chore(deps): update dependency pytest to v8.1.1 (#201)

chore(deps): update dependency pytest to v8.1.1 fix(ubuntu): add docker plugin to ubuntu template fix(consul): add ansible plugin to consul template feat(vault): add autojoin token fix(vault): fix plugin declaration in vault template ci(vault): add vault autojoin token to vault secrets Signed-off-by: Bruce Becker <[email protected]> --------- Signed-off-by: Bruce Becker <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Bruce Becker <[email protected]>
brucellino · Mar 12, 2024 · a308b31 · a308b31
1 parent c06e98d
commit a308b31
Show file tree

Hide file tree

Showing 8 changed files with 56 additions and 17 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -44,6 +44,8 @@ jobs:
           ${HOME}/bin/vault secrets enable -path="kv" kv-v2
       - name: Populate the DO secret
         run: ${HOME}/bin/vault kv put -mount="digitalocean" tokens packer=${{ secrets.DO_TOKEN }}
+      - name: Populate vault autojoin token
+        run: ${HOME}/bin/vault kv patch -mount="digitalocean" tokens vault_auto_join=${{ secrets.DO_TOKEN }}
       - name: Populate the GH secret
         run: ${HOME}/bin/vault kv put -mount="kv" github ghcr_token=${{ secrets.GITHUB_TOKEN }}
       - name: Populate Consul Encryption Key

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -30,7 +30,9 @@ repos:
     hooks:
       - id: commitlint
         stages: [commit-msg]
-        additional_dependencies: ['@commitlint/config-conventional']
+        additional_dependencies:
+          - "@commitlint/config-conventional"
+          - "@commitlint/cli"
   - repo: https://github.com/ansible-community/ansible-lint
     rev: v24.2.0
     hooks:

diff --git a/consul/consul-do.pkr.hcl b/consul/consul-do.pkr.hcl
@@ -8,6 +8,10 @@ packer {
       version = ">= v1.0.8"
       source  = "github.com/hashicorp/docker"
     }
+    ansible = {
+      version = "~> 1"
+      source = "github.com/hashicorp/ansible"
+    }
   }
 }
 variable "consul_version" {

diff --git a/requirements.txt b/requirements.txt
@@ -2,6 +2,6 @@
 ansible-lint==24.2.0
 ansible==9.3.0
 pyhcl==0.4.5
-pytest==8.1.0
+pytest==8.1.1
 pytest-testinfra==10.1.0
 python-consul==1.1.0
diff --git a/ubuntu-server/ubuntu_server_amd64.pkr.hcl b/ubuntu-server/ubuntu_server_amd64.pkr.hcl
@@ -1,5 +1,11 @@
 packer {
   required_version = ">=1.7.0"
+  required_plugins {
+    docker = {
+      source = "github.com/hashicorp/docker"
+      version = "~> 1"
+    }
+  }
 }
 
 variable "version" {

diff --git a/vault/playbook.yml b/vault/playbook.yml
@@ -3,7 +3,7 @@
   hosts: all
   become: true
   vars:
-    vault_version: 1.13.0
+    vault_version: 1.15.1
     vault_config_dir: /etc/vault
     vault_bin_dir: /usr/local/bin
     raft_data_dir: /data/raft
@@ -16,12 +16,11 @@
       - unzip
     region: "ams3"
   pre_tasks:
-    - name: Wait
-      ansible.builtin.pause:
-        seconds: 60
-    - name: Force update
-      ansible.builtin.raw: apt-get -y update
-      changed_when: false
+    - name: Wait for cloud-init to finish
+      ansible.builtin.wait_for:
+        state: present
+        path: /var/log/cloud-init-output.log
+        search_regex: "^Cloud-init.*finished.*$"
   tasks:
     - name: Ensure prerequisites
       ansible.builtin.package:

diff --git a/vault/vault-do.pkr.hcl b/vault/vault-do.pkr.hcl
@@ -1,9 +1,13 @@
 packer {
   required_plugins {
     digitalocean = {
-      version = ">= v1.1.0"
+      version = ">= v1.2.0"
       source  = "github.com/digitalocean/digitalocean"
     }
+    ansible = {
+      version = "~> 1"
+      source = "github.com/hashicorp/ansible"
+    }
   }
 }
 
@@ -21,14 +25,22 @@ variable "size" {
 variable "base_image_name" {
   type      = string
   sensitive = false
-  default   = "20.04 (LTS) x64"
+  default   = "23.10 x64"
 }
 
 local "do_token" {
   expression = vault("digitalocean/data/tokens", "packer")
   sensitive  = true
 }
 
+local "autojoin_token" {
+  expression = vault("digitalocean/data/tokens", "vault_auto_join")
+  sensitive = true
+}
+
+local "build_tag" {
+  expression = join("-", ["created", "at", formatdate("YYYY-MM-DD-hh-mm", timestamp())])
+}
 
 variable "vpc_uuid" {
   type      = string
@@ -56,7 +68,7 @@ source "digitalocean" "server" {
   monitoring         = true
   private_networking = true
   droplet_name       = "vault-build-${formatdate("YYYY-MM-DD-hh-mm", timestamp())}"
-  tags               = ["packer", "vault"]
+  tags               = ["packer", "vault", "auto-destroy", local.build_tag]
   vpc_uuid           = var.vpc_uuid
 }
 
@@ -67,7 +79,15 @@ build {
     playbook_file = "playbook.yml"
     extra_arguments = [
       "--extra-vars",
-      "region=${var.region}"
+      "region=${var.region}",
+      "--extra-vars",
+      "autojoin_token=${local.autojoin_token}"
+    ]
+  }
+  provisioner "shell" {
+    inline = [
+      "ls -lht /etc/vault.d",
+      "cat /etc/vault.d/vault.hcl"
     ]
   }
 }
diff --git a/vault/vault.hcl.j2 b/vault/vault.hcl.j2
@@ -1,3 +1,5 @@
+ui = true
+
 storage "raft" {
  path = "[[ raft_data_dir ]]"
  node_id = "digitalocean-host"
@@ -19,12 +21,12 @@ listener "tcp" {
 
 {% raw %}
 listener "tcp" {
-  address = "{{ GetInterfaceIP \"eth0\" }}:8200"
+  address = "{{ GetInterfaceIP \"eth1\" }}:8200"
   tls_disable = true
 }
 
-api_addr = "http://{{ GetInterfaceIP \"eth0\" }}:8200"
-cluster_addr = "http://{{ GetInterfaceIP \"eth0\" }}:8201"
+api_addr = "http://{{ GetInterfaceIP \"eth1\" }}:8200"
+cluster_addr = "http://{{ GetInterfaceIP \"eth1\" }}:8201"
 {% endraw %}
 
 {% if consul_agent | default (false) %}
@@ -36,4 +38,8 @@ service_registration "consul" {
 }
 {% endif %}
 
-ui = true
+
+telemetry {
+  disable_hostname = false
+  prometheus_retention_time = "24h"
+}