aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible/roles
diff options
context:
space:
mode:
authorpmikus <pmikus@cisco.com>2021-09-20 08:03:55 +0000
committerPeter Mikus <pmikus@cisco.com>2021-09-21 11:20:48 +0000
commit69fb3f11d11e9dd4d0a28743b2cf9f1d44cff83d (patch)
tree432d5467809d0584e4f022ae5c53ec843cbee9ea /fdio.infra.ansible/roles
parentdc1fffe264224d71628f901618e0f1f920b77d10 (diff)
Infra: Ansible Nomad, Consul
+ Fix idempotency + Fix APT download Signed-off-by: pmikus <pmikus@cisco.com> Change-Id: I03304c1c229c921806658b0169bd230154d8dde9
Diffstat (limited to 'fdio.infra.ansible/roles')
-rw-r--r--fdio.infra.ansible/roles/consul/defaults/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/consul/tasks/main.yaml38
-rw-r--r--fdio.infra.ansible/roles/nomad/defaults/main.yaml12
-rw-r--r--fdio.infra.ansible/roles/nomad/tasks/main.yaml36
4 files changed, 43 insertions, 45 deletions
diff --git a/fdio.infra.ansible/roles/consul/defaults/main.yaml b/fdio.infra.ansible/roles/consul/defaults/main.yaml
index 1bb72f1a15..3905d05e0a 100644
--- a/fdio.infra.ansible/roles/consul/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/consul/defaults/main.yaml
@@ -27,6 +27,7 @@ consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}"
consul_version: "1.9.5"
consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip"
consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}"
+consul_force_update: false
# Inst - System paths.
consul_bin_dir: "/usr/local/bin"
@@ -42,6 +43,7 @@ consul_node_role: "both"
consul_restart_handler_state: "restarted"
nomad_restart_handler_state: "restarted"
systemd_resolved_state: "stopped"
+consul_service_mgr: ""
# Conf - User and group.
consul_group: "consul"
diff --git a/fdio.infra.ansible/roles/consul/tasks/main.yaml b/fdio.infra.ansible/roles/consul/tasks/main.yaml
index f4e08259da..4e229714b7 100644
--- a/fdio.infra.ansible/roles/consul/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/consul/tasks/main.yaml
@@ -1,21 +1,16 @@
---
# file: roles/consul/tasks/main.yaml
-- name: Inst - Update Package Cache (APT)
+- name: Install Dependencies
apt:
- update_cache: true
+ name: "{{ packages | flatten(levels=1) }}"
+ state: "present"
cache_valid_time: 3600
+ install_recommends: false
when:
- ansible_distribution|lower == 'ubuntu'
tags:
- - consul-inst-prerequisites
-
-- name: Inst - Prerequisites
- package:
- name: "{{ packages | flatten(levels=1) }}"
- state: latest
- tags:
- - consul-inst-prerequisites
+ - consul-inst-dependencies
- name: Conf - Add Consul Group
group:
@@ -33,13 +28,6 @@
tags:
- consul-conf-user
-- name: Inst - Clean Consul
- file:
- path: "{{ consul_inst_dir }}/consul"
- state: "absent"
- tags:
- - consul-inst-package
-
- name: Inst - Download Consul
get_url:
url: "{{ consul_zip_url }}"
@@ -47,11 +35,19 @@
tags:
- consul-inst-package
+- name: Inst - Clean Consul
+ file:
+ path: "{{ consul_inst_dir }}/consul"
+ state: "absent"
+ when:
+ - consul_force_update | bool
+ tags:
+ - consul-inst-package
+
- name: Inst - Unarchive Consul
unarchive:
src: "{{ consul_inst_dir }}/{{ consul_pkg }}"
dest: "{{ consul_inst_dir }}/"
- creates: "{{ consul_inst_dir }}/consul"
remote_src: true
tags:
- consul-inst-package
@@ -147,6 +143,8 @@
mode: 0600
no_log: true
loop: "{{ consul_certificates | flatten(levels=1) }}"
+ when:
+ - consul_certificates is defined
tags:
- consul-conf
@@ -156,6 +154,8 @@
enabled: false
name: "systemd-resolved"
state: "{{ systemd_resolved_state }}"
+ when:
+ - nomad_service_mgr == "systemd"
tags:
- consul-conf
@@ -169,6 +169,8 @@
notify:
- "Restart Consul"
- "Restart Nomad"
+ when:
+ - nomad_service_mgr == "systemd"
tags:
- consul-conf
diff --git a/fdio.infra.ansible/roles/nomad/defaults/main.yaml b/fdio.infra.ansible/roles/nomad/defaults/main.yaml
index 2ace6b22d5..f58ac0961d 100644
--- a/fdio.infra.ansible/roles/nomad/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/nomad/defaults/main.yaml
@@ -5,7 +5,6 @@
packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
packages_base:
- "curl"
- - "git"
- "unzip"
packages_by_distro:
ubuntu:
@@ -35,6 +34,7 @@ nomad_podman_pkg: "nomad-driver-podman_{{ nomad_podman_version }}_linux_{{nomad_
nomad_podman_url: "https://releases.hashicorp.com/nomad-driver-podman/{{ nomad_podman_version }}"
nomad_podman_zip_url: "{{ nomad_podman_url }}/{{ nomad_podman_pkg }}"
nomad_podman_checksum_file_url: "{{ nomad_podman_url }}/nomad-driver-podman_{{ nomad_podman_version }}_SHA256SUMS"
+nomad_force_update: false
# Paths
nomad_inst_dir: "/opt"
@@ -48,6 +48,7 @@ nomad_ssl_dir: "/etc/nomad.d/ssl"
# Initialization and startup script templates
nomad_restart_handler_state: "restarted"
+nomad_service_mgr: ""
# System user and group
nomad_group: "nomad"
@@ -91,14 +92,7 @@ nomad_encrypt_enable: "{{ lookup('env','NOMAD_ENCRYPT_ENABLE') | default('false'
nomad_raft_protocol: 2
# Client settings
-nomad_certificates:
- - src: "{{ file_nomad_ca_pem }}"
- dest: "{{ nomad_ca_file }}"
- - src: "{{ file_nomad_client_pem }}"
- dest: "{{ nomad_cert_file }}"
- - src: "{{ file_nomad_client_key_pem }}"
- dest: "{{ nomad_key_file }}"
-nomad_node_class: ""
+nomad_node_class: "compute"
nomad_no_host_uuid: true
nomad_max_kill_timeout: "30s"
nomad_gc_interval: "1m"
diff --git a/fdio.infra.ansible/roles/nomad/tasks/main.yaml b/fdio.infra.ansible/roles/nomad/tasks/main.yaml
index 997b1e9c91..8d58c8bb0e 100644
--- a/fdio.infra.ansible/roles/nomad/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/nomad/tasks/main.yaml
@@ -1,21 +1,16 @@
---
# file: roles/nomad/tasks/main.yaml
-- name: Inst - Update Package Cache (APT)
+- name: Install Dependencies
apt:
- update_cache: true
+ name: "{{ packages | flatten(levels=1) }}"
+ state: "present"
cache_valid_time: 3600
+ install_recommends: false
when:
- ansible_distribution|lower == 'ubuntu'
tags:
- - nomad-inst-prerequisites
-
-- name: Inst - Prerequisites
- package:
- name: "{{ packages | flatten(levels=1) }}"
- state: latest
- tags:
- - nomad-inst-prerequisites
+ - nomad-inst-dependencies
- name: Conf - Add Nomad Group
group:
@@ -33,13 +28,6 @@
tags:
- nomad-conf-user
-- name: Inst - Clean Nomad
- file:
- path: "{{ nomad_inst_dir }}/nomad"
- state: "absent"
- tags:
- - nomad-inst-package
-
- name: Inst - Download Nomad
get_url:
url: "{{ nomad_zip_url }}"
@@ -47,11 +35,19 @@
tags:
- nomad-inst-package
+- name: Inst - Clean Nomad
+ file:
+ path: "{{ nomad_inst_dir }}/nomad"
+ state: "absent"
+ when:
+ - nomad_force_update | bool
+ tags:
+ - nomad-inst-package
+
- name: Inst - Unarchive Nomad
unarchive:
src: "{{ nomad_inst_dir }}/{{ nomad_pkg }}"
dest: "{{ nomad_inst_dir }}/"
- creates: "{{ nomad_inst_dir }}/nomad"
remote_src: true
tags:
- nomad-inst-package
@@ -169,6 +165,8 @@
mode: 0600
no_log: true
loop: "{{ nomad_certificates | flatten(levels=1) }}"
+ when:
+ - nomad_certificates
tags:
- nomad-conf
@@ -181,6 +179,8 @@
mode: 0644
notify:
- "Restart Nomad"
+ when:
+ - nomad_service_mgr == "systemd"
tags:
- nomad-conf