enable: wpb-17321 refactor and fixes for wiab-demo

.github/workflows/deploy-wiab.yml

@@ -1,3 +1,5 @@
+# This playbook is not-up-to-date, requires to be updated to match with current developments
+# A new WIAB (wire in a box) dev solution has been created https://docs.wire.com/latest/how-to/install/demo-wiab.html and can be used until this (wiab-staging) gets updated
 name: Deploy on Hetzner WIAB setup
 on:
   workflow_run:

.github/workflows/offline.yml

@@ -201,6 +201,23 @@ jobs:
           AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
           AWS_REGION: "eu-west-1"
 
+      - name: Install terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "^1.3.7"
+          terraform_wrapper: false
+
+      - name: Deploy offline demo-wiab environment to hetzner
+        run: ./offline/cd_demo.sh
+        env:
+          HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
+
+      - name: Clean up hetzner wiab environment; just in case
+        if: always()
+        run: (cd terraform/examples/wiab-demo-hetzner ; terraform init && terraform destroy -auto-approve)
+        env:
+          HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
+
       - name: Cleanup demo build assets
         run: rm -rf offline/demo-build/output/
 

ansible/hetzner-single-deploy.yml

@@ -1,3 +1,5 @@
+# This playbook is not-up-to-date, requires to be updated to match with current developments
+# A new WIAB (wire in a box) dev solution has been created https://docs.wire.com/latest/how-to/install/demo-wiab.html and can be used until this (wiab-staging) gets updated
 - hosts: all
   become: true
   vars:

ansible/inventory/demo/host.yml

@@ -1,8 +1,9 @@
+
 wiab:
   hosts:
     deploy_node:
       ansible_host: example.com
-      ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
+      ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -o TCPKeepAlive=yes'
       ansible_user: 'ubuntu'
       ansible_ssh_private_key_file: "~/.ssh/wiab-demo.pem"
 
@@ -17,7 +18,7 @@ wiab:
     wire_ip: ""
 
     # artifact_hash
-    artifact_hash: "89e4fa122e6ddba9df2f81612de1ee45ec2238b3"
+    artifact_hash: "8e5087a0d9c58a9bd34c6c02f87514abe8b3ce0e"
 
     # docker vars
     docker_ce_version: "5:28.1.1-1~ubuntu.24.04~noble"
@@ -47,14 +48,16 @@ wiab:
     # list of helm charts to deploy
     charts_to_deploy:
       - fake-aws
-      - demo-smtp
+      - smtp
       - rabbitmq
       - databases-ephemeral
+      - postgresql # postgresql chart should be deployed before deploying wire-server
       - reaper
+      - smallstep-accomp
+      - kube-prometheus-stack
       - wire-server
       - webapp
       - account-pages
       - team-settings
-      - smallstep-accomp
       - ingress-nginx-controller
       - nginx-ingress-services

ansible/wiab-demo/clean_cluster.yml

@@ -1,10 +1,9 @@
 - name: Clean the installation
   hosts: deploy_node
-  become: yes
   tasks:
   # stopping the cluster defined in minikube_cluster playbook
   - name: clean minikube
-    become_user: "{{ ansible_user }}"
+    tags: [never, remove_minikube]
     block:
     - name: Check if Minikube is running
       shell: minikube status --profile="{{ minikube_profile }}"
@@ -22,11 +21,11 @@
         minikube delete --profile="{{ minikube_profile }}"
       when: "'Running' in minikube_status.stdout"
 
-    when: "remove_minikube is defined and remove_minikube | bool"
-
   # following packages were installed in install_pkgs playbook
   # these packages can only be removed post stopping the minikube cluster
   - name: remove packages
+    tags: [never, remove_packages]
+    become: yes
     block:
     - name: Remove Minikube
       file:
@@ -75,11 +74,11 @@
       apt:
         update_cache: yes
 
-    when: (uninstall_pkgs | default(false) | bool) and (remove_minikube | default(false) | bool)
-
   # remove the iptables rules defined by iptables_rules playbook
   # it makes sense to remove them when removing the k8s cluster or individually to clean them
   - name: remove iptables rules
+    tags: [never, remove_iptables]
+    become: yes
     vars:
       iptables_rules_comment: "Wire Iptables Rules"
       iptables_save_dir: "/home/{{ ansible_user }}/wire-iptables-rules"
@@ -135,28 +134,30 @@
         - "{{ iptables_save_dir }}/rules_post_wire.v4"
         - "{{ iptables_save_dir }}"
 
-    when: (remove_iptables | default(false) | bool) or (remove_minikube | default(false) | bool)
-
   - name: Remove ssh keys
+    tags: [never, remove_ssh]
+    become_user: "{{ ansible_user }}"
     block:
     - name: Remove SSH key if it exist
       shell: |
-        if [ -f "/home/{{ ansible_user }}/.ssh/id_rsa_wire" ]; then
-          rm "/home/{{ ansible_user }}/.ssh/id_rsa_wire"
+        if [ -f "{{ ansible_user_dir }}/.ssh/id_rsa_wire" ]; then
+          rm "{{ ansible_user_dir }}/.ssh/id_rsa_wire"
         fi
-    when: "remove_ssh is defined and remove_ssh | bool"
-
+
   - name: remove the downloaded artifacts 
+    tags: [never, remove_artifacts]
     file:
       path: "{{ item }}"
       state: absent
     loop:
-      - "/home/{{ ansible_user }}/wire-server-deploy"
-      - "/home/{{ ansible_user }}/wire-server-deploy-static-demo-{{ artifact_hash }}.tgz"
-      - "/home/{{ ansible_user }}/wire_ip"
-    when: "remove_artifacts is defined and remove_artifacts | bool"
+      - "{{ ansible_user_dir }}/wire-server-deploy"
+      - "{{ ansible_user_dir }}/wire-server-deploy-static-demo-{{ artifact_hash }}.tgz"
+      - "{{ ansible_user_dir }}/wire_ip"
+      - "{{ ansible_user_dir }}/wire_secrets"
 
   - name: clean asset_host artifacts and remove service
+    tags: [never, clean_assethost]
+    become: yes
     block:
     - name: Stop and disable serve-assets systemd service
       systemd:
@@ -178,5 +179,3 @@
       file:
         path: /opt/assets/containers-helm
         state: absent
-
-    when: "clean_assethost is defined and clean_assethost | bool"