From 78a8427cc50c137e5d59ad3448ae128fdda369b2 Mon Sep 17 00:00:00 2001 From: pmikus Date: Wed, 5 May 2021 14:56:45 +0000 Subject: Infra: Backend infra upgrade Signed-off-by: pmikus Change-Id: If1e659339f0d25ebcaab4388745c62aa0852abb3 --- .../roles/consul/templates/base.hcl.j2 | 23 +++++++++++++++++----- .../consul/templates/consul_systemd.service.j2 | 23 ++++++++++------------ 2 files changed, 28 insertions(+), 18 deletions(-) (limited to 'fdio.infra.ansible/roles/consul/templates') diff --git a/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 index 536c48d847..dab43fb3fc 100644 --- a/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 +++ b/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 @@ -14,14 +14,14 @@ server = {{ consul_node_server | bool | lower }} encrypt = "{{ consul_encrypt }}" {% if consul_node_server | bool == True %} bootstrap_expect = {{ consul_bootstrap_expect }} -verify_incoming = true -verify_outgoing = true -verify_server_hostname = true +verify_incoming = false +verify_outgoing = false +verify_server_hostname = false ca_file = "{{ consul_ca_file }}" cert_file = "{{ consul_cert_file }}" key_file = "{{ consul_key_file }}" auto_encrypt { - allow_tls = true + allow_tls = false } {% else %} verify_incoming = false @@ -36,7 +36,20 @@ auto_encrypt { retry_join = [ {% for ip_port in consul_retry_servers -%} "{{ ip_port }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ] {%- endif %} -ui = {{ consul_ui | bool | lower }} +{% if consul_ui_config -%} +ui_config { +{% for key, value in consul_ui_config.items() %} + {%- if value|bool %} + {{ key }} = {{ value | bool | lower }} + {%- elif value|string or value == "" %} + {{ key }} = "{{ value }}" + {%- else %} + {{ key }} = {{ value }} + {%- endif %} +{% endfor %} + +} +{%- endif %} {% if consul_recursors -%} recursors = [ {% for server in consul_recursors -%} "{{ server }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ] diff --git a/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2 b/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2 index 8e1ef1310d..16874f213e 100644 --- a/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2 +++ b/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2 @@ -1,21 +1,18 @@ [Unit] -Description=Consul Service -Documentation=https://www.nomadproject.io/docs/ -Wants=network-online.target +Description="HashiCorp Consul - A service mesh solution" +Documentation=https://www.consul.io/ +Requires=network-online.target After=network-online.target [Service] -# TODO: Decrease privilege -ExecReload=/bin/kill -SIGHUP $MAINPID -ExecStart={{ consul_bin_dir }}/consul agent -config-dir {{ consul_config_dir }} -KillSignal=SIGTERM -LimitNOFILE=infinity -LimitNPROC=infinity -Restart=on-failure -RestartSec=1 User=root Group=root -Environment="GOMAXPROCS=2" +ExecStart={{ consul_bin_dir }}/consul agent -config-dir={{ consul_config_dir }} +ExecReload=/bin/kill --signal HUP $MAINPID +KillMode=process +KillSignal=SIGTERM +Restart=on-failure +LimitNOFILE=infinity [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target \ No newline at end of file -- cgit 1.2.3-korg