165 lines
4.6 KiB
YAML
165 lines
4.6 KiB
YAML
---
|
|
##########################
|
|
# General options ########
|
|
##########################
|
|
|
|
enable_vault: "yes"
|
|
enable_consul: "no"
|
|
enable_nomad: "no"
|
|
|
|
deployment_method: "host"
|
|
api_interface: "eth0"
|
|
api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"
|
|
|
|
configuration_directory: "{{ lookup('env', 'PWD') }}/etc/hashistack"
|
|
sub_configuration_directories:
|
|
nomad_servers: "{{ configuration_directory }}/nomad_servers"
|
|
vault_servers: "{{ configuration_directory }}/vault_servers"
|
|
consul_servers: "{{ configuration_directory }}/consul_servers"
|
|
|
|
configuration_global_vars_file: "globals.yml"
|
|
|
|
default_container_extra_volumes:
|
|
- "/etc/timezone:/etc/timezone"
|
|
- "/etc/localtime:/etc/localtime"
|
|
|
|
##########################
|
|
# Support options ########
|
|
##########################
|
|
|
|
hashistack_supported_distributions:
|
|
- ubuntu
|
|
- debian
|
|
|
|
hashistack_supported_distribution_versions:
|
|
debian:
|
|
- "11"
|
|
- "12"
|
|
ubuntu:
|
|
- "20.04"
|
|
- "22.04"
|
|
|
|
preflight_enable_host_ntp_checks: true
|
|
vault_required_ports: [8200, 8201]
|
|
consul_required_ports: [8300, 8301, 8302, 8500, 8501, 8502, 8503, 8600]
|
|
nomad_required_ports: []
|
|
|
|
##########################
|
|
# Nomad options ##########
|
|
##########################
|
|
|
|
hashi_nomad_cni_plugins_install: true
|
|
hashi_nomad_start_service: true
|
|
hashi_nomad_cni_plugins_version: latest
|
|
hashi_nomad_cni_plugins_install_path: /opt/cni/bin
|
|
hashi_nomad_version: latest
|
|
hashi_nomad_deploy_method: host # deployment method, either host or docker
|
|
hashi_nomad_env_variables: {}
|
|
hashi_nomad_data_dir: /opt/nomad
|
|
hashi_nomad_extra_files: false
|
|
hashi_nomad_extra_files_src: /tmp/extra_files
|
|
hashi_nomad_extra_files_dst: /etc/nomad.d/extra_files
|
|
hashi_nomad_configuration: {}
|
|
|
|
##########################
|
|
# Consul options #########
|
|
##########################
|
|
|
|
hashi_consul_start_service: true
|
|
hashi_consul_version: latest
|
|
hashi_consul_deploy_method: host # deployment method, either host or docker.
|
|
hashi_consul_env_variables: {}
|
|
hashi_consul_data_dir: "/opt/consul"
|
|
hashi_consul_extra_files: false
|
|
hashi_consul_extra_files_src: /tmp/extra_files
|
|
hashi_consul_extra_files_dst: /etc/consul.d/extra_files
|
|
hashi_consul_envoy_install: false
|
|
hashi_consul_envoy_version: latest
|
|
hashi_consul_configuration: {}
|
|
|
|
##########################
|
|
# Vault options ##########
|
|
##########################
|
|
|
|
vault_cluster_name: vault
|
|
vault_seal_configuration:
|
|
key_shares: 3
|
|
key_threshold: 2
|
|
|
|
###############
|
|
# vault storage
|
|
###############
|
|
vault_storage_configuration:
|
|
raft:
|
|
path: "{{ hashi_vault_data_dir }}/data"
|
|
node_id: "{{ ansible_hostname }}"
|
|
retry_join: |
|
|
[
|
|
{% for host in groups['vault_servers'] %}
|
|
{
|
|
'leader_api_addr': 'http://{{ hostvars[host].api_interface_address }}:8200'
|
|
}{% if not loop.last %},{% endif %}
|
|
{% endfor %}
|
|
]
|
|
|
|
################
|
|
# vault listener
|
|
################
|
|
vault_enable_tls: false
|
|
vault_listener_configuration:
|
|
tcp:
|
|
address: "0.0.0.0:8200"
|
|
tls_disable: true
|
|
|
|
vault_tls_listener_configuration:
|
|
tcp:
|
|
tls_disable: false
|
|
tls_cert_file: "{{ hashi_vault_config_dir }}/cert.pem"
|
|
tls_key_file: "{{ hashi_vault_config_dir }}/key.pem"
|
|
|
|
vault_extra_listener_configuration: {}
|
|
|
|
############################
|
|
# vault service registration
|
|
############################
|
|
vault_enable_service_registration: false
|
|
vault_service_registration_configuration:
|
|
consul:
|
|
address: "127.0.0.1:8500"
|
|
scheme: "http"
|
|
|
|
#############################
|
|
# vault plugins configuration
|
|
#############################
|
|
|
|
|
|
#########################
|
|
# vault container volumes
|
|
#########################
|
|
extra_vault_container_volumes: []
|
|
|
|
#####################
|
|
# vault configuration
|
|
#####################
|
|
hashi_vault_start_service: true
|
|
hashi_vault_version: latest
|
|
hashi_vault_deploy_method: "{{ deployment_method }}"
|
|
hashi_vault_env_variables: {}
|
|
hashi_vault_config_dir: "/etc/vault.d"
|
|
hashi_vault_data_dir: "/opt/vault"
|
|
hashi_vault_extra_files: false
|
|
hashi_vault_extra_files_src: /tmp/extra_files
|
|
hashi_vault_extra_files_dst: /etc/vault.d/extra_files
|
|
hashi_vault_extra_container_volumes: "{{ default_container_extra_volumes | union(extra_vault_container_volumes) | unique }}"
|
|
hashi_vault_configuration:
|
|
cluster_name: "{{ vault_cluster_name }}"
|
|
cluster_addr: "http://{{ api_interface_address }}:8201"
|
|
api_addr: "http://{{ api_interface_address }}:8200"
|
|
ui: true
|
|
disable_mlock: false
|
|
disable_cache: false
|
|
listener: "{{ vault_listener_configuration
|
|
| combine((vault_enable_tls | bool) | ternary(vault_tls_listener_configuration, {}))
|
|
| combine(vault_extra_listener_configuration | default({})) }}"
|
|
storage: "{{ vault_storage_configuration }}"
|