Ansible/ansible.cfg

 [ssh_connection]
 ssh_args = -F ssh.cfg
-control_path = .ssh/mux-%r@%h:%p
\ No newline at end of file
+control_path = ../.ssh/mux-%r@%h:%p
\ No newline at end of file

Ansible/roles/docker/tasks/destroy.yml

@@ -7,6 +7,30 @@
     env_file: "{{ENV_FILE}}"
     stopped: true
   register: output
+- name: Suppression des containers vapormap
+  become: true
+  docker_container:
+    name: "{{item}}"
+    state: absent
+  loop:
+    - vapormap_api_1
+    - vapormap_web_1
+    - vapormap_db_1
+- name: Suppression des images vapormap
+  become: true
+  docker_image:
+    name: "{{item}}"
+    tag: latest
+    state: absent
+  loop:
+    - gitlab-registry.imt-atlantique.fr/f21munie/vapormap/app_api
+    - gitlab-registry.imt-atlantique.fr/f21munie/vapormap/app_front
+    - gitlab-registry.imt-atlantique.fr/f21munie/vapormap/mariadb
+- name: Suppression du volume vapormap
+  become: true
+  docker_volume:
+    name: vapormap_data_db
+    state: absent
 - name: Déconnexion à la registry docker
   become: true
   community.docker.docker_login:

Ansible/roles/environment/tasks/main.yml

@@ -42,3 +42,14 @@
     owner: "{{VAPORMAP_USER}}"
     group: "{{VAPORMAP_GROUP}}"
     mode: "755"
+- name: Configuration du fichier .env.front
+  become: true
+  ansible.builtin.template:
+    src: .env.front.j2
+    dest: "{{VAPORMAP_DIR}}/env/.env.front"
+    owner: "{{VAPORMAP_USER}}"
+    group: "{{VAPORMAP_GROUP}}"
+    mode: "755"
+- name: Ajout de l'IP API à la variable no_proxy
+  become: true
+  ansible.builtin.shell: export no_proxy=$no_proxy,"{{PUB_API_IP}}"

Ansible/roles/environment/templates/.env.front.j2

+#Configuration de l'accès à l'API
+VAPORMAP_BACKEND={{ PUB_API_IP }}
+VAPORMAP_BACKEND_PORT=8082
+
+#Génération du fichier de configuration du serveur Nginx
+VAPORMAP_URL_SERVERNAME=0.0.0.0
+VAPORMAP_URL_PORT=8000
+VAPORMAP_FRONTEND_ROOT=/app_fe

Terraform/mod-os-private-network/instance.tf

@@ -14,11 +14,12 @@ resource "openstack_compute_instance_v2" "bastion_instance" {
   # Copie des IP locales dans un fichier .txt sur la machine hébergeante
   # Inventaire Ansible
   provisioner "local-exec" {
-    command = "echo '${self.name} : ${self.access_ip_v4}' > ip_files/private_ips.txt; echo '[admin]' > ../Ansible/hosts.ini; echo ${self.name} ansible_host=${openstack_networking_floatingip_v2.floatip_admin.address} ansible_user=ubuntu ansible_ssh_private_key_file='../.ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pem' >> ../Ansible/hosts.ini; echo [node] >> ../Ansible/hosts.ini"  
+    command = "echo '${self.name} : ${self.access_ip_v4}' > ip_files/private_ips.txt; echo '[admin]' > ../Ansible/hosts.ini; echo ${self.name} ansible_host=${openstack_networking_floatingip_v2.floatip_admin.address} PUB_API_IP=${openstack_networking_floatingip_v2.floatip_admin.address} ansible_user=ubuntu ansible_ssh_private_key_file='../.ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pem' >> ../Ansible/hosts.ini; echo '[node]' >> ../Ansible/hosts.ini"  
   }
 
   depends_on = [openstack_compute_keypair_v2.keypair_project,
     openstack_networking_floatingip_v2.floatip_admin,
+    openstack_networking_floatingip_v2.floatip_application,
     openstack_networking_subnet_v2.internal_subnet]
 }
 
@@ -40,7 +41,7 @@ resource "openstack_compute_instance_v2" "orchestration_instance" {
   # Copie des IP locales dans un fichier .txt sur la machine hébergeante
   # Inventaire Ansible
   provisioner "local-exec" {
-    command = "echo '${self.name} : ${self.access_ip_v4}' >> ip_files/private_ips.txt; echo ${self.name} ansible_host=${self.access_ip_v4} ansible_user=ubuntu ansible_ssh_private_key_file='${var.INSTANCE_ORCHEST_KEY_PAIR}.pem'>> ../Ansible/hosts.ini"  
+    command = "echo '${self.name} : ${self.access_ip_v4}' >> ip_files/private_ips.txt; echo ${self.name} ansible_host=${self.access_ip_v4} >> ../Ansible/hosts.ini"  
   }
 
   depends_on = [openstack_compute_instance_v2.bastion_instance,

Terraform/mod-os-private-network/keypair.tf

@@ -16,6 +16,8 @@ resource "openstack_compute_keypair_v2" "keypair_cluster" {
   provisioner "local-exec" {
     command = "echo '${self.private_key}' > ../.ssh/${var.INSTANCE_ORCHEST_KEY_PAIR}.pem; echo '${self.public_key}' > ../.ssh/${var.INSTANCE_ORCHEST_KEY_PAIR}.pub; chmod 600 ../.ssh/${var.INSTANCE_ORCHEST_KEY_PAIR}.pem; chmod 600 ../.ssh/${var.INSTANCE_ORCHEST_KEY_PAIR}.pub"
   }
+
+  depends_on = [openstack_compute_keypair_v2.keypair_project]
 }
 
 # Copie de la paire de clés du cluster sur l'instance bastion

Terraform/mod-os-private-network/secgroup.tf

@@ -43,6 +43,50 @@ resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_http_egress" {
   security_group_id = "${openstack_networking_secgroup_v2.secgroup_application.id}"
 }
 
+# Rule port 8081 entrant
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_port_8081_ingress" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 8081
+  port_range_max    = 8081
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_application.id}"
+}
+
+# Rule port 8081 sortant
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_port_8081_egress" {
+  direction         = "egress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 8081
+  port_range_max    = 8081
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_application.id}"
+}
+
+# Rule port 8082 entrant
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_port_8082_ingress" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 8082
+  port_range_max    = 8082
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_application.id}"
+}
+
+# Rule port 8082 sortant
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_port_8082_egress" {
+  direction         = "egress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 8082
+  port_range_max    = 8082
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_application.id}"
+}
+
 # Security group pour réseau interne
 resource "openstack_networking_secgroup_v2" "secgroup_internal_network" {
   name        = var.SECGROUP_INTERNAL_NETWORK_NAME

Terraform/mod-os-private-network/ssh_cfg.tf

 resource "null_resource" "ssh_cfg" {
   provisioner "local-exec" { 
-    command = "echo 'Host bastion\n Hostname ${openstack_networking_floatingip_v2.floatip_admin.address}\n User ubuntu\n IdentityFile .ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pem\nHost 192.*\n ProxyCommand ssh -F ssh.cfg -W %h:%p bastion\n User ubuntu\n IdentityFile .ssh/${var.INSTANCE_ORCHEST_KEY_PAIR}.pem\nHost *\n ControlMaster   auto\n ControlPath     .ssh/mux-%r@%h:%p\n ControlPersist  15m' > ssh.cfg"
+    command = "echo 'Host bastion\n Hostname ${openstack_networking_floatingip_v2.floatip_admin.address}\n User ubuntu\n IdentityFile ../.ssh/${var.INSTANCE_BASTION_KEY_PAIR}.pem\nHost 192.*\n ProxyCommand ssh -F ssh.cfg -W %h:%p bastion\n User ubuntu\n IdentityFile ../.ssh/${var.INSTANCE_ORCHEST_KEY_PAIR}.pem\nHost *\n ControlMaster   auto\n ControlPath     ../.ssh/mux-%r@%h:%p\n ControlPersist  15m' > ../Ansible/ssh.cfg"
   }
   
   depends_on = [openstack_compute_instance_v2.orchestration_instance]

Terraform/mod-os-private-network/variable.tf

@@ -65,7 +65,7 @@ variable "INSTANCE_BASTION_KEY_PAIR" {
 
 variable "INSTANCE_ORCHEST_KEY_PAIR" {
   type    = string
-  default = "cluster_key2"
+  default = "cluster_key"
 }
 
 variable "SECGROUP_BASTION_NAME" {