Complete configuration of API via Ansible

2023-09-01 15:42:21 -04:00
parent 32bcbbeca0
commit 5d3de3ece2
3 changed files with 69 additions and 17 deletions
--- a/roles/pvc/tasks/pvc/main.yml
+++ b/roles/pvc/tasks/pvc/main.yml
@ -12,21 +12,38 @@

 - name: install pvc configurations
  template:
-    src: pvc/{{ item }}.yaml.j2
-    dest: /etc/pvc/{{ item }}.yaml
+    src: pvc/{{ item }}.j2
+    dest: /etc/pvc/{{ item }}
  notify:
-    - restart {{ item }}
+    - restart pvcd
  with_items:
-    - pvcd
-    - pvc-api
+    - pvcd.yaml
+    - pvc-api.yaml
+
+- name: install API SSL certificate file
+  copy:
+    content: "{{ pvc_api_ssl_cert }}"
+    dest: /etc/pvc/api-cert.pem
+    mode: 0644
+  no_log: True
+  when: pvc_api_enable_ssl
+
+- name: install API SSL key file
+  copy:
+    content: "{{ pvc_api_ssl_key }}"
+    dest: /etc/pvc/api-key.pem
+    mode: 0640
+  no_log: True
+  when: pvc_api_enable_ssl

 - name: stop and disable unneccessary services
  service:
-    name: "{{ item }}"
+    name: "{{item }}"
    state: stopped
    enabled: no
  with_items:
    - pdns.service
+    - dnsmasq.service

 - include: pvc/bootstrap.yml
  when: bootstrap is defined and bootstrap
--- a/roles/pvc/templates/pvc/pvc-api.yaml.j2
+++ b/roles/pvc/templates/pvc/pvc-api.yaml.j2
@ -3,11 +3,40 @@
 # {{ ansible_managed }}
 pvc:
    coordinators:
-{% for node in pvc_nodes if node.is_coordinator %}
-        - {{ node.hostname }}.{{ pvc_cluster_domain }}
-{% endfor %}
    api:
        listen_address: "{{ pvc_api_listen_address }}"
        listen_port: "{{ pvc_api_listen_port }}"
        authentication:
            key: "{{ pvc_api_authentication_key }}"
+
+pvc:
+    coordinators:
+{% for node in pvc_nodes if node.is_coordinator %}
+        - {{ node.hostname }}
+{% endfor %}
+    # api: Configuration of the API listener
+    api:
+        # listen_address: IP address(es) to listen on; use 0.0.0.0 for all interfaces
+        listen_address: "{{ pvc_api_listen_address }}"
+        # listen_port: TCP port to listen on, usually 7370
+        listen_port: "{{ pvc_api_listen_port }}"
+        # authentication: Authentication and security settings
+        authentication:
+            # enabled: Enable or disable authentication (True/False)
+            enabled: {{ pvc_api_enable_authentication }}
+            # secret_key: Per-cluster secret key for API cookies; generate with uuidgen or pwgen
+            secret_key: "{{ pvc_api_secret_key }}"
+            # tokens: a list of authentication tokens; leave as an empty list to disable authentication
+            tokens:
+{% for token in pvc_api_tokens %}
+				- description: "{{ token.description }}"
+				  token: "{{ token.token }}"
+{% endfor %}
+        # ssl: SSL configuration
+        ssl:
+            # enabled: Enabled or disable SSL operation (True/False)
+            enabled: {{ pvc_api_enable_ssl }}
+            # cert_file: SSL certificate file
+            cert_file: "/etc/pvc/api-cert.pem"
+            # key_file: SSL certificate key file
+            key_file: "/etc/pvc/api-key.pem"