mesaguy.hashicorp

Panoramica Versioni Approfondimenti

Ansible HashiCorp

Molecule tests Latest tag Ansible Galaxy MIT License

This module helps you install software from HashiCorp using their official packages and ZIP files.

It can install and update the following HashiCorp software:

  • Boundary
  • Consul
  • Consul Template
  • EnvConsul
  • Nomad
  • Packer
  • Sentinel
  • Serf
  • Terraform
  • Vagrant
  • Vault
  • Vault SSH Helper
  • Waypoint

Currently, this module focuses only on securely and consistently installing HashiCorp software.

Requirements

  • Ansible version should be 2.9.0 or higher.
  • You must gather facts (set gather_facts: true).

Role Variables

Generic

By default, no software is installed. You need to enable each software you want to install.

You can define these variables to install specific HashiCorp software:

hashicorp_install_boundary: true
hashicorp_install_consul: true
hashicorp_install_consul_template: true
hashicorp_install_envconsul: true
hashicorp_install_nomad: true
hashicorp_install_packer: true
hashicorp_install_sentinel: true
hashicorp_install_serf: true
hashicorp_install_terraform: true
hashicorp_install_vagrant: true
hashicorp_install_vault: true
hashicorp_install_vault_ssh_helper: true
hashicorp_install_waypoint: true

Alternatively, you can use the hashicorp_install variable to specify software when calling this module, like so:

- name: Include mesaguy.hashicorp to install specific software
  include_role:
    name: mesaguy.hashicorp
  vars:
    hashicorp_install:
      - consul==1.0.0  # Install Consul version 1.0.0
      - packer         # Install the latest version of Packer
      - vault          # Install the latest version of Vault

Installing HashiCorp ZIP files

By default, this module installs HashiCorp's ZIP files containing pre-compiled binaries.

The base directory for installation is:

hashicorp_base_dir: /opt/hashicorp

For example, the binary for Consul version 1.0.0 would be installed at /opt/hashicorp/consul/1.0.0/consul.

Symlinks to each binary will be created here:

hashicorp_software_link_dir: /usr/local/bin

You can verify the GPG signatures on all release ZIP files (default is false). This requires the gpg command to be available. If the HashiCorp GPG public key is missing, it will be automatically added to the root user’s GPG keyring:

hashicorp_check_gpg_signatures: true

You may choose to remove all but the latest software release (default is false):

hashicorp_purge_old_releases: true

You can also set the user and group for ownership, which defaults to:

hashicorp_user: root
hashicorp_group: root

You can specify a local mirror for HashiCorp software using the following variables:

hashicorp_mirror: https://example.org/hashicorp
hashicorp_gpg_mirror: https://example.org/hashicorp

Using HashiCorp packages instead of ZIP files

To use HashiCorp's official RPM/DEB packages instead of ZIP files, set this to true (default is false):

hashicorp_use_official_packages: true

This option supports various distro releases and architectures as listed in the original document.

You can purge HashiCorp software installed through ZIP files by setting this option to true (default is false):

hashicorp_purge_zip_releases: true

You can also specify local apt and yum mirrors using these variables:

hashicorp_apt_mirror: https://example.org/hashicorp/apt
hashicorp_yum_mirror: https://example.org/hashicorp/yum

Set the desired state for HashiCorp software (default is "present"):

hashicorp_software_state: latest

When installing HashiCorp's binary zip files, you can set specific software versions like this:

hashicorp_nomad_version: 1.0.1
hashicorp_vault_version: 1.0.1

Using Distro packages instead of ZIP files

To use potentially unofficial distro packages instead of HashiCorp's ZIP files, set this to true (default is false):

hashicorp_use_distro_packages: true

This option only applies to ArchLinux at the moment.

You can purge HashiCorp software installed through ZIP files by setting this option to true (default is false):

hashicorp_purge_zip_releases: true

Enable the yum testing repository with this:

hashicorp_enable_yum_test_repo: true

Dependencies

None

Example Playbook

Here is an example playbook that installs 'Consul' and 'Vault':

- hosts: servers
  vars:
    hashicorp_install_consul: true
    hashicorp_install_vault: true
  roles:
    - { role: mesaguy.hashicorp }

Release management

Updating default software versions

Default software versions are managed in the vars/versions.yml and docker_versions.yml files. You can manually update these files or run the scripts/update_versions script.

Testing

Tests are run using Molecule. You need to have pipenv installed and docker running.

To initialize the pipenv environment, run this command in the base directory of the repo:

pipenv install

For basic validation, you can run these commands. The first tests a normal install, and the second tests GPG validation:

IMAGE_DISTRO=debian IMAGE_TAG=debian-10 pipenv run molecule test
IMAGE_DISTRO=debian IMAGE_TAG=debian-10 pipenv run molecule test -s gpg

To solve Selinux errors, try this command:

pipenv run pip uninstall selinux -y; pipenv install

License

MIT License. See the LICENSE file for details.

Author Information

Mesaguy

Informazioni sul progetto

securely install the latest hashicorp software

role boundary consul consultemplate envconsul hashicorp nomad packer sentinel serf terraform vagrant vault waypoint
Installa
ansible-galaxy install mesaguy.hashicorp
GitHub repository
8 stelle
0 fork
0 problemi aperti
Licenza
mit
Download
11.6k
Proprietario