From 950a2d5fad11d961886b2cfaefde6850ab0d7802 Mon Sep 17 00:00:00 2001 From: Robin Schneider Date: Sat, 27 Aug 2016 11:21:58 +0200 Subject: [PATCH] debops-optimize --- CHANGES.rst | 4 ++-- COPYRIGHT | 4 ++-- docs/ansible-integration.rst | 16 ++++++++-------- docs/getting-started.rst | 6 +++--- docs/introduction.rst | 2 +- docs/security.rst | 10 +++++----- 6 files changed, 21 insertions(+), 21 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 807a1e3..784722f 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -6,9 +6,9 @@ Changelog **debops.hashicorp** This project adheres to `Semantic Versioning `__ -and `human-readable changelog `_. +and `human-readable changelog `__. -The current role maintainer is drybjed_. +The current role maintainer_ is drybjed_. `debops.hashicorp master`_ - unreleased diff --git a/COPYRIGHT b/COPYRIGHT index 673ea48..163f655 100644 --- a/COPYRIGHT +++ b/COPYRIGHT @@ -1,7 +1,7 @@ debops.hashicorp - Securely install HashiCorp applications Copyright (C) 2016 Maciej Delmanowski -Copyright (C) 2016 DebOps Project http://debops.org/ +Copyright (C) 2016 DebOps https://debops.org/ This Ansible role is part of DebOps. @@ -15,4 +15,4 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License -along with DebOps. If not, see http://www.gnu.org/licenses/. +along with DebOps. If not, see https://www.gnu.org/licenses/. diff --git a/docs/ansible-integration.rst b/docs/ansible-integration.rst index 2602cfd..7797234 100644 --- a/docs/ansible-integration.rst +++ b/docs/ansible-integration.rst @@ -12,13 +12,13 @@ Ansible integration Support for other Ansible roles ------------------------------- -The debops.hashicorp_ Ansible role is designed to be used by other Ansible +The ``debops.hashicorp`` Ansible role is designed to be used by other Ansible roles as role dependency. By design, the application binaries are installed in the specified path and the rest of the service configuration, including service process manager configuration, firewall, TCP/UDP port registration in :file:`/etc/services`, etc. is left to the user or other Ansible roles. -To facilitate seamless role integration, debops.hashicorp_ role provides +To facilitate seamless role integration, ``debops.hashicorp`` role provides a set of default variables and Ansible local facts that can be used by other Ansible roles idempotently. Thus, the modification of the role itself shouldn't be needed, and it can should be easily integrated in the different playbooks @@ -29,15 +29,15 @@ Default variables available to other roles ------------------------------------------ You can use these variables in the playbook to influence the operation of the -debops.hashicorp_ role from another role: +``debops.hashicorp`` role from another role: :envvar:`hashicorp__dependent_packages` - List of APT packages which should be installed when the debops.hashicorp_ + List of APT packages which should be installed when the ``debops.hashicorp`` role is executed. :envvar:`hashicorp__dependent_applications` List of HashiCorp_ applications which should be installed by the - debops.hashicorp_ role. For the list of available applications, refer to + ``debops.hashicorp`` role. For the list of available applications, refer to the :envvar:`hashicorp__default_version_map` variable. :envvar:`hashicorp__consul_webui` @@ -54,7 +54,7 @@ In a hypothetical ``consul`` Ansible role create a default variable: consul__hashicorp_application: 'consul' -Next, in the playbook that executes your role, include the debops.hashicorp_ +Next, in the playbook that executes your role, include the ``debops.hashicorp`` role with your custom variable: .. code-block:: yaml @@ -73,7 +73,7 @@ role with your custom variable: This playbook will then install the Consul_ application after verification, and configure it using your own Ansible role. Make sure that you use YAML list -syntax correctly, otherwise the debops.hashicorp_ role will fail due to +syntax correctly, otherwise the ``debops.hashicorp`` role will fail due to wrong variable type mismatch. To install multiple applications at once, you can use a different variant of the variables and playbook. @@ -104,7 +104,7 @@ The playbook: Ansible local facts ------------------- -The debops.hashicorp_ role maintains a set of Ansible local facts with +The ``debops.hashicorp`` role maintains a set of Ansible local facts with information about the installed applications. Other roles can use these facts in an idempotent way to prepare their own configuration. These facts are: diff --git a/docs/getting-started.rst b/docs/getting-started.rst index 6c3a08f..1174233 100644 --- a/docs/getting-started.rst +++ b/docs/getting-started.rst @@ -10,7 +10,7 @@ Getting started Initial configuration --------------------- -The debops.hashicorp_ role does not install any HashiCorp_ applications by +The ``debops.hashicorp`` role does not install any HashiCorp_ applications by default, even if enabled in the Ansible inventory. You need to specify the application names you wish to install using the :envvar:`hashicorp__applications` list. For example, to install ``consul`` on all hosts that use the role, create @@ -40,7 +40,7 @@ more details. Example inventory ----------------- -The debops.hashicorp_ Ansible role is not enabled by default. To enable it +The ``debops.hashicorp`` Ansible role is not enabled by default. To enable it on a host, you need to include that host in the ``[debops_service_hashicorp]`` inventory group: @@ -54,7 +54,7 @@ Example playbook ---------------- If you are using this role without DebOps, here's an example Ansible playbook -that uses the debops.hashicorp_ role: +that uses the ``debops.hashicorp`` role: .. literalinclude:: playbooks/hashicorp.yml :language: yaml diff --git a/docs/introduction.rst b/docs/introduction.rst index 45812b8..08d2b92 100644 --- a/docs/introduction.rst +++ b/docs/introduction.rst @@ -3,7 +3,7 @@ Introduction .. include:: includes/all.rst -The debops.hashicorp_ Ansible role can be used to securely install HashiCorp_ +The ``debops.hashicorp`` Ansible role can be used to securely install HashiCorp_ applications, such as `Consul`_, `Terraform`_, `Vault`_ and others. The selected applications are downloaded from the HashiCorp_ release repository, diff --git a/docs/security.rst b/docs/security.rst index 7a6d1a6..621f218 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -12,7 +12,7 @@ debops.hashicorp security considerations Role security guidelines ------------------------ -Because the debops.hashicorp_ role can be used to install binary Go +Because the ``debops.hashicorp`` role can be used to install binary Go applications on production systems, it was designed to check and validate the archives used for application deployment against a known Trust Path. This document explains the steps taken by the role to authenticate and verify the @@ -28,7 +28,7 @@ Debian Software Repository. The Debian packages for different applications should be the preferred installation method when they are readily available on the Debian Stable release. -The debops.hashicorp_ role is written in the belief that the verified and +The ``debops.hashicorp`` role is written in the belief that the verified and authenticated access to the upstream versions of HashiCorp_ applications, even though installed using binary packages, can still be useful, for example to provide secure installation path to the software not packaged in Debian. @@ -66,7 +66,7 @@ key used by HashiCorp_ is: 91A6 E7F8 5D05 C656 30BE F189 5185 2D87 348F FC4C -The HashiCorp_ OpenPGP key is published on the `keybase.io`_ website, on the +The HashiCorp_ OpenPGP key is published on the keybase.io_ website, on the `hashicorp account `_. The key is tracked by several other users of the site. @@ -82,11 +82,11 @@ and can be imported from there using the :command:`gpg` command: Software installation procedure ------------------------------- -The steps outlined below describe the method used by the debops.hashicorp_ +The steps outlined below describe the method used by the ``debops.hashicorp`` role to verify and install the HashiCorp_ applications selected by the user or another Ansible role: -- The debops.hashicorp_ Ansible role creates a separate, unprivileged system +- The ``debops.hashicorp`` Ansible role creates a separate, unprivileged system group and UNIX user account, by default both named ``hashicorp``. The account does not provide shell access and uses :file:`/usr/sbin/nologin` shell by default.