🌐 Global Options
This section defines the overarching settings for the deployment:
enable_ingress: "yes"
enable_vault: "yes"
enable_consul: "yes"
enable_nomad: "yes"
nomad_version: "1.8.1"
consul_version: "1.18.1"
vault_version: "1.16.2"
consul_fqdn: consul.ednz.lab
vault_fqdn: vault.ednz.lab
nomad_fqdn: nomad.ednz.lab
- Service Enablement: Flags to enable or disable Ingress, Vault, Consul, and Nomad.
- Versions: Defines the versions for Nomad, Consul, and Vault.
- FQDNs: Fully Qualified Domain Names for each service.
🔧 Network Configuration
This section handles network-related settings:
api_interface: "eth0"
api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"
api_interface
: The network interface used for the API.api_interface_address
: Automatically derived IP address from the specified interface.
📜 Logging Options
Configure logging across the stack:
enable_log_to_file: true
enable_log_to_file
: Enable or disable logging to file for all services.
🔒 External TLS Options
Set up external TLS configurations:
enable_tls_external: false
external_tls_externally_managed_certs: false
enable_tls_external
: Enable TLS for external communications.external_tls_externally_managed_certs
: Determines if TLS certificates are managed externally.
🔐 Internal TLS Options
Configure internal TLS:
enable_tls_internal: false
internal_tls_externally_managed_certs: false
enable_tls_internal
: Enable TLS for internal communications between services.internal_tls_externally_managed_certs
: Determines if internal TLS certificates are managed externally.
🔹 Consul Configuration
Basic Consul settings:
consul_domain: consul
consul_datacenter: dc1
consul_primary_datacenter: "{{ consul_datacenter }}"
consul_gossip_encryption_key: "{{ _credentials.consul.gossip_encryption_key }}"
consul_enable_script_checks: false
consul_extra_files_list: []
consul_extra_configuration: {}
consul_enable_tls: "{{ enable_tls_internal }}"
consul_log_level: info
consul_domain
: Domain for Consul services.consul_datacenter
: Datacenter name for Consul.consul_gossip_encryption_key
: Key for gossip encryption.consul_enable_tls
: TLS setting for Consul.consul_log_level
: Logging level for Consul.
🔐 Vault Configuration
Vault-specific settings:
vault_cluster_name: vault
vault_bind_addr: "0.0.0.0"
vault_cluster_addr: "{{ api_interface_address }}"
vault_enable_ui: true
vault_disable_mlock: false
vault_disable_cache: false
vault_extra_files_list: []
vault_extra_configuration: {}
vault_enable_tls: "{{ enable_tls_internal }}"
vault_enable_service_registration: "{{ enable_consul | bool }}"
vault_enable_plugins: false
vault_log_level: info
vault_cluster_name
: Cluster name for Vault.vault_bind_addr
: Address Vault listens on.vault_enable_ui
: Enable or disable the Vault UI.vault_enable_service_registration
: Register Vault with Consul if enabled.vault_enable_tls
: TLS setting for Vault.vault_log_level
: Logging level for Vault.
🗂️ Nomad Configuration
Nomad settings:
nomad_region: global
nomad_datacenter: dc1
nomad_extra_files_list: []
nomad_extra_configuration: {}
nomad_autopilot_configuration: {}
nomad_driver_enable_docker: true
nomad_driver_enable_podman: false
nomad_driver_enable_raw_exec: false
nomad_driver_enable_java: false
nomad_driver_enable_qemu: false
nomad_driver_extra_configuration: {}
nomad_log_level: info
nomad_enable_tls: "{{ enable_tls_internal }}"
nomad_region
: Region for Nomad deployment.nomad_datacenter
: Datacenter name for Nomad.nomad_driver_enable_*
: Enable or disable various Nomad drivers.nomad_enable_tls
: TLS setting for Nomad.nomad_log_level
: Logging level for Nomad.
Note
Currently, only the docker and raw_exec drivers are supported to be automatically configured, other drivers will be supported at a later date.
🌟 Key Points
- Defaults and Recommendations:
globals.yml
provides default and recommended settings for a standard deployment. - Advanced Customizations: For more granular or specific settings, refer to the advanced configuration files for each component (e.g.,
consul.yml
,vault.yml
,nomad.yml
).
Warning
even for advanced configuration, changes should still be applied to the
globlas.yml
file, as it will superseed all other configuration files, and your changes might get ignored.
This configuration file sets up a solid foundation for your HashiCorp stack while allowing flexibility for advanced customizations and adjustments. Adjust values according to your environment's requirements and operational needs.