From 51605ab23951f9d852d48cf0b7ae2ab5509b7e12 Mon Sep 17 00:00:00 2001
From: Bertrand Lanson <bertrand.lanson@protonmail.com>
Date: Sun, 14 Jul 2024 16:18:45 +0200
Subject: [PATCH] fix: update various variables and bring some of them back out
 of globals.yml

---
 playbooks/group_vars/all/all.yml     |  5 ++++-
 playbooks/group_vars/all/consul.yml  | 15 +++++++++++++--
 playbooks/group_vars/all/globals.yml | 27 +++++++++++----------------
 playbooks/group_vars/all/nomad.yml   | 15 +++++++++++++--
 playbooks/group_vars/all/vault.yml   | 20 ++++++++++++++------
 5 files changed, 55 insertions(+), 27 deletions(-)

diff --git a/playbooks/group_vars/all/all.yml b/playbooks/group_vars/all/all.yml
index 8e95eb1..081aad1 100644
--- a/playbooks/group_vars/all/all.yml
+++ b/playbooks/group_vars/all/all.yml
@@ -18,6 +18,7 @@ configuration_credentials_vars_file: "credentials.yml"
 
 hashistack_remote_config_dir: "/etc/hashistack"
 hashistack_remote_data_dir: "/opt/hashistack"
+hashistack_remote_log_dir: /var/log/hashistack
 
 default_container_extra_volumes:
   - "/etc/timezone:/etc/timezone"
@@ -44,4 +45,6 @@ preflight_enable_host_ntp_checks: true
 haproxy_required_ports: [80, 443]
 vault_required_ports: [8200, 8201]
 consul_required_ports: [8300, 8301, 8302, 8500, 8501, 8502, 8503, 8600]
-nomad_required_ports: []
+nomad_required_ports: [4646, 4647, 4648]
+
+target: all, !deployment
diff --git a/playbooks/group_vars/all/consul.yml b/playbooks/group_vars/all/consul.yml
index 60887f1..bbc7648 100644
--- a/playbooks/group_vars/all/consul.yml
+++ b/playbooks/group_vars/all/consul.yml
@@ -64,6 +64,17 @@ consul_certificates_extra_files_dir:
   - src: "{{ sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}"
     dest: "{{ consul_certificates_directory }}"
 
+##################
+# consul logging #
+##################
+
+consul_enable_log_to_file: "{{ enable_log_to_file | bool }}"
+consul_logging_configuration:
+  log_file: "{{ hashistack_remote_log_dir }}/consul/consul.log"
+  log_level: info
+  log_rotate_duration: 24h
+  log_rotate_max_files: 30
+
 #########################
 # consul role variables #
 #########################
@@ -72,8 +83,8 @@ hashicorp_consul_start_service: true
 hashicorp_consul_service_name: "consul"
 hashicorp_consul_version: "{{ consul_version }}"
 hashicorp_consul_env_variables: {}
-hashicorp_consul_config_dir: "/etc/consul.d"
-hashicorp_consul_data_dir: "/opt/consul"
+hashicorp_consul_config_dir: "{{ hashistack_remote_config_dir }}/consul.d"
+hashicorp_consul_data_dir: "{{ hashistack_remote_data_dir }}/consul"
 hashicorp_consul_extra_files: true
 hashicorp_consul_extra_files_list: "{{ ([] +
   (consul_certificates_extra_files_dir if consul_enable_tls else []) +
diff --git a/playbooks/group_vars/all/globals.yml b/playbooks/group_vars/all/globals.yml
index 8e76ee0..50fefd2 100644
--- a/playbooks/group_vars/all/globals.yml
+++ b/playbooks/group_vars/all/globals.yml
@@ -25,6 +25,12 @@ hashistack_internal_vip_addr: "{{ hashistack_external_vip_addr }}"
 api_interface: "eth0"
 api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"
 
+###################
+# logging options #
+###################
+
+enable_log_to_file: true
+
 ########################
 # external tls options #
 ########################
@@ -180,17 +186,6 @@ vault_service_registration_configuration:
 
 vault_enable_plugins: false
 
-###########
-# logging #
-###########
-
-vault_enable_log_to_file: false
-vault_logging_configuration:
-  log_level: info
-  log_format: standard
-  log_rotate_duration: 24h
-  log_rotate_max_files: 30
-
 ###########################
 # vault container volumes #
 ###########################
@@ -246,11 +241,11 @@ nomad_vault_integration_configuration: {}
 # nomad drivers configuration #
 ###############################
 
-nomad_driver_enable_docker: yes
-nomad_driver_enable_podman: no
-nomad_driver_enable_raw_exec: no
-nomad_driver_enable_java: no
-nomad_driver_enable_qemu: no
+nomad_driver_enable_docker: true
+nomad_driver_enable_podman: false
+nomad_driver_enable_raw_exec: false
+nomad_driver_enable_java: false
+nomad_driver_enable_qemu: false
 
 nomad_driver_extra_configuration: {}
 
diff --git a/playbooks/group_vars/all/nomad.yml b/playbooks/group_vars/all/nomad.yml
index 7d7d1b3..9e6fd94 100644
--- a/playbooks/group_vars/all/nomad.yml
+++ b/playbooks/group_vars/all/nomad.yml
@@ -163,6 +163,17 @@ nomad_certificates_extra_files_dir:
   - src: "{{ sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}"
     dest: "{{ nomad_certificates_directory }}"
 
+#################
+# nomad logging #
+#################
+
+nomad_enable_log_to_file: "{{ enable_log_to_file | bool }}"
+nomad_logging_configuration:
+  log_file: "{{ hashistack_remote_log_dir }}/nomad/nomad.log"
+  log_level: info
+  log_rotate_duration: 24h
+  log_rotate_max_files: 30
+
 ########################
 # nomad role variables #
 ########################
@@ -174,8 +185,8 @@ hashicorp_nomad_cni_plugins_version: latest
 hashicorp_nomad_cni_plugins_install_path: /opt/cni/bin
 hashicorp_nomad_version: "{{ nomad_version }}"
 hashicorp_nomad_env_variables: {}
-hashicorp_nomad_config_dir: "/etc/nomad.d"
-hashicorp_nomad_data_dir: /opt/nomad
+hashicorp_nomad_config_dir: "{{ hashistack_remote_config_dir }}/nomad.d"
+hashicorp_nomad_data_dir: "{{ hashistack_remote_data_dir }}/nomad"
 hashicorp_nomad_extra_files: true
 hashicorp_nomad_extra_files_list: "{{ ([] +
   (nomad_certificates_extra_files_dir if nomad_enable_tls else []) +
diff --git a/playbooks/group_vars/all/vault.yml b/playbooks/group_vars/all/vault.yml
index 2fc1d45..265db5b 100644
--- a/playbooks/group_vars/all/vault.yml
+++ b/playbooks/group_vars/all/vault.yml
@@ -5,7 +5,7 @@
 #                                                   #
 #####################################################
 
-vault_init_cluster: "{{ (inventory_hostname == groups['vault_servers'][0]) | bool }}"
+vault_init_server: "{{ (inventory_hostname == groups['vault_servers'][0]) | bool }}"
 
 #########################
 # vault haproxy backend #
@@ -60,6 +60,17 @@ vault_service_registration_policy: |
     policy = "write"
   }
 
+#################
+# vault logging #
+#################
+
+vault_enable_log_to_file: "{{ enable_log_to_file | bool }}"
+vault_logging_configuration:
+  log_file: "{{ hashistack_remote_log_dir }}/vault/vault.log"
+  log_level: info
+  log_rotate_duration: 24h
+  log_rotate_max_files: 30
+
 ########################
 # vault role variables #
 ########################
@@ -68,8 +79,8 @@ hashicorp_vault_start_service: true
 hashicorp_vault_service_name: "vault"
 hashicorp_vault_version: "{{ vault_version }}"
 hashicorp_vault_env_variables: {}
-hashicorp_vault_config_dir: "/etc/vault.d"
-hashicorp_vault_data_dir: "/opt/vault"
+hashicorp_vault_config_dir: "{{ hashistack_remote_config_dir }}/vault.d"
+hashicorp_vault_data_dir: "{{ hashistack_remote_data_dir }}/vault"
 hashicorp_vault_extra_files: true
 hashicorp_vault_extra_files_list: "{{ ([] +
   (vault_certificates_extra_files_dir if vault_enable_tls else []) +
@@ -78,9 +89,6 @@ hashicorp_vault_extra_files_list: "{{ ([] +
   | unique
   | sort
   }}"
-hashicorp_vault_extra_files_src: "{{ sub_configuration_directories.vault_servers }}/config"
-hashicorp_vault_extra_files_dst: "{{ hashicorp_vault_config_dir }}/config"
-hashicorp_vault_extra_container_volumes: "{{ default_container_extra_volumes | union(extra_vault_container_volumes) | unique | sort }}"
 hashicorp_vault_configuration:
   cluster_name: "{{ vault_cluster_name }}"
   cluster_addr: "{{ 'https' if vault_enable_tls else 'http'}}://{{ api_interface_address }}:8201"