     - link.container
     - zammad-opensearch.container
-    - opensearch-dashboards.container
     - bridge-worker.container
     - bridge-postgresql.container
     - bridge-whatsapp.container

roles/podman_link/templates/etc/motd.d/10-data-plate.txt

@@ -3,7 +3,7 @@
     Podman user: {{ podman_link_podman_rootless_user }}
     =========================================================
     # Become the podman user
-    sudo -iu {{ podman_link_podman_rootless_user }}
+    sudo -iu {{ podman_link_podman_rootless_user }} bash
     # Check the Link stack status
     systemctl --user status link.target
     # Restart the Link stack

roles/podman_link/templates/home/config/containers/systemd/common-bridge.env

@@ -3,11 +3,10 @@ POSTGRES_PASSWORD={{ podman_link_postgres_link_password }}
 POSTGRES_DB={{ podman_link_postgres_link_database }}
 NEXTAUTH_URL=https://{{ podman_link_web_hostname }}/link/api/auth
 NEXTAUTH_SECRET={{ podman_link_nextauth_secret }}
-{% if podman_link_google_client_id is defined %}
+KEYCLOAK_ISSUER={{ podman_link_keycloak_issuer }}
-GOOGLE_CLIENT_ID={{ podman_link_google_client_id }}
+KEYCLOAK_CLIENT_ID={{ podman_link_keycloak_id }}
-GOOGLE_CLIENT_SECRET={{ podman_link_google_client_secret }}
+KEYCLOAK_CLIENT_SECRET={{ podman_link_keycloak_secret }}
-{% endif %}
+BRIDGE_FRONTEND_URL=http://link:3000/link
-BRIDGE_FRONTEND_URL=http://link:3000
 BRIDGE_SIGNAL_URL=http://signal-cli-rest-api:8081
 BRIDGE_WHATSAPP_URL=http://bridge-whatsapp:5000
 DATABASE_NAME={{ podman_link_postgres_link_database }}

roles/podman_link/templates/home/config/containers/systemd/opensearch-dashboards.container

@@ -1,17 +0,0 @@
-[Unit]
-Requires=zammad-opensearch.service
-After=zammad-opensearch.service
-PartOf=link.target
-
-[Container]
-ContainerName=opensearch-dashboards
-Environment=OPENSEARCH_USERNAME=admin
-Environment=OPENSEARCH_PASSWORD={{ podman_link_opensearch_password  | replace("%", "%%") }}
-Image=registry.gitlab.com/digiresilience/link/link-stack/opensearch-dashboards:{{ podman_link_stack_version }}
-PublishPort=127.0.0.1:5601:5601
-Volume=/home/{{ podman_link_podman_rootless_user }}/opensearch-dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml:ro,Z
-Network=zammad.network
-
-[Service]
-Restart=always
-Slice=link.slice

roles/podman_link/templates/home/config/containers/systemd/zammad-nginx.container

@@ -1,5 +1,6 @@
 [Unit]
-Requires=zammad-railsserver.service zammad-websocket.service link.service
+Requires=zammad-railsserver.service zammad-websocket.service
+Wants=link.service
 After=zammad-railsserver.service zammad-websocket.service link.service
 PartOf=link.target
 

roles/podman_link/templates/home/config/systemd/user/link.target

@@ -1,9 +1,9 @@
 [Unit]
 Description=Podman CDR Link Stack by SR2 Communications
-Requires=opensearch-dashboards.service
+Wants=zammad-nginx.service
-Requires=zammad-nginx.service
-After=opensearch-dashboards.service
 After=zammad-nginx.service
+Wants=nginx.service
+After=nginx.service
 
 [Install]
 WantedBy=default.target

roles/podman_link/templates/home/opensearch-dashboards.yml

@@ -1,36 +0,0 @@
----
-opensearch.hosts: [https://zammad-opensearch:9200]
-opensearch.ssl.verificationMode: none
-opensearch.requestHeadersAllowlist:
-  - "securitytenant"
-  - "Authorization"
-  - "x-forwarded-for"
-  - "x-forwarded-user"
-  - "x-forwarded-roles"
-opensearch_security.auth.type: "proxy"
-opensearch_security.proxycache.user_header: "x-forwarded-user"
-opensearch_security.proxycache.roles_header: "x-forwarded-roles"
-opensearch_security.multitenancy.enabled: true
-opensearch_security.multitenancy.tenants.enable_global: true
-opensearch_security.multitenancy.tenants.enable_private: true
-opensearch_security.multitenancy.tenants.preferred: [Private, Global]
-opensearch_security.cookie.secure: false
-server.basePath: "/link/dashboards"
-server.rewriteBasePath: false
-
-opensearch.username: "admin"
-opensearch.password: "{{ podman_link_opensearch_password }}"
-
-server.host: "0.0.0.0"
-
-# New config that adds to or overrides existing one:
-#
-# server.port: 5601
-# server.name: "nextgen-dashboards"
-# opensearch.hosts: ["https://aberdeen-opensearch:9200"]
-# opensearch.ssl.verificationMode: certificate
-# opensearch.ssl.certificateAuthorities:
-# ["/usr/share/opensearch-dashboards/config/certs/ca.pem"]
-
-# opensearch.requestHeadersAllowlist: ["securitytenant", "Authorization"]
-# opensearch_security.readonly_mode.roles: ["kibana_read_only"]

roles/podman_seafile/tasks/main.yml

@@ -123,10 +123,10 @@
 
 - name: Podman Seafile | Set up ClouDNS monitoring
   sr2c.core.cloudns_monitor:
-    name: "Seafile - {{ inventory_hostname[:22] }}"
+    name: "Seafile - {{ podman_seafile_hostname[:22] }}"
-    host: "{{ inventory_hostname }}"
+    host: "{{ podman_seafile_hostname }}"
-    ip: "{{ inventory_hostname }}"
+    ip: "{{ podman_seafile_hostname }}"
-    http_status_code: "200"
+    http_status_code: "302"  # This is going to redirect for SSO
     emails: "{{ cloudns_monitoring_emails }}"
     auth_id: "{{ cloudns_auth_id }}"
     auth_password: "{{ cloudns_auth_password }}"