feat/major-revamp #11

Merged
lanson merged 42 commits from fix/various into main 2024-08-17 14:54:28 +00:00
3 changed files with 54 additions and 49 deletions
Showing only changes of commit 41c6064d01 - Show all commits

View File

@ -8,8 +8,8 @@
become: true become: true
tasks: tasks:
- name: "Import variables" - name: "Import variables"
ansible.builtin.import_tasks: ansible.builtin.import_role:
file: tasks/load_vars.yml name: ednz_cloud.hashistack.hashistack
tags: tags:
- always - always
@ -22,19 +22,6 @@
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: tasks/consul/consul_deploy.yml file: tasks/consul/consul_deploy.yml
# Haproxy nodes deployment
- name: "Deploy Proxies"
tags:
- haproxy
when:
- enable_haproxy | bool
block:
- name: "Deploy Haproxy & Keepalived"
ansible.builtin.import_tasks:
file: tasks/haproxy/haproxy_deploy.yml
when:
- "'haproxy_servers' in group_names"
# Vault nodes deployment # Vault nodes deployment
- name: "Deploy Vault" - name: "Deploy Vault"
tags: tags:
@ -52,3 +39,17 @@
- enable_nomad | bool - enable_nomad | bool
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: tasks/nomad/nomad_deploy.yml file: tasks/nomad/nomad_deploy.yml
# - fail:
# Haproxy nodes deployment
# - name: "Deploy Proxies"
# tags:
# - haproxy
# when:
# - enable_haproxy | bool
# block:
# - name: "Deploy Haproxy & Keepalived"
# ansible.builtin.import_tasks:
# file: tasks/haproxy/haproxy_deploy.yml
# when:
# - "'haproxy_servers' in group_names"

View File

@ -7,28 +7,32 @@
become: true become: true
tasks: tasks:
- name: "Import variables" - name: "Import variables"
ansible.builtin.import_tasks: ansible.builtin.import_role:
file: tasks/load_vars.yml name: ednz_cloud.hashistack.hashistack
tags: tags:
- always - always
- name: "Create temporary cert directory in {{ sub_configuration_directories['certificates'] }}" # noqa: run-once[task] - name: "Create temporary cert directory in {{ hashistack_sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
ansible.builtin.file: ansible.builtin.file:
path: "{{ sub_configuration_directories['certificates'] }}/external" path: "{{ hashistack_sub_configuration_directories['certificates'] }}/external"
state: directory state: directory
owner: "{{ lookup('env', 'USER') }}" owner: "{{ lookup('env', 'USER') }}"
group: "{{ lookup('env', 'USER') }}" group: "{{ lookup('env', 'USER') }}"
mode: "0755" mode: "0755"
delegate_to: localhost delegate_to: localhost
run_once: true run_once: true
tags:
- always
- name: "Generate external certificates" # noqa: run-once[task] - name: "Generate external certificates" # noqa: run-once[task]
tags:
- always
delegate_to: localhost delegate_to: localhost
run_once: true run_once: true
block: block:
- name: "Create temporary cert directory in {{ sub_configuration_directories['certificates'] }}" # noqa: run-once[task] - name: "Create temporary cert directory in {{ hashistack_sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
ansible.builtin.file: ansible.builtin.file:
path: "{{ sub_configuration_directories['certificates'] }}/external" path: "{{ hashistack_sub_configuration_directories['certificates'] }}/external"
state: directory state: directory
owner: "{{ lookup('env', 'USER') }}" owner: "{{ lookup('env', 'USER') }}"
group: "{{ lookup('env', 'USER') }}" group: "{{ lookup('env', 'USER') }}"
@ -36,7 +40,7 @@
- name: "Create private keys" - name: "Create private keys"
community.crypto.openssl_privatekey: community.crypto.openssl_privatekey:
path: "{{ sub_configuration_directories['certificates'] }}/external/{{ item.fqdn }}.pem.key" path: "{{ hashistack_sub_configuration_directories['certificates'] }}/external/{{ item.fqdn }}.pem.key"
owner: "{{ lookup('env', 'USER') }}" owner: "{{ lookup('env', 'USER') }}"
group: "{{ lookup('env', 'USER') }}" group: "{{ lookup('env', 'USER') }}"
loop: loop:
@ -49,7 +53,7 @@
- name: "Create certificate signing request" - name: "Create certificate signing request"
community.crypto.openssl_csr_pipe: community.crypto.openssl_csr_pipe:
privatekey_path: "{{ sub_configuration_directories['certificates'] }}/external/{{ item.fqdn }}.pem.key" privatekey_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/external/{{ item.fqdn }}.pem.key"
common_name: "{{ item.fqdn }}" common_name: "{{ item.fqdn }}"
organization_name: EDNZ Cloud organization_name: EDNZ Cloud
register: csr register: csr
@ -63,9 +67,9 @@
- name: "Create self-signed certificate from CSR" - name: "Create self-signed certificate from CSR"
community.crypto.x509_certificate: community.crypto.x509_certificate:
path: "{{ sub_configuration_directories['certificates'] }}/external/{{ item.item.fqdn }}.pem" path: "{{ hashistack_sub_configuration_directories['certificates'] }}/external/{{ item.item.fqdn }}.pem"
csr_content: "{{ item.csr }}" csr_content: "{{ item.csr }}"
privatekey_path: "{{ sub_configuration_directories['certificates'] }}/external/{{ item.item.fqdn }}.pem.key" privatekey_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/external/{{ item.item.fqdn }}.pem.key"
provider: selfsigned provider: selfsigned
owner: "{{ lookup('env', 'USER') }}" owner: "{{ lookup('env', 'USER') }}"
group: "{{ lookup('env', 'USER') }}" group: "{{ lookup('env', 'USER') }}"
@ -77,15 +81,15 @@
- internal - internal
delegate_to: localhost delegate_to: localhost
vars: vars:
hashistack_ca_key_path: "{{ sub_configuration_directories['certificates'] }}/ca/ca.key" hashistack_ca_key_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/ca/ca.key"
hashistack_ca_cert_path: "{{ sub_configuration_directories['certificates'] }}/ca/ca.crt" hashistack_ca_cert_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/ca/ca.crt"
block: block:
- name: "Create internal CA" # noqa: run-once[task] - name: "Create internal CA" # noqa: run-once[task]
run_once: true run_once: true
block: block:
- name: "Create temporary cert directory in {{ sub_configuration_directories['certificates'] }}" # noqa: run-once[task] - name: "Create temporary cert directory in {{ hashistack_sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
ansible.builtin.file: ansible.builtin.file:
path: "{{ sub_configuration_directories['certificates'] }}/ca" path: "{{ hashistack_sub_configuration_directories['certificates'] }}/ca"
state: directory state: directory
owner: "{{ lookup('env', 'USER') }}" owner: "{{ lookup('env', 'USER') }}"
group: "{{ lookup('env', 'USER') }}" group: "{{ lookup('env', 'USER') }}"
@ -124,12 +128,12 @@
when: when:
- "'vault_servers' in group_names" - "'vault_servers' in group_names"
vars: vars:
vault_private_key_path: "{{ sub_configuration_directories['certificates'] }}/vault/{{ inventory_hostname }}/key.pem" vault_private_key_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/vault/{{ inventory_hostname }}/key.pem"
vault_certificate_path: "{{ sub_configuration_directories['certificates'] }}/vault/{{ inventory_hostname }}/cert.pem" vault_certificate_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/vault/{{ inventory_hostname }}/cert.pem"
block: block:
- name: "Create temporary cert directory in {{ sub_configuration_directories['certificates'] }}" # noqa: run-once[task] - name: "Create temporary cert directory in {{ hashistack_sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
ansible.builtin.file: ansible.builtin.file:
path: "{{ sub_configuration_directories['certificates'] }}/vault/{{ inventory_hostname }}" path: "{{ hashistack_sub_configuration_directories['certificates'] }}/vault/{{ inventory_hostname }}"
state: directory state: directory
owner: "{{ lookup('env', 'USER') }}" owner: "{{ lookup('env', 'USER') }}"
group: "{{ lookup('env', 'USER') }}" group: "{{ lookup('env', 'USER') }}"
@ -200,12 +204,12 @@
when: when:
- "('consul_servers' in group_names) or ('consul_agents' in group_names)" - "('consul_servers' in group_names) or ('consul_agents' in group_names)"
vars: vars:
consul_private_key_path: "{{ sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}/key.pem" consul_private_key_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}/key.pem"
consul_certificate_path: "{{ sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}/cert.pem" consul_certificate_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}/cert.pem"
block: block:
- name: "Create temporary cert directory in {{ sub_configuration_directories['certificates'] }}" # noqa: run-once[task] - name: "Create temporary cert directory in {{ hashistack_sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
ansible.builtin.file: ansible.builtin.file:
path: "{{ sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}" path: "{{ hashistack_sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}"
state: directory state: directory
owner: "{{ lookup('env', 'USER') }}" owner: "{{ lookup('env', 'USER') }}"
group: "{{ lookup('env', 'USER') }}" group: "{{ lookup('env', 'USER') }}"
@ -227,8 +231,8 @@
'IP:' + api_interface_address, 'IP:' + api_interface_address,
'IP:127.0.0.1' 'IP:127.0.0.1'
] -%} ] -%}
{%- if hashicorp_consul_configuration.server -%} {%- if consul_enable_server -%}
{%- set _ = sans_list.append('DNS:server.' ~ hashicorp_consul_configuration.datacenter ~ '.' ~ hashicorp_consul_configuration.domain) -%} {%- set _ = sans_list.append('DNS:server.' ~ consul_datacenter ~ '.' ~ consul_domain) -%}
{%- endif -%} {%- endif -%}
{{ sans_list }} {{ sans_list }}
community.crypto.openssl_csr_pipe: community.crypto.openssl_csr_pipe:
@ -282,12 +286,12 @@
when: when:
- "('nomad_servers' in group_names) or ('nomad_clients' in group_names)" - "('nomad_servers' in group_names) or ('nomad_clients' in group_names)"
vars: vars:
nomad_private_key_path: "{{ sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}/key.pem" nomad_private_key_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}/key.pem"
nomad_certificate_path: "{{ sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}/cert.pem" nomad_certificate_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}/cert.pem"
block: block:
- name: "Create temporary cert directory in {{ sub_configuration_directories['certificates'] }}" # noqa: run-once[task] - name: "Create temporary cert directory in {{ hashistack_sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
ansible.builtin.file: ansible.builtin.file:
path: "{{ sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}" path: "{{ hashistack_sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}"
state: directory state: directory
owner: "{{ lookup('env', 'USER') }}" owner: "{{ lookup('env', 'USER') }}"
group: "{{ lookup('env', 'USER') }}" group: "{{ lookup('env', 'USER') }}"
@ -308,14 +312,14 @@
'IP:' + api_interface_address, 'IP:' + api_interface_address,
'IP:127.0.0.1' 'IP:127.0.0.1'
] -%} ] -%}
{%- if hashicorp_nomad_configuration.server.enabled -%} {%- if nomad_enable_server -%}
{%- set _ = sans_list.append('DNS:server.' ~ hashicorp_nomad_configuration.region ~ '.nomad') -%} {%- set _ = sans_list.append('DNS:server.' ~ nomad_region ~ '.nomad') -%}
{%- if (enable_consul | bool) -%} {%- if (enable_consul | bool) -%}
{%- set _ = sans_list.append('DNS:nomad.service.consul') -%} {%- set _ = sans_list.append('DNS:nomad.service.consul') -%}
{%- endif -%} {%- endif -%}
{%- endif -%} {%- endif -%}
{%- if hashicorp_nomad_configuration.client.enabled -%} {%- if nomad_enable_client -%}
{%- set _ = sans_list.append('DNS:client.' ~ hashicorp_nomad_configuration.region ~ '.nomad') -%} {%- set _ = sans_list.append('DNS:client.' ~ nomad_region ~ '.nomad') -%}
{%- endif -%} {%- endif -%}
{{ sans_list }} {{ sans_list }}
community.crypto.openssl_csr_pipe: community.crypto.openssl_csr_pipe:

View File

@ -70,7 +70,7 @@
- name: "Ensure secrets directory is created" - name: "Ensure secrets directory is created"
ansible.builtin.file: ansible.builtin.file:
path: "{{ sub_configuration_directories['secrets'] }}" path: "{{ hashistack_sub_configuration_directories['secrets'] }}"
state: directory state: directory
owner: "{{ lookup('env', 'USER') }}" owner: "{{ lookup('env', 'USER') }}"
group: "{{ lookup('env', 'USER') }}" group: "{{ lookup('env', 'USER') }}"
@ -79,7 +79,7 @@
- name: "Write credentials file" - name: "Write credentials file"
ansible.builtin.template: ansible.builtin.template:
src: templates/credentials.yml.j2 src: templates/credentials.yml.j2
dest: "{{ sub_configuration_directories['secrets'] }}/{{ configuration_credentials_vars_file }}" dest: "{{ hashistack_sub_configuration_directories['secrets'] }}/{{ hashistack_configuration_credentials_vars_file }}"
owner: "{{ lookup('env', 'USER') }}" owner: "{{ lookup('env', 'USER') }}"
group: "{{ lookup('env', 'USER') }}" group: "{{ lookup('env', 'USER') }}"
mode: '0644' mode: '0644'