.gitmodules

@@ -1,6 +0,0 @@
-[submodule "roles/hashicorp_consul"]
-	path = roles/hashicorp_consul
-	url = https://github.com/ednz-cloud/hashicorp_consul
-[submodule "roles/hashicorp_vault"]
-	path = roles/hashicorp_vault
-	url = https://github.com/ednz-cloud/hashicorp_vault

playbooks/deploy.yml

@@ -23,7 +23,7 @@
 
     - name: "Deploy Consul Agents"
       ansible.builtin.include_role:
-        name: ednz_cloud.hashistack.hashicorp_consul
+        name: ednz_cloud.hashicorp_consul
       when:
         - enable_consul | bool
         - "'consul_agents' in group_names"

playbooks/generate_credentials.yml

@@ -8,25 +8,33 @@
   tasks:
     - name: "Generate consul credentials"
       block:
+        - name: "Generate consul gossip encryption key"
+          ansible.builtin.set_fact:
+            _consul_gossip_encryption_key: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | b64encode }}"
+
         - name: "Generate consul root credentials"
           ansible.builtin.set_fact:
-            _consul_root_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
+            _consul_root_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
 
         - name: "Generate consul agents credentials"
           ansible.builtin.set_fact:
-            _cosul_agents_accessor: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
+            _cosul_agents_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
-            _consul_agents_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
+            _consul_agents_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
 
         - name: "Generate consul vault credentials"
           ansible.builtin.set_fact:
-            _cosul_vault_accessor: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
+            _cosul_vault_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
-            _consul_vault_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
+            _consul_vault_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
 
     - name: "Generate nomad credentials"
       block:
+        - name: "Generate nomad gossip encryption key"
+          ansible.builtin.set_fact:
+            _nomad_gossip_encryption_key: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | b64encode }}"
+
         - name: "Generate nomad root credentials"
           ansible.builtin.set_fact:
-            _nomad_root_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
+            _nomad_root_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
 
     - name: "Write credentials file"
       ansible.builtin.template:

playbooks/group_vars/all/consul.yml

@@ -88,7 +88,7 @@ hashi_consul_configuration:
   datacenter: "{{ consul_datacenter }}"
   primary_datacenter: "{{ consul_primary_datacenter }}"
   data_dir: "{{ hashi_consul_data_dir }}"
-  encrypt: "{{ consul_gossip_encryption_key }}"
+  encrypt: "{{ _credentials.consul.gossip_encryption_key }}"
   server: "{{ 'consul_servers' in group_names }}"
   retry_join: "{{
     groups['consul_servers'] |

playbooks/group_vars/all/globals.yml

@@ -46,7 +46,6 @@ consul_primary_datacenter: dc1
 consul_leave_on_terminate: true
 consul_rejoin_after_leave: true
 consul_enable_script_checks: true
-consul_gossip_encryption_key: "{{ 'mysupersecretgossipencryptionkey'|b64encode }}"
 
 ################################
 # consul address configuration #

playbooks/group_vars/all/nomad.yml

@@ -1,18 +1,86 @@
+---
 #####################################################
 #                                                   #
-#                Nomad Configuration                #
+#                Non-Editable                       #
 #                                                   #
 #####################################################
 
-hashi_nomad_cni_plugins_install: true
+nomad_datacenter: dc1
-hashi_nomad_start_service: true
+
-hashi_nomad_cni_plugins_version: latest
+###########################
-hashi_nomad_cni_plugins_install_path: /opt/cni/bin
+# nomad ACL configuration #
-hashi_nomad_version: latest
+###########################
-hashi_nomad_deploy_method: host # deployment method, either host or docker
+
-hashi_nomad_env_variables: {}
+nomad_acl_configuration:
-hashi_nomad_data_dir: /opt/nomad
+  enabled: true
-hashi_nomad_extra_files: false
+  token_ttl: 30s
-hashi_nomad_extra_files_src: /tmp/extra_files
+  policy_ttl: 60s
-hashi_nomad_extra_files_dst: /etc/nomad.d/extra_files
+  role_ttl: 60s
-hashi_nomad_configuration: {}
+
+#################################
+# nomad autopilot configuration #
+#################################
+
+nomad_autopilot_configuration: {}
+
+############################
+# nomad consul integration #
+############################
+
+nomad_enable_consul_integration: "{{ enable_consul | bool }}"
+nomad_consul_integration_configuration: {}
+
+############################
+# nomad vault integration #
+############################
+
+nomad_enable_vault_integration: false
+nomad_vault_integration_configuration: {}
+
+#############################
+# nomad leave configuration #
+#############################
+
+# node will leave the cluster if the process is stopped
+# and if it is only a client
+nomad_leave_on_interrupt: "{{ (('nomad_clients' in group_names) and (not 'nomad_servers' in group_names)) | bool }}"
+nomad_leave_on_terminate: "{{ (('nomad_clients' in group_names) and (not 'nomad_servers' in group_names)) | bool }}"
+
+##############################
+# nomad server configuration #
+##############################
+
+nomad_server_configuration:
+  enabled: "{{ 'nomad_servers' in group_names }}"
+  data_dir: "{{ hashicorp_nomad_data_dir }}/server"
+  encrypt: "{{ _credentials.nomad.gossip_encryption_key }}"
+
+##############################
+# nomad client configuration #
+##############################
+
+nomad_client_configuration:
+  enabled: "{{ 'nomad_clients' in group_names | bool }}"
+  state_dir: "{{ hashicorp_nomad_data_dir }}/client"
+
+hashicorp_nomad_cni_plugins_install: true
+hashicorp_nomad_start_service: true
+hashicorp_nomad_cni_plugins_version: latest
+hashicorp_nomad_cni_plugins_install_path: /opt/cni/bin
+hashicorp_nomad_version: latest
+hashicorp_nomad_deploy_method: host # deployment method, either host or docker
+hashicorp_nomad_env_variables: {}
+hashicorp_nomad_config_dir: "/etc/nomad.d"
+hashicorp_nomad_data_dir: /opt/nomad
+hashicorp_nomad_extra_files: false
+hashicorp_nomad_extra_files_src: /tmp/extra_files
+hashicorp_nomad_extra_files_dst: /etc/nomad.d/extra_files
+hashicorp_nomad_configuration:
+  datacenter: "{{ nomad_datacenter }}"
+  bind_addr: "0.0.0.0"
+  data_dir: "{{ hashicorp_nomad_data_dir }}"
+  leave_on_interrupt: "{{ (('nomad_clients' in group_names) and (not 'nomad_servers' in group_names)) | bool }}"
+  leave_on_terminate: "{{ (('nomad_clients' in group_names) and (not 'nomad_servers' in group_names)) | bool }}"
+  acl: "{{ nomad_acl_configuration }}"
+  server: "{{ nomad_server_configuration }}"
+  client: "{{ nomad_client_configuration }}"

playbooks/tasks/consul/consul_deploy.yml

@@ -1,9 +1,9 @@
 ---
 - name: "Consul"
   block:
-    - name: "Include ednz_cloud.hashistack.hashicorp_consul"
+    - name: "Include ednz_cloud.hashicorp_consul"
       ansible.builtin.include_role:
-        name: ednz_cloud.hashistack.hashicorp_consul
+        name: ednz_cloud.hashicorp_consul
 
     - name: "Wait for consul cluster to initialize" # noqa: run-once[task]
       ansible.builtin.uri:

playbooks/tasks/vault/vault_deploy.yml

@@ -38,9 +38,9 @@
             state: present
           when: _consul_vault_policy.changed
 
-    - name: "Include ednz_cloud.hashistack.hashicorp_consul"
+    - name: "Include ednz_cloud.hashicorp_consul"
       ansible.builtin.include_role:
-        name: ednz_cloud.hashistack.hashicorp_vault
+        name: ednz_cloud.hashicorp_vault
 
     - name: "Initialize vault cluster" # noqa: run-once[task]
       ednz_cloud.hashistack.vault_init:

playbooks/templates/credentials.yml.j2

@@ -1,5 +1,6 @@
 ---
 consul:
+  gossip_encryption_key: "{{ _consul_gossip_encryption_key }}"
   root_token:
     secret_id: "{{ _consul_root_token }}"
   tokens:
@@ -10,4 +11,6 @@ consul:
       accessor_id: "{{ _consul_vault_accessor }}"
       secret_id: "{{ _consul_vault_token }}"
 nomad:
-  root_token: "{{ _nomad_root_token }}"
+  gossip_encryption_key: "{{ _nomad_gossip_encryption_key }}"
+  root_token:
+    secret_id: "{{ _nomad_root_token }}"

roles/hashicorp_consul

@@ -1 +0,0 @@
-Subproject commit 56696c3552308225d4e5b91efc8e4bf75d31d2f3

roles/hashicorp_vault

@@ -1 +0,0 @@
-Subproject commit 738c347df8efd4965eda14167171343be13bed75

roles/requirements.yml

@@ -3,15 +3,31 @@
 roles:
   - name: ednz_cloud.manage_repositories
     src: https://github.com/ednz-cloud/manage_repositories.git
+    version: main
   - name: ednz_cloud.manage_apt_packages
     src: https://github.com/ednz-cloud/manage_apt_packages.git
+    version: main
   - name: ednz_cloud.manage_pip_packages
     src: https://github.com/ednz-cloud/manage_pip_packages.git
+    version: main
   - name: ednz_cloud.install_docker
     src: https://github.com/ednz-cloud/install_docker.git
+    version: main
   - name: ednz_cloud.docker_systemd_service
     src: https://github.com/ednz-cloud/docker_systemd_service.git
+    version: main
   - name: ednz_cloud.deploy_haproxy
     src: https://github.com/ednz-cloud/deploy_haproxy.git
+    version: main
   - name: ednz_cloud.deploy_keepalived
     src: https://github.com/ednz-cloud/deploy_keepalived.git
+    version: main
+  - name: ednz_cloud.hashicorp_nomad
+    src: https://github.com/ednz-cloud/hashicorp_nomad.git
+    version: v0.1.0
+  - name: ednz_cloud.hashicorp_consul
+    src: https://github.com/ednz-cloud/hashicorp_consul.git
+    version: main
+  - name: ednz_cloud.hashicorp_vault
+    src: https://github.com/ednz-cloud/hashicorp_vault.git
+    version: main