aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible/roles
diff options
context:
space:
mode:
authorpmikus <peter.mikus@protonmail.ch>2023-09-04 10:17:48 +0000
committerpmikus <peter.mikus@protonmail.ch>2023-09-04 10:17:48 +0000
commit2c444586dad69f6d3976a72c9e50ef34c306d038 (patch)
tree26a6c39fe2382580574d4752c6a50b598be4f0e3 /fdio.infra.ansible/roles
parentcfc7541eced4947eb0a3853c2090aadab9027411 (diff)
feat(ansible): Consul upgrade
Signed-off-by: pmikus <peter.mikus@protonmail.ch> Change-Id: Ifde27d3bd637364e3a1cc56477e79f26f0e57827
Diffstat (limited to 'fdio.infra.ansible/roles')
-rw-r--r--fdio.infra.ansible/roles/consul/defaults/main.yaml37
-rw-r--r--fdio.infra.ansible/roles/consul/handlers/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/consul/meta/main.yaml22
-rw-r--r--fdio.infra.ansible/roles/consul/tasks/main.yaml129
-rw-r--r--fdio.infra.ansible/roles/consul/templates/ports.hcl.j22
-rw-r--r--fdio.infra.ansible/roles/consul/templates/services.json.j213
-rw-r--r--fdio.infra.ansible/roles/consul/vars/main.yaml2
7 files changed, 73 insertions, 134 deletions
diff --git a/fdio.infra.ansible/roles/consul/defaults/main.yaml b/fdio.infra.ansible/roles/consul/defaults/main.yaml
index 503857de92..9ea38efb56 100644
--- a/fdio.infra.ansible/roles/consul/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/consul/defaults/main.yaml
@@ -1,5 +1,5 @@
---
-# file: roles/consul/defaults/main.yaml
+# file: defaults/main.yaml
# Inst - Prerequisites.
packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
@@ -24,7 +24,7 @@ consul_architecture_map:
32-bit: "386"
64-bit: "amd64"
consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}"
-consul_version: "1.12.2"
+consul_version: "1.16.1"
consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip"
consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}"
consul_force_update: false
@@ -47,41 +47,32 @@ consul_service_mgr: ""
# Conf - User and group.
consul_group: "consul"
-consul_group_state: "present"
consul_user: "consul"
-consul_user_state: "present"
# Conf - base.hcl
+consul_allow_tls: true
consul_bind_addr: "{{ ansible_default_ipv4.address }}"
+consul_bootstrap_expect: 1
consul_client_addr: "0.0.0.0"
consul_datacenter: "dc1"
consul_disable_update_check: true
consul_enable_debug: false
consul_enable_syslog: true
+consul_encrypt: ""
consul_log_level: "INFO"
consul_node_name: "{{ inventory_hostname }}"
-consul_retry_join: true
-consul_bootstrap_expect: 2
-consul_encrypt: ""
-consul_ca_file: "{{ consul_ssl_dir }}/ca.pem"
-consul_cert_file: "{{ consul_ssl_dir }}/consul.pem"
-consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem"
-consul_verify_incoming: false
-consul_verify_outgoing: false
-consul_vefify_server_hostname: false
-consul_allow_tls: false
-consul_ui_config:
- enabled: true
consul_recursors:
- 1.1.1.1
- 8.8.8.8
-consul_certificates:
- - src: "{{ file_consul_ca_pem }}"
- dest: "{{ consul_ca_file }}"
- - src: "{{ file_consul_server_0_pem }}"
- dest: "{{ consul_cert_file }}"
- - src: "{{ file_consul_server_0_key_pem }}"
- dest: "{{ consul_key_file }}"
+consul_retry_join: false
+consul_ui_config:
+ enabled: true
+consul_verify_incoming: true
+consul_verify_outgoing: true
+consul_vefify_server_hostname: false
+consul_ca_file: "{{ consul_ssl_dir }}/ca.pem"
+consul_cert_file: "{{ consul_ssl_dir }}/consul.pem"
+consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem"
# Conf - ports.hcl
consul_port_dns: 53
diff --git a/fdio.infra.ansible/roles/consul/handlers/main.yaml b/fdio.infra.ansible/roles/consul/handlers/main.yaml
index a88ae45d27..a9de4d1439 100644
--- a/fdio.infra.ansible/roles/consul/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/consul/handlers/main.yaml
@@ -1,5 +1,5 @@
---
-# file roles/consul/handlers/main.yaml
+# file handlers/main.yaml
- name: Restart Nomad
ansible.builtin.systemd:
diff --git a/fdio.infra.ansible/roles/consul/meta/main.yaml b/fdio.infra.ansible/roles/consul/meta/main.yaml
index e41a0258fc..673c3b738d 100644
--- a/fdio.infra.ansible/roles/consul/meta/main.yaml
+++ b/fdio.infra.ansible/roles/consul/meta/main.yaml
@@ -1,17 +1,21 @@
---
-# file: roles/consul/meta/main.yaml
+# file: meta/main.yaml
dependencies: []
+
galaxy_info:
- role_name: consul
- author: fd.io
- description: Hashicrop Consul.
- company: none
+ role_name: "consul"
+ author: "pmikus"
+ description: "Hashicorp Consul."
+ company: "none"
license: "license (Apache)"
- min_ansible_version: 2.9
+ min_ansible_version: "2.9"
platforms:
- - name: Ubuntu
+ - name: "Ubuntu"
versions:
- - jammy
+ - "focal"
+ - "jammy"
+ - "kinetic"
galaxy_tags:
- - consul
+ - "consul"
+ - "hashicorp"
diff --git a/fdio.infra.ansible/roles/consul/tasks/main.yaml b/fdio.infra.ansible/roles/consul/tasks/main.yaml
index 1d6bcc0b0b..69678f9739 100644
--- a/fdio.infra.ansible/roles/consul/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/consul/tasks/main.yaml
@@ -1,16 +1,16 @@
---
-# file: roles/consul/tasks/main.yaml
+# file: tasks/main.yaml
-- name: Inst - Update Repositories Cache
- apt:
+- name: Update Repositories Cache
+ ansible.builtin.apt:
update_cache: true
when:
- ansible_os_family == 'Debian'
tags:
- consul-inst-package
-- name: Inst - Dependencies
- apt:
+- name: Dependencies
+ ansible.builtin.apt:
name: "{{ packages | flatten(levels=1) }}"
state: "present"
cache_valid_time: 3600
@@ -20,31 +20,31 @@
tags:
- consul-inst-dependencies
-- name: Conf - Add Consul Group
- group:
+- name: Add Consul Group
+ ansible.builtin.group:
name: "{{ consul_group }}"
- state: "{{ consul_group_state }}"
+ state: "present"
tags:
- consul-conf-user
-- name: Conf - Add Consul user
- user:
+- name: Add Consul user
+ ansible.builtin.user:
name: "{{ consul_user }}"
group: "{{ consul_group }}"
- state: "{{ consul_user_state }}"
+ state: "present"
system: true
tags:
- consul-conf-user
-- name: Inst - Download Consul
- get_url:
+- name: Download Consul
+ ansible.builtin.get_url:
url: "{{ consul_zip_url }}"
dest: "{{ consul_inst_dir }}/{{ consul_pkg }}"
tags:
- consul-inst-package
-- name: Inst - Clean Consul
- file:
+- name: Clean Consul
+ ansible.builtin.file:
path: "{{ consul_inst_dir }}/consul"
state: "absent"
when:
@@ -52,16 +52,16 @@
tags:
- consul-inst-package
-- name: Inst - Unarchive Consul
- unarchive:
+- name: Unarchive Consul
+ ansible.builtin.unarchive:
src: "{{ consul_inst_dir }}/{{ consul_pkg }}"
dest: "{{ consul_inst_dir }}/"
remote_src: true
tags:
- consul-inst-package
-- name: Inst - Consul
- copy:
+- name: Consul
+ ansible.builtin.copy:
src: "{{ consul_inst_dir }}/consul"
dest: "{{ consul_bin_dir }}"
owner: "{{ consul_user }}"
@@ -72,78 +72,36 @@
tags:
- consul-inst-package
-- name: Conf - Create Directories "{{ consul_data_dir }}"
- file:
- dest: "{{ consul_data_dir }}"
- state: directory
- owner: "{{ consul_user }}"
- group: "{{ consul_group }}"
- tags:
- - consul-conf
-
-- name: Conf - Create Directories "{{ consul_ssl_dir }}"
- file:
- dest: "{{ consul_ssl_dir }}"
- state: directory
- owner: "{{ consul_user }}"
- group: "{{ consul_group }}"
- tags:
- - consul-conf
-
-- name: Conf - Create Config Directory
- file:
- dest: "{{ consul_config_dir }}"
- state: directory
+- name: Create Directories
+ ansible.builtin.file:
+ dest: "{{ item }}"
+ state: "directory"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0755
+ with_items:
+ - "{{ consul_data_dir }}"
+ - "{{ nomad_config_dir }}"
+ - "{{ nomad_ssl_dir }}"
tags:
- consul-conf
-- name: Conf - Base Configuration
- template:
- src: base.hcl.j2
- dest: "{{ consul_config_dir }}/base.hcl"
+- name: Base Configuration
+ ansible.builtin.template:
+ src: "{{ item }}.hcl.j2"
+ dest: "{{ consul_config_dir }}/{{ item }}.hcl"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0644
+ with_items:
+ - "base"
+ - "ports"
+ - "telemetry"
tags:
- consul-conf
-- name: Conf - Ports Configuration
- template:
- src: ports.hcl.j2
- dest: "{{ consul_config_dir }}/ports.hcl"
- owner: "{{ consul_user }}"
- group: "{{ consul_group }}"
- mode: 0644
- tags:
- - consul-conf
-
-- name: Conf - Telemetry Configuration
- template:
- src: telemetry.hcl.j2
- dest: "{{ consul_config_dir }}/telemetry.hcl"
- owner: "{{ consul_user }}"
- group: "{{ consul_group }}"
- mode: 0644
- tags:
- - consul-conf
-
-- name: Conf - Services Configuration
- template:
- src: services.json.j2
- dest: "{{ consul_config_dir }}/services.json"
- owner: "{{ consul_user }}"
- group: "{{ consul_group }}"
- mode: 0644
- when:
- - consul_services
- tags:
- - consul-conf
-
-- name: Conf - Copy Certificates And Keys
- copy:
+- name: Copy Certificates And Keys
+ ansible.builtin.copy:
content: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ consul_user }}"
@@ -156,8 +114,8 @@
tags:
- consul-conf
-- name: Conf - Stop Systemd-resolved
- systemd:
+- name: Stop Systemd-resolved
+ ansible.builtin.systemd:
daemon_reload: true
enabled: false
name: "systemd-resolved"
@@ -167,8 +125,8 @@
tags:
- consul-conf
-- name: Conf - System.d Script
- template:
+- name: System.d Script
+ ansible.builtin.template:
src: "consul_systemd.service.j2"
dest: "/lib/systemd/system/consul.service"
owner: "root"
@@ -176,11 +134,10 @@
mode: 0644
notify:
- "Restart Consul"
- - "Restart Nomad"
when:
- consul_service_mgr == "systemd"
tags:
- consul-conf
-- name: Meta - Flush handlers
- meta: flush_handlers
+- name: Flush handlers
+ ansible.builtin.meta: flush_handlers
diff --git a/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2
index a658060ce8..02932bf6dc 100644
--- a/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2
+++ b/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2
@@ -2,7 +2,7 @@ ports {
dns = {{ consul_port_dns }}
http = {{ consul_port_http }}
https = {{ consul_port_https }}
- grpc = {{ consul_port_grpc }}
+ grpc_tls = {{ consul_port_grpc }}
serf_lan = {{ consul_port_serf_lan }}
serf_wan = {{ consul_port_serf_wan }}
server = {{ consul_port_server }}
diff --git a/fdio.infra.ansible/roles/consul/templates/services.json.j2 b/fdio.infra.ansible/roles/consul/templates/services.json.j2
deleted file mode 100644
index 3245ba92a4..0000000000
--- a/fdio.infra.ansible/roles/consul/templates/services.json.j2
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- "services": [
-{% for item in consul_services %}
- {
- "name": "{{ item.name }}",
- "port": {{ item.port }}
- }
-{%- if not loop.last %},
-{% endif %}
-{% endfor %}
-
- ]
-} \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/consul/vars/main.yaml b/fdio.infra.ansible/roles/consul/vars/main.yaml
index b46333a7a7..5d813dffc7 100644
--- a/fdio.infra.ansible/roles/consul/vars/main.yaml
+++ b/fdio.infra.ansible/roles/consul/vars/main.yaml
@@ -1,5 +1,5 @@
---
-# file: roles/consul/vars/main.yaml
+# file: vars/main.yaml
consul_node_client: "{{ (consul_node_role == 'client') or (consul_node_role == 'both') }}"
consul_node_server: "{{ (consul_node_role == 'server') or (consul_node_role == 'both') }}"