ansible-collections/hcp-ansible
ansible-collections/hcp-ansible
4
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat(core): change namespace of collection

Browse Source
This commit is contained in:
Bertrand Lanson 2024-02-07 21:49:00 +01:00
parent d270161c28
commit bbf03e18fc
22 changed files with 68 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,6 +1,6 @@
# ignore molecule/testinfra pycache
**/__pycache__
.vscode
roles/ednxzu.*
roles/ednz_cloud.*
vault_config
consul_config

4
.gitmodules vendored
View File

@ -1,6 +1,6 @@
[submodule "roles/hashicorp_consul"]
path = roles/hashicorp_consul
url = https://github.com/ednxzu/hashicorp_consul
url = https://github.com/ednz-cloud/hashicorp_consul
[submodule "roles/hashicorp_vault"]
path = roles/hashicorp_vault
url = https://github.com/ednxzu/hashicorp_vault
url = https://github.com/ednz-cloud/hashicorp_vault

2
README.md
View File

@ -1,3 +1,3 @@
# Ansible Collection - ednxzu.hashistack
# Ansible Collection - ednz_cloud.hashistack
THIS REPOSITORY IS A WORK IN PROGRESS, IT IS NOWHERE NEAR FIT FOR PRODUCTION.

3
docs/architecture_guide.md.md
View File

@ -36,6 +36,8 @@ graph LR;
## Testing/Preprod deployment
For testing, of pre-production deployments, running all services on the same nodes might be a good way to cut cost and/or save resources.
## Production deployment
For production use, it is recommended to separate concerns as much as possible. This means that consul, vault and nomad, as well as the haproxy services, should be on different nodes altogether. The **client-facing** and **cluster-facing** interfaces should also be separated.
@ -92,3 +94,4 @@ graph TD
nomad -->|Service registration| consul
```
> **Note**: you can substract the haproxy part if using an external load-balancing solution, like AWS ALB,or any other LB technology, for connecting to your platform.

10
docs/quick_start.md
View File

@ -94,18 +94,18 @@ collections_path = ./collections/
inventory = ./inventory/
```
7. Install the `ednxzu.hashistack` ansible collection
7. Install the `ednz_cloud.hashistack` ansible collection
```bash
ansible-galaxy collection install ednxzu.hashistack:==<version>
ansible-galaxy collection install ednz_cloud.hashistack:==<version>
```
You should now have a directory under `./collections/ansible_collections/ednxzu/hashistack`
You should now have a directory under `./collections/ansible_collections/ednz_cloud/hashistack`
8. Install the other dependencies required by `ednxzu.hashistack`
8. Install the other dependencies required by `ednz_cloud.hashistack`
```bash
ansible-galaxy install -r ./collections/ansible_collections/ednxzu/hashistack/roles/requirements.yml
ansible-galaxy install -r ./collections/ansible_collections/ednz_cloud/hashistack/roles/requirements.yml
```
This will install roles that are not packaged with the collection, but are still required in order to run the playbooks.

2
docs/vault_clusters.md
View File

@ -1,6 +1,6 @@
# Deploying a Vault cluster
This documentation explains each steps necessary to successfully deploy a Vault cluster using the ednxzu.hashistack ansible collection.
This documentation explains each steps necessary to successfully deploy a Vault cluster using the ednz_cloud.hashistack ansible collection.
## Prerequisites

4
galaxy.yml
View File

@ -1,5 +1,5 @@
---
namespace: ednxzu
namespace: ednz_cloud
name: hashistack
version: 1.0.0
readme: README.md
@ -7,7 +7,7 @@ authors:
- Bertrand Lanson <bertrand.lanson@protonmail.com>
description: your collection description
license: ["MIT"]
license_file: 'LICENSE'
license_file: "LICENSE"
# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
# requirements as 'namespace' and 'name'

2
molecule/no_tls_multi_node/converge.yml
View File

@ -1,3 +1,3 @@
---
- name: Include a playbook from a collection
ansible.builtin.import_playbook: ednxzu.hashistack.deploy.yml
ansible.builtin.import_playbook: ednz_cloud.hashistack.deploy.yml

4
molecule/no_tls_multi_node/prepare.yml
View File

@ -1,6 +1,6 @@
---
- name: Include bootstrap playbook
ansible.builtin.import_playbook: ednxzu.hashistack.bootstrap.yml
ansible.builtin.import_playbook: ednz_cloud.hashistack.bootstrap.yml
- name: Include preflight playbook
ansible.builtin.import_playbook: ednxzu.hashistack.preflight.yml
ansible.builtin.import_playbook: ednz_cloud.hashistack.preflight.yml

12
molecule/no_tls_multi_node/requirements.yml
View File

@ -1,11 +1,11 @@
---
# requirements file for molecule
roles:
- name: ednxzu.manage_repositories
- name: ednxzu.manage_apt_packages
- name: ednxzu.manage_pip_packages
- name: ednxzu.install_docker
- name: ednxzu.docker_systemd_service
- name: ednz_cloud.manage_repositories
- name: ednz_cloud.manage_apt_packages
- name: ednz_cloud.manage_pip_packages
- name: ednz_cloud.install_docker
- name: ednz_cloud.docker_systemd_service
collections:
- name: ednxzu.hashistack
- name: ednz_cloud.hashistack

2
molecule/no_tls_single_node/converge.yml
View File

@ -1,3 +1,3 @@
---
- name: Include a playbook from a collection
ansible.builtin.import_playbook: ednxzu.hashistack.deploy.yml
ansible.builtin.import_playbook: ednz_cloud.hashistack.deploy.yml

4
molecule/no_tls_single_node/prepare.yml
View File

@ -1,6 +1,6 @@
---
- name: Include bootstrap playbook
ansible.builtin.import_playbook: ednxzu.hashistack.bootstrap.yml
ansible.builtin.import_playbook: ednz_cloud.hashistack.bootstrap.yml
- name: Include preflight playbook
ansible.builtin.import_playbook: ednxzu.hashistack.preflight.yml
ansible.builtin.import_playbook: ednz_cloud.hashistack.preflight.yml

10
molecule/no_tls_single_node/requirements.yml
View File

@ -1,10 +1,10 @@
---
# requirements file for molecule
roles:
- name: ednxzu.manage_repositories
- name: ednxzu.manage_apt_packages
- name: ednxzu.install_docker
- name: ednxzu.docker_systemd_service
- name: ednz_cloud.manage_repositories
- name: ednz_cloud.manage_apt_packages
- name: ednz_cloud.install_docker
- name: ednz_cloud.docker_systemd_service
collections:
- name: ednxzu.hashistack
- name: ednz_cloud.hashistack

14
playbooks/bootstrap.yml
View File

@ -7,7 +7,7 @@
tasks:
- name: "Install hvac library with pip"
ansible.builtin.include_role:
name: ednxzu.manage_pip_packages
name: ednz_cloud.manage_pip_packages
vars:
manage_pip_packages_install_prereqs: true
manage_pip_packages_list:
@ -16,9 +16,9 @@
state: present
when: "'vault_servers' in group_names"
- name: "Include ednxzu.install_docker"
- name: "Include ednz_cloud.install_docker"
ansible.builtin.include_role:
name: ednxzu.install_docker
name: ednz_cloud.install_docker
vars:
install_docker_edition: ce
install_docker_auto_update: false
@ -31,3 +31,11 @@
- "{{ ansible_user }}"
install_docker_daemon_options: {}
when: deployment_method == 'docker'
- name: "Ensure /etc/localtime exists"
ansible.builtin.file:
src: /etc/timezone
dest: /etc/localtime
owner: root
group: root
state: link

16
playbooks/deploy.yml
View File

@ -31,12 +31,12 @@
tags:
- consul
block:
- name: "Include ednxzu.hashistack.hashicorp_consul"
- name: "Include ednz_cloud.hashistack.hashicorp_consul"
ansible.builtin.include_role:
name: ednxzu.hashistack.hashicorp_consul
name: ednz_cloud.hashistack.hashicorp_consul
- name: "Initialize consul cluster" # noqa: run-once[task]
ednxzu.hashistack.consul_acl_bootstrap:
ednz_cloud.hashistack.consul_acl_bootstrap:
api_addr: "{{ hashi_consul_configuration['advertise_addr'] }}"
run_once: true
delegate_to: "{{ groups['consul_servers'] | first }}"
@ -67,12 +67,12 @@
tags:
- vault
block:
- name: "Include ednxzu.hashistack.hashicorp_consul"
- name: "Include ednz_cloud.hashistack.hashicorp_consul"
ansible.builtin.include_role:
name: ednxzu.hashistack.hashicorp_vault
name: ednz_cloud.hashistack.hashicorp_vault
- name: "Initialize vault cluster" # noqa: run-once[task]
ednxzu.hashistack.vault_init:
ednz_cloud.hashistack.vault_init:
api_url: "{{ hashi_vault_configuration['api_addr'] }}"
key_shares: "{{ vault_seal_configuration['key_shares'] }}"
key_threshold: "{{ vault_seal_configuration['key_threshold'] }}"
@ -98,7 +98,7 @@
name: _vault_cluster_config
- name: "Unseal the bootstrap node" # noqa: run-once[task] no-handler
ednxzu.hashistack.vault_unseal:
ednz_cloud.hashistack.vault_unseal:
api_url: "{{ hashi_vault_configuration['api_addr'] }}"
key_shares: "{{ _vault_cluster_config['keys'] }}"
run_once: true
@ -107,7 +107,7 @@
register: _vault_unseal_secret
- name: "Unseal all vault nodes"
ednxzu.hashistack.vault_unseal:
ednz_cloud.hashistack.vault_unseal:
api_url: "{{ hashi_vault_configuration['api_addr'] }}"
key_shares: "{{ _vault_cluster_config['keys'] }}"
retries: 5

4
playbooks/group_vars/all.yml
View File

@ -19,6 +19,8 @@ api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"
# Helper options #########
##########################
manage_pip_packages_allow_break_system_packages: true
vault_versions:
host: "{{ vault_version }}{% '*' if vault_version != 'latest' %}"
docker: "{{ vault_version }}"
@ -156,7 +158,7 @@ hashi_consul_data_dir: "/opt/consul"
hashi_consul_extra_files: false
hashi_consul_extra_files_src: "{{ sub_configuration_directories.consul_servers }}/config"
hashi_consul_extra_files_dst: "{{ hashi_consul_config_dir }}/config"
hashi_consul_envoy_install: true
hashi_consul_envoy_install: false
hashi_consul_envoy_version: v1.27.2
hashi_consul_configuration:
domain: "{{ consul_domain }}"

6
playbooks/preflight.yml
View File

@ -114,7 +114,7 @@
ansible.builtin.assert:
that:
- "(ansible_facts.distribution | lower) in hashistack_supported_distributions"
- "(ansible_facts.distribution_version) in hashistack_supported_distribution_versions[(ansible_facts.distribution | lower)]"
- "(ansible_facts.distribution_major_version) in hashistack_supported_distribution_versions[(ansible_facts.distribution | lower)]"
fail_msg: >-
Distribution: {{ ansible_facts.distribution }}
Release: {{ ansible_facts.distribution_release }}
@ -266,10 +266,6 @@
- "ansible_facts.service_mgr == 'systemd'"
when: inventory_hostname in groups['common']
# - name: "Checking that docker is installed"
# when: deployment_method == 'docker'
# block:
- name: "Checking that python SDK for docker is installed"
when: deployment_method == 'docker'
vars:

6
plugins/modules/consul_acl_bootstrap.py
View File

@ -7,7 +7,7 @@ __metaclass__ = type
DOCUMENTATION = r"""
---
module: ednxzu.hashistack.consul_acl_bootstrap
module: ednz_cloud.hashistack.consul_acl_bootstrap
short_description: Bootstraps ACL for a Consul cluster.
@ -34,13 +34,13 @@ options:
default: 8500
author:
- Bertrand Lanson (@ednxzu)
- Bertrand Lanson (@ednz_cloud)
"""
EXAMPLES = r"""
# Example: Bootstrap ACL for a Consul cluster
- name: Bootstrap ACL for Consul cluster
ednxzu.hashistack.consul_acl_bootstrap:
ednz_cloud.hashistack.consul_acl_bootstrap:
api_addr: 127.0.0.1
scheme: http
port: 8500

4
plugins/modules/vault_init.py
View File

@ -7,7 +7,7 @@ __metaclass__ = type
DOCUMENTATION = r"""
---
module: ednxzu.hashistack.vault_init
module: ednz_cloud.hashistack.vault_init
short_description: Manages the initialization of HashiCorp Vault.
@ -38,7 +38,7 @@ options:
default: 3
author:
- Bertrand Lanson (@ednxzu)
- Bertrand Lanson (@ednz_cloud)
"""
EXAMPLES = r"""

2
roles/hashicorp_consul

@ -1 +1 @@
Subproject commit 36305c28f8689355f4846af2b90149e94be03b1e
Subproject commit 9c906ed7dba091bab9139bd9d68218f421528440

2
roles/hashicorp_vault

@ -1 +1 @@
Subproject commit 581c2eec65eee201f34d585480f33eeed415ee23
Subproject commit db96aa6bf3af97c282407a559a199b34da34c15e

12
roles/requirements.yml
View File

@ -1,8 +1,8 @@
---
# requirements file for ednxzu.hashistack
# requirements file for ednz_cloud.hashistack
roles:
- name: ednxzu.manage_repositories
- name: ednxzu.manage_apt_packages
- name: ednxzu.manage_pip_packages
- name: ednxzu.install_docker
- name: ednxzu.docker_systemd_service
- name: ednz_cloud.manage_repositories
- name: ednz_cloud.manage_apt_packages
- name: ednz_cloud.manage_pip_packages
- name: ednz_cloud.install_docker
- name: ednz_cloud.docker_systemd_service