From 878f97244b6f816d3d209127a6e56920f729e412 Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Sat, 30 Dec 2023 15:54:37 +0100 Subject: [PATCH] feat(variables): start polishing variables for customization --- playbooks/deploy.yml | 91 +++++++++++++++++++----------------- playbooks/group_vars/all.yml | 5 +- playbooks/load_vars.yml | 21 +++++++++ 3 files changed, 72 insertions(+), 45 deletions(-) create mode 100644 playbooks/load_vars.yml diff --git a/playbooks/deploy.yml b/playbooks/deploy.yml index 285dddd..3971a74 100644 --- a/playbooks/deploy.yml +++ b/playbooks/deploy.yml @@ -5,51 +5,56 @@ gather_facts: true become: true tasks: - - name: "Include ednxzu.hashicorp_vault" - ansible.builtin.include_role: - name: ednxzu.hashistack.hashicorp_vault + - name: "Vault" + when: enable_vault | bool + tags: + - vault + block: + - name: "Include ednxzu.hashicorp_vault" + ansible.builtin.include_role: + name: ednxzu.hashistack.hashicorp_vault - - name: "Initialize vault cluster" - ednxzu.hashistack.vault_init: - api_url: "http://127.0.0.1:8200" - key_shares: 3 - key_threshold: 2 - run_once: true - retries: 5 - delay: 5 - delegate_to: "{{ groups['vault_servers'] | first }}" - register: _vault_init_secret - until: not _vault_init_secret.failed + - name: "Initialize vault cluster" + ednxzu.hashistack.vault_init: + api_url: "http://127.0.0.1:8200" + key_shares: 3 + key_threshold: 2 + run_once: true + retries: 5 + delay: 5 + delegate_to: "{{ groups['vault_servers'] | first }}" + register: _vault_init_secret + until: not _vault_init_secret.failed - - name: "Write vault configuration to file" - ansible.builtin.copy: - content: "{{ _vault_init_secret.state | to_nice_yaml}}" - dest: "{{ configuration_directory }}/vault/vault_config" - mode: '0644' - when: _vault_init_secret.changed - run_once: true - delegate_to: localhost + - name: "Write vault configuration to file" + ansible.builtin.copy: + content: "{{ _vault_init_secret.state | to_nice_yaml}}" + dest: "{{ configuration_directory }}/vault/vault_config" + mode: '0644' + when: _vault_init_secret.changed + run_once: true + delegate_to: localhost - - name: "Load vault cluster variables necessary for unseal operation" - ansible.builtin.include_vars: - file: "{{ configuration_directory }}/vault/vault_config" - name: _vault_cluster_config + - name: "Load vault cluster variables necessary for unseal operation" + ansible.builtin.include_vars: + file: "{{ configuration_directory }}/vault/vault_config" + name: _vault_cluster_config - - name: "Unseal the bootstrap node" - ednxzu.hashistack.vault_unseal: - api_url: "http://127.0.0.1:8200" - key_shares: "{{ _vault_cluster_config['keys'] }}" - max_retries: "{{ (_vault_cluster_config['keys'] | length) - 1 }}" - run_once: true - delegate_to: "{{ groups['vault_servers'] | first }}" - when: _vault_init_secret.changed + - name: "Unseal the bootstrap node" + ednxzu.hashistack.vault_unseal: + api_url: "http://127.0.0.1:8200" + key_shares: "{{ _vault_cluster_config['keys'] }}" + max_retries: "{{ (_vault_cluster_config['keys'] | length) - 1 }}" + run_once: true + delegate_to: "{{ groups['vault_servers'] | first }}" + when: _vault_init_secret.changed - - name: "Unseal all vault nodes" - ednxzu.hashistack.vault_unseal: - api_url: "http://127.0.0.1:8200" - key_shares: "{{ _vault_cluster_config['keys'] }}" - max_retries: "{{ (_vault_cluster_config['keys'] | length) - 1 }}" - retries: 5 - delay: 5 - register: _unseal_status - until: not _unseal_status.failed + - name: "Unseal all vault nodes" + ednxzu.hashistack.vault_unseal: + api_url: "http://127.0.0.1:8200" + key_shares: "{{ _vault_cluster_config['keys'] }}" + max_retries: "{{ (_vault_cluster_config['keys'] | length) - 1 }}" + retries: 5 + delay: 5 + register: _unseal_status + until: not _unseal_status.failed diff --git a/playbooks/group_vars/all.yml b/playbooks/group_vars/all.yml index fa38d8f..b2bb33d 100644 --- a/playbooks/group_vars/all.yml +++ b/playbooks/group_vars/all.yml @@ -7,11 +7,12 @@ enable_vault: "yes" enable_consul: "yes" enable_nomad: "yes" -deployment_method: "docker" +deployment_method: "host" api_interface: "eth0" api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}" configuration_directory: "{{ lookup('env', 'PWD') }}/etc/hashistack" +configuration_global_vars_file: "globals.yml" ########################## # Support options ######## @@ -93,7 +94,7 @@ default_container_extra_volumes: - "/etc/localtime:/etc/localtime" hashi_vault_start_service: true -hashi_vault_version: "1.15.2" +hashi_vault_version: latest hashi_vault_deploy_method: "{{ deployment_method }}" # deployment method, either host or docker hashi_vault_env_variables: {} hashi_vault_data_dir: "/opt/vault" diff --git a/playbooks/load_vars.yml b/playbooks/load_vars.yml new file mode 100644 index 0000000..45724ae --- /dev/null +++ b/playbooks/load_vars.yml @@ -0,0 +1,21 @@ +--- +# hashistack variable injection playbook +- name: "Deploy" + hosts: all + gather_facts: true + become: true + tasks: + - name: "Load global variables" + ansible.builtin.include_vars: + dir: "{{ configuration_directory }}" + files_matching: "{{ configuration_global_vars_file }}" + + - name: "Load group specific variables" + ansible.builtin.include_vars: + dir: "" + files_matching: "" + + - name: "Load host specific variables" + ansible.builtin.include_vars: + dir: "" + files_matching: ""