hcp-ansible/playbooks/group_vars/all.yml

---
##########################
# General options ########
##########################

enable_vault: "yes"
enable_consul: "yes"
enable_nomad: "yes"

deployment_method: "host"
api_interface: "eth0"
api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"

configuration_directory: "{{ lookup('env', 'PWD') }}/etc/hashistack"
configuration_global_vars_file: "globals.yml"

default_container_extra_volumes:
  - "/etc/timezone:/etc/timezone"
  - "/etc/localtime:/etc/localtime"

##########################
# Support options ########
##########################

hashistack_supported_distributions:
  - ubuntu
  - debian

hashistack_supported_distribution_versions:
  debian:
    - "11"
    - "12"
  ubuntu:
    - "20.04"
    - "22.04"

preflight_enable_host_ntp_checks: true
vault_required_ports: [8200,8201]
consul_required_ports: [8300,8301,8302,8500,8501,8502,8503,8600]
nomad_required_ports: []

##########################
# Nomad options ##########
##########################

hashi_nomad_cni_plugins_install: true
hashi_nomad_start_service: true
hashi_nomad_cni_plugins_version: latest
hashi_nomad_cni_plugins_install_path: /opt/cni/bin
hashi_nomad_version: latest
hashi_nomad_deploy_method: host  # deployment method, either host or docker
hashi_nomad_env_variables: {}
hashi_nomad_data_dir: /opt/nomad
hashi_nomad_extra_files: false
hashi_nomad_extra_files_src: /tmp/extra_files
hashi_nomad_extra_files_dst: /etc/nomad.d/extra_files
#! nomad configuration
hashi_nomad_configuration: {}

##########################
# Consul options #########
##########################

hashi_consul_start_service: true
hashi_consul_version: latest
hashi_consul_deploy_method: host  # deployment method, either host or docker.
hashi_consul_env_variables: {}
hashi_consul_data_dir: "/opt/consul"
hashi_consul_extra_files: false
hashi_consul_extra_files_src: /tmp/extra_files
hashi_consul_extra_files_dst: /etc/consul.d/extra_files
hashi_consul_envoy_install: false
hashi_consul_envoy_version: latest
#! consul configuration
hashi_consul_configuration: {}

##########################
# Vault options ##########
##########################

vault_cluster_name: vault

###############
# vault storage
###############
vault_storage_configuration:
  raft:
    path: "{{ hashi_vault_data_dir }}/data"
    node_id: "{{ ansible_hostname }}"
    retry_join: |
      [
      {% for host in groups['vault_servers'] %}
        {
          'leader_api_addr': 'http://{{ hostvars[host].api_interface_address }}:8200'
        }{% if not loop.last %},{% endif %}
      {% endfor %}
      ]

################
# vault listener
################
vault_enable_tls: false
vault_listener_configuration:
  tcp:
    address: "0.0.0.0:8200"
    tls_disable: true

vault_tls_listener_configuration:
  tcp:
    tls_disable: false
    tls_cert_file: "{{ hashi_vault_config_dir }}/cert.pem"
    tls_key_file: "{{ hashi_vault_config_dir }}/key.pem"

vault_extra_listener_configuration: {}

#########################
# vault container volumes
#########################
extra_vault_container_volumes: []

#####################
# vault configuration
#####################
hashi_vault_start_service: true
hashi_vault_version: latest
hashi_vault_deploy_method: "{{ deployment_method }}"
hashi_vault_env_variables: {}
hashi_vault_config_dir: "/etc/vault.d"
hashi_vault_data_dir: "/opt/vault"
hashi_vault_extra_files: false
hashi_vault_extra_files_src: /tmp/extra_files
hashi_vault_extra_files_dst: /etc/vault.d/extra_files
hashi_vault_extra_container_volumes: "{{ default_container_extra_volumes | union(extra_vault_container_volumes) | unique }}"
#! vault configuration
hashi_vault_configuration:
  cluster_name: "{{ vault_cluster_name }}"
  cluster_addr: "http://{{ api_interface_address }}:8201"
  api_addr: "http://{{ api_interface_address }}:8200"
  ui: true
  disable_mlock: false
  disable_cache: false
  listener: "{{ vault_listener_configuration
    | combine((vault_enable_tls | bool) | ternary(vault_tls_listener_configuration, {}))
    | combine(vault_extra_listener_configuration | default({})) }}"
  storage: "{{ vault_storage_configuration }}"
feat(tests): test playbboks are played correctly on molecule scenarios 2023-12-15 17:45:58 +00:00			`---`
feat(variables): add some formatting to globals.yml, remove unused roles 2023-12-15 18:21:50 +00:00			`##########################`
			`# General options ########`
			`##########################`

feat(variables): fix listener not passing correct syntax 2024-01-01 20:16:44 +00:00			`enable_vault: "yes"`
feat(preflight): consolidate preflight playbook 2023-12-23 22:30:53 +00:00			`enable_consul: "yes"`
			`enable_nomad: "yes"`
feat(variables): add some formatting to globals.yml, remove unused roles 2023-12-15 18:21:50 +00:00
feat(variables): start polishing variables for customization 2023-12-30 14:54:37 +00:00			`deployment_method: "host"`
feat(preflight): consolidate preflight playbook 2023-12-23 22:30:53 +00:00			`api_interface: "eth0"`
			`api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"`

feat(playbook): vault deployment is smooth-ish, unseals and initialize cluster as needed 2023-12-29 22:40:34 +00:00			`configuration_directory: "{{ lookup('env', 'PWD') }}/etc/hashistack"`
feat(variables): start polishing variables for customization 2023-12-30 14:54:37 +00:00			`configuration_global_vars_file: "globals.yml"`
feat(module): vault operator init module somewhat working 2023-12-28 21:38:26 +00:00
feat(vars): add more customization for vault deployment 2023-12-31 17:28:23 +00:00			`default_container_extra_volumes:`
			`- "/etc/timezone:/etc/timezone"`
			`- "/etc/localtime:/etc/localtime"`

feat(preflight): consolidate preflight playbook 2023-12-23 22:30:53 +00:00			`##########################`
			`# Support options ########`
			`##########################`

			`hashistack_supported_distributions:`
			`- ubuntu`
			`- debian`

			`hashistack_supported_distribution_versions:`
			`debian:`
			`- "11"`
			`- "12"`
			`ubuntu:`
			`- "20.04"`
			`- "22.04"`

			`preflight_enable_host_ntp_checks: true`
			`vault_required_ports: [8200,8201]`
			`consul_required_ports: [8300,8301,8302,8500,8501,8502,8503,8600]`
			`nomad_required_ports: []`
feat(variables): add some formatting to globals.yml, remove unused roles 2023-12-15 18:21:50 +00:00
			`##########################`
			`# Nomad options ##########`
			`##########################`

feat(tests): test playbboks are played correctly on molecule scenarios 2023-12-15 17:45:58 +00:00			`hashi_nomad_cni_plugins_install: true`
			`hashi_nomad_start_service: true`
			`hashi_nomad_cni_plugins_version: latest`
			`hashi_nomad_cni_plugins_install_path: /opt/cni/bin`
			`hashi_nomad_version: latest`
			`hashi_nomad_deploy_method: host # deployment method, either host or docker`
			`hashi_nomad_env_variables: {}`
			`hashi_nomad_data_dir: /opt/nomad`
			`hashi_nomad_extra_files: false`
			`hashi_nomad_extra_files_src: /tmp/extra_files`
			`hashi_nomad_extra_files_dst: /etc/nomad.d/extra_files`
			`#! nomad configuration`
			`hashi_nomad_configuration: {}`

feat(variables): add some formatting to globals.yml, remove unused roles 2023-12-15 18:21:50 +00:00			`##########################`
			`# Consul options #########`
			`##########################`
feat(tests): test playbboks are played correctly on molecule scenarios 2023-12-15 17:45:58 +00:00
			`hashi_consul_start_service: true`
			`hashi_consul_version: latest`
			`hashi_consul_deploy_method: host # deployment method, either host or docker.`
			`hashi_consul_env_variables: {}`
			`hashi_consul_data_dir: "/opt/consul"`
			`hashi_consul_extra_files: false`
			`hashi_consul_extra_files_src: /tmp/extra_files`
			`hashi_consul_extra_files_dst: /etc/consul.d/extra_files`
			`hashi_consul_envoy_install: false`
			`hashi_consul_envoy_version: latest`
			`#! consul configuration`
			`hashi_consul_configuration: {}`
feat(variables): add some formatting to globals.yml, remove unused roles 2023-12-15 18:21:50 +00:00
			`##########################`
			`# Vault options ##########`
			`##########################`

feat(vault): start of unseal module, and start of default variables 2023-12-24 17:09:08 +00:00			`vault_cluster_name: vault`
feat(vars): add more customization for vault deployment 2023-12-31 17:28:23 +00:00
			`###############`
			`# vault storage`
			`###############`
feat(vault): start of unseal module, and start of default variables 2023-12-24 17:09:08 +00:00			`vault_storage_configuration:`
			`raft:`
			`path: "{{ hashi_vault_data_dir }}/data"`
			`node_id: "{{ ansible_hostname }}"`
			`retry_join: \|`
			`[`
			`{% for host in groups['vault_servers'] %}`
			`{`
			`'leader_api_addr': 'http://{{ hostvars[host].api_interface_address }}:8200'`
			`}{% if not loop.last %},{% endif %}`
			`{% endfor %}`
			`]`

feat(vars): add more customization for vault deployment 2023-12-31 17:28:23 +00:00			`################`
			`# vault listener`
			`################`
feat(variables): fix listener not passing correct syntax 2024-01-01 20:16:44 +00:00			`vault_enable_tls: false`
feat(vars): add more customization for vault deployment 2023-12-31 17:28:23 +00:00			`vault_listener_configuration:`
			`tcp:`
			`address: "0.0.0.0:8200"`
			`tls_disable: true`

			`vault_tls_listener_configuration:`
			`tcp:`
			`tls_disable: false`
			`tls_cert_file: "{{ hashi_vault_config_dir }}/cert.pem"`
			`tls_key_file: "{{ hashi_vault_config_dir }}/key.pem"`

			`vault_extra_listener_configuration: {}`

			`#########################`
			`# vault container volumes`
			`#########################`
feat(vault): start of unseal module, and start of default variables 2023-12-24 17:09:08 +00:00			`extra_vault_container_volumes: []`

feat(vars): add more customization for vault deployment 2023-12-31 17:28:23 +00:00			`#####################`
			`# vault configuration`
			`#####################`
feat(variables): add some formatting to globals.yml, remove unused roles 2023-12-15 18:21:50 +00:00			`hashi_vault_start_service: true`
feat(variables): start polishing variables for customization 2023-12-30 14:54:37 +00:00			`hashi_vault_version: latest`
feat(vars): add more customization for vault deployment 2023-12-31 17:28:23 +00:00			`hashi_vault_deploy_method: "{{ deployment_method }}"`
feat(variables): add some formatting to globals.yml, remove unused roles 2023-12-15 18:21:50 +00:00			`hashi_vault_env_variables: {}`
feat(vars): add more customization for vault deployment 2023-12-31 17:28:23 +00:00			`hashi_vault_config_dir: "/etc/vault.d"`
feat(variables): add some formatting to globals.yml, remove unused roles 2023-12-15 18:21:50 +00:00			`hashi_vault_data_dir: "/opt/vault"`
			`hashi_vault_extra_files: false`
			`hashi_vault_extra_files_src: /tmp/extra_files`
			`hashi_vault_extra_files_dst: /etc/vault.d/extra_files`
feat(vault): start of unseal module, and start of default variables 2023-12-24 17:09:08 +00:00			`hashi_vault_extra_container_volumes: "{{ default_container_extra_volumes \| union(extra_vault_container_volumes) \| unique }}"`
feat(variables): add some formatting to globals.yml, remove unused roles 2023-12-15 18:21:50 +00:00			`#! vault configuration`
feat(vault): start of unseal module, and start of default variables 2023-12-24 17:09:08 +00:00			`hashi_vault_configuration:`
			`cluster_name: "{{ vault_cluster_name }}"`
			`cluster_addr: "http://{{ api_interface_address }}:8201"`
			`api_addr: "http://{{ api_interface_address }}:8200"`
			`ui: true`
			`disable_mlock: false`
			`disable_cache: false`
feat(variables): fix listener not passing correct syntax 2024-01-01 20:16:44 +00:00			`listener: "{{ vault_listener_configuration`
			`\| combine((vault_enable_tls \| bool) \| ternary(vault_tls_listener_configuration, {}))`
			`\| combine(vault_extra_listener_configuration \| default({})) }}"`
feat(vault): start of unseal module, and start of default variables 2023-12-24 17:09:08 +00:00			`storage: "{{ vault_storage_configuration }}"`