feat: add override options for all consul variables

2024-09-15 21:36:29 +02:00 · 2024-09-15 21:36:29 +02:00 · a1f336e7e7
commit a1f336e7e7
parent bf73df226a
3 changed files with 296 additions and 110 deletions
--- a/playbooks/group_vars/all/consul.yml
+++ b/playbooks/group_vars/all/consul.yml
@ -3,18 +3,14 @@
 # Consul #
 ##########

-consul_config_dir: "{{ hashistack_remote_config_dir }}/consul.d"
-consul_data_dir: "/opt/consul"
-consul_certs_dir: "{{ consul_config_dir }}/tls"
-consul_logs_dir: "{{ hashistack_remote_log_dir }}/consul"
-
-consul_envoy_install: false
-consul_envoy_version: latest
-
-consul_extra_files: true
-# consul_extra_files_list: []
-
-consul_env_variables: {}
+# hashistack_consul_config_dir:
+# hashistack_consul_data_dir:
+# hashistack_consul_certs_dir:
+# hashistack_consul_logs_dir:
+# hashistack_consul_envoy_install:
+# hashistack_consul_envoy_version:
+# hashistack_consul_extra_files_list:
+# hashistack_consul_env_variables:

 #######################
 # extra configuration #
@ -25,140 +21,89 @@ consul_env_variables: {}
 # option should be used to add pieces of configuration not
 # available through standard variables.

-# consul_extra_configuration: {}
+# hashistack_consul_extra_configuration:

 ###########
 # general #
 ###########

-# consul_domain: consul
-# consul_datacenter: dc1
-# consul_primary_datacenter: "{{ consul_datacenter }}"
-# consul_gossip_encryption_key: "{{ _credentials.consul.gossip_encryption_key }}"
-# consul_enable_script_checks: false
+# hashistack_consul_domain:
+# hashistack_consul_datacenter:
+# hashistack_consul_primary_datacenter:
+# hashistack_consul_gossip_encryption_key:
+# hashistack_consul_enable_script_checks:

 #######################
 # leave configuration #
 #######################

-consul_leave_on_terminate: true
-consul_rejoin_after_leave: true
+# hashistack_consul_leave_on_terminate:
+# hashistack_consul_rejoin_after_leave:

 ######################
 # join configuration #
 ######################

-consul_join_configuration:
-  retry_join: |
-    {{
-      groups['consul_servers'] |
-      map('extract', hostvars, ['consul_address_configuration', 'bind_addr']) |
-      list |
-      to_json |
-      from_json
-    }}
-  retry_interval: 30s
-  retry_max: 0
+# hashistack_consul_join_configuration:

 ########################
 # server configuration #
 ########################

-consul_enable_server: "{{ 'consul_servers' in group_names }}"
-consul_bootstrap_expect: "{{ (groups['consul_servers'] | length) }}"
+# hashistack_consul_enable_server:
+# hashistack_consul_bootstrap_expect:

 ####################
 # ui configuration #
 ####################

-consul_ui_configuration:
-  enabled: "{{ consul_enable_server }}"
+# hashistack_consul_ui_configuration:

 #########################
 # address configuration #
 #########################

-consul_bind_addr: "0.0.0.0"
-consul_advertise_addr: "{{ api_interface_address }}"
-consul_address_configuration:
-  client_addr: "{{ consul_bind_addr }}"
-  bind_addr: "{{ consul_advertise_addr }}"
-  advertise_addr: "{{ consul_advertise_addr }}"
+# hashistack_consul_bind_addr:
+# hashistack_consul_advertise_addr:
+# hashistack_consul_address_configuration:

 #####################
 # ACL configuration #
 #####################

-consul_acl_configuration:
-  enabled: true
-  default_policy: "deny"
-  enable_token_persistence: true
-  tokens:
-    agent: "{{ _credentials.consul.tokens.agent.secret_id }}"
-
-consul_default_agent_policy: |
-  node_prefix "" {
-    policy = "write"
-  }
-  service_prefix "" {
-    policy = "read"
-  }
+# hashistack_consul_acl_configuration:

 ##############################
 # service mesh configuration #
 ##############################

-consul_mesh_configuration:
-  enabled: true
+# hashistack_consul_mesh_configuration:

 #####################
 # DNS configuration #
 #####################

-consul_dns_configuration:
-  allow_stale: true
-  enable_truncate: true
-  only_passing: true
+# hashistack_consul_dns_configuration:

 ################
 # internal tls #
 ################

-# consul_enable_tls: false
-consul_tls_configuration:
-  defaults:
-    ca_file: "/etc/ssl/certs/ca-certificates.crt"
-    cert_file: "{{ consul_certs_dir }}/fullchain.crt"
-    key_file: "{{ consul_certs_dir }}/cert.key"
-    verify_incoming: false
-    verify_outgoing: true
-  internal_rpc:
-    verify_server_hostname: true
-
-consul_certificates_extra_files_dir: >
-  {{
-    [] if external_tls_externally_managed_certs | bool else
-    [{
-      'src': "{{ hashistack_sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}",
-      'dest': "{{ consul_certs_dir }}"
-    }]
-  }}
+# hashistack_consul_enable_tls:
+# hashistack_consul_tls_configuration:

 ###########################
 # telemetry configuration #
 ###########################

-consul_enable_prometheus_metrics: false
-consul_prometheus_retention_time: 60s
-consul_telemetry_configuration: {}
+# hashistack_consul_enable_prometheus_metrics:
+# hashistack_consul_prometheus_retention_time:
+# hashistack_consul_telemetry_configuration:

 ###########
 # logging #
 ###########

-# consul_log_level: info
-consul_enable_log_to_file: "{{ enable_log_to_file | bool }}"
-consul_log_to_file_configuration:
-  log_file: "{{ consul_logs_dir }}/consul.log"
-  log_rotate_duration: 24h
-  log_rotate_max_files: 30
+# hashistack_consul_log_level:
+# hashistack_consul_enable_log_to_file:
+# hashistack_consul_log_to_file_configuration:
--- a/playbooks/group_vars/all/consul_default.yml
+++ b/playbooks/group_vars/all/consul_default.yml
@ -0,0 +1,252 @@
+---
+##########
+# Consul #
+##########
+
+hashistack_default_consul_config_dir: "{{ hashistack_remote_config_dir }}/consul.d"
+consul_config_dir: "{{ hashistack_consul_config_dir | default(hashistack_default_consul_config_dir) }}"
+
+hashistack_default_consul_data_dir: "/opt/consul"
+consul_data_dir: "{{ hashistack_consul_data_dir | default(hashistack_default_consul_data_dir)}}"
+
+hashistack_default_consul_certs_dir: "{{ consul_config_dir }}/tls"
+consul_certs_dir: "{{ hashistack_consul_certs_dir | default(hashistack_default_consul_certs_dir) }}"
+
+hashistack_default_consul_logs_dir: "{{ hashistack_remote_log_dir }}/consul"
+consul_logs_dir: "{{ hashistack_consul_logs_dir | default(hashistack_default_consul_logs_dir) }}"
+
+hashistack_default_consul_envoy_install: false
+consul_envoy_install: "{{ hashistack_consul_envoy_install | default(hashistack_default_consul_envoy_install) }}"
+
+hashistack_default_consul_envoy_version: latest
+consul_envoy_version: "{{ hashistack_consul_envoy_version | default(hashistack_default_consul_envoy_version) }}"
+
+consul_extra_files: true
+
+hashistack_default_consul_extra_files_list: []
+consul_extra_files_list: "{{ hashistack_consul_extra_files_list | default(hashistack_default_consul_extra_files_list) }}"
+
+hashistack_default_consul_env_variables: {}
+consul_env_variables: "{{ hashistack_consul_env_variables | default(hashistack_default_consul_env_variables) }}"
+
+#######################
+# extra configuration #
+#######################
+
+# You should prioritize adding configuration
+# to the configuration entries below, this
+# option should be used to add pieces of configuration not
+# available through standard variables.
+
+hashistack_default_consul_extra_configuration: {}
+consul_extra_configuration: >-
+  {{
+    hashistack_default_consul_extra_configuration |
+    combine((hashistack_consul_extra_configuration | default({})), recursive=true)
+  }}
+
+###########
+# general #
+###########
+
+hashistack_default_consul_domain: consul
+consul_domain: "{{ hashistack_consul_domain | default(hashistack_default_consul_domain) }}"
+
+hashistack_default_consul_datacenter: dc1
+consul_datacenter: "{{ hashistack_consul_datacenter | default(hashistack_default_consul_datacenter) }}"
+
+hashistack_default_consul_primary_datacenter: "{{ consul_datacenter }}"
+consul_primary_datacenter: "{{ hashistack_consul_primary_datacenter | default(hashistack_default_consul_primary_datacenter) }}"
+
+hashistack_default_consul_gossip_encryption_key: "{{ _credentials.consul.gossip_encryption_key }}"
+consul_gossip_encryption_key: "{{ hashistack_consul_gossip_encryption_key | default(hashistack_default_consul_gossip_encryption_key) }}"
+
+hashistack_default_consul_enable_script_checks: false
+consul_enable_script_checks: "{{ hashistack_consul_enable_script_checks | default(hashistack_default_consul_enable_script_checks) }}"
+
+#######################
+# leave configuration #
+#######################
+
+hashistack_default_consul_leave_on_terminate: true
+consul_leave_on_terminate: "{{ hashistack_consul_leave_on_terminate | default(hashistack_default_consul_leave_on_terminate) }}"
+
+hashistack_default_consul_rejoin_after_leave: true
+consul_rejoin_after_leave: "{{ hashistack_consul_rejoin_after_leave | default(hashistack_default_consul_rejoin_after_leave) }}"
+
+######################
+# join configuration #
+######################
+
+hashistack_default_consul_join_configuration:
+  retry_join: |
+    {{
+      groups['consul_servers'] |
+      map('extract', hostvars, ['consul_address_configuration', 'bind_addr']) |
+      list |
+      to_json |
+      from_json
+    }}
+  retry_interval: 30s
+  retry_max: 0
+consul_join_configuration: >-
+  {{
+    hashistack_default_consul_join_configuration |
+    combine((hashistack_consul_join_configuration | default({})), recursive=true)
+  }}
+
+########################
+# server configuration #
+########################
+
+hashistack_default_consul_enable_server: "{{ 'consul_servers' in group_names }}"
+consul_enable_server: "{{ hashistack_consul_enable_server | default(hashistack_default_consul_enable_server) }}"
+
+hashistack_default_consul_bootstrap_expect: "{{ (groups['consul_servers'] | length) }}"
+consul_bootstrap_expect: "{{ hashistack_consul_bootstrap_expect | default(hashistack_default_consul_bootstrap_expect) }}"
+
+####################
+# ui configuration #
+####################
+
+hashistack_default_consul_ui_configuration:
+  enabled: "{{ consul_enable_server }}"
+consul_ui_configuration: >-
+  {{
+    hashistack_default_consul_ui_configuration |
+    combine((hashistack_consul_ui_configuration | default({})), recursive=true)
+  }}
+
+#########################
+# address configuration #
+#########################
+
+hashistack_default_consul_bind_addr: "0.0.0.0"
+consul_bind_addr: "{{ hashistack_consul_bind_addr | default(hashistack_default_consul_bind_addr) }}"
+
+hashistack_default_consul_advertise_addr: "{{ api_interface_address }}"
+consul_advertise_addr: "{{ hashistack_consul_advertise_addr | default(hashistack_default_consul_advertise_addr) }}"
+
+hashistack_default_consul_address_configuration:
+  client_addr: "{{ consul_bind_addr }}"
+  bind_addr: "{{ consul_advertise_addr }}"
+  advertise_addr: "{{ consul_advertise_addr }}"
+consul_address_configuration: >-
+  {{
+    hashistack_default_consul_address_configuration |
+    combine((hashistack_consul_address_configuration | default({})), recursive=true)
+  }}
+
+#####################
+# ACL configuration #
+#####################
+
+hashistack_default_consul_acl_configuration:
+  enabled: true
+  default_policy: "deny"
+  enable_token_persistence: true
+  tokens:
+    agent: "{{ _credentials.consul.tokens.agent.secret_id }}"
+consul_acl_configuration: >-
+  {{
+    hashistack_default_consul_acl_configuration |
+    combine((hashistack_consul_acl_configuration | default({})), recursive=true)
+  }}
+
+consul_default_agent_policy: |
+  node_prefix "" {
+    policy = "write"
+  }
+  service_prefix "" {
+    policy = "read"
+  }
+
+##############################
+# service mesh configuration #
+##############################
+
+hashistack_default_consul_mesh_configuration:
+  enabled: true
+consul_mesh_configuration: >-
+  {{
+    hashistack_default_consul_mesh_configuration |
+    combine((hashistack_consul_mesh_configuration | default({})), recursive=true)
+  }}
+
+#####################
+# DNS configuration #
+#####################
+
+hashistack_default_consul_dns_configuration:
+  allow_stale: true
+  enable_truncate: true
+  only_passing: true
+consul_dns_configuration: >-
+  {{
+    hashistack_default_consul_dns_configuration |
+    combine((hashistack_consul_dns_configuration | default({})), recursive=true)
+  }}
+
+################
+# internal tls #
+################
+
+hashistack_default_consul_enable_tls: "{{ enable_tls_internal }}"
+consul_enable_tls: "{{ hashistack_consul_enable_tls | default(hashistack_default_consul_enable_tls) }}"
+
+hashistack_default_consul_tls_configuration:
+  defaults:
+    ca_file: "/etc/ssl/certs/ca-certificates.crt"
+    cert_file: "{{ consul_certs_dir }}/fullchain.crt"
+    key_file: "{{ consul_certs_dir }}/cert.key"
+    verify_incoming: false
+    verify_outgoing: true
+  internal_rpc:
+    verify_server_hostname: true
+consul_tls_configuration: >-
+  {{
+    hashistack_default_consul_tls_configuration |
+    combine((hashistack_consul_tls_configuration | default({})), recursive=true)
+  }}
+
+consul_certificates_extra_files_dir: >
+  {{
+    [] if internal_tls_externally_managed_certs | bool else
+    [{
+      'src': "{{ hashistack_sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}",
+      'dest': "{{ consul_certs_dir }}"
+    }]
+  }}
+
+###########################
+# telemetry configuration #
+###########################
+
+hashistack_default_consul_enable_prometheus_metrics: false
+consul_enable_prometheus_metrics: "{{ hashistack_consul_enable_prometheus_metrics | default(hashistack_default_consul_enable_prometheus_metrics) }}"
+
+hashistack_default_consul_prometheus_retention_time: 60s
+consul_prometheus_retention_time: "{{ hashistack_consul_prometheus_retention_time | default(hashistack_default_consul_prometheus_retention_time) }}"
+
+hashistack_default_consul_telemetry_configuration: {}
+consul_telemetry_configuration: "{{ hashistack_consul_telemetry_configuration | default(hashistack_default_consul_telemetry_configuration) }}"
+
+###########
+# logging #
+###########
+
+hashistack_default_consul_log_level: info
+consul_log_level: "{{ hashistack_consul_log_level | default(hashistack_default_consul_log_level) }}"
+
+hashistack_default_consul_enable_log_to_file: "{{ enable_log_to_file | bool }}"
+consul_enable_log_to_file: "{{ hashistack_consul_enable_log_to_file | default(hashistack_default_consul_enable_log_to_file) }}"
+
+hashistack_default_consul_log_to_file_configuration:
+  log_file: "{{ consul_logs_dir }}/consul.log"
+  log_rotate_duration: 24h
+  log_rotate_max_files: 30
+consul_log_to_file_configuration: >-
+  {{
+    hashistack_default_consul_log_to_file_configuration |
+    combine((hashistack_consul_log_to_file_configuration | default({})), recursive=true)
+  }}
--- a/playbooks/group_vars/all/globals.yml
+++ b/playbooks/group_vars/all/globals.yml
@ -11,10 +11,6 @@ nomad_version: "1.8.1"
 consul_version: "1.18.1"
 vault_version: "1.16.2"

-consul_fqdn: consul.ednz.lab
-vault_fqdn: vault.ednz.lab
-nomad_fqdn: nomad.ednz.lab
-
 api_interface: "eth0"
 api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"

@ -24,36 +20,29 @@ api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"

 enable_log_to_file: true

-########################
-# external tls options #
-########################
-
-enable_tls_external: false
-external_tls_externally_managed_certs: false
-
 ########################
 # internal tls options #
 ########################

 enable_tls_internal: false
 internal_tls_externally_managed_certs: false
-
 ##########
 # Consul #
 ##########

-consul_domain: consul
-consul_datacenter: dc1
-consul_primary_datacenter: "{{ consul_datacenter }}"
-consul_gossip_encryption_key: "{{ _credentials.consul.gossip_encryption_key }}"
-consul_enable_script_checks: false
+# hashistack_consul_domain: consul
+# hashistack_consul_datacenter: dc1
+# hashistack_consul_primary_datacenter: "{{ consul_datacenter }}"
+# hashistack_consul_gossip_encryption_key: "{{ _credentials.consul.gossip_encryption_key }}"
+# hashistack_consul_enable_script_checks: false

-consul_extra_files_list: []
-consul_extra_configuration: {}
+# hashistack_consul_extra_files_list: []
+# hashistack_consul_extra_configuration: {}

-consul_enable_tls: "{{ enable_tls_internal }}"
+# hashistack_consul_enable_tls: "{{ enable_tls_internal }}"
+
+# hashistack_consul_log_level: info

-consul_log_level: info
 #########
 # Vault #
 #########