debops.hashicorp default variables
Sections
APT package management
- hashicorp__base_packages
List of APT packages required by the role to function.
hashicorp__base_packages: [ 'rsync', 'openssl', 'ca-certificates', 'unzip' ]
- hashicorp__packages
List of additional APT packages to install on hosts managed by the role.
hashicorp__packages: []
- hashicorp__dependent_packages
List of APT packages to install requested by other Ansible roles.
hashicorp__dependent_packages: []
HashiCorp user account
- hashicorp__user
Name of the system account which will perform signature and archive verification.
hashicorp__user: 'hashicorp'
- hashicorp__group
Name of the primary system group of the HashiCorp account.
hashicorp__group: 'hashicorp'
- hashicorp__home
Path to the home directory of the HashiCorp account.
hashicorp__home: '{{ (ansible_local.fhs.home | d("/var/local"))
+ "/" + hashicorp__user }}'
- hashicorp__comment
The GECOS string set for the HashiCorp account.
hashicorp__comment: 'HashiCorp Application Manager'
- hashicorp__shell
The default shell of the HashiCorp account.
hashicorp__shell: '/usr/sbin/nologin'
OpenPGP key and keyserver
See debops.hashicorp security considerations for details about how the role uses the HashiCorp company OpenPGP keys.
- hashicorp__gpg_key_id
The OpenPGP key fingerprint of the HashiCorp company.
hashicorp__gpg_key_id: 'C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F'
- hashicorp__keyserver
URL of the OpenPGP keyserver used to obtain the HashiCorp OpenPGP key.
hashicorp__keyserver: '{{ ansible_local.keyring.keyserver|d("hkp://keyserver.ubuntu.com") }}'
HashiCorp Application lists
- hashicorp__applications
List of HashiCorp applications that should be installed on a given host.
To find out what applications are supported, check the names of the keys
in the hashicorp__default_version_map
dictionary.
hashicorp__applications: []
- hashicorp__dependent_applications
List of HashiCorp applications that are requested by other Ansible roles using dependent variables.
hashicorp__dependent_applications: []
HashiCorp application versions
- hashicorp__default_version_map
YAML dictionary which maps the HashiCorp application names to their versions. This is the main dictionary and shouldn't be modified by the user if possible.
hashicorp__default_version_map:
'atlas-upload-cli': '0.2.0'
'consul': '0.8.3'
'consul-replicate': '0.3.1'
'consul-template': '0.18.3'
'docker-base': '0.0.4'
'docker-basetool': '0.0.3'
'envconsul': '0.6.2'
'nomad': '0.5.6'
'otto': '0.2.0'
'packer': '1.0.0'
'serf': '0.8.1'
'terraform': '0.9.5'
'vault': '0.7.2'
'vault-ssh-helper': '0.1.3'
# The applications below have incompatible release formats:
#'vagrant': '1.9.5'
- hashicorp__version_map
An additional YAML dictionary which defines mapping between HashiCorp applications and their versions. This dictionary should be used to override the default version if necessary.
hashicorp__version_map: {}
- hashicorp__combined_version_map
The YAML dictionary used by the role to lookup specific versions of HashiCorp applications to install.
hashicorp__combined_version_map: '{{ hashicorp__default_version_map
| combine(hashicorp__version_map) }}'
Archive binary overrides
- hashicorp__default_binary_map
Some of the HashiCorp applications use different location or name of binaries in their archives. This YAML dictionary is used to override the default binary name(s) to the correct ones when necessary. Paths are relative to the specific archive directory.
hashicorp__default_binary_map:
'atlas-upload-cli': 'atlas-upload'
'docker-base': [ 'bin/dumb-init', 'bin/gosu' ]
- hashicorp__binary_map
Custom YAML dictionary with binary name overrides. This variable can be used by the user when necessary.
hashicorp__binary_map: {}
- hashicorp__combined_binary_map
The YAML dictionary variable used by the role to override paths to the specific archive binaries.
hashicorp__combined_binary_map: '{{ hashicorp__default_binary_map
| combine(hashicorp__binary_map) }}'
Base directory paths
- hashicorp__src
Base path to the directory with HashiCorp binary archives, their hash signatures and OpenPGP signatures.
hashicorp__src: '{{ (ansible_local.fhs.src | d("/usr/local/src"))
+ "/" + hashicorp__user + "/" +
(hashicorp__base_url.split("://")|last | split("/") | first) }}'
- hashicorp__lib
Base path to the directory where HashiCorp archives are unpacked after verification.
hashicorp__lib: '{{ (ansible_local.fhs.lib | d("/usr/local/lib"))
+ "/" + hashicorp__user }}'
- hashicorp__bin
Base path to the directory where HashiCorp application binaries will be
installed by the root
account.
hashicorp__bin: '{{ ansible_local.fhs.bin | d("/usr/local/bin") }}'
HashiCorp application repositories
- hashicorp__base_url
The base URL of the HashiCorp webserver with application releases.
hashicorp__base_url: 'https://releases.hashicorp.com/'
- hashicorp__platform
Name of the current OS platform in the format used by the HashiCorp application archive filenames.
hashicorp__platform: '{{ ansible_system | lower }}'
- hashicorp__architecture
Key used to lookup current system architecture.
hashicorp__architecture: '{{ ansible_architecture }}'
- hashicorp__architecture_map
YAML dictionary that maps the system architecture as used by Ansible to the architecture names used in the HashiCorp archive filenames.
hashicorp__architecture_map:
'x86_64': 'amd64'
'i386': '386'
'armhf': 'arm'
- hashicorp__tar_suffix
The filename suffix of the HashiCorp application archive.
hashicorp__tar_suffix: '{{ hashicorp__platform + "_"
+ hashicorp__architecture_map[hashicorp__architecture]
+ ".zip" }}'
- hashicorp__hash_suffix
The filename suffix of the file which contains SHA256 hashes of the released files.
hashicorp__hash_suffix: 'SHA256SUMS'
- hashicorp__sig_suffix
The filename suffix of the file which contains OpenPGP signature of the file with SHA256 hashes, signed by the HashiCorp OpenPGP key.
hashicorp__sig_suffix: '{{ hashicorp__hash_suffix + ".sig" }}'
Consul Web UI configuration
- hashicorp__consul_webui
Boolean variable which controls if the Consul Web UI should be installed
alongside consul
. By default the Web UI files are not installed to allow
headless installation.
hashicorp__consul_webui: '{{ ansible_local.hashicorp.consul_webui|d(False) | bool }}'
- hashicorp__consul_webui_suffix
The filename suffix of the Consul Web UI archive file.
hashicorp__consul_webui_suffix: 'web_ui.zip'
- hashicorp__consul_webui_path
Absolute path where the Consul Web UI files should be installed.
hashicorp__consul_webui_path: '{{ ansible_local.nginx.www|d("/srv/www") + "/consul/sites/public" }}'
Configuration for other Ansible roles
- hashicorp__keyring__dependent_gpg_keys
Configuration for the debops.keyring Ansible role.
hashicorp__keyring__dependent_gpg_keys:
- user: '{{ hashicorp__user }}'
group: '{{ hashicorp__group }}'
home: '{{ hashicorp__home }}'
id: '{{ hashicorp__gpg_key_id }}'
state: '{{ "present"
if (hashicorp__applications or hashicorp__dependent_applications)
else "absent" }}'
# The old GPG key has been revoked
# https://discuss.hashicorp.com/t/hcsec-2021-12-codecov-security-event-and-hashicorp-gpg-key-exposure/23512
- user: '{{ hashicorp__user }}'
id: '91A6 E7F8 5D05 C656 30BE F189 5185 2D87 348F FC4C'
state: 'absent'