Complete configuration of API via Ansible

This commit is contained in:
Joshua Boniface 2023-09-01 15:42:21 -04:00
parent 32bcbbeca0
commit 5d3de3ece2
3 changed files with 69 additions and 17 deletions

View File

@ -1,5 +1,5 @@
--- ---
# Logging # Logging configuration
pvc_log_to_file: True pvc_log_to_file: True
pvc_log_to_stdout: True pvc_log_to_stdout: True
pvc_log_keepalives: True pvc_log_keepalives: True
@ -7,18 +7,24 @@ pvc_log_keepalive_cluster_details: True
pvc_log_keepalive_storage_details: True pvc_log_keepalive_storage_details: True
pvc_log_console_lines: 1000 pvc_log_console_lines: 1000
# Client API authentication configuration # Client API configuration
# > If the key is left blank, the API will listen UNAUTHENTICATED on all IP addresses of the
# current primary node; use this with care and not in unsecured environments (e.g. if the
# upstream network is untrusted).
pvc_api_authentication_key: "" # Use pwgen to generate
pvc_api_listen_address: "0.0.0.0" pvc_api_listen_address: "0.0.0.0"
pvc_api_listen_port: "7370" pvc_api_listen_port: "7370"
pvc_api_enable_authentication: False
pvc_api_secret_key: ""
pvc_api_tokens:
- description: "myuser"
token: ""
pvc_api_enable_ssl: False
pvc_api_ssl_cert: >
# A RAW CERTIFICATE FILE, installed to /etc/pvc/api-cert.pem
pvc_api_ssl_key: >
# A RAW KEY FILE, installed to /etc/pvc/api-key.pem
# Ceph storage # Ceph storage configuration
pvc_ceph_storage_secret_uuid: "" # Use uuidgen to generate pvc_ceph_storage_secret_uuid: "" # Use uuidgen to generate
# Database configurations # Database configuration
pvc_dns_database_name: "pvcdns" pvc_dns_database_name: "pvcdns"
pvc_dns_database_user: "pvcdns" pvc_dns_database_user: "pvcdns"
pvc_dns_database_password: "" # Use pwgen to generate pvc_dns_database_password: "" # Use pwgen to generate

View File

@ -12,21 +12,38 @@
- name: install pvc configurations - name: install pvc configurations
template: template:
src: pvc/{{ item }}.yaml.j2 src: pvc/{{ item }}.j2
dest: /etc/pvc/{{ item }}.yaml dest: /etc/pvc/{{ item }}
notify: notify:
- restart {{ item }} - restart pvcd
with_items: with_items:
- pvcd - pvcd.yaml
- pvc-api - pvc-api.yaml
- name: install API SSL certificate file
copy:
content: "{{ pvc_api_ssl_cert }}"
dest: /etc/pvc/api-cert.pem
mode: 0644
no_log: True
when: pvc_api_enable_ssl
- name: install API SSL key file
copy:
content: "{{ pvc_api_ssl_key }}"
dest: /etc/pvc/api-key.pem
mode: 0640
no_log: True
when: pvc_api_enable_ssl
- name: stop and disable unneccessary services - name: stop and disable unneccessary services
service: service:
name: "{{ item }}" name: "{{item }}"
state: stopped state: stopped
enabled: no enabled: no
with_items: with_items:
- pdns.service - pdns.service
- dnsmasq.service
- include: pvc/bootstrap.yml - include: pvc/bootstrap.yml
when: bootstrap is defined and bootstrap when: bootstrap is defined and bootstrap

View File

@ -3,11 +3,40 @@
# {{ ansible_managed }} # {{ ansible_managed }}
pvc: pvc:
coordinators: coordinators:
{% for node in pvc_nodes if node.is_coordinator %}
- {{ node.hostname }}.{{ pvc_cluster_domain }}
{% endfor %}
api: api:
listen_address: "{{ pvc_api_listen_address }}" listen_address: "{{ pvc_api_listen_address }}"
listen_port: "{{ pvc_api_listen_port }}" listen_port: "{{ pvc_api_listen_port }}"
authentication: authentication:
key: "{{ pvc_api_authentication_key }}" key: "{{ pvc_api_authentication_key }}"
pvc:
coordinators:
{% for node in pvc_nodes if node.is_coordinator %}
- {{ node.hostname }}
{% endfor %}
# api: Configuration of the API listener
api:
# listen_address: IP address(es) to listen on; use 0.0.0.0 for all interfaces
listen_address: "{{ pvc_api_listen_address }}"
# listen_port: TCP port to listen on, usually 7370
listen_port: "{{ pvc_api_listen_port }}"
# authentication: Authentication and security settings
authentication:
# enabled: Enable or disable authentication (True/False)
enabled: {{ pvc_api_enable_authentication }}
# secret_key: Per-cluster secret key for API cookies; generate with uuidgen or pwgen
secret_key: "{{ pvc_api_secret_key }}"
# tokens: a list of authentication tokens; leave as an empty list to disable authentication
tokens:
{% for token in pvc_api_tokens %}
- description: "{{ token.description }}"
token: "{{ token.token }}"
{% endfor %}
# ssl: SSL configuration
ssl:
# enabled: Enabled or disable SSL operation (True/False)
enabled: {{ pvc_api_enable_ssl }}
# cert_file: SSL certificate file
cert_file: "/etc/pvc/api-cert.pem"
# key_file: SSL certificate key file
key_file: "/etc/pvc/api-key.pem"