feat/major-revamp #11

Merged
lanson merged 42 commits from fix/various into main 2024-08-17 14:54:28 +00:00
6 changed files with 23 additions and 24 deletions
Showing only changes of commit b7bd59d5fa - Show all commits

View File

@ -5,6 +5,8 @@
# # # #
##################################################### #####################################################
consul_init_server: "{{ (inventory_hostname == groups['consul_servers'][0]) | bool }}"
##################### #####################
# consul api config # # consul api config #
##################### #####################

View File

@ -5,6 +5,8 @@
# # # #
##################################################### #####################################################
nomad_init_server: "{{ (inventory_hostname == groups['nomad_servers'][0]) | bool }}"
#################### ####################
# nomad api config # # nomad api config #
#################### ####################

View File

@ -5,6 +5,8 @@
# # # #
##################################################### #####################################################
vault_init_cluster: "{{ (inventory_hostname == groups['vault_servers'][0]) | bool }}"
######################### #########################
# vault haproxy backend # # vault haproxy backend #
######################### #########################

View File

@ -32,17 +32,17 @@
port: "{{ consul_api_port[consul_api_scheme] }}" port: "{{ consul_api_port[consul_api_scheme] }}"
scheme: "{{ consul_api_scheme }}" scheme: "{{ consul_api_scheme }}"
state: present state: present
run_once: true
delegate_to: "{{ groups['consul_servers'] | first }}"
register: _consul_init_secret register: _consul_init_secret
when: hashicorp_consul_configuration.acl.enabled when:
- consul_init_server
- hashicorp_consul_configuration.acl.enabled
- name: "Create consul agents token" - name: "Create consul agents token"
when: when:
- consul_acl_configuration.enabled - consul_init_server
- hashicorp_consul_configuration.acl.enabled
block: block:
- name: "Create consul agents token" # noqa: run-once[task] no-handler - name: "Create consul agents token" # noqa: run-once[task] no-handler
run_once: true
block: block:
- name: "Create consul agent policy" - name: "Create consul agent policy"
community.general.consul_policy: community.general.consul_policy:

View File

@ -3,14 +3,13 @@
block: block:
- name: "Create consul tokens for service registration" - name: "Create consul tokens for service registration"
when: when:
- nomad_init_server
- enable_consul - enable_consul
- nomad_enable_consul_integration - nomad_enable_consul_integration
delegate_to: "{{ groups['consul_servers'] | first }}"
vars: vars:
_consul_host: "{{ hostvars[groups['consul_servers'][0]].api_interface_address }}" _consul_host: "{{ hostvars[groups['consul_servers'][0]].api_interface_address }}"
_consul_port: "{{ hostvars[groups['consul_servers'][0]].consul_api_port[hostvars[groups['consul_servers'][0]].consul_api_scheme] }}" _consul_port: "{{ hostvars[groups['consul_servers'][0]].consul_api_port[hostvars[groups['consul_servers'][0]].consul_api_scheme] }}"
_consul_scheme: "{{ hostvars[groups['consul_servers'][0]].consul_api_scheme }}" _consul_scheme: "{{ hostvars[groups['consul_servers'][0]].consul_api_scheme }}"
run_once: true
block: block:
- name: "Create server credentials" - name: "Create server credentials"
block: block:
@ -77,7 +76,7 @@
bootstrap_secret: "{{ _credentials.nomad.root_token.secret_id }}" bootstrap_secret: "{{ _credentials.nomad.root_token.secret_id }}"
api_url: "{{ nomad_api_addr }}" api_url: "{{ nomad_api_addr }}"
tls_verify: false tls_verify: false
run_once: true
delegate_to: "{{ groups['nomad_servers'] | first }}"
register: _nomad_init_secret register: _nomad_init_secret
when: hashicorp_nomad_configuration.acl.enabled when:
- nomad_init_server
- hashicorp_nomad_configuration.acl.enabled

View File

@ -3,14 +3,13 @@
block: block:
- name: "Create consul token for service registration" - name: "Create consul token for service registration"
when: when:
- vault_init_cluster
- enable_consul - enable_consul
- vault_enable_service_registration - vault_enable_service_registration
delegate_to: "{{ groups['consul_servers'] | first }}"
vars: vars:
_consul_vault_sr_host: "{{ hostvars[groups['consul_servers'][0]].api_interface_address }}" _consul_vault_sr_host: "{{ hostvars[groups['consul_servers'][0]].api_interface_address }}"
_consul_vault_sr_port: "{{ hostvars[groups['consul_servers'][0]].consul_api_port[hostvars[groups['consul_servers'][0]].consul_api_scheme] }}" _consul_vault_sr_port: "{{ hostvars[groups['consul_servers'][0]].consul_api_port[hostvars[groups['consul_servers'][0]].consul_api_scheme] }}"
_consul_vault_sr_scheme: "{{ hostvars[groups['consul_servers'][0]].consul_api_scheme }}" _consul_vault_sr_scheme: "{{ hostvars[groups['consul_servers'][0]].consul_api_scheme }}"
run_once: true
block: block:
- name: "Create consul vault policy" - name: "Create consul vault policy"
community.general.consul_policy: community.general.consul_policy:
@ -48,12 +47,11 @@
tls_verify: "{{ vault_tls_verify }}" tls_verify: "{{ vault_tls_verify }}"
key_shares: "{{ vault_seal_configuration['key_shares'] }}" key_shares: "{{ vault_seal_configuration['key_shares'] }}"
key_threshold: "{{ vault_seal_configuration['key_threshold'] }}" key_threshold: "{{ vault_seal_configuration['key_threshold'] }}"
run_once: true
retries: 5 retries: 5
delay: 5 delay: 5
delegate_to: "{{ groups['vault_servers'] | first }}"
register: _vault_init_secret register: _vault_init_secret
until: not _vault_init_secret.failed until: not _vault_init_secret.failed
when: vault_init_cluster
- name: "Write vault configuration to file" # noqa: run-once[task] no-handler - name: "Write vault configuration to file" # noqa: run-once[task] no-handler
ansible.builtin.copy: ansible.builtin.copy:
@ -62,15 +60,11 @@
owner: "{{ lookup('env', 'USER') }}" owner: "{{ lookup('env', 'USER') }}"
group: "{{ lookup('env', 'USER') }}" group: "{{ lookup('env', 'USER') }}"
mode: "0644" mode: "0644"
when: _vault_init_secret.changed when:
run_once: true - vault_init_cluster
- _vault_init_secret.changed
delegate_to: localhost delegate_to: localhost
# - name: "Load vault cluster variables necessary for unseal operation"
# ansible.builtin.include_vars:
# file: "{{ sub_configuration_directories.vault_servers }}/vault_config.yml"
# name: _vault_cluster_config
- name: "Load vault cluster variables necessary for unseal operation" - name: "Load vault cluster variables necessary for unseal operation"
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: ../misc/load_credentials_vars.yml file: ../misc/load_credentials_vars.yml
@ -80,9 +74,9 @@
api_url: "{{ hashicorp_vault_configuration['api_addr'] }}" api_url: "{{ hashicorp_vault_configuration['api_addr'] }}"
tls_verify: "{{ vault_tls_verify }}" tls_verify: "{{ vault_tls_verify }}"
key_shares: "{{ _credentials.vault['keys'] }}" key_shares: "{{ _credentials.vault['keys'] }}"
run_once: true when:
delegate_to: "{{ groups['vault_servers'] | first }}" - vault_init_cluster
when: _vault_init_secret.changed - _vault_init_secret.changed
register: _vault_unseal_secret register: _vault_unseal_secret
- name: "Unseal all vault nodes" - name: "Unseal all vault nodes"