diff --git a/.gitea/workflows/e2e-tests-consul.yml b/.gitea/workflows/e2e-tests-consul.yml index f6aaead..5e644b5 100644 --- a/.gitea/workflows/e2e-tests-consul.yml +++ b/.gitea/workflows/e2e-tests-consul.yml @@ -31,7 +31,7 @@ jobs: kv/data/applications/gitea/users/actions username | GITEA_ACTIONS_USERNAME ; kv/data/applications/gitea/users/actions token_write | GITEA_ACTIONS_TOKEN ; - end_to_end_vault: + end_to_end_consul: needs: retrieve-credentials strategy: matrix: diff --git a/.gitea/workflows/e2e-tests-nomad.yml b/.gitea/workflows/e2e-tests-nomad.yml index ae1ebf6..5d10e92 100644 --- a/.gitea/workflows/e2e-tests-nomad.yml +++ b/.gitea/workflows/e2e-tests-nomad.yml @@ -31,7 +31,7 @@ jobs: kv/data/applications/gitea/users/actions username | GITEA_ACTIONS_USERNAME ; kv/data/applications/gitea/users/actions token_write | GITEA_ACTIONS_TOKEN ; - end_to_end_vault: + end_to_end_nomad: needs: retrieve-credentials strategy: matrix: diff --git a/docs/README.md b/docs/README.md index 6034cfe..8dcf15d 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1 +1 @@ -You can find the documentation for this project in the [Wiki](https://git.ednz.fr/ansible-collections/hashistack/wiki) +You can find the documentation for this project in the [Wiki](https://git.ednz.fr/ansible-collections/hcp-ansible/wiki) diff --git a/molecule/no_tls_multi_node/molecule.yml b/molecule/no_tls_multi_node/molecule.yml index c517f69..1958b9e 100644 --- a/molecule/no_tls_multi_node/molecule.yml +++ b/molecule/no_tls_multi_node/molecule.yml @@ -19,7 +19,6 @@ platforms: type: static groups: - common - - haproxy_servers - nomad_clients - consul_agents - name: proxy02.ednz.lab @@ -33,7 +32,6 @@ platforms: type: static groups: - common - - haproxy_servers - nomad_clients - consul_agents - name: hashistack01.ednz.lab diff --git a/molecule/tls_multi_node/molecule.yml b/molecule/tls_multi_node/molecule.yml index 39209e9..b9a3e19 100644 --- a/molecule/tls_multi_node/molecule.yml +++ b/molecule/tls_multi_node/molecule.yml @@ -19,7 +19,6 @@ platforms: type: static groups: - common - - haproxy_servers - nomad_clients - consul_agents - name: proxy02.ednz.lab @@ -33,7 +32,6 @@ platforms: type: static groups: - common - - haproxy_servers - nomad_clients - consul_agents - name: hashistack01.ednz.lab diff --git a/playbooks/group_vars/all/haproxy.yml b/playbooks/group_vars/all/haproxy.yml deleted file mode 100644 index 2986cfa..0000000 --- a/playbooks/group_vars/all/haproxy.yml +++ /dev/null @@ -1,98 +0,0 @@ ---- -##################################################### -# # -# HAProxy Configuration # -# # -##################################################### - -deploy_haproxy_deploy_method: "host" -deploy_haproxy_version: "{{ haproxy_version }}" - -deploy_haproxy_env_variables: {} -deploy_haproxy_start_service: true -deploy_haproxy_cert_dir: "{{ hashistack_sub_configuration_directories['certificates']~'/external' if (enable_tls_external and not external_tls_externally_managed_certs) }}" -deploy_haproxy_extra_container_volumes: [] -deploy_haproxy_global: - - log /dev/log local0 - - log /dev/log local1 notice - - stats socket {{ deploy_haproxy_socket }} level admin - - chroot {{ deploy_haproxy_chroot }} - - daemon - - description hashistack haproxy - -deploy_haproxy_defaults: - - log global - - mode http - - option httplog - - option dontlognull - - timeout connect 5000 - - timeout client 5000 - - timeout server 5000 - -deploy_haproxy_frontends: - - name: external_http - options: >- - {%- set haproxy_options = [ - 'description hashistack external http frontend', - 'mode http', - 'bind :80' - ] -%} - - {%- if enable_tls_external -%} - {%- set tls_cert_paths = [] -%} - {%- for item in ['consul', 'nomad', 'vault'] if vars['enable_' + item] | bool -%} - {%- set crt_option = '/var/lib/haproxy/certs/' + vars[item + '_fqdn'] + '.pem' -%} - {%- set _ = tls_cert_paths.append(crt_option) -%} - {%- endfor -%} - {%- set tls_options = ['bind :443 ssl crt ' + tls_cert_paths | join(' crt ') ] -%} - {%- set _ = tls_options.append('http-request redirect scheme https unless { ssl_fc }') -%} - {%- set haproxy_options = haproxy_options + tls_options -%} - {%- endif -%} - - {%- set haproxy_options = haproxy_options + consul_haproxy_frontend_options + vault_haproxy_frontend_options + nomad_haproxy_frontend_options -%} - - {{ haproxy_options }} - -deploy_haproxy_backends: "{{ consul_haproxy_backends + vault_haproxy_backends + nomad_haproxy_backends }}" - -deploy_haproxy_listen: - - name: monitoring - options: - - bind :9000 - - mode http - - option httpchk - - stats enable - - stats uri /stats - - stats refresh 30s - - stats show-desc - - stats show-legends - - stats auth admin:password - - http-check send meth GET uri /health ver HTTP/1.1 hdr Host localhost - - http-check expect status 200 - - acl health_check_ok nbsrv() ge 1 - - monitor-uri /health - - http-request use-service prometheus-exporter if { path /metrics } - -deploy_keepalived_deploy_method: "host" -deploy_keepalived_version: "latest" -deploy_keepalived_start_service: true -deploy_keepalived_env_variables: {} - -deploy_keepalived_vrrp_instance_name: "{{ ansible_hostname }}" -deploy_keepalived_interface: "{{ api_interface }}" -deploy_keepalived_state: "BACKUP" -deploy_keepalived_router_id: 50 -deploy_keepalived_priority: 100 -deploy_keepalived_advert_interval: 1 -deploy_keepalived_unicast_source: "{{ api_interface_address }}" -deploy_keepalived_unicast_peers: "{{ groups['haproxy_servers'] | difference([ansible_hostname]) | map('extract', hostvars, ['api_interface_address']) | list }}" -deploy_keepalived_auth_passwd: "password" -deploy_keepalived_virtual_ips: - - "{{ hashistack_external_vip_addr }}/32 dev {{ hashistack_external_vip_interface }}" -deploy_keepalived_notify_script: notify.sh - -deploy_keepalived_custom_scripts_src: tasks/haproxy/files/keepalived/scripts.d -deploy_keepalived_extra_container_volumes: [] - -deploy_keepalived_use_custom_config: true -deploy_keepalived_custom_config_src: tasks/haproxy/files/keepalived/keepalived.conf.j2 diff --git a/playbooks/preflight.yml b/playbooks/preflight.yml index 92cab07..ccce69c 100644 --- a/playbooks/preflight.yml +++ b/playbooks/preflight.yml @@ -172,26 +172,6 @@ - name: "Verify required ports" block: - - name: "Checking if haproxy ports are available" - when: inventory_hostname in groups['haproxy_servers'] - block: - - name: "Checking if haproxy ports are available" - ansible.builtin.wait_for: - host: "{{ inventory_hostname }}" - port: "{{ item }}" - state: "stopped" - timeout: 5 - loop: "{{ haproxy_required_ports }}" - ignore_errors: true - register: haproxy_port_results - - - name: "Assert that haproxy ports are not currently in use" - ansible.builtin.assert: - that: - - item.failed == false - with_items: "{{ haproxy_port_results.results }}" - when: haproxy_port_results.results | length > 0 - - name: "Checking if vault ports are available" when: inventory_hostname in groups['vault_servers'] block: diff --git a/roles/consul/defaults/main.yml b/roles/consul/defaults/main.yml index 9f43d7b..42f1d38 100644 --- a/roles/consul/defaults/main.yml +++ b/roles/consul/defaults/main.yml @@ -1,5 +1,5 @@ --- -# defaults file for hashicorp_consul +# defaults file for consul consul_version: "latest" consul_start_service: true diff --git a/roles/consul/handlers/main.yml b/roles/consul/handlers/main.yml index 7296134..90d87f6 100644 --- a/roles/consul/handlers/main.yml +++ b/roles/consul/handlers/main.yml @@ -1,2 +1,2 @@ --- -# handlers file for hashicorp_consul +# handlers file for consul diff --git a/roles/consul/meta/main.yml b/roles/consul/meta/main.yml index 965aeef..c4927eb 100644 --- a/roles/consul/meta/main.yml +++ b/roles/consul/meta/main.yml @@ -1,8 +1,8 @@ --- -# meta file for hashicorp_consul +# meta file for consul galaxy_info: namespace: "ednz_cloud" - role_name: "hashicorp_consul" + role_name: "consul" author: "Bertrand Lanson" description: "Install and configure hashicorp consul for debian-based distros." license: "license (BSD, MIT)" diff --git a/roles/consul/tasks/configure.yml b/roles/consul/tasks/configure.yml index 22bdcb1..6d5d535 100644 --- a/roles/consul/tasks/configure.yml +++ b/roles/consul/tasks/configure.yml @@ -1,5 +1,5 @@ --- -# task/configure file for hashicorp_consul +# task/configure file for consul - name: "Consul | Create consul.env" ansible.builtin.template: src: consul.env.j2 diff --git a/roles/consul/tasks/install.yml b/roles/consul/tasks/install.yml index dab00b7..1d4bd18 100644 --- a/roles/consul/tasks/install.yml +++ b/roles/consul/tasks/install.yml @@ -1,5 +1,5 @@ --- -# task/install file for hashicorp_consul +# task/install file for consul - name: "Consul | Get latest release of consul" when: consul_version == 'latest' block: diff --git a/roles/consul/tasks/install_envoy.yml b/roles/consul/tasks/install_envoy.yml index 98ea19d..e1139cd 100644 --- a/roles/consul/tasks/install_envoy.yml +++ b/roles/consul/tasks/install_envoy.yml @@ -1,5 +1,5 @@ --- -# task/install_envoy file for hashicorp_consul +# task/install_envoy file for consul - name: "Consul | Get release for envoy:{{ consul_envoy_version }}" vars: _envoy_url_ext: "{% if consul_envoy_version == 'latest'%}releases{% else %}releases/tags{% endif %}" diff --git a/roles/consul/tasks/main.yml b/roles/consul/tasks/main.yml index cb4fcb0..98654f2 100644 --- a/roles/consul/tasks/main.yml +++ b/roles/consul/tasks/main.yml @@ -1,5 +1,5 @@ --- -# task/main file for hashicorp_consul +# task/main file for consul - name: "Consul | Set reload-check & restart-check variable" ansible.builtin.set_fact: _consul_service_need_reload: false diff --git a/roles/consul/tasks/merge_variables.yml b/roles/consul/tasks/merge_variables.yml index 3e2ab80..9579b3c 100644 --- a/roles/consul/tasks/merge_variables.yml +++ b/roles/consul/tasks/merge_variables.yml @@ -1,5 +1,5 @@ --- -# task/merge_variables file for hashicorp_consul +# task/merge_variables file for consul - name: "Consul | Merge stringified configuration" vars: _config_to_merge: "{{ consul_configuration_string }}" diff --git a/roles/consul/tasks/prerequisites.yml b/roles/consul/tasks/prerequisites.yml index 1e34e83..9c050b3 100644 --- a/roles/consul/tasks/prerequisites.yml +++ b/roles/consul/tasks/prerequisites.yml @@ -1,5 +1,5 @@ --- -# task/prerequisites file for hashicorp_consul +# task/prerequisites file for consul - name: "Consul | Create group {{ consul_group }}" ansible.builtin.group: name: "{{ consul_group }}" diff --git a/roles/consul/tasks/recursive_copy_extra_dirs.yml b/roles/consul/tasks/recursive_copy_extra_dirs.yml index 09f43e4..a8d70e0 100644 --- a/roles/consul/tasks/recursive_copy_extra_dirs.yml +++ b/roles/consul/tasks/recursive_copy_extra_dirs.yml @@ -1,5 +1,5 @@ --- -# task/recursive_copy_extra_dirs file for hashicorp_consul +# task/recursive_copy_extra_dirs file for consul - name: "Consul | Ensure destination directory exists" ansible.builtin.file: path: "{{ dir_source_item.dest }}" diff --git a/roles/consul/vars/main.yml b/roles/consul/vars/main.yml index f2139b1..38cd5b5 100644 --- a/roles/consul/vars/main.yml +++ b/roles/consul/vars/main.yml @@ -1,5 +1,5 @@ --- -# vars file for hashicorp_consul +# vars file for consul consul_user: consul consul_group: consul consul_binary_path: /usr/local/bin/consul diff --git a/roles/hashistack_ingress/.docsible b/roles/hashistack_ingress/.docsible deleted file mode 100644 index 7713e0f..0000000 --- a/roles/hashistack_ingress/.docsible +++ /dev/null @@ -1,13 +0,0 @@ -aap_hub: null -automation_kind: null -category: null -critical: null -description: null -dt_dev: null -dt_prod: null -dt_update: 26/08/2024 -requester: null -subCategory: null -time_saving: null -users: null -version: null diff --git a/roles/hashistack_ingress/README.md b/roles/hashistack_ingress/README.md deleted file mode 100644 index 53897f3..0000000 --- a/roles/hashistack_ingress/README.md +++ /dev/null @@ -1,52 +0,0 @@ - - -# 📃 Role overview - -## hashistack_ingress - - - -Description: Deploys an ingress reverse-proxy on a hashistack-ansible managed nomad cluster - - -| Field | Value | -|---------------|------------| -| Readme update | 26/08/2024 | - - - - - - - - - - - - -### Tasks - - - - - - - - -## Author Information -Bertrand Lanson - -#### License - -license (BSD, MIT) - -#### Minimum Ansible Version - -2.10 - -#### Platforms - -- **Ubuntu**: ['focal', 'jammy', 'noble'] -- **Debian**: ['bullseye', 'bookworm'] - - diff --git a/roles/hashistack_ingress/defaults/main.yml b/roles/hashistack_ingress/defaults/main.yml deleted file mode 100644 index ee7df4f..0000000 --- a/roles/hashistack_ingress/defaults/main.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# defaults file for hashistack_ingress -hashistack_ingress_nomad_api_addr: "http://127.0.0.1:4646" -hashistack_ingress_nomad_api_token: - -hashistack_ingress_job_name: HashistackHAProxyIngress -hashistack_ingress_datacenters: [] -hashistack_ingress_namespace: default -hashistack_ingress_replicas: 1 -hashistack_ingress_enable_consul_service: true - -hashistack_ingress_virtual_ip_keepalived_version: latest -hashistack_ingress_virtual_ip_addr: "192.168.1.1" -hashistack_ingress_virtual_ip_interface: eth0 -hashistack_ingress_virtual_ip_vrrp_interface: "{{ hashistack_ingress_virtual_ip_interface }}" -hashistack_ingress_virtual_ip_vrrp_router_id: 50 -hashistack_ingress_virtual_ip_vrrp_priority: 100 -hashistack_ingress_virtual_ip_vrrp_advertise_interval: 1 -hashistack_ingress_virtual_ip_vrrp_password: password - -hashistack_ingress_enable_http: true -hashistack_ingress_enable_https: false -hashistack_ingress_enable_prometheus_metrics: false -hashistack_ingress_enable_admin_interface: false -hashistack_ingress_admin_interface_password: password - -hashistack_ingress_virtual_ip_haproxy_version: latest -hashistack_ingress_haproxy_global: - - log /dev/log local0 - - log /dev/log local1 notice - - stats socket {{ deploy_haproxy_socket }} level admin - - chroot {{ deploy_haproxy_chroot }} - - daemon - - description hashistack haproxy -hashistack_ingress_haproxy_defaults: - - log global - - mode http - - option httplog - - option dontlognull - - timeout connect 5000 - - timeout client 5000 - - timeout server 5000 -hashistack_ingress_haproxy_frontends: [] -hashistack_ingress_haproxy_backends: [] -hashistack_ingress_haproxy_listen: [] diff --git a/roles/hashistack_ingress/handlers/main.yml b/roles/hashistack_ingress/handlers/main.yml deleted file mode 100644 index 81ae4df..0000000 --- a/roles/hashistack_ingress/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for hashistack_ingress diff --git a/roles/hashistack_ingress/meta/main.yml b/roles/hashistack_ingress/meta/main.yml deleted file mode 100644 index 01ba49c..0000000 --- a/roles/hashistack_ingress/meta/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# meta file for hashistack_ingress -galaxy_info: - namespace: "ednz_cloud" - role_name: "hashistack_ingress" - author: "Bertrand Lanson" - description: "Deploys an ingress reverse-proxy on a hashistack-ansible managed nomad cluster" - license: "license (BSD, MIT)" - min_ansible_version: "2.10" - platforms: - - name: Ubuntu - versions: - - focal - - jammy - - noble - - name: Debian - versions: - - bullseye - - bookworm - galaxy_tags: - - "ubuntu" - - "debian" - - "hashicorp" - - "nomad" - - "haproxy" - - "ingress" - -dependencies: [] diff --git a/roles/hashistack_ingress/tasks/main.yml b/roles/hashistack_ingress/tasks/main.yml deleted file mode 100644 index da865fa..0000000 --- a/roles/hashistack_ingress/tasks/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# task/main file for hashistack_ingress diff --git a/roles/hashistack_ingress/templates/chk_haproxy.sh.j2 b/roles/hashistack_ingress/templates/chk_haproxy.sh.j2 deleted file mode 100644 index 50d4884..0000000 --- a/roles/hashistack_ingress/templates/chk_haproxy.sh.j2 +++ /dev/null @@ -1 +0,0 @@ -#! /bin/sh diff --git a/roles/hashistack_ingress/templates/haproxy.cfg.j2 b/roles/hashistack_ingress/templates/haproxy.cfg.j2 deleted file mode 100644 index bf43a0d..0000000 --- a/roles/hashistack_ingress/templates/haproxy.cfg.j2 +++ /dev/null @@ -1,31 +0,0 @@ -# {{ ansible_managed }} -global -{% for option in hashistack_ingress_haproxy_global %} - {{ option }} -{% endfor %} - -defaults -{% for option in hashistack_ingress_haproxy_defaults %} - {{ option }} -{% endfor %} - -{% for frontend in hashistack_ingress_haproxy_frontends + hashistack_ingress_mandatory_frontends %} -frontend {{ frontend.name }} -{% for option in frontend.options %} - {{ option }} -{% endfor %} -{% endfor %} - -{% for backend in hashistack_ingress_haproxy_backends %} -backend {{ backend.name }} -{% for option in backend.options%} - {{ option }} -{% endfor %} -{% endfor %} - -{% for listen in hashistack_ingress_haproxy_listen %} -listen {{ listen.name }} -{% for option in listen.options %} - {{ option }} -{% endfor %} -{% endfor %} diff --git a/roles/hashistack_ingress/templates/ingress.job.hcl.j2 b/roles/hashistack_ingress/templates/ingress.job.hcl.j2 deleted file mode 100644 index 188e915..0000000 --- a/roles/hashistack_ingress/templates/ingress.job.hcl.j2 +++ /dev/null @@ -1,155 +0,0 @@ -job "{{ hashistack_ingress_job_name }}" { - datacenters = {{ hashistack_ingress_datacenters }} - type = "service" - priority = 85 - namespace = {{ hashistack_ingress_namespace }} - - group "haproxy" { - network { - mode = "bridge" - port "http" { - to = 80 - static = 80 - } - port "https" { - to = 443 - static = 443 - } - port "stats" { - to = 9000 - } - } - -{% if hashistack_ingress_enable_http %} - service { - name = "haproxy-http" - provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}" - port = "http" - task = "loadbalancer" - check { - type = "http" - port = "stats" - path = "/health" - interval = "10s" - timeout = "2s" - } - tags = [] - } -{% endif %} - -{% if hashistack_ingress_enable_https %} - service { - name = "haproxy-https" - provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}" - port = "https" - task = "loadbalancer" - check { - type = "http" - port = "stats" - path = "/health" - interval = "10s" - timeout = "2s" - } - tags = [] - } -{% endif %} - - service { - name = "haproxy-stats" - provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}" - port = "stats" - task = "loadbalancer" - check { - type = "http" - port = "stats" - path = "/health" - interval = "10s" - timeout = "2s" - } - tags = [] - } - - - -{% if hashistack_ingress_enable_prometheus_metrics %} - service { - name = "loadbalancer-exporter" - port = "prometheus-exporter" - task = "loadbalancer" - tags = [] - } -{% endif %} - - task "keepalived" { - driver = "docker" - lifecycle { - hook = "poststart" - sidecar = true - } - config { - image = "{{ hashistack_ingress_keepalived_image }}:{{ hashistack_ingress_virtual_ip_keepalived_version }}" - network_mode = "host" - cap_add = [ - "NET_ADMIN", - "NET_BROADCAST", - "NET_RAW" - ] - mount { - type = "bind" - source = "secrets/keepalived.conf" - target = "/etc/keepalived/keepalived.conf" - } - mount { - type = "bind" - source = "secrets/chk_haproxy.sh" - target = "/etc/keepalived/scripts.d/chk_haproxy.sh" - } - mount { - type = "bind" - target = "/var/run/docker.sock" - source = "/var/run/docker.sock" - readonly = true - } - } - template { - data = <<-EOT -{% include "keepalived.conf.j2" %} -EOT - destination = "secrets/keepalived.conf" - } - template { - data = <<-EOT -{% include "chk_haproxy.sh.j2" %} -EOT - destination = "secrets/chk_haproxy.sh" - perms = "755" - } - resources { - cpu = 50 - memory = 10 - } - } - - task "loadbalancer" { - driver = "docker" - config { - image = "{{ hashistack_ingress_haproxy_image }}:{{ hashistack_ingress_virtual_ip_haproxy_version }}" - mount { - type = "bind" - source = "secrets/haproxy.cfg" - target = "/usr/local/etc/haproxy/haproxy.cfg" - } - } - template { - data = <<-EOT -{% include "haproxy.cfg.j2" %} -EOT - destination = "secrets/haproxy.cfg" - } - resources { - cpu = 128 - memory = 256 - } - } - } -} diff --git a/roles/hashistack_ingress/templates/keepalived.conf.j2 b/roles/hashistack_ingress/templates/keepalived.conf.j2 deleted file mode 100644 index 7a6a2f3..0000000 --- a/roles/hashistack_ingress/templates/keepalived.conf.j2 +++ /dev/null @@ -1,37 +0,0 @@ -global_defs { - script_user root - enable_script_security -} - -vrrp_script chk_haproxy { - script "/etc/keepalived/scripts.d/chk_haproxy.sh" - user root - interval 3 - weight 0 - rise 6 - fall 1 -} - -vrrp_instance haproxy { - interface {{ hashistack_ingress_virtual_ip_vrrp_interface }} - - state {{ hashistack_ingress_keepalived_init_state }} - virtual_router_id {{ hashistack_ingress_virtual_ip_vrrp_router_id }} - priority {{ hashistack_ingress_virtual_ip_vrrp_priority }} - advert_int {{ hashistack_ingress_virtual_ip_vrrp_advertise_interval }} - - authentication { - auth_type PASS - auth_pass {{ hashistack_ingress_virtual_ip_vrrp_password }} - } - - virtual_ipaddress { - {{ hashistack_ingress_virtual_ip_addr }}/32 dev {{ hashistack_ingress_virtual_ip_interface }} - } - - track_script { - chk_haproxy - } - - notify /etc/keepalived/scripts.d/notify.sh -} diff --git a/roles/hashistack_ingress/vars/main.yml b/roles/hashistack_ingress/vars/main.yml deleted file mode 100644 index 6426983..0000000 --- a/roles/hashistack_ingress/vars/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# vars file for hashistack_ingress -hashistack_ingress_keepalived_image: ednxzu/keepalived -hashistack_ingress_haproxy_image: haproxytech/haproxy-debian - -hashistack_ingress_keepalived_init_state: BACKUP - -hashistack_ingress_template_haproxy_cfg: "{{ lookup('ansible.builtin.template', 'haproxy.cfg.j2') }}" -hashistack_ingress_template_keepalived_conf: "{{ lookup('ansible.builtin.template', 'keepalived.conf.j2') }}" -hashistack_ingress_template_chk_haproxy_sh: "{{ lookup('ansible.builtin.template', 'chk_haproxy.sh.j2') }}" - -hashistack_ingress_mandatory_frontends: - - name: monitoring - options: - - bind :9000 - - mode http - - option httpchk - - "{{'stats enable' if hashistack_ingress_enable_admin_interface else omit }}" - - "{{'stats uri /stats' if hashistack_ingress_enable_admin_interface else omit }}" - - "{{'stats refresh 30s' if hashistack_ingress_enable_admin_interface else omit }}" - - "{{'stats show-desc' if hashistack_ingress_enable_admin_interface else omit }}" - - "{{'stats show-legends' if hashistack_ingress_enable_admin_interface else omit }}" - - "{{'stats auth admin:'~hashistack_ingress_admin_interface_password if hashistack_ingress_enable_admin_interface else omit }}" - - http-check send meth GET uri /health ver HTTP/1.1 hdr Host localhost - - http-check expect status 200 - - acl health_check_ok nbsrv() ge 1 - - monitor-uri /health - - "{{'http-request use-service prometheus-exporter if { path /metrics }' if hashistack_ingress_enable_prometheus_metrics else omit }}" diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml index fd66ceb..7a41ee0 100644 --- a/roles/nomad/defaults/main.yml +++ b/roles/nomad/defaults/main.yml @@ -1,5 +1,5 @@ --- -# defaults file for hashicorp_nomad +# defaults file for nomad nomad_version: "latest" nomad_start_service: true diff --git a/roles/nomad/handlers/main.yml b/roles/nomad/handlers/main.yml index a4216c6..ec1d972 100644 --- a/roles/nomad/handlers/main.yml +++ b/roles/nomad/handlers/main.yml @@ -1,2 +1,2 @@ --- -# handlers file for hashicorp_nomad +# handlers file for nomad diff --git a/roles/nomad/meta/main.yml b/roles/nomad/meta/main.yml index cc6aa7f..032b19a 100644 --- a/roles/nomad/meta/main.yml +++ b/roles/nomad/meta/main.yml @@ -1,5 +1,5 @@ --- -# meta file for hashicorp_nomad +# meta file for nomad galaxy_info: namespace: "ednz_cloud" role_name: "hashicorp_nomad" diff --git a/roles/nomad/tasks/configure.yml b/roles/nomad/tasks/configure.yml index 0de7a17..0af74b2 100644 --- a/roles/nomad/tasks/configure.yml +++ b/roles/nomad/tasks/configure.yml @@ -1,5 +1,5 @@ --- -# task/configure file for hashicorp_nomad +# task/configure file for nomad - name: "Nomad | Create nomad.env" ansible.builtin.template: src: nomad.env.j2 diff --git a/roles/nomad/tasks/main.yml b/roles/nomad/tasks/main.yml index 4575a15..959a953 100644 --- a/roles/nomad/tasks/main.yml +++ b/roles/nomad/tasks/main.yml @@ -1,5 +1,5 @@ --- -# task/main file for hashicorp_nomad +# task/main file for nomad - name: "Nomad | Set reload-check & restart-check variable" ansible.builtin.set_fact: _nomad_service_need_reload: false diff --git a/roles/nomad/tasks/merge_variables.yml b/roles/nomad/tasks/merge_variables.yml index f4712ce..89e1d9b 100644 --- a/roles/nomad/tasks/merge_variables.yml +++ b/roles/nomad/tasks/merge_variables.yml @@ -1,5 +1,5 @@ --- -# task/merge_variables file for hashicorp_nomad +# task/merge_variables file for nomad - name: "Nomad | Merge stringified configuration" vars: _config_to_merge: "{{ nomad_configuration_string }}" diff --git a/roles/nomad/tasks/prerequisites.yml b/roles/nomad/tasks/prerequisites.yml index 3928cf5..232bbd8 100644 --- a/roles/nomad/tasks/prerequisites.yml +++ b/roles/nomad/tasks/prerequisites.yml @@ -1,5 +1,5 @@ --- -# task/prerequisites file for hashicorp_nomad +# task/prerequisites file for nomad - name: "Nomad | Create group {{ nomad_group }}" ansible.builtin.group: name: "{{ nomad_user }}" diff --git a/roles/nomad/tasks/recursive_copy_extra_dirs.yml b/roles/nomad/tasks/recursive_copy_extra_dirs.yml index 2424d9e..47ef8bf 100644 --- a/roles/nomad/tasks/recursive_copy_extra_dirs.yml +++ b/roles/nomad/tasks/recursive_copy_extra_dirs.yml @@ -1,5 +1,5 @@ --- -# task/recursive_copy_extra_dirs file for hashicorp_nomad +# task/recursive_copy_extra_dirs file for nomad - name: "Nomad | Ensure destination directory exists" ansible.builtin.file: path: "{{ dir_source_item.dest }}" diff --git a/roles/nomad/vars/main.yml b/roles/nomad/vars/main.yml index b30f7d5..c21ccb5 100644 --- a/roles/nomad/vars/main.yml +++ b/roles/nomad/vars/main.yml @@ -1,5 +1,5 @@ --- -# vars file for hashicorp_nomad +# vars file for nomad nomad_user: nomad nomad_group: nomad nomad_binary_path: /usr/local/bin/nomad diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml index c39380c..6d19658 100644 --- a/roles/vault/defaults/main.yml +++ b/roles/vault/defaults/main.yml @@ -1,5 +1,5 @@ --- -# defaults file for hashicorp_vault +# defaults file for vault vault_version: latest vault_start_service: true vault_config_dir: "/etc/vault.d" diff --git a/roles/vault/handlers/main.yml b/roles/vault/handlers/main.yml index 72dc0f5..64aa527 100644 --- a/roles/vault/handlers/main.yml +++ b/roles/vault/handlers/main.yml @@ -1,2 +1,2 @@ --- -# handlers file for hashicorp_vault +# handlers file for vault diff --git a/roles/vault/meta/main.yml b/roles/vault/meta/main.yml index 9b856ed..482d014 100644 --- a/roles/vault/meta/main.yml +++ b/roles/vault/meta/main.yml @@ -1,5 +1,5 @@ --- -# meta file for hashicorp_vault +# meta file for vault galaxy_info: namespace: "ednz_cloud" role_name: "hashicorp_vault" diff --git a/roles/vault/tasks/configure.yml b/roles/vault/tasks/configure.yml index 798e4fd..a8fe340 100644 --- a/roles/vault/tasks/configure.yml +++ b/roles/vault/tasks/configure.yml @@ -1,5 +1,5 @@ --- -# task/configure file for hashicorp_vault +# task/configure file for vault - name: "Vault | Create vault.env" ansible.builtin.template: src: vault.env.j2 diff --git a/roles/vault/tasks/install.yml b/roles/vault/tasks/install.yml index 269dd4b..0e61b73 100644 --- a/roles/vault/tasks/install.yml +++ b/roles/vault/tasks/install.yml @@ -1,5 +1,5 @@ --- -# task/install file for hashicorp_vault +# task/install file for vault - name: "Vault | Get latest release of vault" when: vault_version == 'latest' block: diff --git a/roles/vault/tasks/main.yml b/roles/vault/tasks/main.yml index 6a0466d..89aa5ba 100644 --- a/roles/vault/tasks/main.yml +++ b/roles/vault/tasks/main.yml @@ -1,5 +1,5 @@ --- -# task/main file for hashicorp_vault +# task/main file for vault - name: "Vault | Set reload-check & restart-check variable" ansible.builtin.set_fact: _vault_service_need_reload: false diff --git a/roles/vault/tasks/merge_variables.yml b/roles/vault/tasks/merge_variables.yml index 61af80c..65976f8 100644 --- a/roles/vault/tasks/merge_variables.yml +++ b/roles/vault/tasks/merge_variables.yml @@ -1,5 +1,5 @@ --- -# task/merge_variables file for hashicorp_vault +# task/merge_variables file for vault - name: "Vault | Merge listener configuration" block: - name: "Vault | Merge tls listener configuration" diff --git a/roles/vault/tasks/prerequisites.yml b/roles/vault/tasks/prerequisites.yml index 53e4197..88ebb26 100644 --- a/roles/vault/tasks/prerequisites.yml +++ b/roles/vault/tasks/prerequisites.yml @@ -1,5 +1,5 @@ --- -# task/prerequisites file for hashicorp_vault +# task/prerequisites file for vault - name: "Vault | Create group {{ vault_group }}" ansible.builtin.group: name: "{{ vault_group }}" diff --git a/roles/vault/tasks/recursive_copy_extra_dirs.yml b/roles/vault/tasks/recursive_copy_extra_dirs.yml index 147ea35..105dde7 100644 --- a/roles/vault/tasks/recursive_copy_extra_dirs.yml +++ b/roles/vault/tasks/recursive_copy_extra_dirs.yml @@ -1,5 +1,5 @@ --- -# task/recursive_copy_extra_dirs file for hashicorp_vault +# task/recursive_copy_extra_dirs file for vault - name: "Vault | Ensure destination directory exists" ansible.builtin.file: path: "{{ dir_source_item.dest }}" diff --git a/roles/vault/tasks/rolling_restart.yml b/roles/vault/tasks/rolling_restart.yml index d4e3754..15f7aba 100644 --- a/roles/vault/tasks/rolling_restart.yml +++ b/roles/vault/tasks/rolling_restart.yml @@ -1,4 +1,5 @@ --- +# task/rolling_restart file for vault - name: "Vault | Start service: {{ vault_service_name }}" ansible.builtin.service: name: "{{ vault_service_name }}" diff --git a/roles/vault/vars/main.yml b/roles/vault/vars/main.yml index 5967bde..4d990f5 100644 --- a/roles/vault/vars/main.yml +++ b/roles/vault/vars/main.yml @@ -1,5 +1,5 @@ --- -# vars file for hashicorp_vault +# vars file for vault vault_user: "vault" vault_group: "vault" vault_binary_path: /usr/local/bin/vault