feat/nomad-deployment #10
6
.gitmodules
vendored
6
.gitmodules
vendored
@ -1,6 +0,0 @@
|
|||||||
[submodule "roles/hashicorp_consul"]
|
|
||||||
path = roles/hashicorp_consul
|
|
||||||
url = https://github.com/ednz-cloud/hashicorp_consul
|
|
||||||
[submodule "roles/hashicorp_vault"]
|
|
||||||
path = roles/hashicorp_vault
|
|
||||||
url = https://github.com/ednz-cloud/hashicorp_vault
|
|
@ -23,7 +23,7 @@
|
|||||||
|
|
||||||
- name: "Deploy Consul Agents"
|
- name: "Deploy Consul Agents"
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: ednz_cloud.hashistack.hashicorp_consul
|
name: ednz_cloud.hashicorp_consul
|
||||||
when:
|
when:
|
||||||
- enable_consul | bool
|
- enable_consul | bool
|
||||||
- "'consul_agents' in group_names"
|
- "'consul_agents' in group_names"
|
||||||
|
@ -8,25 +8,33 @@
|
|||||||
tasks:
|
tasks:
|
||||||
- name: "Generate consul credentials"
|
- name: "Generate consul credentials"
|
||||||
block:
|
block:
|
||||||
|
- name: "Generate consul gossip encryption key"
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
_consul_gossip_encryption_key: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | b64encode }}"
|
||||||
|
|
||||||
- name: "Generate consul root credentials"
|
- name: "Generate consul root credentials"
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
_consul_root_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
|
_consul_root_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
||||||
|
|
||||||
- name: "Generate consul agents credentials"
|
- name: "Generate consul agents credentials"
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
_cosul_agents_accessor: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
|
_cosul_agents_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
||||||
_consul_agents_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
|
_consul_agents_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
||||||
|
|
||||||
- name: "Generate consul vault credentials"
|
- name: "Generate consul vault credentials"
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
_cosul_vault_accessor: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
|
_cosul_vault_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
||||||
_consul_vault_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
|
_consul_vault_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
||||||
|
|
||||||
- name: "Generate nomad credentials"
|
- name: "Generate nomad credentials"
|
||||||
block:
|
block:
|
||||||
|
- name: "Generate nomad gossip encryption key"
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
_nomad_gossip_encryption_key: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | b64encode }}"
|
||||||
|
|
||||||
- name: "Generate nomad root credentials"
|
- name: "Generate nomad root credentials"
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
_nomad_root_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}"
|
_nomad_root_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
||||||
|
|
||||||
- name: "Write credentials file"
|
- name: "Write credentials file"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
@ -88,7 +88,7 @@ hashi_consul_configuration:
|
|||||||
datacenter: "{{ consul_datacenter }}"
|
datacenter: "{{ consul_datacenter }}"
|
||||||
primary_datacenter: "{{ consul_primary_datacenter }}"
|
primary_datacenter: "{{ consul_primary_datacenter }}"
|
||||||
data_dir: "{{ hashi_consul_data_dir }}"
|
data_dir: "{{ hashi_consul_data_dir }}"
|
||||||
encrypt: "{{ consul_gossip_encryption_key }}"
|
encrypt: "{{ _credentials.consul.gossip_encryption_key }}"
|
||||||
server: "{{ 'consul_servers' in group_names }}"
|
server: "{{ 'consul_servers' in group_names }}"
|
||||||
retry_join: "{{
|
retry_join: "{{
|
||||||
groups['consul_servers'] |
|
groups['consul_servers'] |
|
||||||
|
@ -46,7 +46,6 @@ consul_primary_datacenter: dc1
|
|||||||
consul_leave_on_terminate: true
|
consul_leave_on_terminate: true
|
||||||
consul_rejoin_after_leave: true
|
consul_rejoin_after_leave: true
|
||||||
consul_enable_script_checks: true
|
consul_enable_script_checks: true
|
||||||
consul_gossip_encryption_key: "{{ 'mysupersecretgossipencryptionkey'|b64encode }}"
|
|
||||||
|
|
||||||
################################
|
################################
|
||||||
# consul address configuration #
|
# consul address configuration #
|
||||||
|
@ -1,18 +1,86 @@
|
|||||||
|
---
|
||||||
#####################################################
|
#####################################################
|
||||||
# #
|
# #
|
||||||
# Nomad Configuration #
|
# Non-Editable #
|
||||||
# #
|
# #
|
||||||
#####################################################
|
#####################################################
|
||||||
|
|
||||||
hashi_nomad_cni_plugins_install: true
|
nomad_datacenter: dc1
|
||||||
hashi_nomad_start_service: true
|
|
||||||
hashi_nomad_cni_plugins_version: latest
|
###########################
|
||||||
hashi_nomad_cni_plugins_install_path: /opt/cni/bin
|
# nomad ACL configuration #
|
||||||
hashi_nomad_version: latest
|
###########################
|
||||||
hashi_nomad_deploy_method: host # deployment method, either host or docker
|
|
||||||
hashi_nomad_env_variables: {}
|
nomad_acl_configuration:
|
||||||
hashi_nomad_data_dir: /opt/nomad
|
enabled: true
|
||||||
hashi_nomad_extra_files: false
|
token_ttl: 30s
|
||||||
hashi_nomad_extra_files_src: /tmp/extra_files
|
policy_ttl: 60s
|
||||||
hashi_nomad_extra_files_dst: /etc/nomad.d/extra_files
|
role_ttl: 60s
|
||||||
hashi_nomad_configuration: {}
|
|
||||||
|
#################################
|
||||||
|
# nomad autopilot configuration #
|
||||||
|
#################################
|
||||||
|
|
||||||
|
nomad_autopilot_configuration: {}
|
||||||
|
|
||||||
|
############################
|
||||||
|
# nomad consul integration #
|
||||||
|
############################
|
||||||
|
|
||||||
|
nomad_enable_consul_integration: "{{ enable_consul | bool }}"
|
||||||
|
nomad_consul_integration_configuration: {}
|
||||||
|
|
||||||
|
############################
|
||||||
|
# nomad vault integration #
|
||||||
|
############################
|
||||||
|
|
||||||
|
nomad_enable_vault_integration: false
|
||||||
|
nomad_vault_integration_configuration: {}
|
||||||
|
|
||||||
|
#############################
|
||||||
|
# nomad leave configuration #
|
||||||
|
#############################
|
||||||
|
|
||||||
|
# node will leave the cluster if the process is stopped
|
||||||
|
# and if it is only a client
|
||||||
|
nomad_leave_on_interrupt: "{{ (('nomad_clients' in group_names) and (not 'nomad_servers' in group_names)) | bool }}"
|
||||||
|
nomad_leave_on_terminate: "{{ (('nomad_clients' in group_names) and (not 'nomad_servers' in group_names)) | bool }}"
|
||||||
|
|
||||||
|
##############################
|
||||||
|
# nomad server configuration #
|
||||||
|
##############################
|
||||||
|
|
||||||
|
nomad_server_configuration:
|
||||||
|
enabled: "{{ 'nomad_servers' in group_names }}"
|
||||||
|
data_dir: "{{ hashicorp_nomad_data_dir }}/server"
|
||||||
|
encrypt: "{{ _credentials.nomad.gossip_encryption_key }}"
|
||||||
|
|
||||||
|
##############################
|
||||||
|
# nomad client configuration #
|
||||||
|
##############################
|
||||||
|
|
||||||
|
nomad_client_configuration:
|
||||||
|
enabled: "{{ 'nomad_clients' in group_names | bool }}"
|
||||||
|
state_dir: "{{ hashicorp_nomad_data_dir }}/client"
|
||||||
|
|
||||||
|
hashicorp_nomad_cni_plugins_install: true
|
||||||
|
hashicorp_nomad_start_service: true
|
||||||
|
hashicorp_nomad_cni_plugins_version: latest
|
||||||
|
hashicorp_nomad_cni_plugins_install_path: /opt/cni/bin
|
||||||
|
hashicorp_nomad_version: latest
|
||||||
|
hashicorp_nomad_deploy_method: host # deployment method, either host or docker
|
||||||
|
hashicorp_nomad_env_variables: {}
|
||||||
|
hashicorp_nomad_config_dir: "/etc/nomad.d"
|
||||||
|
hashicorp_nomad_data_dir: /opt/nomad
|
||||||
|
hashicorp_nomad_extra_files: false
|
||||||
|
hashicorp_nomad_extra_files_src: /tmp/extra_files
|
||||||
|
hashicorp_nomad_extra_files_dst: /etc/nomad.d/extra_files
|
||||||
|
hashicorp_nomad_configuration:
|
||||||
|
datacenter: "{{ nomad_datacenter }}"
|
||||||
|
bind_addr: "0.0.0.0"
|
||||||
|
data_dir: "{{ hashicorp_nomad_data_dir }}"
|
||||||
|
leave_on_interrupt: "{{ (('nomad_clients' in group_names) and (not 'nomad_servers' in group_names)) | bool }}"
|
||||||
|
leave_on_terminate: "{{ (('nomad_clients' in group_names) and (not 'nomad_servers' in group_names)) | bool }}"
|
||||||
|
acl: "{{ nomad_acl_configuration }}"
|
||||||
|
server: "{{ nomad_server_configuration }}"
|
||||||
|
client: "{{ nomad_client_configuration }}"
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
---
|
---
|
||||||
- name: "Consul"
|
- name: "Consul"
|
||||||
block:
|
block:
|
||||||
- name: "Include ednz_cloud.hashistack.hashicorp_consul"
|
- name: "Include ednz_cloud.hashicorp_consul"
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: ednz_cloud.hashistack.hashicorp_consul
|
name: ednz_cloud.hashicorp_consul
|
||||||
|
|
||||||
- name: "Wait for consul cluster to initialize" # noqa: run-once[task]
|
- name: "Wait for consul cluster to initialize" # noqa: run-once[task]
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
|
@ -38,9 +38,9 @@
|
|||||||
state: present
|
state: present
|
||||||
when: _consul_vault_policy.changed
|
when: _consul_vault_policy.changed
|
||||||
|
|
||||||
- name: "Include ednz_cloud.hashistack.hashicorp_consul"
|
- name: "Include ednz_cloud.hashicorp_consul"
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: ednz_cloud.hashistack.hashicorp_vault
|
name: ednz_cloud.hashicorp_vault
|
||||||
|
|
||||||
- name: "Initialize vault cluster" # noqa: run-once[task]
|
- name: "Initialize vault cluster" # noqa: run-once[task]
|
||||||
ednz_cloud.hashistack.vault_init:
|
ednz_cloud.hashistack.vault_init:
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
---
|
---
|
||||||
consul:
|
consul:
|
||||||
|
gossip_encryption_key: "{{ _consul_gossip_encryption_key }}"
|
||||||
root_token:
|
root_token:
|
||||||
secret_id: "{{ _consul_root_token }}"
|
secret_id: "{{ _consul_root_token }}"
|
||||||
tokens:
|
tokens:
|
||||||
@ -10,4 +11,6 @@ consul:
|
|||||||
accessor_id: "{{ _consul_vault_accessor }}"
|
accessor_id: "{{ _consul_vault_accessor }}"
|
||||||
secret_id: "{{ _consul_vault_token }}"
|
secret_id: "{{ _consul_vault_token }}"
|
||||||
nomad:
|
nomad:
|
||||||
root_token: "{{ _nomad_root_token }}"
|
gossip_encryption_key: "{{ _nomad_gossip_encryption_key }}"
|
||||||
|
root_token:
|
||||||
|
secret_id: "{{ _nomad_root_token }}"
|
||||||
|
@ -1 +0,0 @@
|
|||||||
Subproject commit 56696c3552308225d4e5b91efc8e4bf75d31d2f3
|
|
@ -1 +0,0 @@
|
|||||||
Subproject commit 738c347df8efd4965eda14167171343be13bed75
|
|
@ -3,15 +3,31 @@
|
|||||||
roles:
|
roles:
|
||||||
- name: ednz_cloud.manage_repositories
|
- name: ednz_cloud.manage_repositories
|
||||||
src: https://github.com/ednz-cloud/manage_repositories.git
|
src: https://github.com/ednz-cloud/manage_repositories.git
|
||||||
|
version: main
|
||||||
- name: ednz_cloud.manage_apt_packages
|
- name: ednz_cloud.manage_apt_packages
|
||||||
src: https://github.com/ednz-cloud/manage_apt_packages.git
|
src: https://github.com/ednz-cloud/manage_apt_packages.git
|
||||||
|
version: main
|
||||||
- name: ednz_cloud.manage_pip_packages
|
- name: ednz_cloud.manage_pip_packages
|
||||||
src: https://github.com/ednz-cloud/manage_pip_packages.git
|
src: https://github.com/ednz-cloud/manage_pip_packages.git
|
||||||
|
version: main
|
||||||
- name: ednz_cloud.install_docker
|
- name: ednz_cloud.install_docker
|
||||||
src: https://github.com/ednz-cloud/install_docker.git
|
src: https://github.com/ednz-cloud/install_docker.git
|
||||||
|
version: main
|
||||||
- name: ednz_cloud.docker_systemd_service
|
- name: ednz_cloud.docker_systemd_service
|
||||||
src: https://github.com/ednz-cloud/docker_systemd_service.git
|
src: https://github.com/ednz-cloud/docker_systemd_service.git
|
||||||
|
version: main
|
||||||
- name: ednz_cloud.deploy_haproxy
|
- name: ednz_cloud.deploy_haproxy
|
||||||
src: https://github.com/ednz-cloud/deploy_haproxy.git
|
src: https://github.com/ednz-cloud/deploy_haproxy.git
|
||||||
|
version: main
|
||||||
- name: ednz_cloud.deploy_keepalived
|
- name: ednz_cloud.deploy_keepalived
|
||||||
src: https://github.com/ednz-cloud/deploy_keepalived.git
|
src: https://github.com/ednz-cloud/deploy_keepalived.git
|
||||||
|
version: main
|
||||||
|
- name: ednz_cloud.hashicorp_nomad
|
||||||
|
src: https://github.com/ednz-cloud/hashicorp_nomad.git
|
||||||
|
version: v0.1.0
|
||||||
|
- name: ednz_cloud.hashicorp_consul
|
||||||
|
src: https://github.com/ednz-cloud/hashicorp_consul.git
|
||||||
|
version: main
|
||||||
|
- name: ednz_cloud.hashicorp_vault
|
||||||
|
src: https://github.com/ednz-cloud/hashicorp_vault.git
|
||||||
|
version: main
|
||||||
|
Loading…
Reference in New Issue
Block a user