Merge tag 'v1.8.0' of github.com:opencrvs/opencrvs-countryconfig into develop

Zangetsu101 · Zangetsu101 · commit 8778aa661f48 · 2025-07-17T19:50:52.000+06:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -19,21 +19,25 @@
 
 ## 1.6.4
 
-### Bug fixes
-
-- Query the location tree directly from the config service to improve performance for large datasets
+- Added a local virtual machine setup for testing Ansible playbooks locally (on MacOS and Ubuntu ). Check [provision.ipynb](infrastructure/local-development/provision.ipynb) for more details.
 
-## 1.6.3
+### Improvements
 
-### Breaking changes
+- **Upgrade ELK stack** to a AGPLv3 licensed version 8.16.4 [#8749](https://github.com/opencrvs/opencrvs-core/issues/8749)
+- Added Build summary and refactored deployment workflow to be more clear [#6984](https://github.com/opencrvs/opencrvs-core/issues/6984)
+- Build OpenCRVS release images for arm devices [#9455](https://github.com/opencrvs/opencrvs-core/issues/9455)
+- **Introduced `single_node` variable in inventory files** to define whether single-node clusters are allowed, set to false in production to enforce use of at least a two-node cluster. [#6918](https://github.com/opencrvs/opencrvs-core/issues/6918)
+- **Github runners upgraded** to latest Ubuntu LTS release 24.04 [#7045](https://github.com/opencrvs/opencrvs-core/issues/7045) and apply sticky node version from .nvmrc [#423](https://github.com/opencrvs/opencrvs-countryconfig/pull/423)
+- Updated `seed-data.yml` GitHub Actions workflow to use the new `data-seeder` Docker image instead of cloning the entire `opencrvs-core` repository. This improves CI performance and simplifies the data seeding process. [#8976](https://github.com/opencrvs/opencrvs-core/issues/8976)
 
-- Add constant.humanName to allow countries to customise the format of the full name in the sytem for `sytem users` and `citizens` e.g `{LastName} {MiddleName} {Firstname}`, in any case where one of the name is not provided e.g no `MiddleName`, we'll simply render e.g `{LastName} {FirstName}` without any extra spaces if that's the order set in `country-config`. [#6830](https://github.com/opencrvs/opencrvs-core/issues/6830)
+### Bug Fixes
 
-## 1.6.2
+- Added `swarm` tag to all tasks within the `swarm.yaml` playbook, previously it was missing. [#9252](https://github.com/opencrvs/opencrvs-core/issues/9252)
+- Restrict supported key exchange, cipher and MAC algorithms for SSH configuration [#7542](https://github.com/opencrvs/opencrvs-core/issues/7542)
 
-### New features
+## 1.7.3
 
-- Added a local virtual machine setup for testing Ansible playbooks locally (on MacOS and Ubuntu ). Check [provision.ipynb](infrastructure/local-development/provision.ipynb) for more details.
+No changes
 
 ## 1.7.2
 
@@ -121,7 +125,6 @@ In order to make the upgrade easier, there are a couple of steps that need to be
 - We make sure that the automatic cleanup job only runs before deployment (instead of cron schedule cleanup).
 - Previously it was possible MongoDB replica set and users were left randomly uninitialised after a deployment. MongoDB initialisation container now retries on failure.
 - On some machines 'file' utility was not preinstalled causing provision to fail. We now install the utility if it doesn't exist.
-- Restrict supported key exchange, cipher and MAC algorithms for SSH configuration [#7542](https://github.com/opencrvs/opencrvs-core/issues/7542)
 
 ### Infrastructure breaking changes
 
diff --git a/infrastructure/server-setup/group_vars/all.yml b/infrastructure/server-setup/group_vars/all.yml
@@ -14,3 +14,4 @@ backup_server_user: 'backup'
 backup_server_user_home: '/home/backup'
 crontab_user: root
 provisioning_user: provision
+single_node: false
diff --git a/infrastructure/server-setup/inventory/backup.yml b/infrastructure/server-setup/inventory/backup.yml
@@ -18,6 +18,7 @@ all:
     # @todo how many days to store backups for?
     amount_of_backups_to_keep: 7
     backup_server_remote_target_directory: /home/backup/backups
+    single_node: true
     users:
       # @todo this is where you define which development team members have access to the server.
       # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent
diff --git a/infrastructure/server-setup/inventory/development.yml b/infrastructure/server-setup/inventory/development.yml
@@ -8,6 +8,7 @@
 # Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
 all:
   vars:
+    single_node: true
     users:
       # @todo this is where you define which development team members have access to the server.
       # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent
diff --git a/infrastructure/server-setup/inventory/production.yml b/infrastructure/server-setup/inventory/production.yml
@@ -27,6 +27,7 @@ all:
       #- 55.55.55.55 # example jump server IP address
       []
     backup_server_remote_target_directory: /home/backup/backups
+    single_node: false  # At least 2 nodes are recommended for production environment. Set "single_node: true" at your own discretion.
     users:
       # @todo this is where you define which development team members have access to the server.
       # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent
diff --git a/infrastructure/server-setup/inventory/qa.yml b/infrastructure/server-setup/inventory/qa.yml
@@ -8,6 +8,7 @@
 # Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
 all:
   vars:
+    single_node: true
     users:
       # @todo this is where you define which development team members have access to the server.
       # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent
diff --git a/infrastructure/server-setup/inventory/staging.yml b/infrastructure/server-setup/inventory/staging.yml
@@ -29,6 +29,7 @@ all:
     # For this you need to first setup a backup environment
     periodic_restore_from_backup: false
     backup_server_remote_source_directory: /home/backup/backups
+    single_node: true
     users:
       # @todo this is where you define which development team members have access to the server.
       # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent
diff --git a/infrastructure/server-setup/swarm.yml b/infrastructure/server-setup/swarm.yml
@@ -16,19 +16,33 @@
         rule: allow
         port: 2377
         proto: tcp
+      tags: 
+        - swarm
 
+    - name: 'Get docker info'
+      shell: docker info
+      register: docker_info
+      changed_when: False
+      tags: 
+        - swarm
+        
     - name: 'Create primary swarm manager'
       shell: docker swarm init --advertise-addr {{ ansible_default_ipv4.address }}
       when: "docker_info.stdout.find('Swarm: inactive') != -1"
+      tags: 
+        - swarm
 
     - name: 'Get docker swarm manager token'
       shell: docker swarm join-token -q manager
       register: manager_token
+      tags: 
+        - swarm
 
     - name: 'Get docker swarm worker token'
       shell: docker swarm join-token -q worker
       register: worker_token
-
+      tags: 
+        - swarm
 
 - hosts: docker-workers
   become: yes
@@ -40,30 +54,40 @@
       shell: docker info --format "{% raw %}{{.Swarm.LocalNodeState}}{% endraw %}"
       register: worker_swarm_status
       changed_when: false
+      tags: 
+        - swarm
 
     - name: Get NodeID of the worker (if part of a swarm)
       shell: docker info --format "{% raw %}{{.Swarm.NodeID}}{% endraw %}"
       register: worker_node_id
       when: worker_swarm_status.stdout == 'active'
       changed_when: false
       failed_when: false
+      tags: 
+        - swarm
 
     - name: Get list of nodes in the manager's swarm
       shell: docker node ls --format '{% raw %}{{.ID}}{% endraw %}'
       delegate_to: "{{ manager_hostname }}"
       register: manager_node_ids
       changed_when: false
+      tags: 
+        - swarm
 
     - name: Fail if the worker is in a different swarm
       fail:
         msg: "You are trying to attach a worker to a Swarm that is already part of another Swarm. Please make the node leave the current Swarm first, then run the playbook again."
       when: worker_swarm_status.stdout == 'active' and worker_node_id.stdout not in manager_node_ids.stdout_lines
+      tags: 
+        - swarm
 
     - name: Join as a worker
       shell: "docker swarm join --token {{ hostvars[manager_hostname]['worker_token']['stdout'] }} {{ hostvars[manager_hostname]['ansible_default_ipv4']['address'] }}:2377"
       when: worker_swarm_status.stdout != 'active'
       retries: 3
       delay: 20
+      tags: 
+        - swarm
 
 - hosts: docker-manager-first
   become: yes
@@ -74,4 +98,6 @@
       loop: "{{ groups['docker-manager-first'] + groups['docker-workers'] }}"
       loop_control:
         loop_var: hostname
-      when: hostvars[hostname]['data_label'] is defined
+      when: hostvars[hostname]['data_label'] is defined
+      tags: 
+        - swarm
