aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible/roles/consul
diff options
context:
space:
mode:
Diffstat (limited to 'fdio.infra.ansible/roles/consul')
-rw-r--r--fdio.infra.ansible/roles/consul/defaults/main.yaml87
-rw-r--r--fdio.infra.ansible/roles/consul/handlers/main.yaml16
-rw-r--r--fdio.infra.ansible/roles/consul/meta/main.yaml21
-rw-r--r--fdio.infra.ansible/roles/consul/tasks/main.yaml145
-rw-r--r--fdio.infra.ansible/roles/consul/templates/base.hcl.j256
-rw-r--r--fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j218
-rw-r--r--fdio.infra.ansible/roles/consul/templates/ports.hcl.j29
-rw-r--r--fdio.infra.ansible/roles/consul/templates/telemetry.hcl.j23
-rw-r--r--fdio.infra.ansible/roles/consul/vars/main.yaml5
9 files changed, 360 insertions, 0 deletions
diff --git a/fdio.infra.ansible/roles/consul/defaults/main.yaml b/fdio.infra.ansible/roles/consul/defaults/main.yaml
new file mode 100644
index 0000000000..9ea38efb56
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/defaults/main.yaml
@@ -0,0 +1,87 @@
+---
+# file: defaults/main.yaml
+
+# Inst - Prerequisites.
+packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
+packages_base:
+ - "curl"
+ - "unzip"
+packages_by_distro:
+ ubuntu:
+ - []
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - []
+
+# Inst - Consul Map.
+consul_architecture_map:
+ amd64: "amd64"
+ x86_64: "amd64"
+ armv7l: "arm"
+ aarch64: "arm64"
+ 32-bit: "386"
+ 64-bit: "amd64"
+consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}"
+consul_version: "1.16.1"
+consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip"
+consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}"
+consul_force_update: false
+
+# Inst - System paths.
+consul_bin_dir: "/usr/local/bin"
+consul_config_dir: "/etc/consul.d"
+consul_data_dir: "/var/consul"
+consul_inst_dir: "/opt"
+consul_lockfile: "/var/lock/subsys/consul"
+consul_run_dir: "/var/run/consul"
+consul_ssl_dir: "/etc/consul.d/ssl"
+
+# Conf - Service.
+consul_node_role: "both"
+consul_restart_handler_state: "restarted"
+nomad_restart_handler_state: "restarted"
+systemd_resolved_state: "stopped"
+consul_service_mgr: ""
+
+# Conf - User and group.
+consul_group: "consul"
+consul_user: "consul"
+
+# Conf - base.hcl
+consul_allow_tls: true
+consul_bind_addr: "{{ ansible_default_ipv4.address }}"
+consul_bootstrap_expect: 1
+consul_client_addr: "0.0.0.0"
+consul_datacenter: "dc1"
+consul_disable_update_check: true
+consul_enable_debug: false
+consul_enable_syslog: true
+consul_encrypt: ""
+consul_log_level: "INFO"
+consul_node_name: "{{ inventory_hostname }}"
+consul_recursors:
+ - 1.1.1.1
+ - 8.8.8.8
+consul_retry_join: false
+consul_ui_config:
+ enabled: true
+consul_verify_incoming: true
+consul_verify_outgoing: true
+consul_vefify_server_hostname: false
+consul_ca_file: "{{ consul_ssl_dir }}/ca.pem"
+consul_cert_file: "{{ consul_ssl_dir }}/consul.pem"
+consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem"
+
+# Conf - ports.hcl
+consul_port_dns: 53
+consul_port_http: 8500
+consul_port_https: 8501
+consul_port_grpc: 8502
+consul_port_serf_lan: 8301
+consul_port_serf_wan: 8302
+consul_port_server: 8300
+
+# Conf - services.json
+consul_services: false
diff --git a/fdio.infra.ansible/roles/consul/handlers/main.yaml b/fdio.infra.ansible/roles/consul/handlers/main.yaml
new file mode 100644
index 0000000000..a9de4d1439
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/handlers/main.yaml
@@ -0,0 +1,16 @@
+---
+# file handlers/main.yaml
+
+- name: Restart Nomad
+ ansible.builtin.systemd:
+ daemon_reload: true
+ enabled: true
+ name: "nomad"
+ state: "{{ nomad_restart_handler_state }}"
+
+- name: Restart Consul
+ ansible.builtin.systemd:
+ daemon_reload: true
+ enabled: true
+ name: "consul"
+ state: "{{ consul_restart_handler_state }}"
diff --git a/fdio.infra.ansible/roles/consul/meta/main.yaml b/fdio.infra.ansible/roles/consul/meta/main.yaml
new file mode 100644
index 0000000000..673c3b738d
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/meta/main.yaml
@@ -0,0 +1,21 @@
+---
+# file: meta/main.yaml
+
+dependencies: []
+
+galaxy_info:
+ role_name: "consul"
+ author: "pmikus"
+ description: "Hashicorp Consul."
+ company: "none"
+ license: "license (Apache)"
+ min_ansible_version: "2.9"
+ platforms:
+ - name: "Ubuntu"
+ versions:
+ - "focal"
+ - "jammy"
+ - "kinetic"
+ galaxy_tags:
+ - "consul"
+ - "hashicorp"
diff --git a/fdio.infra.ansible/roles/consul/tasks/main.yaml b/fdio.infra.ansible/roles/consul/tasks/main.yaml
new file mode 100644
index 0000000000..6dd430754b
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/tasks/main.yaml
@@ -0,0 +1,145 @@
+---
+# file: tasks/main.yaml
+
+- name: Update Repositories Cache
+ ansible.builtin.apt:
+ update_cache: true
+ when:
+ - ansible_os_family == 'Debian'
+ tags:
+ - consul-inst-package
+
+- name: Dependencies
+ ansible.builtin.apt:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: "present"
+ cache_valid_time: 3600
+ install_recommends: false
+ when:
+ - ansible_os_family == 'Debian'
+ tags:
+ - consul-inst-dependencies
+
+- name: Add Consul Group
+ ansible.builtin.group:
+ name: "{{ consul_group }}"
+ state: "present"
+ tags:
+ - consul-conf-user
+
+- name: Add Consul user
+ ansible.builtin.user:
+ name: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ state: "present"
+ system: true
+ tags:
+ - consul-conf-user
+
+- name: Download Consul
+ ansible.builtin.get_url:
+ url: "{{ consul_zip_url }}"
+ dest: "{{ consul_inst_dir }}/{{ consul_pkg }}"
+ tags:
+ - consul-inst-package
+
+- name: Clean Consul
+ ansible.builtin.file:
+ path: "{{ consul_inst_dir }}/consul"
+ state: "absent"
+ when:
+ - consul_force_update | bool
+ tags:
+ - consul-inst-package
+
+- name: Unarchive Consul
+ ansible.builtin.unarchive:
+ src: "{{ consul_inst_dir }}/{{ consul_pkg }}"
+ dest: "{{ consul_inst_dir }}/"
+ remote_src: true
+ tags:
+ - consul-inst-package
+
+- name: Consul
+ ansible.builtin.copy:
+ src: "{{ consul_inst_dir }}/consul"
+ dest: "{{ consul_bin_dir }}"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ force: true
+ mode: 0755
+ remote_src: true
+ tags:
+ - consul-inst-package
+
+- name: Create Directories
+ ansible.builtin.file:
+ dest: "{{ item }}"
+ state: "directory"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ mode: 0755
+ with_items:
+ - "{{ consul_config_dir }}"
+ - "{{ consul_ssl_dir }}"
+ - "{{ consul_data_dir }}"
+ - "{{ nomad_config_dir }}"
+ - "{{ nomad_ssl_dir }}"
+ tags:
+ - consul-conf
+
+- name: Base Configuration
+ ansible.builtin.template:
+ src: "{{ item }}.hcl.j2"
+ dest: "{{ consul_config_dir }}/{{ item }}.hcl"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ mode: 0644
+ with_items:
+ - "base"
+ - "ports"
+ - "telemetry"
+ tags:
+ - consul-conf
+
+- name: Copy Certificates And Keys
+ ansible.builtin.copy:
+ content: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ mode: 0600
+ no_log: true
+ loop: "{{ consul_certificates | flatten(levels=1) }}"
+ when:
+ - consul_certificates is defined
+ tags:
+ - consul-conf
+
+- name: Stop Systemd-resolved
+ ansible.builtin.systemd:
+ daemon_reload: true
+ enabled: false
+ name: "systemd-resolved"
+ state: "{{ systemd_resolved_state }}"
+ when:
+ - consul_service_mgr == "systemd"
+ tags:
+ - consul-conf
+
+- name: System.d Script
+ ansible.builtin.template:
+ src: "consul_systemd.service.j2"
+ dest: "/lib/systemd/system/consul.service"
+ owner: "root"
+ group: "root"
+ mode: 0644
+ notify:
+ - "Restart Consul"
+ when:
+ - consul_service_mgr == "systemd"
+ tags:
+ - consul-conf
+
+- name: Flush handlers
+ ansible.builtin.meta: flush_handlers
diff --git a/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/base.hcl.j2
new file mode 100644
index 0000000000..15104b2710
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/templates/base.hcl.j2
@@ -0,0 +1,56 @@
+node_name = "{{ consul_node_name }}"
+datacenter = "{{ consul_datacenter }}"
+
+bind_addr = "{{ consul_bind_addr }}"
+client_addr = "{{ consul_client_addr }}"
+data_dir = "{{ consul_data_dir }}"
+
+enable_syslog = {{ consul_enable_syslog | bool | lower }}
+enable_debug = {{ consul_enable_debug | bool | lower }}
+disable_update_check = {{ consul_disable_update_check | bool | lower }}
+log_level = "{{ consul_log_level }}"
+
+server = {{ consul_node_server | bool | lower }}
+encrypt = "{{ consul_encrypt }}"
+{% if consul_node_server | bool == True %}
+bootstrap_expect = {{ consul_bootstrap_expect }}
+verify_incoming = {{ consul_verify_incoming | bool | lower }}
+verify_outgoing = {{ consul_verify_outgoing | bool | lower }}
+verify_server_hostname = {{ consul_vefify_server_hostname | bool | lower }}
+ca_file = "{{ consul_ca_file }}"
+cert_file = "{{ consul_cert_file }}"
+key_file = "{{ consul_key_file }}"
+auto_encrypt {
+ allow_tls = {{ consul_allow_tls | bool | lower }}
+}
+{% else %}
+verify_incoming = {{ consul_verify_incoming | bool | lower }}
+verify_outgoing = {{ consul_verify_outgoing | bool | lower }}
+verify_server_hostname = {{ consul_vefify_server_hostname | bool | lower }}
+ca_file = "{{ consul_ca_file }}"
+auto_encrypt {
+ tls = {{ consul_allow_tls | bool | lower }}
+}
+{% endif %}
+{% if consul_retry_join | bool -%}
+retry_join = [ {% for ip_port in consul_retry_servers -%} "{{ ip_port }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ]
+{%- endif %}
+
+{% if consul_ui_config -%}
+ui_config {
+{% for key, value in consul_ui_config.items() %}
+ {%- if value|bool %}
+ {{ key }} = {{ value | bool | lower }}
+ {%- elif value|string or value == "" %}
+ {{ key }} = "{{ value }}"
+ {%- else %}
+ {{ key }} = {{ value }}
+ {%- endif %}
+{% endfor %}
+
+}
+{%- endif %}
+
+{% if consul_recursors -%}
+recursors = [ {% for server in consul_recursors -%} "{{ server }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ]
+{%- endif %} \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2 b/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2
new file mode 100644
index 0000000000..16874f213e
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2
@@ -0,0 +1,18 @@
+[Unit]
+Description="HashiCorp Consul - A service mesh solution"
+Documentation=https://www.consul.io/
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+User=root
+Group=root
+ExecStart={{ consul_bin_dir }}/consul agent -config-dir={{ consul_config_dir }}
+ExecReload=/bin/kill --signal HUP $MAINPID
+KillMode=process
+KillSignal=SIGTERM
+Restart=on-failure
+LimitNOFILE=infinity
+
+[Install]
+WantedBy=multi-user.target \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2
new file mode 100644
index 0000000000..02932bf6dc
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2
@@ -0,0 +1,9 @@
+ports {
+ dns = {{ consul_port_dns }}
+ http = {{ consul_port_http }}
+ https = {{ consul_port_https }}
+ grpc_tls = {{ consul_port_grpc }}
+ serf_lan = {{ consul_port_serf_lan }}
+ serf_wan = {{ consul_port_serf_wan }}
+ server = {{ consul_port_server }}
+} \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/consul/templates/telemetry.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/telemetry.hcl.j2
new file mode 100644
index 0000000000..ec7fabc9da
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/templates/telemetry.hcl.j2
@@ -0,0 +1,3 @@
+telemetry {
+ prometheus_retention_time = "24h"
+} \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/consul/vars/main.yaml b/fdio.infra.ansible/roles/consul/vars/main.yaml
new file mode 100644
index 0000000000..5d813dffc7
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/vars/main.yaml
@@ -0,0 +1,5 @@
+---
+# file: vars/main.yaml
+
+consul_node_client: "{{ (consul_node_role == 'client') or (consul_node_role == 'both') }}"
+consul_node_server: "{{ (consul_node_role == 'server') or (consul_node_role == 'both') }}"