Patrick de Ruiter
22d78bf85c
All checks were successful
Code Quality & Security Scan / TFLint (push) Successful in 24s
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 30s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 44s
Code Quality & Security Scan / Terraform Validate (push) Successful in 43s
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 47s
- Remove ansible/ from .gitignore - Add vault_agent role (copied from terraform-vsphere-infra) - Add vault_agent-playbook.yml for deployment - Include ansible collections (cloud.terraform, ansible.posix, etc.) - Archive consul_template role as consul_template-legacy The ansible directory contains the vault-agent deployment automation that replaces the legacy consul-template approach.
32 lines
796 B
YAML
32 lines
796 B
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# Group variables for all hosts
|
|
|
|
# Consul-template configuration
|
|
consul_template:
|
|
version: "0.37.4"
|
|
user: "consul-template"
|
|
group: "consul-template"
|
|
install_dir: "/usr/local/bin"
|
|
config_dir: "/etc/consul-template"
|
|
log_level: "INFO"
|
|
|
|
# Certificate deployment paths
|
|
certificate_paths:
|
|
cert_dir: "/etc/ssl/certs"
|
|
private_dir: "/etc/ssl/private"
|
|
cert_file: "{{ short_hostname }}.pem"
|
|
private_key_file: "{{ short_hostname }}.key"
|
|
chain_file: "le-chaincert.pem"
|
|
|
|
# Service restart commands
|
|
service_reload_commands:
|
|
nginx: "systemctl reload nginx"
|
|
apache: "systemctl reload apache2"
|
|
default: "systemctl reload nginx"
|
|
|
|
# Architecture mapping for consul-template binary download
|
|
arch_mapping:
|
|
x86_64: amd64
|
|
aarch64: arm64
|
|
armv7l: arm |