feat(preflight): fix config directory checks

playbooks/deploy.yml

@@ -2,20 +2,22 @@
 # hashistack deployment playbook
 - name: "Deploy"
   hosts: all
+  strategy: linear
   gather_facts: true
   become: true
   tasks:
-    - name: "debug"
+    - name: "Debug"
       ansible.builtin.debug:
         msg: "{{ hashi_vault_configuration.listener }}"
 
     - name: "Import variables"
       ansible.builtin.import_tasks:
-        file: load_vars.yml
+        file: tasks/load_vars.yml
 
     - name: "Vault"
-      when: enable_vault | bool
+      when:
-      when: "'vault_servers' in group_names"
+        - enable_vault | bool
+        - "'vault_servers' in group_names"
       tags:
         - vault
       block:
@@ -23,7 +25,7 @@
           ansible.builtin.include_role:
             name: ednxzu.hashistack.hashicorp_vault
 
-        - name: "Initialize vault cluster"
+        - name: "Initialize vault cluster"  # noqa: run-once[task]
           ednxzu.hashistack.vault_init:
             api_url: "{{ hashi_vault_configuration['api_addr'] }}"
             key_shares: 3
@@ -35,10 +37,10 @@
           register: _vault_init_secret
           until: not _vault_init_secret.failed
 
-        - name: "Write vault configuration to file"
+        - name: "Write vault configuration to file"  # noqa: run-once[task] no-handler
           ansible.builtin.copy:
             content: "{{ _vault_init_secret.state | to_nice_yaml}}"
-            dest: "{{ configuration_directory }}/vault_servers/vault_config"
+            dest: "{{ sub_configuration_directories.vault_servers }}/vault_config"
             mode: '0644'
           when: _vault_init_secret.changed
           run_once: true
@@ -46,10 +48,10 @@
 
         - name: "Load vault cluster variables necessary for unseal operation"
           ansible.builtin.include_vars:
-            file: "{{ configuration_directory }}/vault/vault_config"
+            file: "{{ sub_configuration_directories.vault_servers }}/vault_config"
             name: _vault_cluster_config
 
-        - name: "Unseal the bootstrap node"
+        - name: "Unseal the bootstrap node"  # noqa: run-once[task] no-handler
           ednxzu.hashistack.vault_unseal:
             api_url: "{{ hashi_vault_configuration['api_addr'] }}"
             key_shares: "{{ _vault_cluster_config['keys'] }}"

playbooks/group_vars/all.yml

@@ -4,8 +4,8 @@
 ##########################
 
 enable_vault: "yes"
-enable_consul: "yes"
+enable_consul: "no"
-enable_nomad: "yes"
+enable_nomad: "no"
 
 deployment_method: "host"
 api_interface: "eth0"
@@ -59,7 +59,6 @@ hashi_nomad_data_dir: /opt/nomad
 hashi_nomad_extra_files: false
 hashi_nomad_extra_files_src: /tmp/extra_files
 hashi_nomad_extra_files_dst: /etc/nomad.d/extra_files
-#! nomad configuration
 hashi_nomad_configuration: {}
 
 ##########################
@@ -76,7 +75,6 @@ hashi_consul_extra_files_src: /tmp/extra_files
 hashi_consul_extra_files_dst: /etc/consul.d/extra_files
 hashi_consul_envoy_install: false
 hashi_consul_envoy_version: latest
-#! consul configuration
 hashi_consul_configuration: {}
 
 ##########################
@@ -136,7 +134,6 @@ hashi_vault_extra_files: false
 hashi_vault_extra_files_src: /tmp/extra_files
 hashi_vault_extra_files_dst: /etc/vault.d/extra_files
 hashi_vault_extra_container_volumes: "{{ default_container_extra_volumes | union(extra_vault_container_volumes) | unique }}"
-#! vault configuration
 hashi_vault_configuration:
   cluster_name: "{{ vault_cluster_name }}"
   cluster_addr: "http://{{ api_interface_address }}:8201"

playbooks/preflight.yml

@@ -2,9 +2,14 @@
 # hashistack deployment playbook
 - name: "Preflight"
   hosts: all
+  strategy: linear
   gather_facts: true
   become: true
   tasks:
+    - name: "Import variables"
+      ansible.builtin.import_tasks:
+        file: tasks/load_vars.yml
+
     - name: "Checking vault inventory"
       ansible.builtin.assert:
         that:
@@ -41,8 +46,9 @@
       when:
         - enable_nomad | bool
 
-    - name: "Checking directory {{ configuration_directory }}"
+    - name: "Checking directory {{ configuration_directory }}"  # noqa: run-once[task]
       delegate_to: localhost
+      run_once: true
       block:
         - name: "Stat directory {{ configuration_directory }}"
           ansible.builtin.stat:
@@ -70,21 +76,43 @@
           when:
             - enable_vault | bool
 
-        - name: "Make sure required directories exist"
+        - name: "Make sure directory exists: {{ configuration_directory }}"
           ansible.builtin.assert:
             that:
               - _stat_config_dir.stat.exists
               - _stat_config_dir.stat.isdir
-              - _stat_config_dir.stat.writable
+              - _stat_config_dir.stat.writeable
-              - _stat_config_dir_nomad_servers.stat.exists if enable_nomad
+
-              - _stat_config_dir_nomad_servers.stat.isdir if enable_nomad
+        - name: "Make sure directory exists: {{ sub_configuration_directories.nomad_servers }}"
-              - _stat_config_dir_nomad_servers.stat.writeable if enable_nomad
+          ansible.builtin.assert:
-              - _stat_config_dir_consul_servers.stat.exists if enable_consul
+            that:
-              - _stat_config_dir_consul_servers.stat.isdir if enable_consul
+              - _stat_config_dir_nomad_servers.stat.exists
-              - _stat_config_dir_consul_servers.stat.writeable if enable_consul
+              - _stat_config_dir_nomad_servers.stat.isdir
-              - _stat_config_dir_vault_servers.stat.exists if enable_vault
+              - _stat_config_dir_nomad_servers.stat.writeable
-              - _stat_config_dir_vault_servers.stat.isdir if enable_vault
+          when:
-              - _stat_config_dir_vault_servers.stat.writeable if enable_vault
+            - enable_nomad | bool
+
+        - name: "Make sure directory exists: {{ sub_configuration_directories.consul_servers }}"
+          ansible.builtin.assert:
+            that:
+              - _stat_config_dir_consul_servers.stat.exists
+              - _stat_config_dir_consul_servers.stat.isdir
+              - _stat_config_dir_consul_servers.stat.writeable
+          when:
+            - enable_consul | bool
+
+        - name: "Debug"
+          ansible.builtin.debug:
+            msg: "{{ _stat_config_dir_vault_servers }}"
+
+        - name: "Make sure directory exists: {{ sub_configuration_directories.vault_servers }}"
+          ansible.builtin.assert:
+            that:
+              - _stat_config_dir_vault_servers.stat.exists
+              - _stat_config_dir_vault_servers.stat.isdir
+              - _stat_config_dir_vault_servers.stat.writeable
+          when:
+            - enable_vault | bool
 
     - name: "Checking host OS distribution"
       ansible.builtin.assert:
@@ -262,13 +290,3 @@
             fail_msg: >-
               The python sdk for docker is really out of date, you need to install
               a more recent version of it in order to use this tool.
-
-    - name: "Debug"
-      ansible.builtin.debug:
-        msg: "{{ groups['vault_servers'] }}"
-
-    - name: "Debug"
-      ansible.builtin.debug:
-        msg: "{{ hashi_vault_configuration.storage }}"
-
-    # - ansible.builtin.fail: