ansible-collections/hashistack
ansible-collections/hashistack
4
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Page: 20 globals
Pages
01 introduction 02 quick start 10 general informations 11 architecture guide 20 globals 21 consul configuration 22 nomad configuration 23 vault configuration 24 extra configuration 31 tls guide
1 20 globals
Bertrand Lanson edited this page 2024-08-29 20:02:05 +02:00
Table of Contents

🌐 Global Options

This section defines the overarching settings for the deployment:

enable_ingress: "yes"
enable_vault: "yes"
enable_consul: "yes"
enable_nomad: "yes"

nomad_version: "1.8.1"
consul_version: "1.18.1"
vault_version: "1.16.2"

consul_fqdn: consul.ednz.lab
vault_fqdn: vault.ednz.lab
nomad_fqdn: nomad.ednz.lab
  • Service Enablement: Flags to enable or disable Ingress, Vault, Consul, and Nomad.
  • Versions: Defines the versions for Nomad, Consul, and Vault.
  • FQDNs: Fully Qualified Domain Names for each service.

🔧 Network Configuration

This section handles network-related settings:

api_interface: "eth0"
api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"
  • api_interface: The network interface used for the API.
  • api_interface_address: Automatically derived IP address from the specified interface.

📜 Logging Options

Configure logging across the stack:

enable_log_to_file: true
  • enable_log_to_file: Enable or disable logging to file for all services.

🔒 External TLS Options

Set up external TLS configurations:

enable_tls_external: false
external_tls_externally_managed_certs: false
  • enable_tls_external: Enable TLS for external communications.
  • external_tls_externally_managed_certs: Determines if TLS certificates are managed externally.

🔐 Internal TLS Options

Configure internal TLS:

enable_tls_internal: false
internal_tls_externally_managed_certs: false
  • enable_tls_internal: Enable TLS for internal communications between services.
  • internal_tls_externally_managed_certs: Determines if internal TLS certificates are managed externally.

🔹 Consul Configuration

Basic Consul settings:

consul_domain: consul
consul_datacenter: dc1
consul_primary_datacenter: "{{ consul_datacenter }}"
consul_gossip_encryption_key: "{{ _credentials.consul.gossip_encryption_key }}"
consul_enable_script_checks: false

consul_extra_files_list: []
consul_extra_configuration: {}

consul_enable_tls: "{{ enable_tls_internal }}"

consul_log_level: info
  • consul_domain: Domain for Consul services.
  • consul_datacenter: Datacenter name for Consul.
  • consul_gossip_encryption_key: Key for gossip encryption.
  • consul_enable_tls: TLS setting for Consul.
  • consul_log_level: Logging level for Consul.

🔐 Vault Configuration

Vault-specific settings:

vault_cluster_name: vault
vault_bind_addr: "0.0.0.0"
vault_cluster_addr: "{{ api_interface_address }}"
vault_enable_ui: true
vault_disable_mlock: false
vault_disable_cache: false

vault_extra_files_list: []
vault_extra_configuration: {}

vault_enable_tls: "{{ enable_tls_internal }}"

vault_enable_service_registration: "{{ enable_consul | bool }}"

vault_enable_plugins: false

vault_log_level: info
  • vault_cluster_name: Cluster name for Vault.
  • vault_bind_addr: Address Vault listens on.
  • vault_enable_ui: Enable or disable the Vault UI.
  • vault_enable_service_registration: Register Vault with Consul if enabled.
  • vault_enable_tls: TLS setting for Vault.
  • vault_log_level: Logging level for Vault.

🗂️ Nomad Configuration

Nomad settings:

nomad_region: global
nomad_datacenter: dc1

nomad_extra_files_list: []
nomad_extra_configuration: {}

nomad_autopilot_configuration: {}

nomad_driver_enable_docker: true
nomad_driver_enable_podman: false
nomad_driver_enable_raw_exec: false
nomad_driver_enable_java: false
nomad_driver_enable_qemu: false

nomad_driver_extra_configuration: {}

nomad_log_level: info

nomad_enable_tls: "{{ enable_tls_internal }}"
  • nomad_region: Region for Nomad deployment.
  • nomad_datacenter: Datacenter name for Nomad.
  • nomad_driver_enable_*: Enable or disable various Nomad drivers.
  • nomad_enable_tls: TLS setting for Nomad.
  • nomad_log_level: Logging level for Nomad.

Note

Currently, only the docker and raw_exec drivers are supported to be automatically configured, other drivers will be supported at a later date.

🌟 Key Points

  • Defaults and Recommendations: globals.yml provides default and recommended settings for a standard deployment.
  • Advanced Customizations: For more granular or specific settings, refer to the advanced configuration files for each component (e.g., consul.yml, vault.yml, nomad.yml).

Warning

even for advanced configuration, changes should still be applied to the globlas.yml file, as it will superseed all other configuration files, and your changes might get ignored.

This configuration file sets up a solid foundation for your HashiCorp stack while allowing flexibility for advanced customizations and adjustments. Adjust values according to your environment's requirements and operational needs.