ansible-collections/hcp-ansible
ansible-collections/hcp-ansible
4
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat/remove-haproxy #24

Merged
lanson merged 7 commits from feat/remove-haproxy into main 2024-10-06 11:46:57 +00:00
Conversation 0 Commits 7 Files Changed 49 +35 -550
49 changed files with 35 additions and 550 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/e2e-tests-consul.yml
View File

@ -31,7 +31,7 @@ jobs:
kv/data/applications/gitea/users/actions username | GITEA_ACTIONS_USERNAME ;
kv/data/applications/gitea/users/actions token_write | GITEA_ACTIONS_TOKEN ;
end_to_end_vault:
end_to_end_consul:
needs: retrieve-credentials
strategy:
matrix:

2
.gitea/workflows/e2e-tests-nomad.yml
View File

@ -31,7 +31,7 @@ jobs:
kv/data/applications/gitea/users/actions username | GITEA_ACTIONS_USERNAME ;
kv/data/applications/gitea/users/actions token_write | GITEA_ACTIONS_TOKEN ;
end_to_end_vault:
end_to_end_nomad:
needs: retrieve-credentials
strategy:
matrix:

2
docs/README.md
View File

@ -1 +1 @@
You can find the documentation for this project in the [Wiki](https://git.ednz.fr/ansible-collections/hashistack/wiki)
You can find the documentation for this project in the [Wiki](https://git.ednz.fr/ansible-collections/hcp-ansible/wiki)

2
molecule/no_tls_multi_node/molecule.yml
View File

@ -19,7 +19,6 @@ platforms:
type: static
groups:
- common
- haproxy_servers
- nomad_clients
- consul_agents
- name: proxy02.ednz.lab
@ -33,7 +32,6 @@ platforms:
type: static
groups:
- common
- haproxy_servers
- nomad_clients
- consul_agents
- name: hashistack01.ednz.lab

2
molecule/tls_multi_node/molecule.yml
View File

@ -19,7 +19,6 @@ platforms:
type: static
groups:
- common
- haproxy_servers
- nomad_clients
- consul_agents
- name: proxy02.ednz.lab
@ -33,7 +32,6 @@ platforms:
type: static
groups:
- common
- haproxy_servers
- nomad_clients
- consul_agents
- name: hashistack01.ednz.lab

98
playbooks/group_vars/all/haproxy.yml
View File

@ -1,98 +0,0 @@
---
#####################################################
# #
# HAProxy Configuration #
# #
#####################################################
deploy_haproxy_deploy_method: "host"
deploy_haproxy_version: "{{ haproxy_version }}"
deploy_haproxy_env_variables: {}
deploy_haproxy_start_service: true
deploy_haproxy_cert_dir: "{{ hashistack_sub_configuration_directories['certificates']~'/external' if (enable_tls_external and not external_tls_externally_managed_certs) }}"
deploy_haproxy_extra_container_volumes: []
deploy_haproxy_global:
- log /dev/log local0
- log /dev/log local1 notice
- stats socket {{ deploy_haproxy_socket }} level admin
- chroot {{ deploy_haproxy_chroot }}
- daemon
- description hashistack haproxy
deploy_haproxy_defaults:
- log global
- mode http
- option httplog
- option dontlognull
- timeout connect 5000
- timeout client 5000
- timeout server 5000
deploy_haproxy_frontends:
- name: external_http
options: >-
{%- set haproxy_options = [
'description hashistack external http frontend',
'mode http',
'bind :80'
] -%}
{%- if enable_tls_external -%}
{%- set tls_cert_paths = [] -%}
{%- for item in ['consul', 'nomad', 'vault'] if vars['enable_' + item] | bool -%}
{%- set crt_option = '/var/lib/haproxy/certs/' + vars[item + '_fqdn'] + '.pem' -%}
{%- set _ = tls_cert_paths.append(crt_option) -%}
{%- endfor -%}
{%- set tls_options = ['bind :443 ssl crt ' + tls_cert_paths | join(' crt ') ] -%}
{%- set _ = tls_options.append('http-request redirect scheme https unless { ssl_fc }') -%}
{%- set haproxy_options = haproxy_options + tls_options -%}
{%- endif -%}
{%- set haproxy_options = haproxy_options + consul_haproxy_frontend_options + vault_haproxy_frontend_options + nomad_haproxy_frontend_options -%}
{{ haproxy_options }}
deploy_haproxy_backends: "{{ consul_haproxy_backends + vault_haproxy_backends + nomad_haproxy_backends }}"
deploy_haproxy_listen:
- name: monitoring
options:
- bind :9000
- mode http
- option httpchk
- stats enable
- stats uri /stats
- stats refresh 30s
- stats show-desc
- stats show-legends
- stats auth admin:password
- http-check send meth GET uri /health ver HTTP/1.1 hdr Host localhost
- http-check expect status 200
- acl health_check_ok nbsrv() ge 1
- monitor-uri /health
- http-request use-service prometheus-exporter if { path /metrics }
deploy_keepalived_deploy_method: "host"
deploy_keepalived_version: "latest"
deploy_keepalived_start_service: true
deploy_keepalived_env_variables: {}
deploy_keepalived_vrrp_instance_name: "{{ ansible_hostname }}"
deploy_keepalived_interface: "{{ api_interface }}"
deploy_keepalived_state: "BACKUP"
deploy_keepalived_router_id: 50
deploy_keepalived_priority: 100
deploy_keepalived_advert_interval: 1
deploy_keepalived_unicast_source: "{{ api_interface_address }}"
deploy_keepalived_unicast_peers: "{{ groups['haproxy_servers'] | difference([ansible_hostname]) | map('extract', hostvars, ['api_interface_address']) | list }}"
deploy_keepalived_auth_passwd: "password"
deploy_keepalived_virtual_ips:
- "{{ hashistack_external_vip_addr }}/32 dev {{ hashistack_external_vip_interface }}"
deploy_keepalived_notify_script: notify.sh
deploy_keepalived_custom_scripts_src: tasks/haproxy/files/keepalived/scripts.d
deploy_keepalived_extra_container_volumes: []
deploy_keepalived_use_custom_config: true
deploy_keepalived_custom_config_src: tasks/haproxy/files/keepalived/keepalived.conf.j2

20
playbooks/preflight.yml
View File

@ -172,26 +172,6 @@
- name: "Verify required ports"
block:
- name: "Checking if haproxy ports are available"
when: inventory_hostname in groups['haproxy_servers']
block:
- name: "Checking if haproxy ports are available"
ansible.builtin.wait_for:
host: "{{ inventory_hostname }}"
port: "{{ item }}"
state: "stopped"
timeout: 5
loop: "{{ haproxy_required_ports }}"
ignore_errors: true
register: haproxy_port_results
- name: "Assert that haproxy ports are not currently in use"
ansible.builtin.assert:
that:
- item.failed == false
with_items: "{{ haproxy_port_results.results }}"
when: haproxy_port_results.results | length > 0
- name: "Checking if vault ports are available"
when: inventory_hostname in groups['vault_servers']
block:

2
roles/consul/defaults/main.yml
View File

@ -1,5 +1,5 @@
---
# defaults file for hashicorp_consul
# defaults file for consul
consul_version: "latest"
consul_start_service: true

2
roles/consul/handlers/main.yml
View File

@ -1,2 +1,2 @@
---
# handlers file for hashicorp_consul
# handlers file for consul

4
roles/consul/meta/main.yml
View File

@ -1,8 +1,8 @@
---
# meta file for hashicorp_consul
# meta file for consul
galaxy_info:
namespace: "ednz_cloud"
role_name: "hashicorp_consul"
role_name: "consul"
author: "Bertrand Lanson"
description: "Install and configure hashicorp consul for debian-based distros."
license: "license (BSD, MIT)"

2
roles/consul/tasks/configure.yml
View File

@ -1,5 +1,5 @@
---
# task/configure file for hashicorp_consul
# task/configure file for consul
- name: "Consul | Create consul.env"
ansible.builtin.template:
src: consul.env.j2

2
roles/consul/tasks/install.yml
View File

@ -1,5 +1,5 @@
---
# task/install file for hashicorp_consul
# task/install file for consul
- name: "Consul | Get latest release of consul"
when: consul_version == 'latest'
block:

2
roles/consul/tasks/install_envoy.yml
View File

@ -1,5 +1,5 @@
---
# task/install_envoy file for hashicorp_consul
# task/install_envoy file for consul
- name: "Consul | Get release for envoy:{{ consul_envoy_version }}"
vars:
_envoy_url_ext: "{% if consul_envoy_version == 'latest'%}releases{% else %}releases/tags{% endif %}"

2
roles/consul/tasks/main.yml
View File

@ -1,5 +1,5 @@
---
# task/main file for hashicorp_consul
# task/main file for consul
- name: "Consul | Set reload-check & restart-check variable"
ansible.builtin.set_fact:
_consul_service_need_reload: false

2
roles/consul/tasks/merge_variables.yml
View File

@ -1,5 +1,5 @@
---
# task/merge_variables file for hashicorp_consul
# task/merge_variables file for consul
- name: "Consul | Merge stringified configuration"
vars:
_config_to_merge: "{{ consul_configuration_string }}"

2
roles/consul/tasks/prerequisites.yml
View File

@ -1,5 +1,5 @@
---
# task/prerequisites file for hashicorp_consul
# task/prerequisites file for consul
- name: "Consul | Create group {{ consul_group }}"
ansible.builtin.group:
name: "{{ consul_group }}"

2
roles/consul/tasks/recursive_copy_extra_dirs.yml
View File

@ -1,5 +1,5 @@
---
# task/recursive_copy_extra_dirs file for hashicorp_consul
# task/recursive_copy_extra_dirs file for consul
- name: "Consul | Ensure destination directory exists"
ansible.builtin.file:
path: "{{ dir_source_item.dest }}"

2
roles/consul/vars/main.yml
View File

@ -1,5 +1,5 @@
---
# vars file for hashicorp_consul
# vars file for consul
consul_user: consul
consul_group: consul
consul_binary_path: /usr/local/bin/consul

13
roles/hashistack_ingress/.docsible
View File

@ -1,13 +0,0 @@
aap_hub: null
automation_kind: null
category: null
critical: null
description: null
dt_dev: null
dt_prod: null
dt_update: 26/08/2024
requester: null
subCategory: null
time_saving: null
users: null
version: null

52
roles/hashistack_ingress/README.md
View File

@ -1,52 +0,0 @@
<!-- DOCSIBLE START -->
# 📃 Role overview
## hashistack_ingress
Description: Deploys an ingress reverse-proxy on a hashistack-ansible managed nomad cluster
| Field | Value |
|---------------|------------|
| Readme update | 26/08/2024 |
### Tasks
## Author Information
Bertrand Lanson
#### License
license (BSD, MIT)
#### Minimum Ansible Version
2.10
#### Platforms
- **Ubuntu**: ['focal', 'jammy', 'noble']
- **Debian**: ['bullseye', 'bookworm']
<!-- DOCSIBLE END -->

45
roles/hashistack_ingress/defaults/main.yml
View File

@ -1,45 +0,0 @@
---
# defaults file for hashistack_ingress
hashistack_ingress_nomad_api_addr: "http://127.0.0.1:4646"
hashistack_ingress_nomad_api_token:
hashistack_ingress_job_name: HashistackHAProxyIngress
hashistack_ingress_datacenters: []
hashistack_ingress_namespace: default
hashistack_ingress_replicas: 1
hashistack_ingress_enable_consul_service: true
hashistack_ingress_virtual_ip_keepalived_version: latest
hashistack_ingress_virtual_ip_addr: "192.168.1.1"
hashistack_ingress_virtual_ip_interface: eth0
hashistack_ingress_virtual_ip_vrrp_interface: "{{ hashistack_ingress_virtual_ip_interface }}"
hashistack_ingress_virtual_ip_vrrp_router_id: 50
hashistack_ingress_virtual_ip_vrrp_priority: 100
hashistack_ingress_virtual_ip_vrrp_advertise_interval: 1
hashistack_ingress_virtual_ip_vrrp_password: password
hashistack_ingress_enable_http: true
hashistack_ingress_enable_https: false
hashistack_ingress_enable_prometheus_metrics: false
hashistack_ingress_enable_admin_interface: false
hashistack_ingress_admin_interface_password: password
hashistack_ingress_virtual_ip_haproxy_version: latest
hashistack_ingress_haproxy_global:
- log /dev/log local0
- log /dev/log local1 notice
- stats socket {{ deploy_haproxy_socket }} level admin
- chroot {{ deploy_haproxy_chroot }}
- daemon
- description hashistack haproxy
hashistack_ingress_haproxy_defaults:
- log global
- mode http
- option httplog
- option dontlognull
- timeout connect 5000
- timeout client 5000
- timeout server 5000
hashistack_ingress_haproxy_frontends: []
hashistack_ingress_haproxy_backends: []
hashistack_ingress_haproxy_listen: []

2
roles/hashistack_ingress/handlers/main.yml
View File

@ -1,2 +0,0 @@
---
# handlers file for hashistack_ingress

28
roles/hashistack_ingress/meta/main.yml
View File

@ -1,28 +0,0 @@
---
# meta file for hashistack_ingress
galaxy_info:
namespace: "ednz_cloud"
role_name: "hashistack_ingress"
author: "Bertrand Lanson"
description: "Deploys an ingress reverse-proxy on a hashistack-ansible managed nomad cluster"
license: "license (BSD, MIT)"
min_ansible_version: "2.10"
platforms:
- name: Ubuntu
versions:
- focal
- jammy
- noble
- name: Debian
versions:
- bullseye
- bookworm
galaxy_tags:
- "ubuntu"
- "debian"
- "hashicorp"
- "nomad"
- "haproxy"
- "ingress"
dependencies: []

2
roles/hashistack_ingress/tasks/main.yml
View File

@ -1,2 +0,0 @@
---
# task/main file for hashistack_ingress

1
roles/hashistack_ingress/templates/chk_haproxy.sh.j2
View File

@ -1 +0,0 @@
#! /bin/sh

31
roles/hashistack_ingress/templates/haproxy.cfg.j2
View File

@ -1,31 +0,0 @@
# {{ ansible_managed }}
global
{% for option in hashistack_ingress_haproxy_global %}
{{ option }}
{% endfor %}
defaults
{% for option in hashistack_ingress_haproxy_defaults %}
{{ option }}
{% endfor %}
{% for frontend in hashistack_ingress_haproxy_frontends + hashistack_ingress_mandatory_frontends %}
frontend {{ frontend.name }}
{% for option in frontend.options %}
{{ option }}
{% endfor %}
{% endfor %}
{% for backend in hashistack_ingress_haproxy_backends %}
backend {{ backend.name }}
{% for option in backend.options%}
{{ option }}
{% endfor %}
{% endfor %}
{% for listen in hashistack_ingress_haproxy_listen %}
listen {{ listen.name }}
{% for option in listen.options %}
{{ option }}
{% endfor %}
{% endfor %}

155
roles/hashistack_ingress/templates/ingress.job.hcl.j2
View File

@ -1,155 +0,0 @@
job "{{ hashistack_ingress_job_name }}" {
datacenters = {{ hashistack_ingress_datacenters }}
type = "service"
priority = 85
namespace = {{ hashistack_ingress_namespace }}
group "haproxy" {
network {
mode = "bridge"
port "http" {
to = 80
static = 80
}
port "https" {
to = 443
static = 443
}
port "stats" {
to = 9000
}
}
{% if hashistack_ingress_enable_http %}
service {
name = "haproxy-http"
provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}"
port = "http"
task = "loadbalancer"
check {
type = "http"
port = "stats"
path = "/health"
interval = "10s"
timeout = "2s"
}
tags = []
}
{% endif %}
{% if hashistack_ingress_enable_https %}
service {
name = "haproxy-https"
provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}"
port = "https"
task = "loadbalancer"
check {
type = "http"
port = "stats"
path = "/health"
interval = "10s"
timeout = "2s"
}
tags = []
}
{% endif %}
service {
name = "haproxy-stats"
provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}"
port = "stats"
task = "loadbalancer"
check {
type = "http"
port = "stats"
path = "/health"
interval = "10s"
timeout = "2s"
}
tags = []
}
{% if hashistack_ingress_enable_prometheus_metrics %}
service {
name = "loadbalancer-exporter"
port = "prometheus-exporter"
task = "loadbalancer"
tags = []
}
{% endif %}
task "keepalived" {
driver = "docker"
lifecycle {
hook = "poststart"
sidecar = true
}
config {
image = "{{ hashistack_ingress_keepalived_image }}:{{ hashistack_ingress_virtual_ip_keepalived_version }}"
network_mode = "host"
cap_add = [
"NET_ADMIN",
"NET_BROADCAST",
"NET_RAW"
]
mount {
type = "bind"
source = "secrets/keepalived.conf"
target = "/etc/keepalived/keepalived.conf"
}
mount {
type = "bind"
source = "secrets/chk_haproxy.sh"
target = "/etc/keepalived/scripts.d/chk_haproxy.sh"
}
mount {
type = "bind"
target = "/var/run/docker.sock"
source = "/var/run/docker.sock"
readonly = true
}
}
template {
data = <<-EOT
{% include "keepalived.conf.j2" %}
EOT
destination = "secrets/keepalived.conf"
}
template {
data = <<-EOT
{% include "chk_haproxy.sh.j2" %}
EOT
destination = "secrets/chk_haproxy.sh"
perms = "755"
}
resources {
cpu = 50
memory = 10
}
}
task "loadbalancer" {
driver = "docker"
config {
image = "{{ hashistack_ingress_haproxy_image }}:{{ hashistack_ingress_virtual_ip_haproxy_version }}"
mount {
type = "bind"
source = "secrets/haproxy.cfg"
target = "/usr/local/etc/haproxy/haproxy.cfg"
}
}
template {
data = <<-EOT
{% include "haproxy.cfg.j2" %}
EOT
destination = "secrets/haproxy.cfg"
}
resources {
cpu = 128
memory = 256
}
}
}
}

37
roles/hashistack_ingress/templates/keepalived.conf.j2
View File

@ -1,37 +0,0 @@
global_defs {
script_user root
enable_script_security
}
vrrp_script chk_haproxy {
script "/etc/keepalived/scripts.d/chk_haproxy.sh"
user root
interval 3
weight 0
rise 6
fall 1
}
vrrp_instance haproxy {
interface {{ hashistack_ingress_virtual_ip_vrrp_interface }}
state {{ hashistack_ingress_keepalived_init_state }}
virtual_router_id {{ hashistack_ingress_virtual_ip_vrrp_router_id }}
priority {{ hashistack_ingress_virtual_ip_vrrp_priority }}
advert_int {{ hashistack_ingress_virtual_ip_vrrp_advertise_interval }}
authentication {
auth_type PASS
auth_pass {{ hashistack_ingress_virtual_ip_vrrp_password }}
}
virtual_ipaddress {
{{ hashistack_ingress_virtual_ip_addr }}/32 dev {{ hashistack_ingress_virtual_ip_interface }}
}
track_script {
chk_haproxy
}
notify /etc/keepalived/scripts.d/notify.sh
}

28
roles/hashistack_ingress/vars/main.yml
View File

@ -1,28 +0,0 @@
---
# vars file for hashistack_ingress
hashistack_ingress_keepalived_image: ednxzu/keepalived
hashistack_ingress_haproxy_image: haproxytech/haproxy-debian
hashistack_ingress_keepalived_init_state: BACKUP
hashistack_ingress_template_haproxy_cfg: "{{ lookup('ansible.builtin.template', 'haproxy.cfg.j2') }}"
hashistack_ingress_template_keepalived_conf: "{{ lookup('ansible.builtin.template', 'keepalived.conf.j2') }}"
hashistack_ingress_template_chk_haproxy_sh: "{{ lookup('ansible.builtin.template', 'chk_haproxy.sh.j2') }}"
hashistack_ingress_mandatory_frontends:
- name: monitoring
options:
- bind :9000
- mode http
- option httpchk
- "{{'stats enable' if hashistack_ingress_enable_admin_interface else omit }}"
- "{{'stats uri /stats' if hashistack_ingress_enable_admin_interface else omit }}"
- "{{'stats refresh 30s' if hashistack_ingress_enable_admin_interface else omit }}"
- "{{'stats show-desc' if hashistack_ingress_enable_admin_interface else omit }}"
- "{{'stats show-legends' if hashistack_ingress_enable_admin_interface else omit }}"
- "{{'stats auth admin:'~hashistack_ingress_admin_interface_password if hashistack_ingress_enable_admin_interface else omit }}"
- http-check send meth GET uri /health ver HTTP/1.1 hdr Host localhost
- http-check expect status 200
- acl health_check_ok nbsrv() ge 1
- monitor-uri /health
- "{{'http-request use-service prometheus-exporter if { path /metrics }' if hashistack_ingress_enable_prometheus_metrics else omit }}"

2
roles/nomad/defaults/main.yml
View File

@ -1,5 +1,5 @@
---
# defaults file for hashicorp_nomad
# defaults file for nomad
nomad_version: "latest"
nomad_start_service: true

2
roles/nomad/handlers/main.yml
View File

@ -1,2 +1,2 @@
---
# handlers file for hashicorp_nomad
# handlers file for nomad

2
roles/nomad/meta/main.yml
View File

@ -1,5 +1,5 @@
---
# meta file for hashicorp_nomad
# meta file for nomad
galaxy_info:
namespace: "ednz_cloud"
role_name: "hashicorp_nomad"

2
roles/nomad/tasks/configure.yml
View File

@ -1,5 +1,5 @@
---
# task/configure file for hashicorp_nomad
# task/configure file for nomad
- name: "Nomad | Create nomad.env"
ansible.builtin.template:
src: nomad.env.j2

2
roles/nomad/tasks/main.yml
View File

@ -1,5 +1,5 @@
---
# task/main file for hashicorp_nomad
# task/main file for nomad
- name: "Nomad | Set reload-check & restart-check variable"
ansible.builtin.set_fact:
_nomad_service_need_reload: false

2
roles/nomad/tasks/merge_variables.yml
View File

@ -1,5 +1,5 @@
---
# task/merge_variables file for hashicorp_nomad
# task/merge_variables file for nomad
- name: "Nomad | Merge stringified configuration"
vars:
_config_to_merge: "{{ nomad_configuration_string }}"

2
roles/nomad/tasks/prerequisites.yml
View File

@ -1,5 +1,5 @@
---
# task/prerequisites file for hashicorp_nomad
# task/prerequisites file for nomad
- name: "Nomad | Create group {{ nomad_group }}"
ansible.builtin.group:
name: "{{ nomad_user }}"

2
roles/nomad/tasks/recursive_copy_extra_dirs.yml
View File

@ -1,5 +1,5 @@
---
# task/recursive_copy_extra_dirs file for hashicorp_nomad
# task/recursive_copy_extra_dirs file for nomad
- name: "Nomad | Ensure destination directory exists"
ansible.builtin.file:
path: "{{ dir_source_item.dest }}"

2
roles/nomad/vars/main.yml
View File

@ -1,5 +1,5 @@
---
# vars file for hashicorp_nomad
# vars file for nomad
nomad_user: nomad
nomad_group: nomad
nomad_binary_path: /usr/local/bin/nomad

2
roles/vault/defaults/main.yml
View File

@ -1,5 +1,5 @@
---
# defaults file for hashicorp_vault
# defaults file for vault
vault_version: latest
vault_start_service: true
vault_config_dir: "/etc/vault.d"

2
roles/vault/handlers/main.yml
View File

@ -1,2 +1,2 @@
---
# handlers file for hashicorp_vault
# handlers file for vault

2
roles/vault/meta/main.yml
View File

@ -1,5 +1,5 @@
---
# meta file for hashicorp_vault
# meta file for vault
galaxy_info:
namespace: "ednz_cloud"
role_name: "hashicorp_vault"

2
roles/vault/tasks/configure.yml
View File

@ -1,5 +1,5 @@
---
# task/configure file for hashicorp_vault
# task/configure file for vault
- name: "Vault | Create vault.env"
ansible.builtin.template:
src: vault.env.j2

2
roles/vault/tasks/install.yml
View File

@ -1,5 +1,5 @@
---
# task/install file for hashicorp_vault
# task/install file for vault
- name: "Vault | Get latest release of vault"
when: vault_version == 'latest'
block:

2
roles/vault/tasks/main.yml
View File

@ -1,5 +1,5 @@
---
# task/main file for hashicorp_vault
# task/main file for vault
- name: "Vault | Set reload-check & restart-check variable"
ansible.builtin.set_fact:
_vault_service_need_reload: false

2
roles/vault/tasks/merge_variables.yml
View File

@ -1,5 +1,5 @@
---
# task/merge_variables file for hashicorp_vault
# task/merge_variables file for vault
- name: "Vault | Merge listener configuration"
block:
- name: "Vault | Merge tls listener configuration"

2
roles/vault/tasks/prerequisites.yml
View File

@ -1,5 +1,5 @@
---
# task/prerequisites file for hashicorp_vault
# task/prerequisites file for vault
- name: "Vault | Create group {{ vault_group }}"
ansible.builtin.group:
name: "{{ vault_group }}"

2
roles/vault/tasks/recursive_copy_extra_dirs.yml
View File

@ -1,5 +1,5 @@
---
# task/recursive_copy_extra_dirs file for hashicorp_vault
# task/recursive_copy_extra_dirs file for vault
- name: "Vault | Ensure destination directory exists"
ansible.builtin.file:
path: "{{ dir_source_item.dest }}"

1
roles/vault/tasks/rolling_restart.yml
View File

@ -1,4 +1,5 @@
---
# task/rolling_restart file for vault
- name: "Vault | Start service: {{ vault_service_name }}"
ansible.builtin.service:
name: "{{ vault_service_name }}"

2
roles/vault/vars/main.yml
View File

@ -1,5 +1,5 @@
---
# vars file for hashicorp_vault
# vars file for vault
vault_user: "vault"
vault_group: "vault"
vault_binary_path: /usr/local/bin/vault