hcp-ansible/CHANGELOG.md
Gitea-Actions 675753a2d8
All checks were successful
build-deploy / Bump version and create changelog with commitizen (push) Has been skipped
bump: version 0.8.2 → 0.9.0
2024-10-30 19:21:58 +00:00

8.7 KiB

v0.9.0 (2024-10-30)

Feat

  • group_vars/cni: allow overrides of the cni values like any other role
  • simplify hashistack_ca default SANs for nomad and consul

Fix

  • group_vars/hashistack_ca: update default owner for pkito avoid permission issues
  • rename default inventory file, delete old assets
  • playbooks: update execution scope of playbooks
  • roles/vault: do not merge TLS certificateextra files if tls is not enabled

v0.8.2 (2024-10-06)

Fix

  • remove mentions of haproxy_servers, as the feature is deprecated

v0.8.1 (2024-09-16)

Fix

  • set default vault_enable_tls variable to follow global internal tls value

v0.8.0 (2024-09-16)

Feat

  • add default variables files for nomad and vault
  • add override options for all consul variables
  • use override variables in globals.yml
  • add ovveride options for vault variables
  • add ovveride options for nomad variables
  • add version documentation to nomad_acl_bootstrap module

v0.7.0 (2024-09-02)

Feat

  • vault: enable rolling restart with no full seal

v0.6.2 (2024-09-01)

Fix

  • allow break system package for pip install on ubuntu 24+, and do not try to install python-consul on bootstrap

v0.6.1 (2024-08-29)

Fix

  • do not package actions and assets into build

v0.6.0 (2024-08-29)

Feat

  • redirect to wiki and add assets
  • rename playbooks for certificates and credentials
  • initial cool readme
  • add some templating for nomad haproxy job
  • new tls_multi_node test for molecule with some adjustment to tags

Fix

  • remove duplicate tags for nomad tasks

v0.5.0 (2024-08-17)

Feat

  • add global internal TLS option, make externally_managed_certs work
  • playbooks revamp
  • organise group_vars
  • add renewal process for leaf CA
  • add leaf certificate genearation
  • tests: add molecule scenario for testing CA
  • roles: add hashistack_ca role to manage clusters certificates
  • playbooks: use newly created hashistack role to load and merge variables
  • hashistack: move variable loading to specific role
  • nomad: remove cni installation option from nomad role, as it has been moved to its own role
  • cni: add specialized role ton install cni plugins
  • vault: adjust variable merging behaviour for allowing multiple tcp and unix socket listeners
  • vault: adjust default values for allowing multiple tcp and unix socket listeners
  • roles: integrate nomad role to hashistack collection
  • roles: integrate consul role to hashistack collection
  • roles: integrate vault role to hashistack collection
  • deployment: Implement new structure for deploying components

Fix

  • remove failure message as variable is undefined if directory does not exist
  • empty tests for cni role for now
  • renew should cascade
  • use new hashistack role on preflight playbook
  • add meta file for cni role
  • nomad: adjust variable merging for nomad
  • consul: merge join configuration variable
  • add standalone consul_agents gorup, and add nomad_clients to the common group
  • force load all variables in group_vars uring the variable loading process to make them top priority over every role variables
  • update various variables and bring some of them back out of globals.yml
  • update preflight checks
  • do not try to install docker during bootstrap, as it will depend on which hosts are docker-enabled
  • add conventional tags to galaxy.yml file
  • consul_primary_datacenter defaults to consul_datacenter for ease of configuration in single cluster mode, remove some useless comments
  • generate proper 32 bytes base 64 random strings for gossip encryption for both nomad and consul
  • more deployment host exclusion
  • exclude deployment host from all playbooks where it does not need to be included (and can cause issues)
  • do not use run_once instructions as it is wildly unreliable
  • typo in credentials template preventing from generating the initial credential file

v0.4.0 (2024-07-10)

Feat

  • add barebone driver options for nomad (not fully working)
  • add docs on generating credentials
  • nomad: move variables to globals.yml, adjust bootstrap module for nomad ACLs
  • add nomad deployment options, variables, and playbooks
  • use new vault and consul roles, and only allow for host deployment after docker support drop
  • add global variables for nomad deployment

Fix

  • implement longer wait to stabilize consul cluster before bootstrapping to avoid timeout errors

v0.3.0 (2024-05-13)

Feat

  • generate_credentials: generate new accesor ids and vault token credentials
  • vault: enable consul service registration automatically if consul is also enabled

v0.2.0 (2024-05-05)

Feat

  • consul: allow enabling consul internal TLS

Fix

  • globals: restore default globals.yml file, move changes to test directory
  • vault/consul: ensure idempotence of extra_volumes list to avoid restarting on each run due to slightly different service files

v0.1.0 (2024-05-03)

Feat

  • add new way of loading vars following move to misc task group
  • consul: utilize the new pre-generated credentials on consul deployment
  • update vault deployment to utilize the new variable loading solution
  • split load_vars play into multiple specific plays
  • generate credentials.yml from template
  • add playbook to generate credentials before deploying
  • TLS: add tls features to vault and trust hosts store on containers
  • certs: generate_certs playbook now generate internal CA for vault
  • haproxy: add a lot to haproxy, and generate_certs playbook + docs
  • proxy: add consul agents to proxies and register haproxy service to consul is consul is enabled
  • consul: start configuring and deploying agents
  • deploy: add haproxy deployment, integrate with consul
  • consul: polish initial deployment of consul, and agent token generation
  • consul: start creation of agents token, merge it with primary config if already present
  • inventory: add haproxy nodes to test and inventory
  • core: change namespace of collection
  • docs: start writing the architecture guide
  • vault: wrote some more documentation on using the tool
  • consul: first working version of acl_bootstrap module
  • consul: start on consul_acl_bootstrap module
  • consul: make ACL default to enabled with default policy to deny
  • vault: added version variables for vault
  • consul: add initial simple consul cluster
  • vault: break things trying to fix vault unseal not returning anything on mulitple retries
  • docs: add docstrings to vault_init module and typos in documentation pages
  • license: add license to galaxy.yml
  • vars: add logging configuration for vault
  • vault/docs/license: added plugin ability to vault, update documentation and license
  • vault: start working on configuration merging to allow customization
  • vault: variabilize seal_configuration
  • docs: add collection install documentation to quick-start
  • docs: started working on documentation for the collection
  • preflight: fix config directory checks
  • preflight: add checks to ensure config directories are present before running
  • vars: variable loading now mostly works for groups and hosts
  • vars: add host specific vars inclusion
  • vars: load group vars dynamically if files exist
  • vars: add check to load global vars file before running deployment
  • variables: fix listener not passing correct syntax
  • vars: add more customization for vault deployment
  • readme: add WIP warning
  • variables: start polishing variables for customization
  • playbook: vault deployment is smooth-ish, unseals and initialize cluster as needed
  • modules: added unseal module
  • tests: move molecule tests to extensions directory for it to work properly
  • module: vault operator init module somewhat working
  • module: some more on vault init
  • modules: try catch on import
  • module: try catch on importing hvac
  • test: add single node molecule scenario for testing modules
  • vault: fix , in unseal module
  • vault: start of unseal module, and start of default variables
  • preflight: consolidate preflight playbook
  • roles: add hashicorp roles as submodules
  • roles: remove roles before adding submodules
  • variables: add some formatting to globals.yml, remove unused roles
  • tests: test playbboks are played correctly on molecule scenarios
  • tests: draft for molecule collection testing
  • commit collection skeleton

Fix

  • adjust galaxy version for commitizen
  • vault extra files list not being idempotent between runs
  • various fixes to accomodate the new pre-generated credentials
  • tests: update converge and prepare playbook for test suite
  • various small issues on generate playbooks
  • various inconsistencies and idempotence issues related to variable computing
  • syntax: typo in docs