From 15c86be4993ac30ff1a1bf413df5691ecdacfac2 Mon Sep 17 00:00:00 2001
From: Kalibh Halford <kalibh.halford@stfc.ac.uk>
Date: Wed, 20 Aug 2025 15:13:54 +0100
Subject: [PATCH 1/4] MAINT: Updates to containers

Minor updates to container config including typos. Also, create 3 containers instead of one as we are running on the same host
---
 .../ansible/roles/cadvisor/tasks/main.yml     |  1 +
 .../ansible/roles/chatops/tasks/main.yml      | 19 +++++++++++++------
 .../roles/chatops/templates/secrets.yml.j2    |  2 +-
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/chatops_deployment/ansible/roles/cadvisor/tasks/main.yml b/chatops_deployment/ansible/roles/cadvisor/tasks/main.yml
index 18f2b522..cd850d40 100644
--- a/chatops_deployment/ansible/roles/cadvisor/tasks/main.yml
+++ b/chatops_deployment/ansible/roles/cadvisor/tasks/main.yml
@@ -21,6 +21,7 @@
     name: cadvisor
     pull: always
     state: started
+    restart_policy: "always"
     ports:
       - "8080:8080"
     volumes:
diff --git a/chatops_deployment/ansible/roles/chatops/tasks/main.yml b/chatops_deployment/ansible/roles/chatops/tasks/main.yml
index 2ac51198..a9db5eb4 100644
--- a/chatops_deployment/ansible/roles/chatops/tasks/main.yml
+++ b/chatops_deployment/ansible/roles/chatops/tasks/main.yml
@@ -44,16 +44,23 @@
 
 - name: Start ChatOps container
   community.docker.docker_container:
-    image: harbor.stfc.ac.uk/stfc-cloud/cloud-chatops:7.0.0
-    name: chatops
+    image: "{{ chatops_image }}"
+    name: "chatops-{{ count }}"
     pull: always
     state: started
+    restart: true
     ports:
-      - "3000:3000"
+      - "{{ item }}:3000"
     volumes:
-      - /etc/chatops/config.yml:/usr/src/app/cloud_chatops/config/config.yml
-      - /etc/chatops/secrets.yml:/usr/src/app/cloud_chatops/secrets/secrets.yml
-    network_mode: host
+      - /etc/chatops/config.yml:/usr/src/app/config.yml
+      - /etc/chatops/secrets.yml:/usr/src/app/secrets.yml
+    restart_policy: "always"
+  loop:
+    - 3030
+    - 3031
+    - 3032
+  loop_control:
+    index_var: count
 
 - name: Copy filebeat external config
   become: true
diff --git a/chatops_deployment/ansible/roles/chatops/templates/secrets.yml.j2 b/chatops_deployment/ansible/roles/chatops/templates/secrets.yml.j2
index 6fe9e174..0e3ae562 100644
--- a/chatops_deployment/ansible/roles/chatops/templates/secrets.yml.j2
+++ b/chatops_deployment/ansible/roles/chatops/templates/secrets.yml.j2
@@ -3,4 +3,4 @@ SLACK_BOT_TOKEN: {{ chatops_slack_bot_token }}
 SLACK_SIGNING_SECRET: {{ chatops_slack_signing_secret }}
 SCHEDULED_REMINDER_TOKEN: {{ chatops_custom_api_token }}
 GITHUB_TOKEN: {{ chatops_github_token }}
-GITLAB_TOKEN: {{ chatops_gitlab_token_token }}
\ No newline at end of file
+GITLAB_TOKEN: {{ chatops_gitlab_token }}

From 2d45d9ef6c79f0218a7adaf667abd3aa09855c1b Mon Sep 17 00:00:00 2001
From: Kalibh Halford <kalibh.halford@stfc.ac.uk>
Date: Wed, 20 Aug 2025 15:14:13 +0100
Subject: [PATCH 2/4] BUG: Fix logstash config path

Fixing logstash config path
---
 chatops_deployment/ansible/roles/elastic/tasks/logstash.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chatops_deployment/ansible/roles/elastic/tasks/logstash.yml b/chatops_deployment/ansible/roles/elastic/tasks/logstash.yml
index 06a87c55..a4aeb781 100644
--- a/chatops_deployment/ansible/roles/elastic/tasks/logstash.yml
+++ b/chatops_deployment/ansible/roles/elastic/tasks/logstash.yml
@@ -40,7 +40,7 @@
   become: true
   ansible.builtin.template:
     src: logstash.conf.j2
-    dest: "/etc/logstash/logstash.conf"
+    dest: "/etc/logstash/conf.d/logstash.conf"
     owner: root
     group: logstash
     mode: "0640"

From 4dab7d052fecf48032d84a68019dba4653d0e048 Mon Sep 17 00:00:00 2001
From: Kalibh Halford <kalibh.halford@stfc.ac.uk>
Date: Tue, 2 Sep 2025 15:45:08 +0100
Subject: [PATCH 3/4] MAINT: Remove volume facts from play

We cannot rely on the OpenStack API to provide accurate information about where the device is mounted. This is due to a discrepancy between OpenStack and the OS of the VM. To work around this we will try the two most common devices, sdb and vdb. If both of these fail intervention will be required. A bonus to this is it removes the convoluted ansible fact solution previously used.
---
 chatops_deployment/ansible/deploy.yml         |  6 +++++
 .../ansible/roles/terraform/tasks/deploy.yml  |  8 ------
 .../ansible/roles/volume/tasks/main.yml       | 25 +++++++++++++------
 .../terraform/modules/compute/outputs.tf      |  3 ---
 chatops_deployment/terraform/outputs.tf       |  3 ---
 5 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/chatops_deployment/ansible/deploy.yml b/chatops_deployment/ansible/deploy.yml
index 5e24cdfa..a80c2523 100644
--- a/chatops_deployment/ansible/deploy.yml
+++ b/chatops_deployment/ansible/deploy.yml
@@ -20,3 +20,9 @@
   roles:
     - role: ssh_known_hosts
       tags: known_hosts
+
+- name: Create certificates
+  hosts: localhost
+  roles:
+    - role: ssl_certificates
+      tags: ssl_certificates
diff --git a/chatops_deployment/ansible/roles/terraform/tasks/deploy.yml b/chatops_deployment/ansible/roles/terraform/tasks/deploy.yml
index ecd692cf..e6047a3d 100644
--- a/chatops_deployment/ansible/roles/terraform/tasks/deploy.yml
+++ b/chatops_deployment/ansible/roles/terraform/tasks/deploy.yml
@@ -83,11 +83,3 @@
     force_init: true
     workspace: "{{ env }}"
   register: terraform_output
-
-- name: Write ansible inventory file from Terraform outputs
-  ansible.builtin.template:
-    src: hosts.ini.j2
-    dest: "{{ playbook_dir }}/hosts.ini"
-    owner: "{{ ansible_env.USER }}"
-    group: "{{ ansible_env.USER }}"
-    mode: "0774"
diff --git a/chatops_deployment/ansible/roles/volume/tasks/main.yml b/chatops_deployment/ansible/roles/volume/tasks/main.yml
index a6847d30..b4adbc2b 100644
--- a/chatops_deployment/ansible/roles/volume/tasks/main.yml
+++ b/chatops_deployment/ansible/roles/volume/tasks/main.yml
@@ -1,12 +1,23 @@
 ---
 - name: Attach volume to stack host
-  become: true
-  ansible.posix.mount:
-    boot: true
-    path: /var/stack
-    src: "{{ ansible_local.terraform.vars.stack_device }}"
-    state: mounted
-    fstype: ext4
+  block:
+    - name: Try sdb
+      become: true
+      ansible.posix.mount:
+        boot: true
+        path: /var/stack
+        src: /dev/sdb
+        state: mounted
+        fstype: ext4
+  rescue:
+    - name: Try vdb
+      become: true
+      ansible.posix.mount:
+        boot: true
+        path: /var/stack
+        src: /dev/vdb
+        state: mounted
+        fstype: ext4
 
 - name: Set permissions
   become: true
diff --git a/chatops_deployment/terraform/modules/compute/outputs.tf b/chatops_deployment/terraform/modules/compute/outputs.tf
index 305abd79..e69de29b 100644
--- a/chatops_deployment/terraform/modules/compute/outputs.tf
+++ b/chatops_deployment/terraform/modules/compute/outputs.tf
@@ -1,3 +0,0 @@
-output "stack_volume_device" {
-  value = openstack_compute_volume_attach_v2.stack_volume.device
-}
diff --git a/chatops_deployment/terraform/outputs.tf b/chatops_deployment/terraform/outputs.tf
index e0f0f286..e69de29b 100644
--- a/chatops_deployment/terraform/outputs.tf
+++ b/chatops_deployment/terraform/outputs.tf
@@ -1,3 +0,0 @@
-output "stack_volume_device" {
-  value = module.compute.stack_volume_device
-}

From 0b85f39beb965eabf4ccf301522e55785b8655c6 Mon Sep 17 00:00:00 2001
From: Kalibh Halford <kalibh.halford@stfc.ac.uk>
Date: Tue, 21 Oct 2025 09:10:36 +0100
Subject: [PATCH 4/4] maint: reduce chatops containers to one

Deploy only one container of the chatops image onto the host. Having
there is a very low volume of traffic and it is complicated
---
 chatops_deployment/ansible/roles/chatops/tasks/main.yml   | 8 +-------
 .../ansible/roles/haproxy/templates/haproxy.cfg.j2        | 4 +---
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/chatops_deployment/ansible/roles/chatops/tasks/main.yml b/chatops_deployment/ansible/roles/chatops/tasks/main.yml
index a9db5eb4..8d8cf42a 100644
--- a/chatops_deployment/ansible/roles/chatops/tasks/main.yml
+++ b/chatops_deployment/ansible/roles/chatops/tasks/main.yml
@@ -50,17 +50,11 @@
     state: started
     restart: true
     ports:
-      - "{{ item }}:3000"
+      - "3030:3000"
     volumes:
       - /etc/chatops/config.yml:/usr/src/app/config.yml
       - /etc/chatops/secrets.yml:/usr/src/app/secrets.yml
     restart_policy: "always"
-  loop:
-    - 3030
-    - 3031
-    - 3032
-  loop_control:
-    index_var: count
 
 - name: Copy filebeat external config
   become: true
diff --git a/chatops_deployment/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/chatops_deployment/ansible/roles/haproxy/templates/haproxy.cfg.j2
index 2b842b7d..ffa82184 100644
--- a/chatops_deployment/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/chatops_deployment/ansible/roles/haproxy/templates/haproxy.cfg.j2
@@ -70,9 +70,7 @@ backend ALERTMANAGER
 server alertmanager localhost:9093 check ssl verify required ca-file /etc/haproxy/ssl/alertmanager.crt
 
 backend CHATOPS
-server chatops_0 localhost:3030 check
-server chatops_1 localhost:3031 check
-server chatops_2 localhost:3032 check backup
+server chatops localhost:3030 check
 
 backend KIBANA
 server kibana localhost:5601 check ssl verify required ca-file /etc/haproxy/ssl/kibana.crt