diff --git a/.gitignore b/.gitignore index feab726..9cdd082 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ # ignore molecule/testinfra pycache **/__pycache__ .vscode -roles/ednxzu.* +roles/ednz_cloud.* vault_config consul_config \ No newline at end of file diff --git a/.gitmodules b/.gitmodules index e9b9edf..8f630b6 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,6 @@ [submodule "roles/hashicorp_consul"] path = roles/hashicorp_consul - url = https://github.com/ednxzu/hashicorp_consul + url = https://github.com/ednz-cloud/hashicorp_consul [submodule "roles/hashicorp_vault"] path = roles/hashicorp_vault - url = https://github.com/ednxzu/hashicorp_vault + url = https://github.com/ednz-cloud/hashicorp_vault diff --git a/README.md b/README.md index 9772c0a..e9c79c7 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ -# Ansible Collection - ednxzu.hashistack +# Ansible Collection - ednz_cloud.hashistack THIS REPOSITORY IS A WORK IN PROGRESS, IT IS NOWHERE NEAR FIT FOR PRODUCTION. diff --git a/docs/architecture_guide.md.md b/docs/architecture_guide.md.md index 9d33415..915c9b2 100644 --- a/docs/architecture_guide.md.md +++ b/docs/architecture_guide.md.md @@ -36,6 +36,8 @@ graph LR; ## Testing/Preprod deployment +For testing, of pre-production deployments, running all services on the same nodes might be a good way to cut cost and/or save resources. + ## Production deployment For production use, it is recommended to separate concerns as much as possible. This means that consul, vault and nomad, as well as the haproxy services, should be on different nodes altogether. The **client-facing** and **cluster-facing** interfaces should also be separated. @@ -92,3 +94,4 @@ graph TD nomad -->|Service registration| consul ``` +> **Note**: you can substract the haproxy part if using an external load-balancing solution, like AWS ALB,or any other LB technology, for connecting to your platform. \ No newline at end of file diff --git a/docs/quick_start.md b/docs/quick_start.md index 66d24e3..4f51757 100644 --- a/docs/quick_start.md +++ b/docs/quick_start.md @@ -94,18 +94,18 @@ collections_path = ./collections/ inventory = ./inventory/ ``` -7. Install the `ednxzu.hashistack` ansible collection +7. Install the `ednz_cloud.hashistack` ansible collection ```bash -ansible-galaxy collection install ednxzu.hashistack:== +ansible-galaxy collection install ednz_cloud.hashistack:== ``` -You should now have a directory under `./collections/ansible_collections/ednxzu/hashistack` +You should now have a directory under `./collections/ansible_collections/ednz_cloud/hashistack` -8. Install the other dependencies required by `ednxzu.hashistack` +8. Install the other dependencies required by `ednz_cloud.hashistack` ```bash -ansible-galaxy install -r ./collections/ansible_collections/ednxzu/hashistack/roles/requirements.yml +ansible-galaxy install -r ./collections/ansible_collections/ednz_cloud/hashistack/roles/requirements.yml ``` This will install roles that are not packaged with the collection, but are still required in order to run the playbooks. diff --git a/docs/vault_clusters.md b/docs/vault_clusters.md index caab8e9..ad91216 100644 --- a/docs/vault_clusters.md +++ b/docs/vault_clusters.md @@ -1,6 +1,6 @@ # Deploying a Vault cluster -This documentation explains each steps necessary to successfully deploy a Vault cluster using the ednxzu.hashistack ansible collection. +This documentation explains each steps necessary to successfully deploy a Vault cluster using the ednz_cloud.hashistack ansible collection. ## Prerequisites diff --git a/galaxy.yml b/galaxy.yml index e3c7b1a..aa1a6dc 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,5 +1,5 @@ --- -namespace: ednxzu +namespace: ednz_cloud name: hashistack version: 1.0.0 readme: README.md @@ -7,7 +7,7 @@ authors: - Bertrand Lanson description: your collection description license: ["MIT"] -license_file: 'LICENSE' +license_file: "LICENSE" # A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character # requirements as 'namespace' and 'name' diff --git a/molecule/no_tls_multi_node/converge.yml b/molecule/no_tls_multi_node/converge.yml index cbc0a88..daad78c 100644 --- a/molecule/no_tls_multi_node/converge.yml +++ b/molecule/no_tls_multi_node/converge.yml @@ -1,3 +1,3 @@ --- - name: Include a playbook from a collection - ansible.builtin.import_playbook: ednxzu.hashistack.deploy.yml + ansible.builtin.import_playbook: ednz_cloud.hashistack.deploy.yml diff --git a/molecule/no_tls_multi_node/prepare.yml b/molecule/no_tls_multi_node/prepare.yml index b454482..6c57e49 100644 --- a/molecule/no_tls_multi_node/prepare.yml +++ b/molecule/no_tls_multi_node/prepare.yml @@ -1,6 +1,6 @@ --- - name: Include bootstrap playbook - ansible.builtin.import_playbook: ednxzu.hashistack.bootstrap.yml + ansible.builtin.import_playbook: ednz_cloud.hashistack.bootstrap.yml - name: Include preflight playbook - ansible.builtin.import_playbook: ednxzu.hashistack.preflight.yml + ansible.builtin.import_playbook: ednz_cloud.hashistack.preflight.yml diff --git a/molecule/no_tls_multi_node/requirements.yml b/molecule/no_tls_multi_node/requirements.yml index b2e8953..42a18bb 100644 --- a/molecule/no_tls_multi_node/requirements.yml +++ b/molecule/no_tls_multi_node/requirements.yml @@ -1,11 +1,11 @@ --- # requirements file for molecule roles: - - name: ednxzu.manage_repositories - - name: ednxzu.manage_apt_packages - - name: ednxzu.manage_pip_packages - - name: ednxzu.install_docker - - name: ednxzu.docker_systemd_service + - name: ednz_cloud.manage_repositories + - name: ednz_cloud.manage_apt_packages + - name: ednz_cloud.manage_pip_packages + - name: ednz_cloud.install_docker + - name: ednz_cloud.docker_systemd_service collections: - - name: ednxzu.hashistack + - name: ednz_cloud.hashistack diff --git a/molecule/no_tls_single_node/converge.yml b/molecule/no_tls_single_node/converge.yml index cbc0a88..daad78c 100644 --- a/molecule/no_tls_single_node/converge.yml +++ b/molecule/no_tls_single_node/converge.yml @@ -1,3 +1,3 @@ --- - name: Include a playbook from a collection - ansible.builtin.import_playbook: ednxzu.hashistack.deploy.yml + ansible.builtin.import_playbook: ednz_cloud.hashistack.deploy.yml diff --git a/molecule/no_tls_single_node/prepare.yml b/molecule/no_tls_single_node/prepare.yml index b454482..6c57e49 100644 --- a/molecule/no_tls_single_node/prepare.yml +++ b/molecule/no_tls_single_node/prepare.yml @@ -1,6 +1,6 @@ --- - name: Include bootstrap playbook - ansible.builtin.import_playbook: ednxzu.hashistack.bootstrap.yml + ansible.builtin.import_playbook: ednz_cloud.hashistack.bootstrap.yml - name: Include preflight playbook - ansible.builtin.import_playbook: ednxzu.hashistack.preflight.yml + ansible.builtin.import_playbook: ednz_cloud.hashistack.preflight.yml diff --git a/molecule/no_tls_single_node/requirements.yml b/molecule/no_tls_single_node/requirements.yml index ed11fdb..4391e35 100644 --- a/molecule/no_tls_single_node/requirements.yml +++ b/molecule/no_tls_single_node/requirements.yml @@ -1,10 +1,10 @@ --- # requirements file for molecule roles: - - name: ednxzu.manage_repositories - - name: ednxzu.manage_apt_packages - - name: ednxzu.install_docker - - name: ednxzu.docker_systemd_service + - name: ednz_cloud.manage_repositories + - name: ednz_cloud.manage_apt_packages + - name: ednz_cloud.install_docker + - name: ednz_cloud.docker_systemd_service collections: - - name: ednxzu.hashistack + - name: ednz_cloud.hashistack diff --git a/playbooks/bootstrap.yml b/playbooks/bootstrap.yml index 1c53989..cb46baa 100644 --- a/playbooks/bootstrap.yml +++ b/playbooks/bootstrap.yml @@ -7,7 +7,7 @@ tasks: - name: "Install hvac library with pip" ansible.builtin.include_role: - name: ednxzu.manage_pip_packages + name: ednz_cloud.manage_pip_packages vars: manage_pip_packages_install_prereqs: true manage_pip_packages_list: @@ -16,9 +16,9 @@ state: present when: "'vault_servers' in group_names" - - name: "Include ednxzu.install_docker" + - name: "Include ednz_cloud.install_docker" ansible.builtin.include_role: - name: ednxzu.install_docker + name: ednz_cloud.install_docker vars: install_docker_edition: ce install_docker_auto_update: false @@ -31,3 +31,11 @@ - "{{ ansible_user }}" install_docker_daemon_options: {} when: deployment_method == 'docker' + + - name: "Ensure /etc/localtime exists" + ansible.builtin.file: + src: /etc/timezone + dest: /etc/localtime + owner: root + group: root + state: link diff --git a/playbooks/deploy.yml b/playbooks/deploy.yml index 6f1d7c5..1a94d39 100644 --- a/playbooks/deploy.yml +++ b/playbooks/deploy.yml @@ -31,12 +31,12 @@ tags: - consul block: - - name: "Include ednxzu.hashistack.hashicorp_consul" + - name: "Include ednz_cloud.hashistack.hashicorp_consul" ansible.builtin.include_role: - name: ednxzu.hashistack.hashicorp_consul + name: ednz_cloud.hashistack.hashicorp_consul - name: "Initialize consul cluster" # noqa: run-once[task] - ednxzu.hashistack.consul_acl_bootstrap: + ednz_cloud.hashistack.consul_acl_bootstrap: api_addr: "{{ hashi_consul_configuration['advertise_addr'] }}" run_once: true delegate_to: "{{ groups['consul_servers'] | first }}" @@ -67,12 +67,12 @@ tags: - vault block: - - name: "Include ednxzu.hashistack.hashicorp_consul" + - name: "Include ednz_cloud.hashistack.hashicorp_consul" ansible.builtin.include_role: - name: ednxzu.hashistack.hashicorp_vault + name: ednz_cloud.hashistack.hashicorp_vault - name: "Initialize vault cluster" # noqa: run-once[task] - ednxzu.hashistack.vault_init: + ednz_cloud.hashistack.vault_init: api_url: "{{ hashi_vault_configuration['api_addr'] }}" key_shares: "{{ vault_seal_configuration['key_shares'] }}" key_threshold: "{{ vault_seal_configuration['key_threshold'] }}" @@ -98,7 +98,7 @@ name: _vault_cluster_config - name: "Unseal the bootstrap node" # noqa: run-once[task] no-handler - ednxzu.hashistack.vault_unseal: + ednz_cloud.hashistack.vault_unseal: api_url: "{{ hashi_vault_configuration['api_addr'] }}" key_shares: "{{ _vault_cluster_config['keys'] }}" run_once: true @@ -107,7 +107,7 @@ register: _vault_unseal_secret - name: "Unseal all vault nodes" - ednxzu.hashistack.vault_unseal: + ednz_cloud.hashistack.vault_unseal: api_url: "{{ hashi_vault_configuration['api_addr'] }}" key_shares: "{{ _vault_cluster_config['keys'] }}" retries: 5 diff --git a/playbooks/group_vars/all.yml b/playbooks/group_vars/all.yml index 9f6a595..d63b740 100644 --- a/playbooks/group_vars/all.yml +++ b/playbooks/group_vars/all.yml @@ -19,6 +19,8 @@ api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}" # Helper options ######### ########################## +manage_pip_packages_allow_break_system_packages: true + vault_versions: host: "{{ vault_version }}{% '*' if vault_version != 'latest' %}" docker: "{{ vault_version }}" @@ -156,7 +158,7 @@ hashi_consul_data_dir: "/opt/consul" hashi_consul_extra_files: false hashi_consul_extra_files_src: "{{ sub_configuration_directories.consul_servers }}/config" hashi_consul_extra_files_dst: "{{ hashi_consul_config_dir }}/config" -hashi_consul_envoy_install: true +hashi_consul_envoy_install: false hashi_consul_envoy_version: v1.27.2 hashi_consul_configuration: domain: "{{ consul_domain }}" diff --git a/playbooks/preflight.yml b/playbooks/preflight.yml index 3d7013f..2b61c37 100644 --- a/playbooks/preflight.yml +++ b/playbooks/preflight.yml @@ -114,7 +114,7 @@ ansible.builtin.assert: that: - "(ansible_facts.distribution | lower) in hashistack_supported_distributions" - - "(ansible_facts.distribution_version) in hashistack_supported_distribution_versions[(ansible_facts.distribution | lower)]" + - "(ansible_facts.distribution_major_version) in hashistack_supported_distribution_versions[(ansible_facts.distribution | lower)]" fail_msg: >- Distribution: {{ ansible_facts.distribution }} Release: {{ ansible_facts.distribution_release }} @@ -266,10 +266,6 @@ - "ansible_facts.service_mgr == 'systemd'" when: inventory_hostname in groups['common'] - # - name: "Checking that docker is installed" - # when: deployment_method == 'docker' - # block: - - name: "Checking that python SDK for docker is installed" when: deployment_method == 'docker' vars: diff --git a/plugins/modules/consul_acl_bootstrap.py b/plugins/modules/consul_acl_bootstrap.py index 88a2b4a..9c955ff 100644 --- a/plugins/modules/consul_acl_bootstrap.py +++ b/plugins/modules/consul_acl_bootstrap.py @@ -7,7 +7,7 @@ __metaclass__ = type DOCUMENTATION = r""" --- -module: ednxzu.hashistack.consul_acl_bootstrap +module: ednz_cloud.hashistack.consul_acl_bootstrap short_description: Bootstraps ACL for a Consul cluster. @@ -34,13 +34,13 @@ options: default: 8500 author: - - Bertrand Lanson (@ednxzu) + - Bertrand Lanson (@ednz_cloud) """ EXAMPLES = r""" # Example: Bootstrap ACL for a Consul cluster - name: Bootstrap ACL for Consul cluster - ednxzu.hashistack.consul_acl_bootstrap: + ednz_cloud.hashistack.consul_acl_bootstrap: api_addr: 127.0.0.1 scheme: http port: 8500 diff --git a/plugins/modules/vault_init.py b/plugins/modules/vault_init.py index 2fe5d6b..bdb7bc8 100644 --- a/plugins/modules/vault_init.py +++ b/plugins/modules/vault_init.py @@ -7,7 +7,7 @@ __metaclass__ = type DOCUMENTATION = r""" --- -module: ednxzu.hashistack.vault_init +module: ednz_cloud.hashistack.vault_init short_description: Manages the initialization of HashiCorp Vault. @@ -38,7 +38,7 @@ options: default: 3 author: - - Bertrand Lanson (@ednxzu) + - Bertrand Lanson (@ednz_cloud) """ EXAMPLES = r""" diff --git a/roles/hashicorp_consul b/roles/hashicorp_consul index 36305c2..9c906ed 160000 --- a/roles/hashicorp_consul +++ b/roles/hashicorp_consul @@ -1 +1 @@ -Subproject commit 36305c28f8689355f4846af2b90149e94be03b1e +Subproject commit 9c906ed7dba091bab9139bd9d68218f421528440 diff --git a/roles/hashicorp_vault b/roles/hashicorp_vault index 581c2ee..db96aa6 160000 --- a/roles/hashicorp_vault +++ b/roles/hashicorp_vault @@ -1 +1 @@ -Subproject commit 581c2eec65eee201f34d585480f33eeed415ee23 +Subproject commit db96aa6bf3af97c282407a559a199b34da34c15e diff --git a/roles/requirements.yml b/roles/requirements.yml index 25bb7bb..d5d3c4b 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -1,8 +1,8 @@ --- -# requirements file for ednxzu.hashistack +# requirements file for ednz_cloud.hashistack roles: - - name: ednxzu.manage_repositories - - name: ednxzu.manage_apt_packages - - name: ednxzu.manage_pip_packages - - name: ednxzu.install_docker - - name: ednxzu.docker_systemd_service + - name: ednz_cloud.manage_repositories + - name: ednz_cloud.manage_apt_packages + - name: ednz_cloud.manage_pip_packages + - name: ednz_cloud.install_docker + - name: ednz_cloud.docker_systemd_service