feat(vault/docs/license): added plugin ability to vault, update documentation and license

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2017 Bertrand Lanson
+Copyright (c) 2023 Bertrand Lanson
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in

docs/general.md

@@ -0,0 +1,103 @@
+# General documentation
+
+## Configuration directory
+
+### Main configuration directory
+
+Hashistack Ansible uses a configuration directory to store all the configuration files and other artifacts.
+
+This directory is defined with the variable `configuration_directory`. By default, it will look at `{{ lookup('env', 'PWD') }}/etc/hashistack`, which equals `$(pwd)/etc/hashistack`.
+
+Under this directory, you are expected to place the `globals.yml` file, with your configuration.
+
+### Sub configuration directories
+
+#### Group configuration directories
+
+Additionally, subdirectories can be used to tailor the configuration further.
+
+Each group within the `inventory` will look at a directory named after itself:
+
+- nomad_servers group will look for `{{ configuration_directory }}/nomad_servers`
+- vault_servers group will look for `{{ configuration_directory }}/vault_servers`
+- consul_servers group will look for `{{ configuration_directory }}/consul_servers`
+
+Within each of these directories, you can place an additional `globals.yml file`, that will superseed the file at the root of the configuration directory.
+
+- **Example**:
+
+  If `etc/hashistack/globals.yml` looks like:
+
+  ```yaml
+  ---
+  enable_vault: "no"
+  enable_consul: "no"
+  enable_nomad: "no"
+  ```
+
+  And `etc/hashistack/nomad_servers/globals.yml` looks like:
+
+  ```yaml
+  ---
+  enable_nomad: "yes"
+  ```
+
+  Servers in the `nomad_servers` group will end up with the following configuration:
+
+  ```yaml
+  ---
+  enable_vault: "no"
+  enable_consul: "no"
+  enable_nomad: "yes"
+  ```
+
+This approach lets you customize your deployment for your exact needs.
+
+#### Host configuration directories
+
+Additionally, within each `group configuration directory`, you can add `host configuration directory`, that will be named after the hosts defined in your `inventory`. These host directories can also be populated with a `globals.yml` file, that will superseed the `group` and `deployment` configuration files.
+
+- **Example**
+
+  If `etc/hashistack/globals.yml` looks like:
+
+  ```yaml
+  ---
+  enable_vault: "no"
+  enable_consul: "no"
+  enable_nomad: "no"
+  api_interface: "eth0"
+  ```
+
+  And `etc/hashistack/nomad_servers/globals.yml` looks like:
+
+  ```yaml
+  ---
+  enable_nomad: "yes"
+  api_interface: "eth1"
+  ```
+
+  And `etc/hashistack/nomad_servers/nomad-master-01/globals.yml` looks like:
+
+  ```yaml
+    api_interface: "eth0.vlan40"
+  ```
+
+  Servers in the `nomad_servers` group will end up with the following configuration:
+
+  ```yaml
+  ---
+  enable_vault: "no"
+  enable_consul: "no"
+  enable_nomad: "yes"
+  api_interface: "eth1"
+  ```
+  Except for host `nomad-master-1`, who will have the following:
+
+  ```yaml
+  ---
+  enable_vault: "no"
+  enable_consul: "no"
+  enable_nomad: "yes"
+  api_interface: "eth0.vlan40"
+  ```

playbooks/deploy.yml

@@ -18,7 +18,7 @@
       ansible.builtin.debug:
         msg: "{{ hashi_vault_configuration }}"
 
-    - ansible.builtin.fail:
+    # - ansible.builtin.fail:
 
     - name: "Vault"
       when:

playbooks/group_vars/all.yml

@@ -23,9 +23,9 @@ default_container_extra_volumes:
   - "/etc/timezone:/etc/timezone"
   - "/etc/localtime:/etc/localtime"
 
-##########################
+#################
-# Support options ########
+# Support options
-##########################
+#################
 
 hashistack_supported_distributions:
   - ubuntu
@@ -114,8 +114,8 @@ vault_listener_configuration:
 vault_tls_listener_configuration:
   tcp:
     tls_disable: false
-    tls_cert_file: "{{ hashi_vault_config_dir }}/cert.pem"
+    tls_cert_file: "{{ hashi_vault_extra_files_dst }}/tls/cert.pem"
-    tls_key_file: "{{ hashi_vault_config_dir }}/key.pem"
+    tls_key_file: "{{ hashi_vault_extra_files_dst }}/tls/key.pem"
 
 vault_extra_listener_configuration: {}
 
@@ -131,8 +131,8 @@ vault_service_registration_configuration:
 #############################
 # vault plugins configuration
 #############################
-vault_enable_plugins: false
+vault_enable_plugins: true
-
+vault_plugin_directory: "{{ hashi_vault_extra_files_dst }}/plugin"
 
 #########################
 # vault container volumes
@@ -148,9 +148,9 @@ hashi_vault_deploy_method: "{{ deployment_method }}"
 hashi_vault_env_variables: {}
 hashi_vault_config_dir: "/etc/vault.d"
 hashi_vault_data_dir: "/opt/vault"
-hashi_vault_extra_files: false
+hashi_vault_extra_files: true
-hashi_vault_extra_files_src: /tmp/extra_files
+hashi_vault_extra_files_src: "{{ sub_configuration_directories.vault_servers }}/config"
-hashi_vault_extra_files_dst: /etc/vault.d/extra_files
+hashi_vault_extra_files_dst: "{{ hashi_vault_config_dir }}/config"
 hashi_vault_extra_container_volumes: "{{ default_container_extra_volumes | union(extra_vault_container_volumes) | unique }}"
 hashi_vault_configuration:
   cluster_name: "{{ vault_cluster_name }}"
@@ -159,7 +159,5 @@ hashi_vault_configuration:
   ui: true
   disable_mlock: false
   disable_cache: false
-  listener: "{{ vault_listener_configuration
+  listener: "{{ vault_listener_configuration }}"
-    | combine((vault_enable_tls | bool) | ternary(vault_tls_listener_configuration, {}))
-    | combine(vault_extra_listener_configuration | default({})) }}"
   storage: "{{ vault_storage_configuration }}"

playbooks/tasks/vault_vars.yml

@@ -1,6 +1,31 @@
 ---
 # hashistack configuration merging for vault
-- name: "Merge service registration configuration"
+- name: "Merge listener configuration"
   ansible.builtin.set_fact:
-    hashi_vault_configuration: "{{ hashi_vault_configuration | combine({'service_registration': vault_service_registration_configuration}) }}"
+    vault_listener_configuration: "{{
+      vault_listener_configuration |
+      combine((vault_enable_tls | bool) | ternary(vault_tls_listener_configuration, {})) |
+      combine(vault_extra_listener_configuration | default({}))
+      }}"
+
+- name: "Merge service registration configuration"
+  vars:
+    _config_to_merge:
+      service_registration: "{{ vault_service_registration_configuration }}"
+  ansible.builtin.set_fact:
+    hashi_vault_configuration: "{{
+      hashi_vault_configuration |
+      combine(_config_to_merge)
+      }}"
   when: vault_enable_service_registration
+
+- name: "Merge plugins configuration"
+  vars:
+    _config_to_merge:
+      plugin_directory: "{{ vault_plugin_directory }}"
+  ansible.builtin.set_fact:
+    hashi_vault_configuration: "{{
+      hashi_vault_configuration |
+      combine(_config_to_merge)
+      }}"
+  when: vault_enable_plugins

roles/hashicorp_vault

@@ -1 +1 @@
-Subproject commit daa7aec43351c7fdc6f7cde1ef59d0021fe9fe47
+Subproject commit 581c2eec65eee201f34d585480f33eeed415ee23