feat/major-revamp #11
@ -8,8 +8,8 @@
|
|||||||
become: true
|
become: true
|
||||||
tasks:
|
tasks:
|
||||||
- name: "Import variables"
|
- name: "Import variables"
|
||||||
ansible.builtin.import_tasks:
|
ansible.builtin.import_role:
|
||||||
file: tasks/load_vars.yml
|
name: ednz_cloud.hashistack.hashistack
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
|
||||||
@ -22,19 +22,6 @@
|
|||||||
ansible.builtin.import_tasks:
|
ansible.builtin.import_tasks:
|
||||||
file: tasks/consul/consul_deploy.yml
|
file: tasks/consul/consul_deploy.yml
|
||||||
|
|
||||||
# Haproxy nodes deployment
|
|
||||||
- name: "Deploy Proxies"
|
|
||||||
tags:
|
|
||||||
- haproxy
|
|
||||||
when:
|
|
||||||
- enable_haproxy | bool
|
|
||||||
block:
|
|
||||||
- name: "Deploy Haproxy & Keepalived"
|
|
||||||
ansible.builtin.import_tasks:
|
|
||||||
file: tasks/haproxy/haproxy_deploy.yml
|
|
||||||
when:
|
|
||||||
- "'haproxy_servers' in group_names"
|
|
||||||
|
|
||||||
# Vault nodes deployment
|
# Vault nodes deployment
|
||||||
- name: "Deploy Vault"
|
- name: "Deploy Vault"
|
||||||
tags:
|
tags:
|
||||||
@ -52,3 +39,17 @@
|
|||||||
- enable_nomad | bool
|
- enable_nomad | bool
|
||||||
ansible.builtin.import_tasks:
|
ansible.builtin.import_tasks:
|
||||||
file: tasks/nomad/nomad_deploy.yml
|
file: tasks/nomad/nomad_deploy.yml
|
||||||
|
|
||||||
|
# - fail:
|
||||||
|
# Haproxy nodes deployment
|
||||||
|
# - name: "Deploy Proxies"
|
||||||
|
# tags:
|
||||||
|
# - haproxy
|
||||||
|
# when:
|
||||||
|
# - enable_haproxy | bool
|
||||||
|
# block:
|
||||||
|
# - name: "Deploy Haproxy & Keepalived"
|
||||||
|
# ansible.builtin.import_tasks:
|
||||||
|
# file: tasks/haproxy/haproxy_deploy.yml
|
||||||
|
# when:
|
||||||
|
# - "'haproxy_servers' in group_names"
|
||||||
|
@ -7,28 +7,32 @@
|
|||||||
become: true
|
become: true
|
||||||
tasks:
|
tasks:
|
||||||
- name: "Import variables"
|
- name: "Import variables"
|
||||||
ansible.builtin.import_tasks:
|
ansible.builtin.import_role:
|
||||||
file: tasks/load_vars.yml
|
name: ednz_cloud.hashistack.hashistack
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
|
||||||
- name: "Create temporary cert directory in {{ sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
|
- name: "Create temporary cert directory in {{ hashistack_sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ sub_configuration_directories['certificates'] }}/external"
|
path: "{{ hashistack_sub_configuration_directories['certificates'] }}/external"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ lookup('env', 'USER') }}"
|
owner: "{{ lookup('env', 'USER') }}"
|
||||||
group: "{{ lookup('env', 'USER') }}"
|
group: "{{ lookup('env', 'USER') }}"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
run_once: true
|
run_once: true
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
- name: "Generate external certificates" # noqa: run-once[task]
|
- name: "Generate external certificates" # noqa: run-once[task]
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
run_once: true
|
run_once: true
|
||||||
block:
|
block:
|
||||||
- name: "Create temporary cert directory in {{ sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
|
- name: "Create temporary cert directory in {{ hashistack_sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ sub_configuration_directories['certificates'] }}/external"
|
path: "{{ hashistack_sub_configuration_directories['certificates'] }}/external"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ lookup('env', 'USER') }}"
|
owner: "{{ lookup('env', 'USER') }}"
|
||||||
group: "{{ lookup('env', 'USER') }}"
|
group: "{{ lookup('env', 'USER') }}"
|
||||||
@ -36,7 +40,7 @@
|
|||||||
|
|
||||||
- name: "Create private keys"
|
- name: "Create private keys"
|
||||||
community.crypto.openssl_privatekey:
|
community.crypto.openssl_privatekey:
|
||||||
path: "{{ sub_configuration_directories['certificates'] }}/external/{{ item.fqdn }}.pem.key"
|
path: "{{ hashistack_sub_configuration_directories['certificates'] }}/external/{{ item.fqdn }}.pem.key"
|
||||||
owner: "{{ lookup('env', 'USER') }}"
|
owner: "{{ lookup('env', 'USER') }}"
|
||||||
group: "{{ lookup('env', 'USER') }}"
|
group: "{{ lookup('env', 'USER') }}"
|
||||||
loop:
|
loop:
|
||||||
@ -49,7 +53,7 @@
|
|||||||
|
|
||||||
- name: "Create certificate signing request"
|
- name: "Create certificate signing request"
|
||||||
community.crypto.openssl_csr_pipe:
|
community.crypto.openssl_csr_pipe:
|
||||||
privatekey_path: "{{ sub_configuration_directories['certificates'] }}/external/{{ item.fqdn }}.pem.key"
|
privatekey_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/external/{{ item.fqdn }}.pem.key"
|
||||||
common_name: "{{ item.fqdn }}"
|
common_name: "{{ item.fqdn }}"
|
||||||
organization_name: EDNZ Cloud
|
organization_name: EDNZ Cloud
|
||||||
register: csr
|
register: csr
|
||||||
@ -63,9 +67,9 @@
|
|||||||
|
|
||||||
- name: "Create self-signed certificate from CSR"
|
- name: "Create self-signed certificate from CSR"
|
||||||
community.crypto.x509_certificate:
|
community.crypto.x509_certificate:
|
||||||
path: "{{ sub_configuration_directories['certificates'] }}/external/{{ item.item.fqdn }}.pem"
|
path: "{{ hashistack_sub_configuration_directories['certificates'] }}/external/{{ item.item.fqdn }}.pem"
|
||||||
csr_content: "{{ item.csr }}"
|
csr_content: "{{ item.csr }}"
|
||||||
privatekey_path: "{{ sub_configuration_directories['certificates'] }}/external/{{ item.item.fqdn }}.pem.key"
|
privatekey_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/external/{{ item.item.fqdn }}.pem.key"
|
||||||
provider: selfsigned
|
provider: selfsigned
|
||||||
owner: "{{ lookup('env', 'USER') }}"
|
owner: "{{ lookup('env', 'USER') }}"
|
||||||
group: "{{ lookup('env', 'USER') }}"
|
group: "{{ lookup('env', 'USER') }}"
|
||||||
@ -77,15 +81,15 @@
|
|||||||
- internal
|
- internal
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
vars:
|
vars:
|
||||||
hashistack_ca_key_path: "{{ sub_configuration_directories['certificates'] }}/ca/ca.key"
|
hashistack_ca_key_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/ca/ca.key"
|
||||||
hashistack_ca_cert_path: "{{ sub_configuration_directories['certificates'] }}/ca/ca.crt"
|
hashistack_ca_cert_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/ca/ca.crt"
|
||||||
block:
|
block:
|
||||||
- name: "Create internal CA" # noqa: run-once[task]
|
- name: "Create internal CA" # noqa: run-once[task]
|
||||||
run_once: true
|
run_once: true
|
||||||
block:
|
block:
|
||||||
- name: "Create temporary cert directory in {{ sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
|
- name: "Create temporary cert directory in {{ hashistack_sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ sub_configuration_directories['certificates'] }}/ca"
|
path: "{{ hashistack_sub_configuration_directories['certificates'] }}/ca"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ lookup('env', 'USER') }}"
|
owner: "{{ lookup('env', 'USER') }}"
|
||||||
group: "{{ lookup('env', 'USER') }}"
|
group: "{{ lookup('env', 'USER') }}"
|
||||||
@ -124,12 +128,12 @@
|
|||||||
when:
|
when:
|
||||||
- "'vault_servers' in group_names"
|
- "'vault_servers' in group_names"
|
||||||
vars:
|
vars:
|
||||||
vault_private_key_path: "{{ sub_configuration_directories['certificates'] }}/vault/{{ inventory_hostname }}/key.pem"
|
vault_private_key_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/vault/{{ inventory_hostname }}/key.pem"
|
||||||
vault_certificate_path: "{{ sub_configuration_directories['certificates'] }}/vault/{{ inventory_hostname }}/cert.pem"
|
vault_certificate_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/vault/{{ inventory_hostname }}/cert.pem"
|
||||||
block:
|
block:
|
||||||
- name: "Create temporary cert directory in {{ sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
|
- name: "Create temporary cert directory in {{ hashistack_sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ sub_configuration_directories['certificates'] }}/vault/{{ inventory_hostname }}"
|
path: "{{ hashistack_sub_configuration_directories['certificates'] }}/vault/{{ inventory_hostname }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ lookup('env', 'USER') }}"
|
owner: "{{ lookup('env', 'USER') }}"
|
||||||
group: "{{ lookup('env', 'USER') }}"
|
group: "{{ lookup('env', 'USER') }}"
|
||||||
@ -200,12 +204,12 @@
|
|||||||
when:
|
when:
|
||||||
- "('consul_servers' in group_names) or ('consul_agents' in group_names)"
|
- "('consul_servers' in group_names) or ('consul_agents' in group_names)"
|
||||||
vars:
|
vars:
|
||||||
consul_private_key_path: "{{ sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}/key.pem"
|
consul_private_key_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}/key.pem"
|
||||||
consul_certificate_path: "{{ sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}/cert.pem"
|
consul_certificate_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}/cert.pem"
|
||||||
block:
|
block:
|
||||||
- name: "Create temporary cert directory in {{ sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
|
- name: "Create temporary cert directory in {{ hashistack_sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}"
|
path: "{{ hashistack_sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ lookup('env', 'USER') }}"
|
owner: "{{ lookup('env', 'USER') }}"
|
||||||
group: "{{ lookup('env', 'USER') }}"
|
group: "{{ lookup('env', 'USER') }}"
|
||||||
@ -227,8 +231,8 @@
|
|||||||
'IP:' + api_interface_address,
|
'IP:' + api_interface_address,
|
||||||
'IP:127.0.0.1'
|
'IP:127.0.0.1'
|
||||||
] -%}
|
] -%}
|
||||||
{%- if hashicorp_consul_configuration.server -%}
|
{%- if consul_enable_server -%}
|
||||||
{%- set _ = sans_list.append('DNS:server.' ~ hashicorp_consul_configuration.datacenter ~ '.' ~ hashicorp_consul_configuration.domain) -%}
|
{%- set _ = sans_list.append('DNS:server.' ~ consul_datacenter ~ '.' ~ consul_domain) -%}
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
{{ sans_list }}
|
{{ sans_list }}
|
||||||
community.crypto.openssl_csr_pipe:
|
community.crypto.openssl_csr_pipe:
|
||||||
@ -282,12 +286,12 @@
|
|||||||
when:
|
when:
|
||||||
- "('nomad_servers' in group_names) or ('nomad_clients' in group_names)"
|
- "('nomad_servers' in group_names) or ('nomad_clients' in group_names)"
|
||||||
vars:
|
vars:
|
||||||
nomad_private_key_path: "{{ sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}/key.pem"
|
nomad_private_key_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}/key.pem"
|
||||||
nomad_certificate_path: "{{ sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}/cert.pem"
|
nomad_certificate_path: "{{ hashistack_sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}/cert.pem"
|
||||||
block:
|
block:
|
||||||
- name: "Create temporary cert directory in {{ sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
|
- name: "Create temporary cert directory in {{ hashistack_sub_configuration_directories['certificates'] }}" # noqa: run-once[task]
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}"
|
path: "{{ hashistack_sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ lookup('env', 'USER') }}"
|
owner: "{{ lookup('env', 'USER') }}"
|
||||||
group: "{{ lookup('env', 'USER') }}"
|
group: "{{ lookup('env', 'USER') }}"
|
||||||
@ -308,14 +312,14 @@
|
|||||||
'IP:' + api_interface_address,
|
'IP:' + api_interface_address,
|
||||||
'IP:127.0.0.1'
|
'IP:127.0.0.1'
|
||||||
] -%}
|
] -%}
|
||||||
{%- if hashicorp_nomad_configuration.server.enabled -%}
|
{%- if nomad_enable_server -%}
|
||||||
{%- set _ = sans_list.append('DNS:server.' ~ hashicorp_nomad_configuration.region ~ '.nomad') -%}
|
{%- set _ = sans_list.append('DNS:server.' ~ nomad_region ~ '.nomad') -%}
|
||||||
{%- if (enable_consul | bool) -%}
|
{%- if (enable_consul | bool) -%}
|
||||||
{%- set _ = sans_list.append('DNS:nomad.service.consul') -%}
|
{%- set _ = sans_list.append('DNS:nomad.service.consul') -%}
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
{%- if hashicorp_nomad_configuration.client.enabled -%}
|
{%- if nomad_enable_client -%}
|
||||||
{%- set _ = sans_list.append('DNS:client.' ~ hashicorp_nomad_configuration.region ~ '.nomad') -%}
|
{%- set _ = sans_list.append('DNS:client.' ~ nomad_region ~ '.nomad') -%}
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
{{ sans_list }}
|
{{ sans_list }}
|
||||||
community.crypto.openssl_csr_pipe:
|
community.crypto.openssl_csr_pipe:
|
||||||
|
@ -70,7 +70,7 @@
|
|||||||
|
|
||||||
- name: "Ensure secrets directory is created"
|
- name: "Ensure secrets directory is created"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ sub_configuration_directories['secrets'] }}"
|
path: "{{ hashistack_sub_configuration_directories['secrets'] }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ lookup('env', 'USER') }}"
|
owner: "{{ lookup('env', 'USER') }}"
|
||||||
group: "{{ lookup('env', 'USER') }}"
|
group: "{{ lookup('env', 'USER') }}"
|
||||||
@ -79,7 +79,7 @@
|
|||||||
- name: "Write credentials file"
|
- name: "Write credentials file"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: templates/credentials.yml.j2
|
src: templates/credentials.yml.j2
|
||||||
dest: "{{ sub_configuration_directories['secrets'] }}/{{ configuration_credentials_vars_file }}"
|
dest: "{{ hashistack_sub_configuration_directories['secrets'] }}/{{ hashistack_configuration_credentials_vars_file }}"
|
||||||
owner: "{{ lookup('env', 'USER') }}"
|
owner: "{{ lookup('env', 'USER') }}"
|
||||||
group: "{{ lookup('env', 'USER') }}"
|
group: "{{ lookup('env', 'USER') }}"
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
|
Loading…
Reference in New Issue
Block a user