diff --git a/environments/acrc-base/inventory/group_vars/all/terraform_state.yml b/environments/acrc-base/inventory/group_vars/all/terraform_state.yml new file mode 100644 index 0000000..7693650 --- /dev/null +++ b/environments/acrc-base/inventory/group_vars/all/terraform_state.yml @@ -0,0 +1,43 @@ + +##### +# Terraform remote state config +##### + +# NOTE(scott): Used Leafcloud object store here since SMS object +# store was down at the time of writing and is generally less reliable +terraform_backend_type: s3 + +# The endpoint of the object store +terraform_s3_endpoint: https://api.dl.acrc.bris.ac.uk:6780 + +# The region to use +# Ceph does not normally use the region, but Terraform requires it +terraform_s3_region: not-used-but-required +terraform_s3_skip_region_validation: "true" + +# The bucket to put Terraform states in +# NOTE: This bucket must already exist - it will not be created by Terraform +terraform_s3_bucket: azimuth-tf-state + +# The key to use for the state for the environment +# +# Using the azimuth_environment variable in the key means that the state +# for each concrete environment is stored in a separate key, even if this +# configuration is in a shared mixin environment +terraform_s3_key: "{{ azimuth_environment }}.tfstate" + +# The STS API doesn't exist for Ceph +terraform_s3_skip_credentials_validation: "true" + +# Tell Terraform to use path-style URLs, e.g. /, instead of +# subdomain-style URLs, e.g. . +terraform_s3_force_path_style: "true" + +terraform_backend_config: + endpoint: "{{ terraform_s3_endpoint }}" + region: "{{ terraform_s3_region }}" + bucket: "{{ terraform_s3_bucket }}" + key: "{{ terraform_s3_key }}" + skip_credentials_validation: "{{ terraform_s3_skip_credentials_validation }}" + force_path_style: "{{ terraform_s3_force_path_style }}" + skip_region_validation: "{{ terraform_s3_skip_region_validation }}" \ No newline at end of file diff --git a/environments/acrc-base/inventory/group_vars/all/variables.yml b/environments/acrc-base/inventory/group_vars/all/variables.yml new file mode 100644 index 0000000..13d7c7e --- /dev/null +++ b/environments/acrc-base/inventory/group_vars/all/variables.yml @@ -0,0 +1,4 @@ +# Workaround broken python dependency issue until +# https://github.com/stackhpc/ansible-slurm-appliance/pull/304 +# is merged along with corresponding update to caas-slurm-appliance +azimuth_caas_stackhpc_slurm_appliance_git_version: 83575461dbc29532c3922871fd8ea89d8053807b diff --git a/environments/acrc-base/inventory/hosts b/environments/acrc-base/inventory/hosts new file mode 100644 index 0000000..9dcf1df --- /dev/null +++ b/environments/acrc-base/inventory/hosts @@ -0,0 +1,2 @@ +[terraform_provision] +localhost ansible_connection=local ansible_python_interpreter="{{ ansible_playbook_python }}" diff --git a/environments/acrc-demo/ansible.cfg b/environments/acrc-demo/ansible.cfg new file mode 100644 index 0000000..07b8d24 --- /dev/null +++ b/environments/acrc-demo/ansible.cfg @@ -0,0 +1,6 @@ +[defaults] +inventory = ../base/inventory,../singlenode/inventory,../demo/inventory,../acrc-base/inventory,./inventory +roles_path = ../../.ansible/roles +collections_path = ../../.ansible/collections + +host_key_checking = False diff --git a/environments/acrc-demo/clouds.yaml b/environments/acrc-demo/clouds.yaml new file mode 100644 index 0000000..b9f464e Binary files /dev/null and b/environments/acrc-demo/clouds.yaml differ diff --git a/environments/acrc-demo/env.secret b/environments/acrc-demo/env.secret new file mode 100644 index 0000000..760c4de Binary files /dev/null and b/environments/acrc-demo/env.secret differ diff --git a/environments/acrc-demo/inventory/group_vars/all/variables.yml b/environments/acrc-demo/inventory/group_vars/all/variables.yml new file mode 100644 index 0000000..f9c7572 --- /dev/null +++ b/environments/acrc-demo/inventory/group_vars/all/variables.yml @@ -0,0 +1,2 @@ + +# Add customisations here as required \ No newline at end of file diff --git a/environments/acrc-demo/inventory/hosts b/environments/acrc-demo/inventory/hosts new file mode 100644 index 0000000..9dcf1df --- /dev/null +++ b/environments/acrc-demo/inventory/hosts @@ -0,0 +1,2 @@ +[terraform_provision] +localhost ansible_connection=local ansible_python_interpreter="{{ ansible_playbook_python }}" diff --git a/environments/acrc-prod/ansible.cfg b/environments/acrc-prod/ansible.cfg new file mode 100644 index 0000000..7d56103 --- /dev/null +++ b/environments/acrc-prod/ansible.cfg @@ -0,0 +1,6 @@ +[defaults] +inventory = ../base/inventory,../ha/inventory,../acrc-base/inventory,./inventory +roles_path = ../../.ansible/roles +collections_path = ../../.ansible/collections + +host_key_checking = False diff --git a/environments/acrc-prod/clouds.yaml b/environments/acrc-prod/clouds.yaml new file mode 100644 index 0000000..95b37f5 Binary files /dev/null and b/environments/acrc-prod/clouds.yaml differ diff --git a/environments/acrc-prod/env.secret b/environments/acrc-prod/env.secret new file mode 100644 index 0000000..760c4de Binary files /dev/null and b/environments/acrc-prod/env.secret differ diff --git a/environments/acrc-prod/inventory/group_vars/all/secrets.yml b/environments/acrc-prod/inventory/group_vars/all/secrets.yml new file mode 100644 index 0000000..005495e Binary files /dev/null and b/environments/acrc-prod/inventory/group_vars/all/secrets.yml differ diff --git a/environments/acrc-prod/inventory/group_vars/all/variables.yml b/environments/acrc-prod/inventory/group_vars/all/variables.yml new file mode 100644 index 0000000..271fd0e --- /dev/null +++ b/environments/acrc-prod/inventory/group_vars/all/variables.yml @@ -0,0 +1,88 @@ + +##### +# Configuration for the seed node +##### + +# The ID of the external network +infra_external_network_id: ee29b0e7-d381-4d5f-a940-c86e39da34dc + +# The ID of the flavor to use for the K3S node +# A flavor with at least 2 CPUs and 8GB RAM is recommended +infra_flavor_id: 1d5df89f-e753-45de-8717-719a325243c5 # == m1.large + + +##### +# Configuration for the HA cluster +##### + +# The name of the flavor to use for control plane nodes +# A flavor with at least 2 CPUs, 8GB RAM and 100GB root disk is recommended +capi_cluster_control_plane_flavor: m1.xlarge + +# The name of the flavor to use for worker nodes +# A flavor with at least 4 CPUs, 16GB RAM and 100GB root disk is recommended +capi_cluster_worker_flavor: m1.xlarge + +# The number of worker nodes +capi_cluster_worker_count: 3 + +# The floating IP to which to wildcard DNS entry has been assigned +# This IP must be pre-assigned to the target OpenStack project +capi_cluster_addons_ingress_load_balancer_ip: 10.129.31.71 + + +##### +# Ingress configuration +##### + +# Disable TLS for now until we arrange a DNS entry + TLS cert +ingress_tls_enabled: false + +# Indicates if Harbor should be enabled to provide pull-through caches +harbor_enabled: no + +# Cloud uses Octavia OVN provider +openstack_loadbalancer_provider: ovn +capi_cluster_addons_openstack_loadbalancer_method: SOURCE_IP_PORT +azimuth_capi_operator_capi_helm_openstack_loadbalancer_method: SOURCE_IP_PORT + + +# The name of the current cloud +azimuth_current_cloud_name: acrc-dl +# The label for the current cloud +azimuth_current_cloud_label: "ACRC Digital Lab" +# Base domain used for wildcard DNS entry for Azimuth +# TODO: Uncomment once this domain is resolvable from cloud VMs +# (requires updating DNS config / deploying Designate) +# ingress_base_domain: azimuth.dl.acrc.bris.ac.uk + +##### +# Configuration for CaaS appliances +##### + +# The name of a flavor to use for Slurm login nodes +# A flavor with at least 2 CPUs and 4GB RAM should be used +azimuth_caas_stackhpc_slurm_appliance_login_flavor_name: m1.medium + +# The name of a flavor to use for Slurm control nodes +# A flavor with at least 2 CPUs and 4GB RAM should be used +azimuth_caas_stackhpc_slurm_appliance_control_flavor_name: m1.medium + + + +##### +# Configuration for monitoring stack +##### + +# Loki volume fills up in ~1 week with defaults so reduce rentention time and bump storage capacity +capi_cluster_addons_monitoring_loki_volume_size: 20Gi +capi_cluster_addons_monitoring_loki_retention: 336h # == 14 days + +# Prometheus retention and volume size +capi_cluster_addons_monitoring_prometheus_retention: 30d +capi_cluster_addons_monitoring_prometheus_volume_size: 50Gi + + +# Work around seed network MTU issue +# (possibly related to disabled DVR) +infra_network_mtu: 1500 diff --git a/environments/acrc-prod/inventory/hosts b/environments/acrc-prod/inventory/hosts new file mode 100644 index 0000000..9dcf1df --- /dev/null +++ b/environments/acrc-prod/inventory/hosts @@ -0,0 +1,2 @@ +[terraform_provision] +localhost ansible_connection=local ansible_python_interpreter="{{ ansible_playbook_python }}" diff --git a/environments/acrc-prod/tls/tls.crt b/environments/acrc-prod/tls/tls.crt new file mode 100755 index 0000000..69aa2ef --- /dev/null +++ b/environments/acrc-prod/tls/tls.crt @@ -0,0 +1,119 @@ +-----BEGIN CERTIFICATE----- +MIIIhzCCBm+gAwIBAgIQJWxobeEFujl7A61ylGQcmDANBgkqhkiG9w0BAQwFADBE +MQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEaMBgGA1UE +AxMRR0VBTlQgT1YgUlNBIENBIDQwHhcNMjMwOTE1MDAwMDAwWhcNMjQwOTE0MjM1 +OTU5WjBvMQswCQYDVQQGEwJHQjEZMBcGA1UECBMQQnJpc3RvbCwgQ2l0eSBvZjEe +MBwGA1UEChMVVW5pdmVyc2l0eSBvZiBCcmlzdG9sMSUwIwYDVQQDDBwqLmF6aW11 +dGguZGwuYWNyYy5icmlzLmFjLnVrMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAsEPHj48z0NWMJ6+2Kt4HkWXztZu3ZOIvunI6hzUd8AvJTXPDnvg6VE68 +uZyjJyJvIHy36XRdnjrSu2p4USSJOpy/mf05nLQenjZjYJtYLd5yZ2IflXgBv2Nx +4JDQV0ZPBDFbCxz3tiMew73GHR5uaMF1AAz5HR0iHq6ArTW56IRCadaGg3HbS5zF +LbIWY9Au/OE9pYLYV1W+xRYmm0d6Kly9XYHFhPsPxrHzp97joP1Kv8Tqh1DdbH+j +JOjkS6DCwtI68LIJStCtriS0jjs2MuSPp6BZD+MvYhYtoDGEqlYdz+ILCFAPbELL +Y4JdBFxCSFumpLisHW4mLrPJ8YipLL0B8qJCSgVGZ841lrRdXLTbr2i2a/swi3og +I/cq389eM0erKgfaRJuvZOz/SUjaHCXy/qVRhVdQjKqRIzWmfnQ+1hANuR4EStYm +t0dtncK7pAE/iYT1ebMc4fa26ncoBqElvo0GsGFHrx4FxvfTKLinH1xIl56Wx4xr +GZNWF6u9hn7I7CV9c6BDfdlXu9Y3bigTcU8rzuys28cYjGKWBCzXRqyGAM8btwMF +9C4Lh6KEZVmBvTe9X33PVO4kpMQVnF7SdDaTzMYmQUzD7tyE5p+vegsPtXcneddC +9sL2n9l+TmAKlifERxmdX92rr6NlBsjojr+vc7tJsW3w1hwsFYkCAwEAAaOCA0gw +ggNEMB8GA1UdIwQYMBaAFG8dNUkQbDL6WaCevIroH5W+cXoMMB0GA1UdDgQWBBT/ +U8wp8PIpyFPzk/YQnABKaxbeoTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw +ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0Bgsr +BgEEAbIxAQICTzAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQ +UzAIBgZngQwBAgIwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL0dFQU5ULmNybC5z +ZWN0aWdvLmNvbS9HRUFOVE9WUlNBQ0E0LmNybDB1BggrBgEFBQcBAQRpMGcwOgYI +KwYBBQUHMAKGLmh0dHA6Ly9HRUFOVC5jcnQuc2VjdGlnby5jb20vR0VBTlRPVlJT +QUNBNC5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9HRUFOVC5vY3NwLnNlY3RpZ28u +Y29tMIIBewYKKwYBBAHWeQIEAgSCAWsEggFnAWUAdQB2/4g/Crb7lVHCYcz1h7o0 +tKTNuyncaEIKn+ZnTFo6dAAAAYqYVvXNAAAEAwBGMEQCICkcYSQulORySc2+Tswp +5sgVOpnbO9SwbZf4JLgtsKW8AiB8Q6P+OwJI0jndDat3aRGuFKQy7r8MgPXGApzR +oJ8sggB1ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/urAAABiphW9ioA +AAQDAEYwRAIgKM7NnWmQfZhAS+3cOFKK00n8dToTL2xdtStbX/NhzbACIFFJq4O8 +PRtQpLX5eekeJ90pQtZIDN7H5xLO3n+s92hwAHUA7s3QZNXbGs7FXLedtM0TojKH +Rny87N7DUUhZRnEftZsAAAGKmFb1+QAABAMARjBEAiBNOFQiD2zYmTULOCjhxSvj +I20OLAcU8cPxuSUqaJnA0gIgcLSaZlNeOWAGlNn0A1N0YHCswrGZeWjrk8JItpU8 +4lIwQwYDVR0RBDwwOoIcKi5hemltdXRoLmRsLmFjcmMuYnJpcy5hYy51a4IaYXpp +bXV0aC5kbC5hY3JjLmJyaXMuYWMudWswDQYJKoZIhvcNAQEMBQADggIBAFot7Yb2 +KnKyDis7DviY6aUQT4onVVgu8nNfPV/xBfzVsrdvW5sMlFGP/27NpxjuMqJm4hSB +0aFR9/0q/X4QF69g8Cdg+BT0H5IoosbXCGYussDBDQp7w44TSrNPlrbbG+HxUUhU +r5ueGgYl0uV/NLaZWVIbxiyYwj7lK0+EeVcCXnxJQ6poEG2wjRZ3KGuZfOl4Yr3C +c+378ZU0PBeN9T2VSwKKE1ZdDTM1xR72OadU/faTSpJChZU0S0KC+NU0JcvJA2Wq +iQ8LLDk8IRJTacDEocQ0qdPrSAu26YFfgaaZAa+pNbwbiGnxjQbnWu2TZNbJZ8nN +mBnuqAXLmxfa8L1t8meVysm7HzsgvLZw6MEm8LT4vh+m4fNm6fmM6VdhHwA6eR9P +q6HJ7FeTtFGXq3bLNTvx4hRIwlHuBV4xIrVa2GPZDQgkfVpLiTz4Ol1TGOhExQbN +emVS3P+AiXe/Arbe2BmixIFu8TfJ5bpEPwV+jSPr3Lr/g8tls/pzeQh7ML9Sm2N5 +T5M53CRM5Hn4ksLb6hWsKNWsek5LQk53C7je7nI0y/hhNgVDMDBo1xm8l24makFg +wrnPivcoCp3DetGtwdvpjSHb86AhpuGoCFoEdHg7/FGbKXm58DXpnhG5dpPf+0JL +zcYTH0BlESkYdT0VCNiOogMl2yq/MUFWIIwO +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw +gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK +ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD +VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw +MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV +BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q +r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT +PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp +LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF +TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn +TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP +FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw +d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1 +2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ +URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo +NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8 +lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq +K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO +BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH +AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0 +dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6 +Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl +BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B +AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R +lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG +hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh +AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/ +ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r +48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm +EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2 +bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0 +vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt +apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp +Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7 +MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD +VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE +AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4 +MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5 +MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO +ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI +s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG +vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ +Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb +IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0 +tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E +xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV +icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5 +D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ +WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ +5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG +KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg +EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID +ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG +BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t +L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr +BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA +A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+ +rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+ +/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA +CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F +zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA +vGp4z7h/jnZymQyd/teRCBaho1+V +-----END CERTIFICATE----- diff --git a/environments/acrc-prod/tls/tls.key b/environments/acrc-prod/tls/tls.key new file mode 100644 index 0000000..840c8d1 Binary files /dev/null and b/environments/acrc-prod/tls/tls.key differ