feat(hashistack): move variable loading to specific role

roles/hashistack/defaults/main.yml

@@ -0,0 +1,17 @@
+---
+# defaults file for hashistack
+hashistack_configuration_directory: "{{ lookup('env', 'PWD') }}/etc/hashistack"
+hashistack_sub_configuration_directories:
+  secrets: "{{ hashistack_configuration_directory }}/secrets"
+  certificates: "{{ hashistack_configuration_directory }}/certificates"
+  nomad_servers: "{{ hashistack_configuration_directory }}/nomad_servers"
+  vault_servers: "{{ hashistack_configuration_directory }}/vault_servers"
+  consul_servers: "{{ hashistack_configuration_directory }}/consul_servers"
+
+hashistack_configuration_global_vars_file: "globals.yml"
+hashistack_configuration_credentials_vars_file: "credentials.yml"
+
+hashistack_remote_config_dir: "/etc/hashistack"
+hashistack_remote_log_dir: "/var/log/hashistack"
+
+hashistack_only_load_credentials: false

roles/hashistack/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for hashistack

roles/hashistack/meta/main.yml

@@ -0,0 +1,25 @@
+---
+# meta file for hashistack
+galaxy_info:
+  namespace: "ednz_cloud"
+  role_name: "hashistack"
+  author: "Bertrand Lanson"
+  description: "Merge variables for the playbooks contained in ednz_cloud.hashistack collection"
+  license: "license (BSD, MIT)"
+  min_ansible_version: "2.10"
+  platforms:
+    - name: Ubuntu
+      versions:
+        - focal
+        - jammy
+        - noble
+    - name: Debian
+      versions:
+        - bullseye
+        - bookworm
+  galaxy_tags:
+    - "ubuntu"
+    - "debian"
+    - "hashicorp"
+
+dependencies: []

roles/hashistack/tasks/load_ca_certificates.yml

@@ -0,0 +1,52 @@
+---
+# task/load_ca_certificates file for hashistack
+- name: "Check if CA directory exists"
+  ansible.builtin.stat:
+    path: "{{ hashistack_sub_configuration_directories['certificates'] }}/ca"
+  register: _hashistack_ca_directory
+  delegate_to: localhost
+
+- name: "Find custom ca certificates to copy"
+  ansible.builtin.find:
+    paths: "{{ hashistack_sub_configuration_directories['certificates'] }}/ca"
+    patterns: "*.crt"
+  register: _hashistack_cacert_files
+  delegate_to: localhost
+  when: _hashistack_ca_directory.stat.exists and _hashistack_ca_directory.stat.isdir
+
+- name: "Ensure remote ca directory exists"
+  ansible.builtin.file:
+    path: "{{ hashistack_remote_config_dir }}/ca"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+
+- name: "Copy custom ca certificates"
+  ansible.builtin.copy:
+    src: "{{ item.path }}"
+    dest: "{{ hashistack_remote_config_dir }}/ca/{{ item.path | basename }}"
+    owner: root
+    group: root
+    mode: 0644
+  loop: "{{ _hashistack_cacert_files.files }}"
+  register: _hashistack_copied_ca
+  when: not _hashistack_cacert_files.skipped | default(False)
+
+- name: "Copy and update trust store"
+  when: not _hashistack_copied_ca.skipped | default(False)
+  block:
+    - name: "Copy ca certificates to /usr/local/share/ca-certificates"
+      ansible.builtin.file:
+        state: link
+        src: "{{ item.dest }}"
+        dest: "/usr/local/share/ca-certificates/hashistack-customca-{{ item.dest | basename }}"
+        owner: root
+        group: root
+      loop: "{{ _hashistack_copied_ca.results }}"
+      register: _hashistack_usr_local_share_ca_certificates
+
+    - name: "Update the trust store" # noqa: no-handler
+      ansible.builtin.command: update-ca-certificates
+      changed_when: false
+      when: _hashistack_usr_local_share_ca_certificates.changed

roles/hashistack/tasks/load_credentials_vars.yml

@@ -0,0 +1,47 @@
+---
+# task/load_credentials_vars file for hashistack
+- name: "Variables | Stat credentials file"
+  ansible.builtin.stat:
+    path: "{{ hashistack_sub_configuration_directories['secrets'] }}/{{ hashistack_configuration_credentials_vars_file }}"
+  register: _credentials_file
+  delegate_to: localhost
+
+- name: "Variables | Stat vault credentials file"
+  ansible.builtin.stat:
+    path: "{{ hashistack_sub_configuration_directories['secrets'] }}/vault.yml"
+  register: _vault_credentials_file
+  delegate_to: localhost
+
+- name: "Variables | Make sure credentials file exists"
+  ansible.builtin.assert:
+    that:
+      - _credentials_file.stat.exists
+    fail_msg: >-
+      Credentials file {{ _credentials_file.stat.path }} was not found, cannot continue without it.
+  delegate_to: localhost
+
+- name: "Variables | Load credentials variables"
+  ansible.builtin.include_vars:
+    dir: "{{ hashistack_sub_configuration_directories['secrets'] }}"
+    files_matching: "{{ hashistack_configuration_credentials_vars_file }}"
+    depth: 1
+    name: _credentials
+  delegate_to: localhost
+
+- name: "Variables | Load vault credentials if vault.yml exists"
+  ansible.builtin.include_vars:
+    dir: "{{ hashistack_sub_configuration_directories['secrets'] }}"
+    files_matching: "vault.yml"
+    depth: 1
+    name: _vault_credentials
+  when: _vault_credentials_file.stat.exists
+  delegate_to: localhost
+
+- name: "Variables | Merge vault credentials into _credentials"
+  vars:
+    _config_to_merge:
+      vault: "{{ _vault_credentials }}"
+  ansible.builtin.set_fact:
+    _credentials: "{{ _credentials | combine(_config_to_merge, recursive=true) }}"
+  when: _vault_credentials_file.stat.exists
+  delegate_to: localhost

roles/hashistack/tasks/load_global_vars.yml

@@ -0,0 +1,29 @@
+---
+# task/load_global_vars file for hashistack
+- name: "Variables | Include all default variables"
+  ansible.builtin.include_vars:
+    dir: "{{ playbook_dir }}/group_vars/all/"
+    depth: 1
+    extensions: ["yml"]
+  delegate_to: localhost
+
+- name: "Variables | Stat global configuration file"
+  ansible.builtin.stat:
+    path: "{{ hashistack_configuration_directory }}/{{ hashistack_configuration_global_vars_file }}"
+  register: _global_config_file
+  delegate_to: localhost
+
+- name: "Variables | Make sure global configuration file exists"
+  ansible.builtin.assert:
+    that:
+      - _global_config_file.stat.exists
+    fail_msg: >-
+      Main configuration file {{ _global_config_file.stat.path }} was not found, cannot continue without it.
+  delegate_to: localhost
+
+- name: "Variables | Load global variables"
+  ansible.builtin.include_vars:
+    dir: "{{ hashistack_configuration_directory }}"
+    files_matching: "{{ hashistack_configuration_global_vars_file }}"
+    depth: 1
+  delegate_to: localhost

roles/hashistack/tasks/load_group_vars.yml

@@ -0,0 +1,22 @@
+---
+# task/load_group_vars file for hashistack
+- name: "Variables | Stat group specific config file"
+  ansible.builtin.stat:
+    path: "{{ hashistack_configuration_directory }}/{{ group_name }}/{{ hashistack_configuration_global_vars_file }}"
+  register: _group_config_file
+  loop: "{{ group_names }}"
+  loop_control:
+    loop_var: group_name
+  delegate_to: localhost
+
+- name: "Variables | Load group specific variables"
+  ansible.builtin.include_vars:
+    dir: "{{ hashistack_configuration_directory }}/{{ item.group_name }}"
+    files_matching: "{{ hashistack_configuration_global_vars_file }}"
+    depth: 1
+  loop: "{{ _group_config_file.results }}"
+  when: item.stat.exists
+    and item.group_name in group_names
+  loop_control:
+    loop_var: item
+  delegate_to: localhost

roles/hashistack/tasks/load_host_vars.yml

@@ -0,0 +1,19 @@
+---
+- name: "Variables | Stat host specific config file"
+  ansible.builtin.stat:
+    path: "{{ hashistack_configuration_directory }}/{{ group_name }}/{{ inventory_hostname }}/{{ hashistack_configuration_global_vars_file }}"
+  register: _host_config_file
+  loop: "{{ group_names }}"
+  loop_control:
+    loop_var: group_name
+  delegate_to: localhost
+
+- name: "Variables | Load host specific variables"
+  ansible.builtin.include_vars:
+    dir: "{{ hashistack_configuration_directory }}/{{ item.group_name }}/{{ inventory_hostname }}"
+    files_matching: "{{ hashistack_configuration_global_vars_file }}"
+  loop: "{{ _host_config_file.results }}"
+  when: item.stat.exists
+  loop_control:
+    loop_var: item
+  delegate_to: localhost

roles/hashistack/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+# task/main file for hashi_vars
+- name: "Variables | Load global variables"
+  ansible.builtin.include_tasks: load_global_vars.yml
+  when: not hashistack_only_load_credentials
+
+- name: "Variables | Load credentials variables"
+  ansible.builtin.include_tasks: load_credentials_vars.yml
+
+- name: "Variables | Load group specific variables"
+  ansible.builtin.include_tasks: load_group_vars.yml
+  when: not hashistack_only_load_credentials
+
+- name: "Variables | Load host specific variables"
+  ansible.builtin.include_tasks: load_host_vars.yml
+  when: not hashistack_only_load_credentials
+
+- name: "Ensure remote directories exists"
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+  loop:
+    - "{{ hashistack_remote_config_dir }}"
+    - "{{ hashistack_remote_log_dir }}"
+  when: not hashistack_only_load_credentials
+
+- name: "Variables | Load custom CA certificates"
+  ansible.builtin.include_tasks: load_ca_certificates.yml
+  when: not hashistack_only_load_credentials

roles/hashistack/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for hashistack