From 78a8427cc50c137e5d59ad3448ae128fdda369b2 Mon Sep 17 00:00:00 2001
From: pmikus <pmikus@cisco.com>
Date: Wed, 5 May 2021 14:56:45 +0000
Subject: Infra: Backend infra upgrade

Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: If1e659339f0d25ebcaab4388745c62aa0852abb3
---
 .../roles/consul/templates/base.hcl.j2             | 23 +++++++++++++++++-----
 .../consul/templates/consul_systemd.service.j2     | 23 ++++++++++------------
 2 files changed, 28 insertions(+), 18 deletions(-)

(limited to 'fdio.infra.ansible/roles/consul/templates')

diff --git a/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/base.hcl.j2
index 536c48d847..dab43fb3fc 100644
--- a/fdio.infra.ansible/roles/consul/templates/base.hcl.j2
+++ b/fdio.infra.ansible/roles/consul/templates/base.hcl.j2
@@ -14,14 +14,14 @@ server = {{ consul_node_server | bool | lower }}
 encrypt = "{{ consul_encrypt }}"
 {% if consul_node_server | bool == True %}
 bootstrap_expect = {{ consul_bootstrap_expect }}
-verify_incoming = true
-verify_outgoing = true
-verify_server_hostname = true
+verify_incoming = false
+verify_outgoing = false
+verify_server_hostname = false
 ca_file = "{{ consul_ca_file }}"
 cert_file = "{{ consul_cert_file }}"
 key_file = "{{ consul_key_file }}"
 auto_encrypt {
-  allow_tls = true
+  allow_tls = false
 }
 {% else %}
 verify_incoming = false
@@ -36,7 +36,20 @@ auto_encrypt {
 retry_join = [ {% for ip_port in consul_retry_servers -%} "{{ ip_port }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ]
 {%- endif %}
 
-ui = {{ consul_ui | bool | lower }}
+{% if consul_ui_config -%}
+ui_config {
+{% for key, value in consul_ui_config.items() %}
+  {%- if value|bool %}
+  {{ key }} = {{ value | bool | lower }}
+  {%- elif value|string or value == "" %}
+  {{ key }} = "{{ value }}"
+  {%- else %}
+  {{ key }} = {{ value }}
+  {%- endif %}
+{% endfor %}
+
+}
+{%- endif %}
 
 {% if consul_recursors -%}
 recursors = [ {% for server in consul_recursors -%} "{{ server }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ]
diff --git a/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2 b/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2
index 8e1ef1310d..16874f213e 100644
--- a/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2
+++ b/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2
@@ -1,21 +1,18 @@
 [Unit]
-Description=Consul Service
-Documentation=https://www.nomadproject.io/docs/
-Wants=network-online.target
+Description="HashiCorp Consul - A service mesh solution"
+Documentation=https://www.consul.io/
+Requires=network-online.target
 After=network-online.target
 
 [Service]
-# TODO: Decrease privilege
-ExecReload=/bin/kill -SIGHUP $MAINPID
-ExecStart={{ consul_bin_dir }}/consul agent -config-dir {{ consul_config_dir }}
-KillSignal=SIGTERM
-LimitNOFILE=infinity
-LimitNPROC=infinity
-Restart=on-failure
-RestartSec=1
 User=root
 Group=root
-Environment="GOMAXPROCS=2"
+ExecStart={{ consul_bin_dir }}/consul agent -config-dir={{ consul_config_dir }}
+ExecReload=/bin/kill --signal HUP $MAINPID
+KillMode=process
+KillSignal=SIGTERM
+Restart=on-failure
+LimitNOFILE=infinity
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target
\ No newline at end of file
-- 
cgit 1.2.3-korg