feat: add global variables for nomad deployment
All checks were successful
development / Check commit compliance (push) Successful in 28s
All checks were successful
development / Check commit compliance (push) Successful in 28s
This commit is contained in:
parent
cdeee7436c
commit
08909ceed0
6
.gitmodules
vendored
6
.gitmodules
vendored
@ -1,6 +0,0 @@
|
||||
[submodule "roles/hashicorp_consul"]
|
||||
path = roles/hashicorp_consul
|
||||
url = https://github.com/ednz-cloud/hashicorp_consul
|
||||
[submodule "roles/hashicorp_vault"]
|
||||
path = roles/hashicorp_vault
|
||||
url = https://github.com/ednz-cloud/hashicorp_vault
|
@ -23,7 +23,7 @@
|
||||
|
||||
- name: "Deploy Consul Agents"
|
||||
ansible.builtin.include_role:
|
||||
name: ednz_cloud.hashistack.hashicorp_consul
|
||||
name: ednz_cloud.hashicorp_consul
|
||||
when:
|
||||
- enable_consul | bool
|
||||
- "'consul_agents' in group_names"
|
||||
|
@ -8,25 +8,33 @@
|
||||
tasks:
|
||||
- name: "Generate consul credentials"
|
||||
block:
|
||||
- name: "Generate consul gossip encryption key"
|
||||
ansible.builtin.set_fact:
|
||||
_consul_gossip_encryption_key: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | b64encode }}"
|
||||
|
||||
- name: "Generate consul root credentials"
|
||||
ansible.builtin.set_fact:
|
||||
_consul_root_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
|
||||
_consul_root_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
||||
|
||||
- name: "Generate consul agents credentials"
|
||||
ansible.builtin.set_fact:
|
||||
_cosul_agents_accessor: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
|
||||
_consul_agents_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
|
||||
_cosul_agents_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
||||
_consul_agents_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
||||
|
||||
- name: "Generate consul vault credentials"
|
||||
ansible.builtin.set_fact:
|
||||
_cosul_vault_accessor: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
|
||||
_consul_vault_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
|
||||
_cosul_vault_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
||||
_consul_vault_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
||||
|
||||
- name: "Generate nomad credentials"
|
||||
block:
|
||||
- name: "Generate nomad gossip encryption key"
|
||||
ansible.builtin.set_fact:
|
||||
_nomad_gossip_encryption_key: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | b64encode }}"
|
||||
|
||||
- name: "Generate nomad root credentials"
|
||||
ansible.builtin.set_fact:
|
||||
_nomad_root_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
|
||||
_nomad_root_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
||||
|
||||
- name: "Write credentials file"
|
||||
ansible.builtin.template:
|
||||
|
@ -88,7 +88,7 @@ hashi_consul_configuration:
|
||||
datacenter: "{{ consul_datacenter }}"
|
||||
primary_datacenter: "{{ consul_primary_datacenter }}"
|
||||
data_dir: "{{ hashi_consul_data_dir }}"
|
||||
encrypt: "{{ consul_gossip_encryption_key }}"
|
||||
encrypt: "{{ _credentials.consul.gossip_encryption_key }}"
|
||||
server: "{{ 'consul_servers' in group_names }}"
|
||||
retry_join: "{{
|
||||
groups['consul_servers'] |
|
||||
|
@ -46,7 +46,6 @@ consul_primary_datacenter: dc1
|
||||
consul_leave_on_terminate: true
|
||||
consul_rejoin_after_leave: true
|
||||
consul_enable_script_checks: true
|
||||
consul_gossip_encryption_key: "{{ 'mysupersecretgossipencryptionkey'|b64encode }}"
|
||||
|
||||
################################
|
||||
# consul address configuration #
|
||||
|
@ -1,18 +1,86 @@
|
||||
---
|
||||
#####################################################
|
||||
# #
|
||||
# Nomad Configuration #
|
||||
# Non-Editable #
|
||||
# #
|
||||
#####################################################
|
||||
|
||||
hashi_nomad_cni_plugins_install: true
|
||||
hashi_nomad_start_service: true
|
||||
hashi_nomad_cni_plugins_version: latest
|
||||
hashi_nomad_cni_plugins_install_path: /opt/cni/bin
|
||||
hashi_nomad_version: latest
|
||||
hashi_nomad_deploy_method: host # deployment method, either host or docker
|
||||
hashi_nomad_env_variables: {}
|
||||
hashi_nomad_data_dir: /opt/nomad
|
||||
hashi_nomad_extra_files: false
|
||||
hashi_nomad_extra_files_src: /tmp/extra_files
|
||||
hashi_nomad_extra_files_dst: /etc/nomad.d/extra_files
|
||||
hashi_nomad_configuration: {}
|
||||
nomad_datacenter: dc1
|
||||
|
||||
###########################
|
||||
# nomad ACL configuration #
|
||||
###########################
|
||||
|
||||
nomad_acl_configuration:
|
||||
enabled: true
|
||||
token_ttl: 30s
|
||||
policy_ttl: 60s
|
||||
role_ttl: 60s
|
||||
|
||||
#################################
|
||||
# nomad autopilot configuration #
|
||||
#################################
|
||||
|
||||
nomad_autopilot_configuration: {}
|
||||
|
||||
############################
|
||||
# nomad consul integration #
|
||||
############################
|
||||
|
||||
nomad_enable_consul_integration: "{{ enable_consul | bool }}"
|
||||
nomad_consul_integration_configuration: {}
|
||||
|
||||
############################
|
||||
# nomad vault integration #
|
||||
############################
|
||||
|
||||
nomad_enable_vault_integration: false
|
||||
nomad_vault_integration_configuration: {}
|
||||
|
||||
#############################
|
||||
# nomad leave configuration #
|
||||
#############################
|
||||
|
||||
# node will leave the cluster if the process is stopped
|
||||
# and if it is only a client
|
||||
nomad_leave_on_interrupt: "{{ (('nomad_clients' in group_names) and (not 'nomad_servers' in group_names)) | bool }}"
|
||||
nomad_leave_on_terminate: "{{ (('nomad_clients' in group_names) and (not 'nomad_servers' in group_names)) | bool }}"
|
||||
|
||||
##############################
|
||||
# nomad server configuration #
|
||||
##############################
|
||||
|
||||
nomad_server_configuration:
|
||||
enabled: "{{ 'nomad_servers' in group_names }}"
|
||||
data_dir: "{{ hashicorp_nomad_data_dir }}/server"
|
||||
encrypt: "{{ _credentials.nomad.gossip_encryption_key }}"
|
||||
|
||||
##############################
|
||||
# nomad client configuration #
|
||||
##############################
|
||||
|
||||
nomad_client_configuration:
|
||||
enabled: "{{ 'nomad_clients' in group_names | bool }}"
|
||||
state_dir: "{{ hashicorp_nomad_data_dir }}/client"
|
||||
|
||||
hashicorp_nomad_cni_plugins_install: true
|
||||
hashicorp_nomad_start_service: true
|
||||
hashicorp_nomad_cni_plugins_version: latest
|
||||
hashicorp_nomad_cni_plugins_install_path: /opt/cni/bin
|
||||
hashicorp_nomad_version: latest
|
||||
hashicorp_nomad_deploy_method: host # deployment method, either host or docker
|
||||
hashicorp_nomad_env_variables: {}
|
||||
hashicorp_nomad_config_dir: "/etc/nomad.d"
|
||||
hashicorp_nomad_data_dir: /opt/nomad
|
||||
hashicorp_nomad_extra_files: false
|
||||
hashicorp_nomad_extra_files_src: /tmp/extra_files
|
||||
hashicorp_nomad_extra_files_dst: /etc/nomad.d/extra_files
|
||||
hashicorp_nomad_configuration:
|
||||
datacenter: "{{ nomad_datacenter }}"
|
||||
bind_addr: "0.0.0.0"
|
||||
data_dir: "{{ hashicorp_nomad_data_dir }}"
|
||||
leave_on_interrupt: "{{ (('nomad_clients' in group_names) and (not 'nomad_servers' in group_names)) | bool }}"
|
||||
leave_on_terminate: "{{ (('nomad_clients' in group_names) and (not 'nomad_servers' in group_names)) | bool }}"
|
||||
acl: "{{ nomad_acl_configuration }}"
|
||||
server: "{{ nomad_server_configuration }}"
|
||||
client: "{{ nomad_client_configuration }}"
|
||||
|
@ -1,9 +1,9 @@
|
||||
---
|
||||
- name: "Consul"
|
||||
block:
|
||||
- name: "Include ednz_cloud.hashistack.hashicorp_consul"
|
||||
- name: "Include ednz_cloud.hashicorp_consul"
|
||||
ansible.builtin.include_role:
|
||||
name: ednz_cloud.hashistack.hashicorp_consul
|
||||
name: ednz_cloud.hashicorp_consul
|
||||
|
||||
- name: "Wait for consul cluster to initialize" # noqa: run-once[task]
|
||||
ansible.builtin.uri:
|
||||
|
@ -38,9 +38,9 @@
|
||||
state: present
|
||||
when: _consul_vault_policy.changed
|
||||
|
||||
- name: "Include ednz_cloud.hashistack.hashicorp_consul"
|
||||
- name: "Include ednz_cloud.hashicorp_consul"
|
||||
ansible.builtin.include_role:
|
||||
name: ednz_cloud.hashistack.hashicorp_vault
|
||||
name: ednz_cloud.hashicorp_vault
|
||||
|
||||
- name: "Initialize vault cluster" # noqa: run-once[task]
|
||||
ednz_cloud.hashistack.vault_init:
|
||||
|
@ -1,5 +1,6 @@
|
||||
---
|
||||
consul:
|
||||
gossip_encryption_key: "{{ _consul_gossip_encryption_key }}"
|
||||
root_token:
|
||||
secret_id: "{{ _consul_root_token }}"
|
||||
tokens:
|
||||
@ -10,4 +11,6 @@ consul:
|
||||
accessor_id: "{{ _consul_vault_accessor }}"
|
||||
secret_id: "{{ _consul_vault_token }}"
|
||||
nomad:
|
||||
root_token: "{{ _nomad_root_token }}"
|
||||
gossip_encryption_key: "{{ _nomad_gossip_encryption_key }}"
|
||||
root_token:
|
||||
secret_id: "{{ _nomad_root_token }}"
|
||||
|
@ -1 +0,0 @@
|
||||
Subproject commit 56696c3552308225d4e5b91efc8e4bf75d31d2f3
|
@ -1 +0,0 @@
|
||||
Subproject commit 738c347df8efd4965eda14167171343be13bed75
|
@ -3,15 +3,31 @@
|
||||
roles:
|
||||
- name: ednz_cloud.manage_repositories
|
||||
src: https://github.com/ednz-cloud/manage_repositories.git
|
||||
version: main
|
||||
- name: ednz_cloud.manage_apt_packages
|
||||
src: https://github.com/ednz-cloud/manage_apt_packages.git
|
||||
version: main
|
||||
- name: ednz_cloud.manage_pip_packages
|
||||
src: https://github.com/ednz-cloud/manage_pip_packages.git
|
||||
version: main
|
||||
- name: ednz_cloud.install_docker
|
||||
src: https://github.com/ednz-cloud/install_docker.git
|
||||
version: main
|
||||
- name: ednz_cloud.docker_systemd_service
|
||||
src: https://github.com/ednz-cloud/docker_systemd_service.git
|
||||
version: main
|
||||
- name: ednz_cloud.deploy_haproxy
|
||||
src: https://github.com/ednz-cloud/deploy_haproxy.git
|
||||
version: main
|
||||
- name: ednz_cloud.deploy_keepalived
|
||||
src: https://github.com/ednz-cloud/deploy_keepalived.git
|
||||
version: main
|
||||
- name: ednz_cloud.hashicorp_nomad
|
||||
src: https://github.com/ednz-cloud/hashicorp_nomad.git
|
||||
version: v0.1.0
|
||||
- name: ednz_cloud.hashicorp_consul
|
||||
src: https://github.com/ednz-cloud/hashicorp_consul.git
|
||||
version: main
|
||||
- name: ednz_cloud.hashicorp_vault
|
||||
src: https://github.com/ednz-cloud/hashicorp_vault.git
|
||||
version: main
|
||||
|
Loading…
Reference in New Issue
Block a user