diff options
author | pmikus <peter.mikus@protonmail.ch> | 2023-09-04 10:17:48 +0000 |
---|---|---|
committer | pmikus <peter.mikus@protonmail.ch> | 2023-09-04 10:17:48 +0000 |
commit | 2c444586dad69f6d3976a72c9e50ef34c306d038 (patch) | |
tree | 26a6c39fe2382580574d4752c6a50b598be4f0e3 /fdio.infra.ansible/roles | |
parent | cfc7541eced4947eb0a3853c2090aadab9027411 (diff) |
feat(ansible): Consul upgrade
Signed-off-by: pmikus <peter.mikus@protonmail.ch>
Change-Id: Ifde27d3bd637364e3a1cc56477e79f26f0e57827
Diffstat (limited to 'fdio.infra.ansible/roles')
-rw-r--r-- | fdio.infra.ansible/roles/consul/defaults/main.yaml | 37 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/consul/handlers/main.yaml | 2 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/consul/meta/main.yaml | 22 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/consul/tasks/main.yaml | 129 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/consul/templates/ports.hcl.j2 | 2 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/consul/templates/services.json.j2 | 13 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/consul/vars/main.yaml | 2 |
7 files changed, 73 insertions, 134 deletions
diff --git a/fdio.infra.ansible/roles/consul/defaults/main.yaml b/fdio.infra.ansible/roles/consul/defaults/main.yaml index 503857de92..9ea38efb56 100644 --- a/fdio.infra.ansible/roles/consul/defaults/main.yaml +++ b/fdio.infra.ansible/roles/consul/defaults/main.yaml @@ -1,5 +1,5 @@ --- -# file: roles/consul/defaults/main.yaml +# file: defaults/main.yaml # Inst - Prerequisites. packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}" @@ -24,7 +24,7 @@ consul_architecture_map: 32-bit: "386" 64-bit: "amd64" consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}" -consul_version: "1.12.2" +consul_version: "1.16.1" consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip" consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}" consul_force_update: false @@ -47,41 +47,32 @@ consul_service_mgr: "" # Conf - User and group. consul_group: "consul" -consul_group_state: "present" consul_user: "consul" -consul_user_state: "present" # Conf - base.hcl +consul_allow_tls: true consul_bind_addr: "{{ ansible_default_ipv4.address }}" +consul_bootstrap_expect: 1 consul_client_addr: "0.0.0.0" consul_datacenter: "dc1" consul_disable_update_check: true consul_enable_debug: false consul_enable_syslog: true +consul_encrypt: "" consul_log_level: "INFO" consul_node_name: "{{ inventory_hostname }}" -consul_retry_join: true -consul_bootstrap_expect: 2 -consul_encrypt: "" -consul_ca_file: "{{ consul_ssl_dir }}/ca.pem" -consul_cert_file: "{{ consul_ssl_dir }}/consul.pem" -consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem" -consul_verify_incoming: false -consul_verify_outgoing: false -consul_vefify_server_hostname: false -consul_allow_tls: false -consul_ui_config: - enabled: true consul_recursors: - 1.1.1.1 - 8.8.8.8 -consul_certificates: - - src: "{{ file_consul_ca_pem }}" - dest: "{{ consul_ca_file }}" - - src: "{{ file_consul_server_0_pem }}" - dest: "{{ consul_cert_file }}" - - src: "{{ file_consul_server_0_key_pem }}" - dest: "{{ consul_key_file }}" +consul_retry_join: false +consul_ui_config: + enabled: true +consul_verify_incoming: true +consul_verify_outgoing: true +consul_vefify_server_hostname: false +consul_ca_file: "{{ consul_ssl_dir }}/ca.pem" +consul_cert_file: "{{ consul_ssl_dir }}/consul.pem" +consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem" # Conf - ports.hcl consul_port_dns: 53 diff --git a/fdio.infra.ansible/roles/consul/handlers/main.yaml b/fdio.infra.ansible/roles/consul/handlers/main.yaml index a88ae45d27..a9de4d1439 100644 --- a/fdio.infra.ansible/roles/consul/handlers/main.yaml +++ b/fdio.infra.ansible/roles/consul/handlers/main.yaml @@ -1,5 +1,5 @@ --- -# file roles/consul/handlers/main.yaml +# file handlers/main.yaml - name: Restart Nomad ansible.builtin.systemd: diff --git a/fdio.infra.ansible/roles/consul/meta/main.yaml b/fdio.infra.ansible/roles/consul/meta/main.yaml index e41a0258fc..673c3b738d 100644 --- a/fdio.infra.ansible/roles/consul/meta/main.yaml +++ b/fdio.infra.ansible/roles/consul/meta/main.yaml @@ -1,17 +1,21 @@ --- -# file: roles/consul/meta/main.yaml +# file: meta/main.yaml dependencies: [] + galaxy_info: - role_name: consul - author: fd.io - description: Hashicrop Consul. - company: none + role_name: "consul" + author: "pmikus" + description: "Hashicorp Consul." + company: "none" license: "license (Apache)" - min_ansible_version: 2.9 + min_ansible_version: "2.9" platforms: - - name: Ubuntu + - name: "Ubuntu" versions: - - jammy + - "focal" + - "jammy" + - "kinetic" galaxy_tags: - - consul + - "consul" + - "hashicorp" diff --git a/fdio.infra.ansible/roles/consul/tasks/main.yaml b/fdio.infra.ansible/roles/consul/tasks/main.yaml index 1d6bcc0b0b..69678f9739 100644 --- a/fdio.infra.ansible/roles/consul/tasks/main.yaml +++ b/fdio.infra.ansible/roles/consul/tasks/main.yaml @@ -1,16 +1,16 @@ --- -# file: roles/consul/tasks/main.yaml +# file: tasks/main.yaml -- name: Inst - Update Repositories Cache - apt: +- name: Update Repositories Cache + ansible.builtin.apt: update_cache: true when: - ansible_os_family == 'Debian' tags: - consul-inst-package -- name: Inst - Dependencies - apt: +- name: Dependencies + ansible.builtin.apt: name: "{{ packages | flatten(levels=1) }}" state: "present" cache_valid_time: 3600 @@ -20,31 +20,31 @@ tags: - consul-inst-dependencies -- name: Conf - Add Consul Group - group: +- name: Add Consul Group + ansible.builtin.group: name: "{{ consul_group }}" - state: "{{ consul_group_state }}" + state: "present" tags: - consul-conf-user -- name: Conf - Add Consul user - user: +- name: Add Consul user + ansible.builtin.user: name: "{{ consul_user }}" group: "{{ consul_group }}" - state: "{{ consul_user_state }}" + state: "present" system: true tags: - consul-conf-user -- name: Inst - Download Consul - get_url: +- name: Download Consul + ansible.builtin.get_url: url: "{{ consul_zip_url }}" dest: "{{ consul_inst_dir }}/{{ consul_pkg }}" tags: - consul-inst-package -- name: Inst - Clean Consul - file: +- name: Clean Consul + ansible.builtin.file: path: "{{ consul_inst_dir }}/consul" state: "absent" when: @@ -52,16 +52,16 @@ tags: - consul-inst-package -- name: Inst - Unarchive Consul - unarchive: +- name: Unarchive Consul + ansible.builtin.unarchive: src: "{{ consul_inst_dir }}/{{ consul_pkg }}" dest: "{{ consul_inst_dir }}/" remote_src: true tags: - consul-inst-package -- name: Inst - Consul - copy: +- name: Consul + ansible.builtin.copy: src: "{{ consul_inst_dir }}/consul" dest: "{{ consul_bin_dir }}" owner: "{{ consul_user }}" @@ -72,78 +72,36 @@ tags: - consul-inst-package -- name: Conf - Create Directories "{{ consul_data_dir }}" - file: - dest: "{{ consul_data_dir }}" - state: directory - owner: "{{ consul_user }}" - group: "{{ consul_group }}" - tags: - - consul-conf - -- name: Conf - Create Directories "{{ consul_ssl_dir }}" - file: - dest: "{{ consul_ssl_dir }}" - state: directory - owner: "{{ consul_user }}" - group: "{{ consul_group }}" - tags: - - consul-conf - -- name: Conf - Create Config Directory - file: - dest: "{{ consul_config_dir }}" - state: directory +- name: Create Directories + ansible.builtin.file: + dest: "{{ item }}" + state: "directory" owner: "{{ consul_user }}" group: "{{ consul_group }}" mode: 0755 + with_items: + - "{{ consul_data_dir }}" + - "{{ nomad_config_dir }}" + - "{{ nomad_ssl_dir }}" tags: - consul-conf -- name: Conf - Base Configuration - template: - src: base.hcl.j2 - dest: "{{ consul_config_dir }}/base.hcl" +- name: Base Configuration + ansible.builtin.template: + src: "{{ item }}.hcl.j2" + dest: "{{ consul_config_dir }}/{{ item }}.hcl" owner: "{{ consul_user }}" group: "{{ consul_group }}" mode: 0644 + with_items: + - "base" + - "ports" + - "telemetry" tags: - consul-conf -- name: Conf - Ports Configuration - template: - src: ports.hcl.j2 - dest: "{{ consul_config_dir }}/ports.hcl" - owner: "{{ consul_user }}" - group: "{{ consul_group }}" - mode: 0644 - tags: - - consul-conf - -- name: Conf - Telemetry Configuration - template: - src: telemetry.hcl.j2 - dest: "{{ consul_config_dir }}/telemetry.hcl" - owner: "{{ consul_user }}" - group: "{{ consul_group }}" - mode: 0644 - tags: - - consul-conf - -- name: Conf - Services Configuration - template: - src: services.json.j2 - dest: "{{ consul_config_dir }}/services.json" - owner: "{{ consul_user }}" - group: "{{ consul_group }}" - mode: 0644 - when: - - consul_services - tags: - - consul-conf - -- name: Conf - Copy Certificates And Keys - copy: +- name: Copy Certificates And Keys + ansible.builtin.copy: content: "{{ item.src }}" dest: "{{ item.dest }}" owner: "{{ consul_user }}" @@ -156,8 +114,8 @@ tags: - consul-conf -- name: Conf - Stop Systemd-resolved - systemd: +- name: Stop Systemd-resolved + ansible.builtin.systemd: daemon_reload: true enabled: false name: "systemd-resolved" @@ -167,8 +125,8 @@ tags: - consul-conf -- name: Conf - System.d Script - template: +- name: System.d Script + ansible.builtin.template: src: "consul_systemd.service.j2" dest: "/lib/systemd/system/consul.service" owner: "root" @@ -176,11 +134,10 @@ mode: 0644 notify: - "Restart Consul" - - "Restart Nomad" when: - consul_service_mgr == "systemd" tags: - consul-conf -- name: Meta - Flush handlers - meta: flush_handlers +- name: Flush handlers + ansible.builtin.meta: flush_handlers diff --git a/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2 index a658060ce8..02932bf6dc 100644 --- a/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2 +++ b/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2 @@ -2,7 +2,7 @@ ports { dns = {{ consul_port_dns }} http = {{ consul_port_http }} https = {{ consul_port_https }} - grpc = {{ consul_port_grpc }} + grpc_tls = {{ consul_port_grpc }} serf_lan = {{ consul_port_serf_lan }} serf_wan = {{ consul_port_serf_wan }} server = {{ consul_port_server }} diff --git a/fdio.infra.ansible/roles/consul/templates/services.json.j2 b/fdio.infra.ansible/roles/consul/templates/services.json.j2 deleted file mode 100644 index 3245ba92a4..0000000000 --- a/fdio.infra.ansible/roles/consul/templates/services.json.j2 +++ /dev/null @@ -1,13 +0,0 @@ -{ - "services": [ -{% for item in consul_services %} - { - "name": "{{ item.name }}", - "port": {{ item.port }} - } -{%- if not loop.last %}, -{% endif %} -{% endfor %} - - ] -}
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/consul/vars/main.yaml b/fdio.infra.ansible/roles/consul/vars/main.yaml index b46333a7a7..5d813dffc7 100644 --- a/fdio.infra.ansible/roles/consul/vars/main.yaml +++ b/fdio.infra.ansible/roles/consul/vars/main.yaml @@ -1,5 +1,5 @@ --- -# file: roles/consul/vars/main.yaml +# file: vars/main.yaml consul_node_client: "{{ (consul_node_role == 'client') or (consul_node_role == 'both') }}" consul_node_server: "{{ (consul_node_role == 'server') or (consul_node_role == 'both') }}" |