feat/major-revamp #11

Merged
lanson merged 42 commits from fix/various into main 2024-08-17 14:54:28 +00:00
5 changed files with 55 additions and 27 deletions
Showing only changes of commit 51605ab239 - Show all commits

View File

@ -18,6 +18,7 @@ configuration_credentials_vars_file: "credentials.yml"
hashistack_remote_config_dir: "/etc/hashistack" hashistack_remote_config_dir: "/etc/hashistack"
hashistack_remote_data_dir: "/opt/hashistack" hashistack_remote_data_dir: "/opt/hashistack"
hashistack_remote_log_dir: /var/log/hashistack
default_container_extra_volumes: default_container_extra_volumes:
- "/etc/timezone:/etc/timezone" - "/etc/timezone:/etc/timezone"
@ -44,4 +45,6 @@ preflight_enable_host_ntp_checks: true
haproxy_required_ports: [80, 443] haproxy_required_ports: [80, 443]
vault_required_ports: [8200, 8201] vault_required_ports: [8200, 8201]
consul_required_ports: [8300, 8301, 8302, 8500, 8501, 8502, 8503, 8600] consul_required_ports: [8300, 8301, 8302, 8500, 8501, 8502, 8503, 8600]
nomad_required_ports: [] nomad_required_ports: [4646, 4647, 4648]
target: all, !deployment

View File

@ -64,6 +64,17 @@ consul_certificates_extra_files_dir:
- src: "{{ sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}" - src: "{{ sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}"
dest: "{{ consul_certificates_directory }}" dest: "{{ consul_certificates_directory }}"
##################
# consul logging #
##################
consul_enable_log_to_file: "{{ enable_log_to_file | bool }}"
consul_logging_configuration:
log_file: "{{ hashistack_remote_log_dir }}/consul/consul.log"
log_level: info
log_rotate_duration: 24h
log_rotate_max_files: 30
######################### #########################
# consul role variables # # consul role variables #
######################### #########################
@ -72,8 +83,8 @@ hashicorp_consul_start_service: true
hashicorp_consul_service_name: "consul" hashicorp_consul_service_name: "consul"
hashicorp_consul_version: "{{ consul_version }}" hashicorp_consul_version: "{{ consul_version }}"
hashicorp_consul_env_variables: {} hashicorp_consul_env_variables: {}
hashicorp_consul_config_dir: "/etc/consul.d" hashicorp_consul_config_dir: "{{ hashistack_remote_config_dir }}/consul.d"
hashicorp_consul_data_dir: "/opt/consul" hashicorp_consul_data_dir: "{{ hashistack_remote_data_dir }}/consul"
hashicorp_consul_extra_files: true hashicorp_consul_extra_files: true
hashicorp_consul_extra_files_list: "{{ ([] + hashicorp_consul_extra_files_list: "{{ ([] +
(consul_certificates_extra_files_dir if consul_enable_tls else []) + (consul_certificates_extra_files_dir if consul_enable_tls else []) +

View File

@ -25,6 +25,12 @@ hashistack_internal_vip_addr: "{{ hashistack_external_vip_addr }}"
api_interface: "eth0" api_interface: "eth0"
api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}" api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"
###################
# logging options #
###################
enable_log_to_file: true
######################## ########################
# external tls options # # external tls options #
######################## ########################
@ -180,17 +186,6 @@ vault_service_registration_configuration:
vault_enable_plugins: false vault_enable_plugins: false
###########
# logging #
###########
vault_enable_log_to_file: false
vault_logging_configuration:
log_level: info
log_format: standard
log_rotate_duration: 24h
log_rotate_max_files: 30
########################### ###########################
# vault container volumes # # vault container volumes #
########################### ###########################
@ -246,11 +241,11 @@ nomad_vault_integration_configuration: {}
# nomad drivers configuration # # nomad drivers configuration #
############################### ###############################
nomad_driver_enable_docker: yes nomad_driver_enable_docker: true
nomad_driver_enable_podman: no nomad_driver_enable_podman: false
nomad_driver_enable_raw_exec: no nomad_driver_enable_raw_exec: false
nomad_driver_enable_java: no nomad_driver_enable_java: false
nomad_driver_enable_qemu: no nomad_driver_enable_qemu: false
nomad_driver_extra_configuration: {} nomad_driver_extra_configuration: {}

View File

@ -163,6 +163,17 @@ nomad_certificates_extra_files_dir:
- src: "{{ sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}" - src: "{{ sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}"
dest: "{{ nomad_certificates_directory }}" dest: "{{ nomad_certificates_directory }}"
#################
# nomad logging #
#################
nomad_enable_log_to_file: "{{ enable_log_to_file | bool }}"
nomad_logging_configuration:
log_file: "{{ hashistack_remote_log_dir }}/nomad/nomad.log"
log_level: info
log_rotate_duration: 24h
log_rotate_max_files: 30
######################## ########################
# nomad role variables # # nomad role variables #
######################## ########################
@ -174,8 +185,8 @@ hashicorp_nomad_cni_plugins_version: latest
hashicorp_nomad_cni_plugins_install_path: /opt/cni/bin hashicorp_nomad_cni_plugins_install_path: /opt/cni/bin
hashicorp_nomad_version: "{{ nomad_version }}" hashicorp_nomad_version: "{{ nomad_version }}"
hashicorp_nomad_env_variables: {} hashicorp_nomad_env_variables: {}
hashicorp_nomad_config_dir: "/etc/nomad.d" hashicorp_nomad_config_dir: "{{ hashistack_remote_config_dir }}/nomad.d"
hashicorp_nomad_data_dir: /opt/nomad hashicorp_nomad_data_dir: "{{ hashistack_remote_data_dir }}/nomad"
hashicorp_nomad_extra_files: true hashicorp_nomad_extra_files: true
hashicorp_nomad_extra_files_list: "{{ ([] + hashicorp_nomad_extra_files_list: "{{ ([] +
(nomad_certificates_extra_files_dir if nomad_enable_tls else []) + (nomad_certificates_extra_files_dir if nomad_enable_tls else []) +

View File

@ -5,7 +5,7 @@
# # # #
##################################################### #####################################################
vault_init_cluster: "{{ (inventory_hostname == groups['vault_servers'][0]) | bool }}" vault_init_server: "{{ (inventory_hostname == groups['vault_servers'][0]) | bool }}"
######################### #########################
# vault haproxy backend # # vault haproxy backend #
@ -60,6 +60,17 @@ vault_service_registration_policy: |
policy = "write" policy = "write"
} }
#################
# vault logging #
#################
vault_enable_log_to_file: "{{ enable_log_to_file | bool }}"
vault_logging_configuration:
log_file: "{{ hashistack_remote_log_dir }}/vault/vault.log"
log_level: info
log_rotate_duration: 24h
log_rotate_max_files: 30
######################## ########################
# vault role variables # # vault role variables #
######################## ########################
@ -68,8 +79,8 @@ hashicorp_vault_start_service: true
hashicorp_vault_service_name: "vault" hashicorp_vault_service_name: "vault"
hashicorp_vault_version: "{{ vault_version }}" hashicorp_vault_version: "{{ vault_version }}"
hashicorp_vault_env_variables: {} hashicorp_vault_env_variables: {}
hashicorp_vault_config_dir: "/etc/vault.d" hashicorp_vault_config_dir: "{{ hashistack_remote_config_dir }}/vault.d"
hashicorp_vault_data_dir: "/opt/vault" hashicorp_vault_data_dir: "{{ hashistack_remote_data_dir }}/vault"
hashicorp_vault_extra_files: true hashicorp_vault_extra_files: true
hashicorp_vault_extra_files_list: "{{ ([] + hashicorp_vault_extra_files_list: "{{ ([] +
(vault_certificates_extra_files_dir if vault_enable_tls else []) + (vault_certificates_extra_files_dir if vault_enable_tls else []) +
@ -78,9 +89,6 @@ hashicorp_vault_extra_files_list: "{{ ([] +
| unique | unique
| sort | sort
}}" }}"
hashicorp_vault_extra_files_src: "{{ sub_configuration_directories.vault_servers }}/config"
hashicorp_vault_extra_files_dst: "{{ hashicorp_vault_config_dir }}/config"
hashicorp_vault_extra_container_volumes: "{{ default_container_extra_volumes | union(extra_vault_container_volumes) | unique | sort }}"
hashicorp_vault_configuration: hashicorp_vault_configuration:
cluster_name: "{{ vault_cluster_name }}" cluster_name: "{{ vault_cluster_name }}"
cluster_addr: "{{ 'https' if vault_enable_tls else 'http'}}://{{ api_interface_address }}:8201" cluster_addr: "{{ 'https' if vault_enable_tls else 'http'}}://{{ api_interface_address }}:8201"