debops.hashicorp default variables¶
Sections
APT package management¶
-
hashicorp__base_packages¶
List of APT packages required by the role to function.
hashicorp__base_packages: [ 'rsync', 'openssl', 'ca-certificates', 'unzip' ]
-
hashicorp__packages¶
List of additional APT packages to install on hosts managed by the role.
hashicorp__packages: []
-
hashicorp__dependent_packages¶
List of APT packages to install requested by other Ansible roles.
hashicorp__dependent_packages: []
HashiCorp user account¶
-
hashicorp__user¶
Name of the system account which will perform signature and archive verification.
hashicorp__user: 'hashicorp'
-
hashicorp__group¶
Name of the primary system group of the HashiCorp account.
hashicorp__group: 'hashicorp'
-
hashicorp__home¶
Path to the home directory of the HashiCorp account.
hashicorp__home: '{{ (ansible_local.root.home
if (ansible_local|d() and ansible_local.root|d() and
ansible_local.root.home|d())
else "/var/local") + "/" + hashicorp__user }}'
-
hashicorp__comment¶
The GECOS string set for the HashiCorp account.
hashicorp__comment: 'HashiCorp Application Manager'
-
hashicorp__shell¶
The default shell of the HashiCorp account.
hashicorp__shell: '/usr/sbin/nologin'
OpenPGP key and keyserver¶
See debops.hashicorp security considerations for details about how the role uses the HashiCorp company OpenPGP keys.
-
hashicorp__gpg_key_id¶
The OpenPGP key fingerprint of the HashiCorp company.
hashicorp__gpg_key_id: '91A6 E7F8 5D05 C656 30BE F189 5185 2D87 348F FC4C'
-
hashicorp__keyserver¶
URL of the OpenPGP keyserver used to obtain the HashiCorp OpenPGP key.
hashicorp__keyserver: '{{ ansible_local.core.keyserver
if (ansible_local|d() and ansible_local.core|d() and
ansible_local.core.keyserver|d())
else "hkp://pool.sks-keyservers.net" }}'
HashiCorp Application lists¶
-
hashicorp__applications¶
List of HashiCorp applications that should be installed on a given host.
To find out what applications are supported, check the names of the keys
in the hashicorp__default_version_map dictionary.
hashicorp__applications: []
-
hashicorp__dependent_applications¶
List of HashiCorp applications that are requested by other Ansible roles using dependent variables.
hashicorp__dependent_applications: []
HashiCorp application versions¶
-
hashicorp__default_version_map¶
YAML dictionary which maps the HashiCorp application names to their versions. This is the main dictionary and shouldn't be modified by the user if possible.
hashicorp__default_version_map:
'atlas-upload-cli': '0.2.0'
'consul': '0.8.3'
'consul-replicate': '0.3.1'
'consul-template': '0.18.3'
'docker-base': '0.0.4'
'docker-basetool': '0.0.3'
'envconsul': '0.6.2'
'nomad': '0.5.6'
'otto': '0.2.0'
'packer': '1.0.0'
'serf': '0.8.1'
'terraform': '0.9.5'
'vault': '0.7.2'
'vault-ssh-helper': '0.1.3'
# The applications below have incompatible release formats:
#'vagrant': '1.9.5'
-
hashicorp__version_map¶
An additional YAML dictionary which defines mapping between HashiCorp applications and their versions. This dictionary should be used to override the default version if necessary.
hashicorp__version_map: {}
-
hashicorp__combined_version_map¶
The YAML dictionary used by the role to lookup specific versions of HashiCorp applications to install.
hashicorp__combined_version_map: '{{ hashicorp__default_version_map
| combine(hashicorp__version_map) }}'
Archive binary overrides¶
-
hashicorp__default_binary_map¶
Some of the HashiCorp applications use different location or name of binaries in their archives. This YAML dictionary is used to override the default binary name(s) to the correct ones when necessary. Paths are relative to the specific archive directory.
hashicorp__default_binary_map:
'atlas-upload-cli': 'atlas-upload'
'docker-base': [ 'bin/dumb-init', 'bin/gosu' ]
-
hashicorp__binary_map¶
Custom YAML dictionary with binary name overrides. This variable can be used by the user when necessary.
hashicorp__binary_map: {}
-
hashicorp__combined_binary_map¶
The YAML dictionary variable used by the role to override paths to the specific archive binaries.
hashicorp__combined_binary_map: '{{ hashicorp__default_binary_map
| combine(hashicorp__binary_map) }}'
Base directory paths¶
-
hashicorp__src¶
Base path to the directory with HashiCorp binary archives, their hash signatures and OpenPGP signatures.
hashicorp__src: '{{ (ansible_local.root.src
if (ansible_local|d() and ansible_local.root|d() and
ansible_local.root.src|d())
else "/usr/local/src") + "/" + hashicorp__user + "/" +
(hashicorp__base_url.split("://")|last | split("/") | first) }}'
-
hashicorp__lib¶
Base path to the directory where HashiCorp archives are unpacked after verification.
hashicorp__lib: '{{ (ansible_local.root.lib
if (ansible_local|d() and ansible_local.root|d() and
ansible_local.root.lib|d())
else "/usr/local/lib") + "/" + hashicorp__user }}'
-
hashicorp__bin¶
Base path to the directory where HashiCorp application binaries will be
installed by the root account.
hashicorp__bin: '{{ (ansible_local.root.bin
if (ansible_local|d() and ansible_local.root|d() and
ansible_local.root.bin|d())
else "/usr/local/bin") }}'
HashiCorp application repositories¶
-
hashicorp__base_url¶
The base URL of the HashiCorp webserver with application releases.
hashicorp__base_url: 'https://releases.hashicorp.com/'
-
hashicorp__platform¶
Name of the current OS platform in the format used by the HashiCorp application archive filenames.
hashicorp__platform: '{{ ansible_system | lower }}'
-
hashicorp__architecture¶
Key used to lookup current system architecture.
hashicorp__architecture: '{{ ansible_architecture }}'
-
hashicorp__architecture_map¶
YAML dictionary that maps the system architecture as used by Ansible to the architecture names used in the HashiCorp archive filenames.
hashicorp__architecture_map:
'x86_64': 'amd64'
'i386': '386'
'armhf': 'arm'
-
hashicorp__tar_suffix¶
The filename suffix of the HashiCorp application archive.
hashicorp__tar_suffix: '{{ hashicorp__platform + "_"
+ hashicorp__architecture_map[hashicorp__architecture]
+ ".zip" }}'
-
hashicorp__hash_suffix¶
The filename suffix of the file which contains SHA256 hashes of the released files.
hashicorp__hash_suffix: 'SHA256SUMS'
-
hashicorp__sig_suffix¶
The filename suffix of the file which contains OpenPGP signature of the file with SHA256 hashes, signed by the HashiCorp OpenPGP key.
hashicorp__sig_suffix: '{{ hashicorp__hash_suffix + ".sig" }}'
Consul Web UI configuration¶
-
hashicorp__consul_webui¶
Boolean variable which controls if the Consul Web UI should be installed
alongside consul. By default the Web UI files are not installed to allow
headless installation.
hashicorp__consul_webui: '{{ (ansible_local.hashicorp.consul_webui
if (ansible_local|d() and ansible_local.hashicorp|d() and
ansible_local.hashicorp.consul_webui|d())
else False) | bool }}'
-
hashicorp__consul_webui_suffix¶
The filename suffix of the Consul Web UI archive file.
hashicorp__consul_webui_suffix: 'web_ui.zip'
-
hashicorp__consul_webui_path¶
Absolute path where the Consul Web UI files should be installed.
hashicorp__consul_webui_path: '{{ (ansible_local.nginx.www
if (ansible_local|d() and ansible_local.nginx|d()
and ansible_local.nginx.www|d())
else "/srv/www") + "/consul/sites/public" }}'
Configuration for other Ansible roles¶
-
hashicorp__keyring__dependent_gpg_keys¶
Configuration for the debops.keyring Ansible role.
hashicorp__keyring__dependent_gpg_keys:
- user: '{{ hashicorp__user }}'
group: '{{ hashicorp__group }}'
home: '{{ hashicorp__home }}'
id: '{{ hashicorp__gpg_key_id }}'
state: '{{ "present"
if (hashicorp__applications or hashicorp__dependent_applications)
else "absent" }}'