public-mirrors/NewsBlur
1
0
Fork 0
mirror of https://github.com/samuelclay/NewsBlur.git synced 2025-09-18 21:50:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Removing unused ansible-consul role.

Browse source
This commit is contained in:
Samuel Clay 2021-05-18 10:14:24 -04:00
parent 982c7dd660
commit 2e5ca80b56
99 changed files with 4 additions and 6523 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ansible/roles/ansible-consul/.ansible-lint
View file

@ -1,3 +0,0 @@
skip_list:
- '106'

16
ansible/roles/ansible-consul/.github/workflows/galaxy.yml vendored
View file

@ -1,16 +0,0 @@
---
name: Release to Ansible Galaxy
on:
push:
tags:
- '*'
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: galaxy
uses: robertdebock/galaxy-action@1.0.3
with:
galaxy_api_key: ${{ secrets.galaxy_api_key }}

44
ansible/roles/ansible-consul/.github/workflows/molecule.yml vendored
View file

@ -1,44 +0,0 @@
---
name: Molecule
on:
push:
branches:
- master
pull_request:
jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
scenario:
- centos-6
- centos-7
- centos-8
- debian-8
- debian-9
- debian-10
- fedora-26
- fedora-27
- fedora-28
- fedora-29
- fedora-30
- fedora-31
- oraclelinux-6
- oraclelinux-7
- oraclelinux-8
- ubuntu-16.04
- ubuntu-18.04
steps:
- uses: actions/checkout@v2
with:
path: "${{ github.repository }}"
- name: Molecule
uses: gofrolist/molecule-action@v2.0.1
with:
molecule_options: --base-config molecule/_shared/base.yml
molecule_args: --scenario-name ${{ matrix.scenario }}

14
ansible/roles/ansible-consul/.gitignore vendored
View file

@ -1,14 +0,0 @@
.DS_Store
.vagrant
.tm_properties
*.retry
examples/hosts
files/consul
files/*.zip
files/ca.crt
files/server.crt
files/server.key
files/*_SHA256SUMS
tests/test_results.json
*.pyc
molecule/*/cache/

40
ansible/roles/ansible-consul/.travis.yml
View file

@ -1,40 +0,0 @@
---
dist: bionic
language: python
python: 3.6
virtualenv:
system_site_packages: true
services: docker
env:
- SCENARIO=centos-6
- SCENARIO=centos-7
- SCENARIO=centos-8
- SCENARIO=debian-8
- SCENARIO=debian-9
- SCENARIO=debian-10
- SCENARIO=fedora-26
- SCENARIO=fedora-27
- SCENARIO=fedora-28
- SCENARIO=fedora-29
- SCENARIO=fedora-30
- SCENARIO=fedora-31
- SCENARIO=oraclelinux-6
- SCENARIO=oraclelinux-7
- SCENARIO=ubuntu-16.04
- SCENARIO=ubuntu-18.04
cache:
- pip
install:
# Install test dependencies.
- pip3 install -r requirements.txt
script:
- molecule --base-config molecule/_shared/base.yml test --scenario-name ${SCENARIO}
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

12
ansible/roles/ansible-consul/.yamllint
View file

@ -1,12 +0,0 @@
---
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
line-length: disable
truthy: disable

1093
ansible/roles/ansible-consul/CHANGELOG.md
View file

File diff suppressed because it is too large Load diff

96
ansible/roles/ansible-consul/CONTRIBUTING.md
View file

@ -1,96 +0,0 @@
# Contributing
When contributing to this repository, please first discuss the change you wish
to make via issue, email, or any other method with the owners of this repository before making a change.
Do note that this project has a code of conduct; please be sure to follow it
in all of your project interactions.
## Pull Request Process
1. Ensure any install or build artifacts are removed before the end of
the layer when doing a build
2. Update the README.md or README_VAGRANT.md with details of changes to the
interface, this includes new environment variables, exposed ports, useful
file locations and container parameters
3. Increase the version numbers in any examples files and the README.md
to the new version that this Pull Request would represent. The versioning scheme we use is (mostly) [SemVer](http://semver.org/)
4. You may merge the Pull Request in once you have the sign-off of two other
project contributors, or if you do not have permission to do that, you can
request the second reviewer to merge it for you
## Code of Conduct
### Our Pledge
In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project
and our community a harassment-free experience for everyone, regardless of age,
body size, disability, ethnicity, gender identity and expression, level of
experience, nationality, personal appearance, race, religion, or sexual
identity and orientation.
### Our Standards
Examples of behavior that contributes to creating a positive environment
include:
* Showing empathy towards other community members
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
Examples of unacceptable behavior by participants include:
* Use of sexualized language or imagery and unwelcome sexual attention
or advances
* Insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
### Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.
### Scope
This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an
appointed representative at an online or offline event. Representation of a
project may be further defined and clarified by project maintainers.
### Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project leadership: bas.meijer <at> me <dot> com.
All complaints will be reviewed and investigated and will result in a response
that is deemed necessary and appropriate to the circumstances. The project
team is obligated to maintain confidentiality with regard to the reporter of
an incident. Further details of specific enforcement policies may be posted
separately.
Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.
### Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
[homepage]: http://contributor-covenant.org
[version]: http://contributor-covenant.org/version/1/4/

90
ansible/roles/ansible-consul/CONTRIBUTORS.md
View file

@ -1,90 +0,0 @@
# Contributors
Thank you to all these fine folks for helping with ansible-consul!
- [@abarbare](https://github.com/abarbare)
- [@adawalli](https://github.com/adawalli)
- [@arehmandev](https://github.com/arehmandev)
- [@arledesma](https://github.com/arledesma)
- [@arouene](https://github.com/arouene)
- [@bbaassssiiee](https://github.com/bbaassssiiee)
- [@blaet](https://github.com/blaet)
- [@bscott](https://github.com/bscott)
- [@calebtonn](https://github.com/calebtonn)
- [@calmacara](https://github.com/calmacara)
- [@canardleteer](https://github.com/canardleteer)
- [@ChrisMcKee](https://github.com/ChrisMcKee)
- [@chrisparnin](https://github.com/chrisparnin)
- [@coughlanio)](https://github.com/coughlanio)
- [@crumohr](https://github.com/crumohr)
- [@danielkucera](https://github.com/danielkucera)
- [@dggreenbaum](https://github.com/dggreenbaum)
- [@dmke](https://github.com/dmke)
- [@ducminhle](https://github.com/ducminhle)
- [@ecyril-dussert](https://github.com/cyril-dussert)
- [@eeroniemi](https://github.com/eeroniemi)
- [@evilhamsterman](https://github.com/evilhamsterman)
- [@FozzY1234](https://github.com/FozzY1234)
- [@Fuochi-YNAP](https://github.com/Fuochi-YNAP)
- [@giannidallatorre](https://github.com/giannidallatorre)
- [@GnomeZworc](https://github.com/GnomeZworc)
- [@gofrolist](https://github.com/gofrolist)
- [@groggemans](https://github.com/groggemans)
- [@gyorgynadaban](https://github.com/gyorgynadaban)
- [@HanSooloo](https://github.com/HanSooloo)
- [@hwmrocker](https://github.com/hwmrocker)
- [@imcitius](https://github.com/imcitius)
- [@issmirnov](https://github.com/issmirnov)
- [@itewk](https://github.com/itewk)
- [@jasonneurohr](https://github.com/jasonneurohr)
- [@jebas](https://github.com/jebas)
- [@jeffwelling](https://github.com/jeffwelling)
- [@jessedefer](https://github.com/jessedefer)
- [@jmariondev](https://github.com/jmariondev)
- [@jonhatalla](https://github.com/jonhatalla)
- [@jpiron](https://github.com/jpiron)
- [@jstoja](https://github.com/jstoja)
- [@judy](http://judy.github.io)
- [@kostyrevaa](https://github.com/kostyrevaa)
- [@KyleOndy](https://github.com/KyleOndy)
- [@lanefu](https://github.com/lanefu)
- [@Legogris](https://github.com/Legogris)
- [@Logan2211](https://github.com/Logan2211)
- [@MattBurgess](https://github.com/MattBurgess)
- [@megamorf](https://github.com/megamorf)
- [@misho-kr](https://github.com/misho-kr)
- [@MurphyMarkW](https://github.com/MurphyMarkW)
- [@oliverprater](https://github.com/oliverprater)
- [@paretl](https://github.com/paretl)
- [@patsevanton](https://github.com/patsevanton)
- [@pavel-z1](https://github.com/pavel-z1)
- [@pwae](https://github.com/perlboy)
- [@perlboy](https://github.com/pwae)
- [@RavisMsk](https://github.com/RavisMsk)
- [@replicajune](https://github.com/replicajune)
- [@Rodjers](https://github.com/Rodjers)
- [@Roviluca](https://github.com/Roviluca)
- [@Rtzq0](https://github.com/Rtzq0)
- [@schaltiemi](https://github.com/schaltiemi)
- [@Shaiou](https://github.com/Shaiou)
- [@Sispheor](https://github.com/Sispheor)
- [@slomo](https://github.com/jpiron/slomo)
- [@smutel](https://github.com/smutel)
- [@soloradish](https://github.com/soloradish)
- [@sperreault](https://github.com/sperreault)
- [@suzuki-shunsuke](https://github.com/suzuki-shunsuke)
- [@t0k4rt](https://github.com/@t0k4rt)
- [@tbartelmess](https://github.com/tbartelmess)
- [@teralype](https://github.com/teralype)
- [@TheLastChosenOne](https://github.com/TheLastChosenOne)
- [@timvaillancourt](https://github.com/timvaillancourt)
- [@vincent-legoll](https://github.com/vincent-legoll)
- [@vincepii](https://github.com/vincepii)
- [@violuke](https://github.com/violuke)
- [@viruzzo](https://github.com/viruzzo)
- [@xeivieni](https://github.com/xeivieni)
- [@ykhemani](https://github.com/ykhemani)
If you have contributed but do not appear here, please fear not and accept
apologies for the omission. Contact `bas.meijer <at> me <dot> com` and
please let me know!

10
ansible/roles/ansible-consul/LICENSE.txt
View file

@ -1,10 +0,0 @@
Copyright (c) 2018, Brian Shumate
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

1247
ansible/roles/ansible-consul/README.md
View file

File diff suppressed because it is too large Load diff

258
ansible/roles/ansible-consul/defaults/main.yml
View file

@ -1,258 +0,0 @@
---
# File: main.yml - Default variables for Consul
## Core
consul_debug: false
is_virtualenv: "{{ lookup('env','VIRTUAL_ENV') | default('', true) }}"
consul_install_dependencies: true
### Package
consul_version: "{{ lookup('env','CONSUL_VERSION') | default('1.8.7', true) }}"
consul_architecture_map:
# this first entry seems redundant
# (but it's required for reasons)
amd64: amd64
x86_64: amd64
# todo: arm32 / armelv5
armv6l: armhfv6
armv7l: armhfv6
aarch64: arm64
32-bit: "386"
64-bit: amd64
consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}"
consul_os: "\
{% if ansible_os_family == 'Windows' %}\
{{ 'windows' }}\
{% else %}\
{{ ansible_system | lower }}\
{% endif %}"
consul_pkg: "consul{% if consul_enterprise %}-enterprise{% else %}{%endif%}_{{ consul_version }}_{{ consul_os }}_{{ consul_architecture }}.zip"
consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_{{ consul_os }}_{{ consul_architecture }}.zip"
consul_checksum_file_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version}}_SHA256SUMS"
### Install Method
consul_install_remotely: false
consul_install_upgrade: false
### Paths
consul_bin_path: "/usr/local/bin"
consul_config_path: "/etc/consul"
consul_configd_path: "{{ consul_config_path }}/consul.d"
consul_bootstrap_state: "{{ consul_config_path }}/.consul_bootstrapped"
consul_data_path: "/var/consul"
consul_log_path: "{{ lookup('env','CONSUL_LOG_PATH') | default('/var/log/consul', true) }}"
consul_log_file: "{{ lookup('env','CONSUL_LOG_FILE') | default('consul.log', true) }}"
consul_run_path: "/run/consul"
consul_binary: "{{ consul_bin_path }}/consul"
### System user and group
consul_manage_user: true
consul_user: "consul"
consul_manage_group: true
consul_group: "bin"
consul_systemd_restart_sec: 42
consul_systemd_limit_nofile: 65536
### Log user, group, facility
syslog_user: "{{ lookup('env','SYSLOG_USER') | default('root', true) }}"
syslog_group: "{{ lookup('env','SYSLOG_GROUP') | default('adm', true) }}"
consul_log_level: "{{ lookup('env','CONSUL_LOG_LEVEL') | default('INFO', true) }}"
consul_log_rotate_bytes: "{{ lookup('env','CONSUL_LOG_ROTATE_BYTES') | default(0, true) }}"
consul_log_rotate_duration: "{{ lookup('env','CONSUL_LOG_ROTATE_DURATION') | default('24h', true) }}"
consul_log_rotate_max_files: "{{ lookup('env','CONSUL_LOG_ROTATE_MAX_FILES') | default(0, true) }}"
consul_syslog_enable: "{{ lookup('env','CONSUL_SYSLOG_ENABLE') | default(false, true) }}"
consul_syslog_facility: "{{ lookup('env','CONSUL_SYSLOG_FACILITY') | default('local0', true) }}"
consul_configure_syslogd: "{{ lookup('env','CONSUL_CONFIGURE_SYSLOGD') | default(false, true) }}"
### Consul settings
consul_datacenter: "{{ lookup('env','CONSUL_DATACENTER') | default('dc1', true) }}"
consul_domain: "{{ lookup('env','CONSUL_DOMAIN') | default('consul', true) }}"
consul_alt_domain: "{{ lookup('env','CONSUL_ALT_DOMAIN') | default('', true) }}"
consul_node_meta: {}
consul_iface: "\
{% if ansible_os_family == 'Windows' %}\
{{ lookup('env','CONSUL_IFACE') | default(ansible_interfaces[0].interface_name, true) }}\
{% else %}\
{{ lookup('env','CONSUL_IFACE') | default(ansible_default_ipv4.interface, true) }}\
{% endif %}"
consul_node_role: "{{ lookup('env','CONSUL_NODE_ROLE') | default('client', true) }}"
consul_recursors: "{{ lookup('env','CONSUL_RECURSORS') | default('[]', true) }}"
consul_bootstrap_expect: "{{ lookup('env','CONSUL_BOOTSTRAP_EXPECT') | default(false, true) }}"
consul_bootstrap_expect_value: "{{ _consul_lan_servercount | int }}"
consul_ui: "{{ lookup('env', 'CONSUL_UI') | default(true, true) }}"
consul_ui_legacy: "{{ lookup('env', 'CONSUL_UI_LEGACY') | default(false, false) }}"
consul_disable_update_check: false
consul_enable_script_checks: false
consul_enable_local_script_checks: false
consul_raft_protocol: "\
{% if consul_version is version_compare('0.7.0', '<=') %}\
1\
{% else %}\
3\
{% endif %}"
consul_retry_join_skip_hosts: false
consul_retry_interval: "30s"
consul_retry_interval_wan: "30s"
consul_retry_max: 0
consul_retry_max_wan: 0
consul_env_vars:
- "CONSUL_UI_BETA=false"
### Autopilot
consul_autopilot_enable: "{{ lookup('env', 'CONSUL_AUTOPILOT_ENABLE') | default(false, true) }}"
consul_autopilot_cleanup_dead_Servers: "{{ lookup('env', 'CONSUL_AUTOPILOT_CLEANUP_DEAD_SERVERS') | default(false, true) }}"
consul_autopilot_last_contact_threshold: "{{ lookup('env', 'CONSUL_AUTOPILOT_LAST_CONTACT_THRESHOLD') | default('200ms', true) }}"
consul_autopilot_max_trailing_logs: "{{ lookup('env', 'CONSUL_AUTOPILOT_MAX_TRAILING_LOGS') | default(250, true) }}"
consul_autopilot_server_stabilization_time: "{{ lookup('env', 'CONSUL_AUTOPILOT_SERVER_STABILIZATION_TIME') | default('10s', true) }}"
consul_autopilot_redundancy_zone_tag: "{{ lookup('env', 'CONSUL_AUTOPILOT_REDUNDANCY_ZONE_TAG') | default('az', true) }}"
consul_autopilot_disable_upgrade_migration: "{{ lookup('env', 'CONSUL_AUTOPILOT_DISABLE_UPGRADE_MIGRATION') | default(false, true) }}"
consul_autopilot_upgrade_version_tag: "{{ lookup('env', 'CONSUL_AUTOPILOT_UPGRADE_VERSION_TAG') | default('', true) }}"
### Cloud auto discovery settings
consul_cloud_autodiscovery: false
consul_cloud_autodiscovery_provider: ""
consul_cloud_autodiscovery_params: ""
consul_cloud_autodiscovery_string: "provider={{ consul_cloud_autodiscovery_provider }} {{ consul_cloud_autodiscovery_params }}"
### Addresses
consul_bind_address: "\
{% if ansible_system == 'FreeBSD' %}\
{{ lookup('env','CONSUL_BIND_ADDRESS') | default(hostvars[inventory_hostname]['ansible_'+ consul_iface ]['ipv4'][0]['address'], true) }}\
{% elif ansible_os_family == 'Windows' %}\
{{ lookup('env','CONSUL_BIND_ADDRESS') | default(hostvars[inventory_hostname]['ansible_ip_addresses'][0], true) }}\
{% else %}\
{{ lookup('env','CONSUL_BIND_ADDRESS') | default(hostvars[inventory_hostname]['ansible_'+ consul_iface | replace('-', '_')]['ipv4']['address'], true) }}\
{% endif %}"
consul_advertise_address: "{{ consul_bind_address }}"
consul_advertise_address_wan: "{{ consul_bind_address }}"
consul_translate_wan_address: false
consul_advertise_addresses:
serf_lan: "{{ consul_advertise_addresses_serf_lan | default(consul_advertise_address+':'+consul_ports.serf_lan) }}"
serf_wan: "{{ consul_advertise_addresses_serf_wan | default(consul_advertise_address_wan+':'+consul_ports.serf_wan) }}"
rpc: "{{ consul_advertise_addresses_rpc | default(consul_bind_address+':'+consul_ports.server) }}"
consul_client_address: '127.0.0.1'
consul_addresses:
dns: "{{ consul_addresses_dns | default(consul_client_address, true) }}"
http: "{{ consul_addresses_http | default(consul_client_address, true) }}"
https: "{{ consul_addresses_https | default(consul_client_address, true) }}"
rpc: "{{ consul_addresses_rpc | default(consul_client_address, true) }}"
grpc: "{{ consul_addresses_grpc | default(consul_client_address, true) }}"
### Ports
consul_ports:
dns: "{{ consul_ports_dns | default('8600', true) }}"
http: "{{ consul_ports_http | default('8500', true) }}"
https: "{{ consul_ports_https | default('-1', true) }}"
rpc: "{{ consul_ports_rpc | default('8400', true) }}"
serf_lan: "{{ consul_ports_serf_lan | default('8301', true) }}"
serf_wan: "{{ consul_ports_serf_wan | default('8302', true) }}"
server: "{{ consul_ports_server | default('8300', true) }}"
grpc: "{{ consul_ports_grpc | default('-1', true) }}"
### Servers
consul_group_name: "{{ lookup('env','CONSUL_GROUP_NAME') | default('consul_instances', true) }}"
consul_join: []
consul_join_wan: []
consul_servers: "\
{% set _consul_servers = [] %}\
{% for host in groups[consul_group_name] %}\
{% set _consul_node_role = hostvars[host]['consul_node_role'] | default('client', true) %}\
{% if ( _consul_node_role == 'server' or _consul_node_role == 'bootstrap') %}\
{% if _consul_servers.append(host) %}{% endif %}\
{% endif %}\
{% endfor %}\
{{ _consul_servers }}"
consul_gather_server_facts: false
## ACL
consul_acl_policy: "{{ lookup('env','CONSUL_ACL_POLICY') | default(false, true) }}"
### Shared ACL config ###
consul_acl_enable: "{{ lookup('env','CONSUL_ACL_ENABLE') | default(false, true) }}"
consul_acl_ttl: "{{ lookup('env','CONSUL_ACL_TTL') | default('30s', true)}}"
consul_acl_token_persistence: "{{ lookup('env','CONSUL_ACL_TOKEN_PERSISTENCE') | default(true, true)}}"
consul_acl_datacenter: "{{ lookup('env','CONSUL_ACL_DATACENTER') | default(consul_datacenter, true) }}"
consul_acl_down_policy: "{{ lookup('env','CONSUL_ACL_DOWN_POLICY') | default('extend-cache', true) }}"
consul_acl_token: "{{lookup('env','CONSUL_ACL_TOKEN') | default('', true) }}"
consul_acl_agent_token: "{{ lookup('env','CONSUL_ACL_AGENT_TOKEN') | default('', true) }}"
consul_acl_agent_master_token: "{{ lookup('env','CONSUL_ACL_AGENT_MASTER_TOKEN') | default('', true) }}"
### Server ACL settings ###
consul_acl_default_policy: "{{ lookup('env','CONSUL_ACL_DEFAULT_POLICY') | default('allow', true) }}"
consul_acl_master_token: "{{ lookup('env','CONSUL_ACL_MASTER_TOKEN') | default('', true) }}"
consul_acl_master_token_display: "{{ lookup('env','CONSUL_ACL_MASTER_TOKEN_DISPLAY') | default(false, true) }}"
consul_acl_replication_enable: "{{ lookup('env','CONSUL_ACL_REPLICATION_ENABLE') | default('',true) }}"
consul_acl_replication_token: "{{ lookup('env','CONSUL_ACL_REPLICATION_TOKEN') | default('', true) }}"
## gossip encryption
consul_encrypt_enable: "{{ lookup('env','CONSUL_ENCRYPT_ENABLE') | default(true, true) }}"
consul_encrypt_verify_incoming: true
consul_encrypt_verify_outgoing: true
consul_disable_keyring_file: "{{ lookup('env','CONSUL_DISABLE_KEYRING_FILE') | default(false, true) }}"
## TLS
consul_tls_enable: "{{ lookup('env','CONSUL_TLS_ENABLE') | default(false, true) }}"
consul_tls_src_files: "{{ lookup('env','CONSUL_TLS_SRC_FILES') | default(role_path+'/files', true) }}"
consul_tls_dir: "{{ lookup('env','CONSUL_TLS_DIR') | default('/etc/consul/ssl', true) }}"
consul_tls_ca_crt: "{{ lookup('env','CONSUL_TLS_CA_CRT') | default('ca.crt', true) }}"
consul_tls_server_crt: "{{ lookup('env','CONSUL_SERVER_CRT') | default('server.crt', true) }}"
consul_tls_server_key: "{{ lookup('env','CONSUL_SERVER_KEY') | default('server.key', true) }}"
consul_tls_copy_keys: true
consul_tls_verify_incoming: "{{ lookup('env','CONSUL_TLS_VERIFY_INCOMING') | default(false, true) }}"
consul_tls_verify_outgoing: "{{ lookup('env','CONSUL_TLS_VERIFY_OUTGOING') | default(true, true) }}"
consul_tls_verify_incoming_rpc: "{{ lookup('env','CONSUL_TLS_VERIFY_INCOMING_RPC') | default(false, true) }}"
consul_tls_verify_incoming_https: "{{ lookup('env','CONSUL_TLS_VERIFY_INCOMING_HTTPS') | default(false, true) }}"
consul_tls_verify_server_hostname: "{{ lookup('env','CONSUL_TLS_VERIFY_SERVER_HOSTNAME') | default(false, true) }}"
consul_tls_files_remote_src: false
consul_tls_min_version: "{{ lookup('env','CONSUL_TLS_MIN_VERSION') | default('tls12', true) }}"
consul_tls_cipher_suites: ""
consul_tls_prefer_server_cipher_suites: "{{ lookup('env','CONSUL_TLS_PREFER_SERVER_CIPHER_SUITES') | default('false', true) }}"
auto_encrypt:
enabled: false
## DNS
consul_delegate_datacenter_dns: "{{ lookup('env','CONSUL_DELEGATE_DATACENTER_DNS') | default(false, true) }}"
consul_dnsmasq_enable: "{{ lookup('env','CONSUL_DNSMASQ_ENABLE') | default(false, true) }}"
consul_dnsmasq_bind_interfaces: false
consul_dnsmasq_consul_address: "\
{# Use localhost if DNS is listening on all interfaces #}\
{% if consul_addresses.dns == '0.0.0.0' %}\
127.0.0.1\
{% else %}\
{{ consul_addresses.dns }}\
{% endif %}"
consul_dnsmasq_cache: -1
consul_dnsmasq_servers:
- 8.8.8.8
- 8.8.4.4
consul_dnsmasq_revservers: []
consul_dnsmasq_no_poll: false
consul_dnsmasq_no_resolv: false
consul_dnsmasq_local_service: false
consul_dnsmasq_listen_addresses: []
consul_iptables_enable: "{{ lookup('env','CONSUL_IPTABLES_ENABLE') | default(false, true) }}"
# Consul Enterprise
consul_enterprise: "{{ lookup('env','CONSUL_ENTERPRISE') | default(false, true) }}"
# Performance
consul_performance:
raft_multiplier: 1
leave_drain_time: 5s
rpc_hold_timeout: 7s
# Snapshot
consul_snapshot: false
consul_snapshot_storage: "{{ consul_config_path }}/snaps"
consul_snapshot_interval: 1h
consul_snapshot_retain: 30
consul_snapshot_stale: false
# services
consul_services: []
# enable Consul Connect
consul_connect_enabled: false
# system limits
consul_limits: {}

148
ansible/roles/ansible-consul/examples/README_VAGRANT.md
View file

@ -1,148 +0,0 @@
# Consul with Ansible
This project provides documentation and a collection of scripts to help you automate the deployment of Consul using [Ansible](https://www.ansible.com/). These are the instructions for deploying a development cluster on Vagrant and VirtualBox.
The documentation and scripts are merely a starting point designed to both help familiarize you with the processes and quickly bootstrap an environment for development. You may wish to expand on them and customize them with additional features specific to your needs later.
If you are looking for the main role documentation, it is in the [README.md](https://github.com/brianshumate/ansible-consul/blob/master/README.md).
## Vagrant Development Cluster
In some situations deploying a small cluster on your local development machine can be handy. This document describes such a scenario using the following technologies:
* [Consul](https://consul.io)
* [VirtualBox](https://www.virtualbox.org/)
* [Vagrant](http://www.vagrantup.com/) with Ansible provisioner and
supporting plugin
* [Ansible](https://www.ansible.com/)
Each of the virtual machines for this guide are configured with 1GB RAM, 2 CPU cores, and 2 network interfaces. The first interface uses NAT and has connection via the host to the outside world. The second interface is a private network and is used for Consul intra-cluster communication in addition to access from the host machine.
The Vagrant configuration file (`Vagrantfile`) is responsible for configuring the virtual machines and a baseline OS installation.
The Ansible playbooks then further refine OS configuration, perform Consul software download, installation, configuration, and the joining of server nodes into a ready to use cluster.
## Designed for Ansible Galaxy
This role is designed to be installed via the `ansible-galaxy` command instead of being directly run from the git repository.
You should install it like this:
```
ansible-galaxy install brianshumate.consul
```
You'll want to make sure you have write access to `/etc/ansible/roles/` since that is where the role will be installed by default, or define your own Ansible role path by creating a `$HOME/.ansible.cfg` or even `./anisible.cfg`
file with these contents:
```
[defaults]
roles_path = PATH_TO_ROLES
```
Change `PATH_TO_ROLES` to a directory that you have write access to.
## Quick Start
Begin from the top level directory of this project and use the following steps to get up and running:
1. Install [VirtualBox](https://www.virtualbox.org/wiki/Downloads), [Vagrant](http://downloads.vagrantup.com/), [vagrant-hosts](https://github.com/adrienthebo/vagrant-hosts), and [Ansible](http://docs.ansible.com/ansible/intro_installation.html).
2. Edit `/etc/hosts` or use the included `bin/preinstall` script to add
the following entries to your development system's `/etc/hosts` file:
* 10.1.42.210 consul1.consul consul1
* 10.1.42.220 consul2.consul consul2
* 10.1.42.230 consul3.consul consul3
3. cd `$PATH_TO_ROLES/brianshumate.consul/examples`
4. `vagrant up`
5. Access the cluster web UI at http://consul1.consul:8500/ui/
6. You can also `ssh` into a node and verify the cluster members directly
from the RAFT peers list:
```
vagrant ssh consul1
consul operator raft -list-peers
Node ID Address State Voter
consul1 10.1.42.210:8300 10.1.42.210:8300 follower true
consul2 10.1.42.220:8300 10.1.42.220:8300 follower true
consul3 10.1.42.230:8300 10.1.42.230:8300 leader true
```
By default, this project will install Debian 8 based cluster nodes. If you
prefer, it can also install CentOS 7 based nodes by changing the command
in step 4 to the following:
```
BOX_NAME=centos/7 vagrant up
```
or on a modern Ubuntu with a differently named ethernet interface:
```
BOX_NAME=ubuntu/xenial64 CONSUL_IFACE=enp0s8 vagrant up
```
or on FreeBSD:
```
BOX_NAME=freebsd/FreeBSD-11.0-STABLE CONSUL_IFACE=em1 vagrant up
```
## Notes
1. This project functions with the following software versions:
* Consul version 1.8.7
* Ansible: 2.8.2
* VirtualBox version 5.2.22
* Vagrant version 2.2.1
* Vagrant Hosts plugin version 2.8.1
2. This project uses Debian 9 (Stretch) by default, but you can choose another OS distribution with the *BOX_NAME* environment variable
3. The `bin/preinstall` shell script performs the following actions for you:
* Adds each node's host information to the host machine's `/etc/hosts`
* Optionally installs the Vagrant hosts plugin
4. If you notice an error like *vm: The '' provisioner could not be found.*
make sure you have vagrant-hosts plugin installed
### Dnsmasq Forwarding
The role includes support for DNS forwarding with Dnsmasq.
Install like this:
```
CONSUL_DNSMASQ_ENABLE=true vagrant up
```
Then you can query any of the agents via DNS directly via port 53:
```
dig @consul1.consul consul3.node.consul
; <<>> DiG 9.8.3-P1 <<>> @consul1.consul consul3.node.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29196
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;consul3.node.consul. IN A
;; ANSWER SECTION:
consul3.node.consul. 0 IN A 10.1.42.230
;; Query time: 42 msec
;; SERVER: 10.1.42.210#53(10.1.42.210)
;; WHEN: Sun Aug 7 18:06:32 2016
;; MSG SIZE rcvd: 72
```
## References
1. https://www.consul.io/
2. https://www.consul.io/intro/getting-started/install.html
3. https://www.consul.io/docs/guides/bootstrapping.html
4. https://www.consul.io/docs/guides/forwarding.html
5. http://www.ansible.com/
6. http://www.vagrantup.com/
7. https://www.virtualbox.org/
8. https://github.com/adrienthebo/vagrant-hosts

155
ansible/roles/ansible-consul/examples/Vagrantfile vendored
View file

@ -1,155 +0,0 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
#
# `Vagrantfile` for bootstrapping a development Consul cluster with
# VirtualBox provider and Ansible provisioner
#
# This inline script is called with a script provisioner on each box
# to do utility work for handling corner cases in different boxes and
# operating systems, such as installing Python on official FreeBSD boxes, etc.
#
$script = <<SCRIPT
check_os () {
PLATFORM="unknown"
UNAMESTR="$(uname)"
if test "$UNAMESTR" = "Linux"; then
PLATFORM="linux"
elif test "$UNAMESTR" = "FreeBSD"; then
PLATFORM="freebsd"
fi
}
## Install Python on FreeBSD
check_os
if test "$PLATFORM" = "freebsd"; then
echo "FreeBSD guest detected: installing Python ..."
if pkg install -y python > /dev/null 2>&1; then
echo "Done!"
else
echo >2 "Problem installing Python!"
fi
echo "Linking Python ..."
if ln -s /usr/local/bin/python /usr/bin/python; then
echo "Done!"
else
echo 2> "Problem linking Python!"
fi
fi
SCRIPT
ANSIBLE_PLAYBOOK = ENV['ANSIBLE_PLAYBOOK'] || "site.yml"
BOX_MEM = ENV['BOX_MEM'] || "1024"
BOX_NAME = ENV['BOX_NAME'] || "debian/stretch64"
CLUSTER_HOSTS = ENV['CLUSTER_HOSTS'] || "vagrant_hosts"
CONSUL_ACL_ENABLE = ENV['CONSUL_ACL_ENABLE'] || "false"
CONSUL_ATLAS_ENABLE = ENV['CONSUL_ATLAS_ENABLE'] || "false"
CONSUL_DNSMASQ_ENABLE = ENV['CONSUL_DNSMASQ_ENABLE'] || "false"
CONSUL_LOGLEVEL = ENV['CONSUL_LOGLEVEL'] || "INFO"
CONSUL_LOG_PATH = ENV['CONSUL_LOG_PATH'] || "/var/log/consul"
CONSUL_LOG_FILE = ENV['CONSUL_LOG_FILE'] || "consul.log"
CONSUL_SYSLOG_FACILITY = ENV['CONSUL_SYSLOG_FACILITY'] || "local0"
SYSLOG_USER = ENV['SYSLOG_USER'] || "syslog"
SYSLOG_GROUP = ENV['SYSLOG_GROUP'] || "adm"
CONSUL_NODE_OS = ENV['CONSUL_NODE_OS'] || "Linux"
VAGRANTFILE_API_VERSION = "2"
Vagrant.require_version ">= 1.9.0"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
if BOX_NAME.include? "freebsd"
CONSUL_IFACE = "em1"
end
# Configure 3 Consul nodes
config.vm.define :consul1 do |consul1_config|
consul1_config.vm.box = BOX_NAME
# FreeBSD needs a MAC, disabled synced folder, and explicit shell
consul1_config.vm.base_mac = "080027D17374"
consul1_config.vm.synced_folder ".", "/vagrant", disabled: true
consul1_config.ssh.shell = "/bin/sh"
consul1_config.vm.network :private_network, ip: "10.1.42.210"
consul1_config.vm.hostname = "consul1.consul"
consul1_config.ssh.forward_agent = true
consul1_config.vm.provider "virtualbox" do |v|
v.name = "consul-node1"
v.customize ["modifyvm", :id, "--memory", BOX_MEM]
v.customize ["modifyvm", :id, "--ioapic", "on"]
v.customize ["modifyvm", :id, "--cpus", "2"]
v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
v.customize ["modifyvm", :id, "--natdnsproxy1", "on"]
consul1_config.vm.post_up_message = "Consul server 1 spun up!"
end
consul1_config.vm.provision :hosts do |provisioner|
provisioner.sync_hosts = false
provisioner.add_host '10.1.42.210', ['consul1.consul']
provisioner.add_host '10.1.42.220', ['consul2.consul']
provisioner.add_host '10.1.42.230', ['consul3.consul']
end
consul1_config.vm.provision "shell", inline: $script
end
config.vm.define :consul2 do |consul2_config|
consul2_config.vm.box = BOX_NAME
# FreeBSD needs a MAC, disabled synced folder, and explicit shell
consul2_config.vm.base_mac = "080027D27374"
consul2_config.vm.synced_folder ".", "/vagrant", disabled: true
consul2_config.ssh.shell = "/bin/sh"
consul2_config.vm.network :private_network, ip: "10.1.42.220"
consul2_config.vm.hostname = "consul2.consul"
consul2_config.ssh.forward_agent = true
consul2_config.vm.provider "virtualbox" do |v|
v.name = "consul-node2"
v.customize ["modifyvm", :id, "--memory", BOX_MEM]
v.customize ["modifyvm", :id, "--ioapic", "on"]
v.customize ["modifyvm", :id, "--cpus", "2"]
v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
v.customize ["modifyvm", :id, "--natdnsproxy1", "on"]
consul2_config.vm.post_up_message = "Consul server 2 spun up!"
end
consul2_config.vm.provision :hosts do |provisioner|
provisioner.sync_hosts = false
provisioner.add_host '10.1.42.210', ['consul1.consul']
provisioner.add_host '10.1.42.220', ['consul2.consul']
provisioner.add_host '10.1.42.230', ['consul3.consul']
end
consul2_config.vm.provision "shell", inline: $script
end
config.vm.define :consul3 do |consul3_config|
consul3_config.vm.box = BOX_NAME
# FreeBSD needs a MAC, disabled synced folder, and explicit shell
consul3_config.vm.base_mac = "080027D37374"
consul3_config.vm.synced_folder ".", "/vagrant", disabled: true
consul3_config.ssh.shell = "/bin/sh"
consul3_config.vm.network :private_network, ip: "10.1.42.230"
consul3_config.vm.hostname = "consul3.consul"
consul3_config.ssh.forward_agent = true
consul3_config.vm.provider "virtualbox" do |v|
v.name = "consul-node3"
v.customize ["modifyvm", :id, "--memory", BOX_MEM]
v.customize ["modifyvm", :id, "--ioapic", "on"]
v.customize ["modifyvm", :id, "--cpus", "2"]
v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
v.customize ["modifyvm", :id, "--natdnsproxy1", "on"]
consul3_config.vm.post_up_message = "Consul server 3 spun up!\n\nAccess http://consul1.consul:8500/ui/ in a browser for Consul UI."
end
consul3_config.vm.provision :hosts do |provisioner|
provisioner.sync_hosts = false
provisioner.add_host '10.1.42.210', ['consul1.consul']
provisioner.add_host '10.1.42.220', ['consul2.consul']
provisioner.add_host '10.1.42.230', ['consul3.consul']
end
consul3_config.vm.provision "shell", inline: $script
consul3_config.vm.provision :ansible do |ansible|
ansible.inventory_path = CLUSTER_HOSTS
# As if variable related things in Ansible couldn't be more exciting,
# extra Ansible variables can be defined here as well. Wheeee!
#
ansible.extra_vars = {
consul_log_level: "DEBUG",
consul_iface: "eth1"
}
ansible.playbook = ANSIBLE_PLAYBOOK
ansible.limit = "all"
compatibility_mode = "2.0"
end
end
end

2
ansible/roles/ansible-consul/examples/ansible.cfg
View file

@ -1,2 +0,0 @@
[defaults]
roles_path = ../../

72
ansible/roles/ansible-consul/examples/bin/preinstall
View file

@ -1,72 +0,0 @@
#!/bin/bash
# File: preinstall - convenience script to add Consul
# VM node host information to /etc/hosts for Vagrant
# shellcheck disable=SC2059
consul1="10\.1\.42\.210"
export txtblu='\e[0;34m' # Blue
export txtgrn='\e[0;32m' # Green
export txtred='\e[0;31m' # Red
export txtylw='\e[0;33m' # Yellow
export txtwht='\e[0;37m' # White
# Log stuff
function logmsg {
msgtype="$1"
msgtxt="$2"
case "${msgtype}" in
greeting)
printf "${txtblu}[*] ${msgtxt}\n"
;;
info)
printf "${txtwht}[i] ${msgtxt}\n"
;;
success)
printf "${txtgrn}[+] ${msgtxt}\n"
;;
notice)
printf "${txtylw}[-] ${msgtxt}\n"
;;
alert)
printf "${txtred}[!] ${msgtxt}\n" >&2
;;
*)
printf "${txtwht}[@] ${msgtxt}\n" >&2
;;
esac
}
# Check if sudo will need password
function sudocheck {
logmsg info "Enter your user account password for sudo if prompted"
sudo true
}
# Add hosts entries if necessary
function add_hosts {
if grep "${consul1}" /etc/hosts > /dev/null 2>&1; then
logmsg success "Consul VM node information present in /etc/hosts"
else
sudocheck
sudo sh -c "echo '# Consul Vagrant virtual machine hosts
10.1.42.210 consul1.consul consul1
10.1.42.220 consul2.consul consul2
10.1.42.230 consul3.consul consul3
' >> /etc/hosts"
logmsg success "Consul node host information added to /etc/hosts"
fi
}
# Install Vagrant Hosts plugin if necessary
function vagrant_hosts_plugin {
if vagrant plugin list | grep vagrant-hosts > /dev/null 2>&1; then
logmsg success "Vagrant Hosts plugin is installed"
else
vagrant plugin install vagrant-hosts > /dev/null 2>&1
logmsg success "Installed Vagrant Hosts plugin"
fi
}
add_hosts
vagrant_hosts_plugin

10
ansible/roles/ansible-consul/examples/site.yml
View file

@ -1,10 +0,0 @@
---
# File: site.yml - Example Consul site playbook
- name: Assemble Consul cluster
hosts: consul_instances
any_errors_fatal: true
become: true
become_user: root
roles:
- ansible-consul

12
ansible/roles/ansible-consul/examples/vagrant_hosts
View file

@ -1,12 +0,0 @@
# File: vagrant_hosts
# Consul cluster node hosts configuration for Vagrant
#
# NB: Replace the hosts below with your preferred node hostnames and continue
# the 'nodeN' pattern for additional nodes past 'consul3'. There should
# be only one node with consul_node_role = "bootstrap"
# Do not modify the labels (text appearing between []), however
[consul_instances]
consul1.consul consul_iface=eth1 consul_node_role=bootstrap ansible_ssh_user=vagrant ansible_ssh_private_key_file=./.vagrant/machines/consul1/virtualbox/private_key
consul2.consul consul_iface=eth1 consul_node_role=server ansible_ssh_user=vagrant ansible_ssh_private_key_file=./.vagrant/machines/consul2/virtualbox/private_key
consul3.consul consul_iface=eth1 consul_node_role=server ansible_ssh_user=vagrant ansible_ssh_private_key_file=./.vagrant/machines/consul3/virtualbox/private_key

4
ansible/roles/ansible-consul/files/README.md
View file

@ -1,4 +0,0 @@
# files
This directory is used for holding temporary files and should be present
in the role even when empty.

28
ansible/roles/ansible-consul/handlers/main.yml
View file

@ -1,28 +0,0 @@
---
# File: main.yml - Handlers for Consul
- name: restart consul
import_tasks: restart_consul.yml
- name: start consul
import_tasks: start_consul.yml
- name: reload consul configuration
import_tasks: reload_consul_conf.yml
- name: restart dnsmasq
service:
name: dnsmasq
state: restarted
- name: restart rsyslog
import_tasks: restart_rsyslog.yml
- name: restart syslog-ng
import_tasks: restart_syslogng.yml
- name: restart syslog-ng
import_tasks: restart_syslogng.yml
- name: start snapshot
import_tasks: start_snapshot.yml

8
ansible/roles/ansible-consul/handlers/reload_consul_conf.yml
View file

@ -1,8 +0,0 @@
---
# Use SIGHUP to reload most configurations as per https://www.consul.io/docs/agent/options.html
# Cannot use `consul reload` because it requires the HTTP API to be bound to a non-loopback interface
- name: reload consul configuration on Linux
command: "pkill --pidfile '{{ consul_run_path }}/consul.pid' --signal SIGHUP"
when: ansible_os_family != "Windows"
listen: 'reload consul configuration'

14
ansible/roles/ansible-consul/handlers/restart_consul.yml
View file

@ -1,14 +0,0 @@
---
- name: restart consul on Linux
service:
name: consul
state: restarted
when: ansible_os_family != "Windows"
listen: 'restart consul'
- name: restart consul on windows
win_service:
name: consul
state: restarted
when: ansible_os_family == "Windows"
listen: 'restart consul'

7
ansible/roles/ansible-consul/handlers/restart_rsyslog.yml
View file

@ -1,7 +0,0 @@
---
- name: restart rsyslog
service:
name: rsyslog
state: restarted
when: ansible_os_family != "Windows"
listen: 'restart rsyslog'

6
ansible/roles/ansible-consul/handlers/restart_syslogng.yml
View file

@ -1,6 +0,0 @@
---
- name: restart syslog-ng
service:
name: syslog-ng
state: restarted
listen: 'restart syslog-ng'

14
ansible/roles/ansible-consul/handlers/start_consul.yml
View file

@ -1,14 +0,0 @@
---
- name: start consul on Linux
service:
name: consul
state: started
when: ansible_os_family != "Windows"
listen: 'start consul'
- name: start consul on windows
win_service:
name: consul
state: started
when: ansible_os_family == "Windows"
listen: 'start consul'

8
ansible/roles/ansible-consul/handlers/start_snapshot.yml
View file

@ -1,8 +0,0 @@
---
- name: start consul snapshot on linux
service:
name: consul_snapshot
state: started
enabled: true
when: ansible_os_family != "Windows"
listen: 'start snapshot'

2
ansible/roles/ansible-consul/meta/.galaxy_install_info
View file

@ -1,2 +0,0 @@
install_date: Fri Jan 29 14:49:11 2021
version: master

52
ansible/roles/ansible-consul/meta/main.yml
View file

@ -1,52 +0,0 @@
---
# File: main.yml - Meta main
galaxy_info:
author: Brian Shumate
description: Consul cluster role
company: Brian Shumate
license: BSD
min_ansible_version: 2.5
platforms:
- name: Alpine
versions:
- all
- name: ArchLinux
versions:
- all
- name: Debian
versions:
- jessie
- stretch
- name: EL
versions:
- 6
- 7
- 8
- name: Fedora
versions:
- 26
- 27
- 28
- 29
- 30
- 31
- name: FreeBSD
versions:
- 10.0
- 11.0
- name: Ubuntu
versions:
- xenial
- bionic
- name: Windows
versions:
- 2012R2
galaxy_tags:
- clustering
- monitoring
- networking
- system
dependencies: []

22
ansible/roles/ansible-consul/molecule/_shared/Dockerfile.j2
View file

@ -1,22 +0,0 @@
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
{% if item.env is defined %}
{% for var, value in item.env.items() %}
{% if value %}
ENV {{ var }} {{ value }}
{% endif %}
{% endfor %}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 python-apt aptitude && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install /usr/bin/python3 /usr/bin/python3-config /usr/bin/dnf-3 sudo bash iproute && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y /usr/bin/python /usr/bin/python2-config sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi

41
ansible/roles/ansible-consul/molecule/_shared/base.yml
View file

@ -1,41 +0,0 @@
---
scenario:
test_sequence:
- lint
- syntax
- create
- prepare
- converge
- idempotence
- verify
- destroy
dependency:
name: galaxy
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint
flake8
provisioner:
name: ansible
config_options:
defaults:
deprecation_warnings: False
callback_whitelist: timer,profile_tasks
fact_caching: jsonfile
fact_caching_connection: ./cache
forks: 100
connection:
pipelining: True
playbooks:
prepare: ../_shared/prepare.yml
converge: ../_shared/converge.yml
inventory:
group_vars:
consul_instances:
consul_node_role: bootstrap
verifier:
name: testinfra
directory: ../_shared/tests

9
ansible/roles/ansible-consul/molecule/_shared/converge.yml
View file

@ -1,9 +0,0 @@
---
- name: Converge
hosts: all
roles:
- role: ansible-consul
vars:
# TODO: Probably we need to install syslog-ng/rsyslog first
consul_syslog_enable: False

15
ansible/roles/ansible-consul/molecule/_shared/prepare.yml
View file

@ -1,15 +0,0 @@
---
- name: Prepare
hosts: localhost
connection: local
tasks:
- name: Install OS packages
package:
name: unzip
become: true
- name: Install netaddr dependency on controlling host
pip:
name: netaddr
become: false

21
ansible/roles/ansible-consul/molecule/_shared/tests/conftest.py
View file

@ -1,21 +0,0 @@
"""PyTest Fixtures."""
from __future__ import absolute_import
import os
import pytest
def pytest_runtest_setup(item):
"""Run tests only when under molecule with testinfra installed."""
try:
import testinfra
except ImportError:
pytest.skip("Test requires testinfra", allow_module_level=True)
if "MOLECULE_INVENTORY_FILE" in os.environ:
pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ["MOLECULE_INVENTORY_FILE"]
).get_hosts("all")
else:
pytest.skip(
"Test should run only from inside molecule.",
allow_module_level=True
)

19
ansible/roles/ansible-consul/molecule/_shared/tests/test_default.py
View file

@ -1,19 +0,0 @@
"""Role testing files using testinfra."""
def test_hosts_file(host):
"""Validate /etc/hosts file."""
f = host.file("/etc/hosts")
assert f.exists
assert f.user == "root"
assert f.group == "root"
def test_service(host):
"""Validate consul service."""
consul = host.service('consul')
assert consul.is_running
# disabled due to fail on debian 9
# assert consul.is_enabled

9
ansible/roles/ansible-consul/molecule/centos-6/molecule.yml
View file

@ -1,9 +0,0 @@
---
platforms:
- name: centos-6
groups:
- consul_instances
image: dokken/centos-6
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN

11
ansible/roles/ansible-consul/molecule/centos-7/molecule.yml
View file

@ -1,11 +0,0 @@
---
platforms:
- name: centos-7
groups:
- consul_instances
image: dokken/centos-7
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro

11
ansible/roles/ansible-consul/molecule/centos-8/molecule.yml
View file

@ -1,11 +0,0 @@
---
platforms:
- name: centos-8
groups:
- consul_instances
image: dokken/centos-8
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro

13
ansible/roles/ansible-consul/molecule/debian-10/molecule.yml
View file

@ -1,13 +0,0 @@
---
platforms:
- name: debian-10
groups:
- consul_instances
image: dokken/debian-10
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true

11
ansible/roles/ansible-consul/molecule/debian-8/molecule.yml
View file

@ -1,11 +0,0 @@
---
platforms:
- name: debian-8
groups:
- consul_instances
image: dokken/debian-8
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
privileged: True
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro

13
ansible/roles/ansible-consul/molecule/debian-9/molecule.yml
View file

@ -1,13 +0,0 @@
---
platforms:
- name: debian-9
groups:
- consul_instances
image: dokken/debian-9
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true

0
ansible/roles/ansible-consul/molecule/default/.gitkeep
View file

11
ansible/roles/ansible-consul/molecule/fedora-26/molecule.yml
View file

@ -1,11 +0,0 @@
---
platforms:
- name: fedora-26
groups:
- consul_instances
image: dokken/fedora-26
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro

11
ansible/roles/ansible-consul/molecule/fedora-27/molecule.yml
View file

@ -1,11 +0,0 @@
---
platforms:
- name: fedora-27
groups:
- consul_instances
image: dokken/fedora-27
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro

11
ansible/roles/ansible-consul/molecule/fedora-28/molecule.yml
View file

@ -1,11 +0,0 @@
---
platforms:
- name: fedora-28
groups:
- consul_instances
image: dokken/fedora-28
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro

11
ansible/roles/ansible-consul/molecule/fedora-29/molecule.yml
View file

@ -1,11 +0,0 @@
---
platforms:
- name: fedora-29
groups:
- consul_instances
image: dokken/fedora-29
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro

11
ansible/roles/ansible-consul/molecule/fedora-30/molecule.yml
View file

@ -1,11 +0,0 @@
---
platforms:
- name: fedora-30
groups:
- consul_instances
image: dokken/fedora-30
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro

11
ansible/roles/ansible-consul/molecule/fedora-31/molecule.yml
View file

@ -1,11 +0,0 @@
---
platforms:
- name: fedora-31
groups:
- consul_instances
image: dokken/fedora-31
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro

9
ansible/roles/ansible-consul/molecule/oraclelinux-6/molecule.yml
View file

@ -1,9 +0,0 @@
---
platforms:
- name: oraclelinux-6
groups:
- consul_instances
image: dokken/oraclelinux-6
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN

11
ansible/roles/ansible-consul/molecule/oraclelinux-7/molecule.yml
View file

@ -1,11 +0,0 @@
---
platforms:
- name: oraclelinux-7
groups:
- consul_instances
image: dokken/oraclelinux-7
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro

11
ansible/roles/ansible-consul/molecule/oraclelinux-8/molecule.yml
View file

@ -1,11 +0,0 @@
---
platforms:
- name: oraclelinux-8
groups:
- consul_instances
image: dokken/oraclelinux-8
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro

13
ansible/roles/ansible-consul/molecule/ubuntu-16.04/molecule.yml
View file

@ -1,13 +0,0 @@
---
platforms:
- name: ubuntu-16.04
groups:
- consul_instances
image: dokken/ubuntu-16.04
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true

13
ansible/roles/ansible-consul/molecule/ubuntu-18.04/molecule.yml
View file

@ -1,13 +0,0 @@
---
platforms:
- name: ubuntu-18.04
groups:
- consul_instances
image: dokken/ubuntu-18.04
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true

6
ansible/roles/ansible-consul/requirements.txt
View file

@ -1,6 +0,0 @@
molecule===2.22
docker
netaddr
testinfra
flake8
yamllint

99
ansible/roles/ansible-consul/tasks/acl.yml
View file

@ -1,99 +0,0 @@
---
# File: acl.yml - ACL tasks for Consul
- block:
- name: Read ACL master token from previously boostrapped server
command: "cat {{ consul_config_path }}/config.json"
register: config_read
no_log: true
changed_when: false
run_once: true
- name: Save acl_master_token from existing configuration
set_fact:
consul_acl_master_token: "{{ config_read.stdout | from_json | json_query(query) }}"
vars:
query: "acl.tokens.master"
no_log: true
when:
- bootstrap_state.stat.exists | bool
- (consul_acl_master_token is not defined or consul_acl_master_token | length == 0)
- consul_node_role == 'server'
- block:
- name: Generate ACL master token
command: "echo {{ lookup('password', '/dev/null length=32 chars=ascii_letters') | to_uuid }}"
register: consul_acl_master_token_keygen
run_once: true
no_log: true
- name: Save ACL master token
set_fact:
consul_acl_master_token: "{{ consul_acl_master_token_keygen.stdout }}"
no_log: true
when:
- (consul_acl_master_token is not defined or consul_acl_master_token | length == 0)
- not bootstrap_state.stat.exists | bool
- consul_node_role == 'server'
- name: Display ACL Master Token
debug:
msg: "{{ consul_acl_master_token }}"
run_once: true
when:
- consul_acl_master_token_display | bool
- consul_node_role == 'server'
- block:
- name: Read ACL replication token from previously boostrapped server
shell: >
cat {{ consul_config_path }}/config.json |
grep "replication" |
sed -E 's/"replication": "(.+)",?/\1/' |
sed 's/^ *//;s/ *$//'
changed_when: false
check_mode: false
register: consul_acl_replication_token_read
run_once: true
- name: Save acl_replication_token from existing configuration
set_fact: consul_acl_replication_token="{{ consul_acl_replication_token_read.stdout }}"
ignore_errors: true
when:
- bootstrap_state.stat.exists | bool
- (consul_acl_replication_token is not defined or consul_acl_replication_token | length == 0)
- consul_node_role == 'server'
- block:
- name: Generate ACL replication token
command: "echo {{ lookup('password', '/dev/null length=32 chars=ascii_letters') | to_uuid }}"
register: consul_acl_replication_token_keygen
no_log: true
run_once: true
- name: Save ACL replication token
set_fact:
consul_acl_replication_token: "{{ consul_acl_replication_token_keygen.stdout }}"
no_log: true
when:
- (consul_acl_replication_token is not defined or consul_acl_replication_token | length == 0)
- not bootstrap_state.stat.exists | bool
- consul_node_role == 'server'
- name: Create ACL policy configuration
template:
src: configd_50acl_policy.hcl.j2
dest: "{{ consul_configd_path }}/50acl_policy.hcl"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0600
notify:
- restart consul
when: consul_acl_policy | bool

102
ansible/roles/ansible-consul/tasks/asserts.yml
View file

@ -1,102 +0,0 @@
---
# File: asserts.yml - Asserts for this playbook
- name: Check distribution compatibility
fail:
msg: "{{ ansible_distribution }} is not currently supported by this role."
when:
- ansible_distribution not in ['RedHat', 'CentOS', 'OracleLinux', 'Fedora', 'Debian', 'FreeBSD', 'SmartOS', 'Ubuntu', 'Archlinux', 'Alpine', 'Amazon']
- ansible_os_family != 'Windows'
- name: Check CentOS, Red Hat or Oracle Linux version
fail:
msg: "{{ ansible_distribution_version }} is not a supported version."
when:
- ansible_distribution in ['RedHat', 'CentOS', 'OracleLinux']
- ansible_distribution_version is version_compare(6, '<')
- name: Check Debian version
fail:
msg: "{{ ansible_distribution_version }} is not a supported version."
when:
- ansible_distribution == "Debian"
- (ansible_distribution_version != 'buster/sid') and (ansible_distribution_version is version_compare(8, '<'))
- name: Check FreeBSD version
fail:
msg: "{{ ansible_distribution_version }} is not a supported version."
when:
- ansible_distribution == "FreeBSD"
- ansible_distribution_version is version_compare(10, '<')
- name: Check Ubuntu version
fail:
msg: "{{ ansible_distribution_version }} is not a supported version."
when:
- ansible_distribution == "Ubuntu"
- ansible_distribution_version is version_compare(13.04, '<')
- name: Check specified ethernet interface
fail:
msg: "The ethernet interface specified by consul_iface was not found."
when:
- ansible_os_family != 'Windows'
- consul_iface not in ansible_interfaces
- name: Check iptables on Red Hat, CentOS or Oracle Linux
fail:
msg: "Use DNSmasq instead of iptables on {{ ansible_distribution }}."
when:
- consul_iptables_enable | bool
- ansible_distribution in ['RedHat', 'CentOS', 'OracleLinux']
- ansible_distribution_version is version_compare(6, '>=')
- name: Check for both Dnsmasq and iptables enabled
fail:
msg: "EONEORTHEOTHER: DNSmasq and iptables together is not supported."
when:
- consul_dnsmasq_enable | bool
- consul_iptables_enable | bool
- name: Check for iptables enabled but no recursors
fail:
msg: "Recursors are required if iptables is enabled."
when:
- consul_iptables_enable | bool
- consul_recursors | length == 0
- name: Check consul_group_name is included in groups
fail:
msg: "consul_group_name must be included in groups."
when: consul_group_name not in groups
- name: Fail if more than one bootstrap server is defined
fail:
msg: "You can not define more than one bootstrap server."
when:
- _consul_bootstrap_servers | length > 1
- name: Fail if a bootstrap server is defined and bootstrap_expect is true
fail:
msg: "Can't use a bootstrap server and bootstrap_expect at the same time."
when:
- _consul_bootstrap_servers | length > 0
- consul_bootstrap_expect | bool
# Check for unzip binary
- name: Check if unzip is installed on control host
shell: "command -v unzip -h >/dev/null 2>&1"
become: false
changed_when: false
check_mode: false
run_once: true
register: is_unzip_installed
ignore_errors: true
delegate_to: 127.0.0.1
- name: Install remotely if unzip is not installed on control host
set_fact:
consul_install_remotely: true
when:
- is_unzip_installed.rc == 1

44
ansible/roles/ansible-consul/tasks/config.yml
View file

@ -1,44 +0,0 @@
---
# File: config.yml - Consul configuration tasks
- name: Create configuration
copy:
dest: "{{ item.dest }}"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
content: "{{ lookup('template', 'templates/config.json.j2') | to_nice_json }}"
mode: 0600
with_items:
- dest: "{{ consul_config_path }}/config.json"
config_version: "{{ consul_node_role }}"
when: true
- dest: "{{ consul_config_path }}/bootstrap.json"
config_version: bootstrap
when: "{{ consul_debug | bool }}"
- dest: "{{ consul_config_path }}/server.json"
config_version: server
when: "{{ consul_debug | bool }}"
- dest: "{{ consul_config_path }}/client.json"
config_version: client
when: "{{ consul_debug | bool }}"
when:
- item.when
notify:
- restart consul
- name: Create custom configuration
copy:
dest: "{{ consul_configd_path }}/50custom.json"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
content: "{{ lookup('template', 'templates/configd_50custom.json.j2') | to_nice_json }}"
mode: 0600
when:
- consul_config_custom is defined
notify:
- restart consul
- name: Set fact list with custom configuration file
set_fact:
managed_files: "{{ managed_files |default([]) }} + \
[ '{{ consul_configd_path }}/50custom.json' ]"

38
ansible/roles/ansible-consul/tasks/config_windows.yml
View file

@ -1,38 +0,0 @@
---
# File: config_windows.yml - Consul configuration tasks for Windows
- name: Create configuration
win_copy:
dest: "{{ item.dest }}"
content: "{{ lookup('template', 'templates/config.json.j2') | to_nice_json }}"
with_items:
- dest: "{{ consul_config_path }}/config.json"
config_version: "{{ consul_node_role }}"
when: true
- dest: "{{ consul_config_path }}/bootstrap.json"
config_version: "bootstrap"
when: "{{ consul_debug | bool }}"
- dest: "{{ consul_config_path }}/server.json"
config_version: "server"
when: "{{ consul_debug | bool }}"
- dest: "{{ consul_config_path }}/client.json"
config_version: "client"
when: "{{ consul_debug | bool }}"
when:
- item.when
notify:
- restart consul
- name: Create custom configuration
win_copy:
dest: "{{ consul_configd_path }}/50custom.json"
content: "{{ lookup('template', 'templates/configd_50custom.json.j2') | to_nice_json }}"
when:
- consul_config_custom is defined
notify:
- restart consul
- name: Set fact list with custom configuration file
set_fact:
managed_files: "{{ managed_files |default([]) }} + \
[ '{{ consul_configd_path }}/50custom.json' ]"

71
ansible/roles/ansible-consul/tasks/dirs.yml
View file

@ -1,71 +0,0 @@
---
# File: dirs.yml - Consul directories
- name: Create directories
block:
- name: Configuration and data directories
file:
dest: "{{ item }}"
state: directory
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0700
with_items:
- "{{ consul_config_path }}"
- "{{ consul_configd_path }}"
- "{{ consul_data_path }}"
- name: Run directory
file:
dest: "{{ consul_run_path }}"
state: directory
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0750
when: ansible_os_family != 'Windows'
- name: Create log directory
file:
dest: "{{ consul_log_path }}"
state: directory
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0700
when:
- ansible_os_family != 'Windows'
- not consul_syslog_enable | bool
- not consul_configure_syslogd | bool
- name: Create log directory
file:
dest: "{{ item }}"
state: directory
owner: "{{ syslog_user }}"
group: "{{ syslog_group }}"
mode: 0700
with_items:
- "{{ consul_log_path }}"
when:
- ansible_os_family != 'Windows'
- consul_syslog_enable | bool
- consul_configure_syslogd | bool
- name: Verify binary path
file:
path: "{{ consul_bin_path }}"
state: directory
owner: root
mode: 0755
when: ansible_os_family != 'Windows'
- name: Create directories on Windows
win_file:
dest: "{{ item }}"
state: directory
with_items:
- "{{ consul_config_path }}"
- "{{ consul_configd_path }}"
- "{{ consul_data_path }}"
- "{{ consul_log_path }}"
- "{{ consul_bin_path }}"
when: ansible_os_family == 'Windows'

69
ansible/roles/ansible-consul/tasks/dnsmasq.yml
View file

@ -1,69 +0,0 @@
---
# File: dnsmasq.yml - Dnsmasq tasks for Consul
- name: Install Dnsmasq package
yum:
name: dnsmasq
state: present
when: ansible_os_family == "RedHat"
tags: dnsmasq, installation
- name: Install Dnsmasq package
apt:
name: dnsmasq
state: present
when: ansible_os_family == "Debian"
tags: dnsmasq, installation
- name: Install Dnsmasq package
pkgng:
name: dnsmasq
state: present
when: ansible_os_family == "FreeBSD"
tags: dnsmasq, installation
- name: Enable dnsmasq service
service:
name: dnsmasq
enabled: true
tags: dnsmasq
- name: Create Dnsmasq configuration directory
file:
path: /usr/local/etc/dnsmasq.d
state: directory
owner: root
group: wheel
mode: 0700
when: ansible_os_family == "FreeBSD"
tags: dnsmasq
- name: Create Dnsmasq configuration
template:
src: dnsmasq-10-consul.j2
dest: /etc/dnsmasq.d/10-consul
owner: root
group: root
mode: 0644
notify: restart dnsmasq
when: ansible_os_family in ["Debian", "RedHat"]
tags: dnsmasq
- name: Create FreeBSD-specific configuration
lineinfile:
dest: /usr/local/etc/dnsmasq.conf
line: 'conf-dir=/usr/local/etc/dnsmasq.d/,*.conf'
notify: restart dnsmasq
when: ansible_os_family == "FreeBSD"
tags: dnsmasq
- name: Create FreeBSD-specific Dnsmasq configuration
template:
src: dnsmasq-10-consul.j2
dest: /usr/local/etc/dnsmasq.d/consul.conf
owner: root
group: wheel
mode: 0644
notify: restart dnsmasq
when: ansible_os_family == "FreeBSD"
tags: dnsmasq

59
ansible/roles/ansible-consul/tasks/encrypt_gossip.yml
View file

@ -1,59 +0,0 @@
---
# File: encrypt_gossip.yml - Gossip encryption tasks for Consul
- block:
- name: Read gossip encryption key from previously boostrapped server
shell: 'cat {{ consul_config_path }}/bootstrap/config.json | grep "encrypt" | sed -E ''s/"encrypt": "(.+)",?/\1/'' | sed ''s/^ *//;s/ *$//'''
register: consul_key_read
run_once: true
- name: Save gossip encryption key from existing configuration
set_fact: consul_raw_key={{ consul_key_read.stdout }}
ignore_errors: true
when:
- consul_raw_key is not defined
- bootstrap_state.stat.exists | bool
- name: Write gossip encryption key locally for use with new servers
copy:
content: "{{ consul_raw_key }}"
dest: /tmp/consul_raw.key
mode: 0600
become: false
vars:
ansible_become: false
when:
- consul_raw_key is defined
- bootstrap_state.stat.exists | bool
delegate_to: 127.0.0.1
- name: Read gossip encryption key for servers that require it
set_fact: consul_raw_key="{{ lookup('file', '/tmp/consul_raw.key') }}"
when:
- consul_raw_key is not defined
- bootstrap_state.stat.exists | bool
- name: Delete gossip encryption key file
file:
path: /tmp/consul_raw.key
state: absent
become: false
vars:
ansible_become: false
when:
- consul_raw_key is defined
- bootstrap_state.stat.exists | bool
delegate_to: 127.0.0.1
- block:
- name: Generate gossip encryption key
shell: "PATH={{ consul_bin_path }}:$PATH consul keygen"
register: consul_keygen
run_once: true
- name: Write gossip encryption key to fact
set_fact: consul_raw_key={{ consul_keygen.stdout }}
when:
- consul_raw_key is not defined
- not bootstrap_state.stat.exists | bool

136
ansible/roles/ansible-consul/tasks/install.yml
View file

@ -1,136 +0,0 @@
---
# File: install.yml - package installation tasks for Consul
- name: Install OS packages
package:
name: "{{ item }}"
state: present
with_items: "{{ consul_os_packages }}"
tags: installation
- name: Read package checksum file
stat:
path: "{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS"
become: false
vars:
ansible_become: false
run_once: true
register: consul_checksum
tags: installation
delegate_to: 127.0.0.1
- name: Download package checksum file
get_url:
url: "{{ consul_checksum_file_url }}"
dest: "{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS"
become: false
vars:
ansible_become: false
run_once: true
tags: installation
when: not consul_checksum.stat.exists | bool
delegate_to: 127.0.0.1
- name: Read package checksum
shell: grep "{{ consul_pkg }}" "{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS" | awk '{print $1}'
become: false
vars:
ansible_become: false
register: consul_sha256
tags:
- installation
- skip_ansible_lint
run_once: true
delegate_to: 127.0.0.1
- name: Check Consul package file
stat:
path: "{{ role_path }}/files/{{ consul_pkg }}"
become: false
vars:
ansible_become: false
register: consul_package
tags: installation
run_once: true
delegate_to: 127.0.0.1
- name: Download Consul package
get_url:
url: "{{ consul_zip_url }}"
dest: "{{ role_path }}/files/{{ consul_pkg }}"
checksum: "sha256:{{ consul_sha256.stdout }}"
timeout: "42"
become: false
vars:
ansible_become: false
tags: installation
when: not consul_package.stat.exists | bool
run_once: true
delegate_to: 127.0.0.1
ignore_errors: "{{ ansible_check_mode }}"
- name: Update Alpine Package Manager (APK)
apk:
update_cache: true
run_once: true
when: ansible_os_family == "Alpine"
delegate_to: 127.0.0.1
- name: Create Temporary Directory for Extraction
tempfile:
state: directory
prefix: ansible-consul.
become: false
vars:
ansible_become: false
register: install_temp
tags: installation
run_once: true
delegate_to: 127.0.0.1
- name: Unarchive Consul package
unarchive:
src: "{{ role_path }}/files/{{ consul_pkg }}"
dest: "{{ install_temp.path }}/"
creates: "{{ install_temp.path }}/consul"
become: false
vars:
ansible_become: false
tags:
- installation
- skip_ansible_lint
run_once: true
delegate_to: 127.0.0.1
ignore_errors: "{{ ansible_check_mode }}"
- name: Install Consul
copy:
src: "{{ install_temp.path }}/consul"
dest: "{{ consul_bin_path }}/consul"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0755
notify:
- restart consul
tags: installation
ignore_errors: "{{ ansible_check_mode }}"
- name: Daemon reload systemd in case the binaries upgraded
systemd:
daemon_reload: yes
become: true
when:
- ansible_service_mgr == "systemd"
- consul_install_upgrade | bool
- name: Cleanup
file:
path: "{{ install_temp.path }}"
state: "absent"
become: false
vars:
ansible_become: false
tags: installation
run_once: true
delegate_to: 127.0.0.1
ignore_errors: "{{ ansible_check_mode }}"

81
ansible/roles/ansible-consul/tasks/install_remote.yml
View file

@ -1,81 +0,0 @@
---
# File: install_remote.yml - package installation tasks for Consul
- name: Install OS packages
package:
name: "{{ item }}"
state: present
with_items: "{{ consul_os_packages }}"
tags: installation
- name: Validate remote Consul directory
file:
path: /tmp/consul
state: directory
mode: 0700
- name: Read Consul package checksum file
stat:
path: "/tmp/consul/consul_{{ consul_version }}_SHA256SUMS"
register: consul_checksum
changed_when: false
tags: installation
- name: Download Consul package checksum file
get_url:
url: "{{ consul_checksum_file_url }}"
dest: "/tmp/consul/consul_{{ consul_version }}_SHA256SUMS"
validate_certs: false
tags: installation
when: not consul_checksum.stat.exists | bool
- name: Read Consul package checksum
shell: "grep {{ consul_pkg }} /tmp/consul/consul_{{ consul_version }}_SHA256SUMS"
register: consul_sha256
changed_when: false
tags:
- installation
- skip_ansible_lint
- name: Check Consul package file
stat:
path: "/tmp/consul/{{ consul_pkg }}"
register: consul_package
tags: installation
- name: Download Consul
get_url:
url: "{{ consul_zip_url }}"
dest: "/tmp/consul/{{ consul_pkg }}"
checksum: "sha256:{{ consul_sha256.stdout.split(' ')|first }}"
timeout: 42
register: consul_download
tags: installation
- name: Unarchive Consul and install binary
unarchive:
remote_src: true
src: "/tmp/consul/{{ consul_pkg }}"
dest: "{{ consul_bin_path }}"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0755
register: consul_install
notify:
- restart consul
when: consul_download is changed
tags: installation
- name: Daemon reload systemd in case the binaries upgraded
systemd: daemon_reload=yes
become: true
when:
- ansible_service_mgr == "systemd"
- consul_install_upgrade | bool
- consul_install is changed
- name: Cleanup
file:
path: "/tmp/consul"
state: absent
tags: installation

65
ansible/roles/ansible-consul/tasks/install_windows.yml
View file

@ -1,65 +0,0 @@
---
# File: install_remote.yml - package installation tasks for Consul
- name: Validate remote Consul directory
win_file:
path: /tmp/consul
state: directory
- name: Verify TLS1.2 is used
win_regedit:
path: HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
name: SchUseStrongCrypto
data: 1
type: dword
- name: Read Consul package checksum file
win_stat:
path: "/tmp/consul/consul_{{ consul_version }}_SHA256SUMS"
register: consul_checksum
tags: installation
- name: Download Consul package checksum file
win_get_url:
url: "{{ consul_checksum_file_url }}"
dest: "/tmp/consul/consul_{{ consul_version }}_SHA256SUMS"
tags: installation
when: not consul_checksum.stat.exists | bool
- name: Read Consul package checksum
win_shell: "findstr {{ consul_pkg }} /tmp/consul/consul_{{ consul_version }}_SHA256SUMS"
args:
chdir: /tmp/consul
register: consul_pkg_checksum
tags: installation
- name: Download Consul
win_get_url:
url: "{{ consul_zip_url }}"
dest: "/tmp/consul/{{ consul_pkg }}"
tags: installation
- name: Calculate checksum
win_stat:
path: "/tmp/consul/{{ consul_pkg }}"
checksum_algorithm: sha256
register: consul_pkg_hash
tags: installation
- name: Compare checksum to hashfile
fail:
msg: "Checksum {{ consul_pkg_checksum.stdout.split(' ') | first }} did not match calculated SHA256 {{ consul_pkg_hash.stat.checksum }}!"
when:
- consul_pkg_hash.stat.checksum != (consul_pkg_checksum.stdout.split(' ') | first)
- name: Unarchive Consul and install binary
win_unzip:
src: "/tmp/consul/{{ consul_pkg }}"
dest: "{{ consul_bin_path }}"
tags: installation
- name: Cleanup
win_file:
path: "/tmp/consul"
state: absent
tags: installation

48
ansible/roles/ansible-consul/tasks/iptables.yml
View file

@ -1,48 +0,0 @@
---
# File: iptables.yml - iptables tasks for Consul
- name: Install iptables
apt:
name: iptables
- name: Redirect local DNS (1/4)
iptables:
table: nat
chain: PREROUTING
protocol: udp
match: udp
destination_port: 53
jump: REDIRECT
to_ports: 8600
- name: Redirect local DNS (2/4)
iptables:
table: nat
chain: PREROUTING
protocol: tcp
match: tcp
destination_port: 53
jump: REDIRECT
to_ports: 8600
- name: Redirect local DNS (3/4)
iptables:
table: nat
chain: OUTPUT
protocol: udp
match: udp
destination_port: 53
jump: REDIRECT
to_ports: 8600
destination: localhost
- name: Redirect local DNS (4/4)
iptables:
table: nat
chain: OUTPUT
protocol: tcp
match: tcp
destination_port: 53
jump: REDIRECT
to_ports: 8600
destination: localhost

57
ansible/roles/ansible-consul/tasks/main.yml
View file

@ -1,57 +0,0 @@
---
# File: main.yml - Main tasks for Consul
- name: Install python dependencies
when:
- consul_install_dependencies | bool
block:
- name: Install netaddr dependency on controlling host (with --user)
pip:
name: netaddr
extra_args: --user
delegate_to: 127.0.0.1
become: false
vars:
ansible_become: false
run_once: true
when: not is_virtualenv or is_virtualenv == None
- name: Install netaddr dependency on controlling host (virtualenv)
pip:
name: netaddr
delegate_to: 127.0.0.1
become: false
vars:
ansible_become: false
run_once: true
when: is_virtualenv is defined
- name: Include checks/asserts
import_tasks: asserts.yml
- name: Include OS-specific variables
include_vars: "{{ ansible_os_family }}.yml"
tags: always
# -----------------------------------------------------------------------
# Tasks for all *NIX operating systems
# -----------------------------------------------------------------------
- name: Include NIX tasks
include_tasks: nix.yml
when: ansible_os_family != 'Windows'
# -----------------------------------------------------------------------
# Tasks for Windows
# -----------------------------------------------------------------------
- name: Include Windows tasks
include_tasks: windows.yml
when: ansible_os_family == 'Windows'
- name: Include services management
import_tasks: services.yml
when: consul_services is defined and consul_services|length>0
tags:
- consul_services
- name: flush_handlers
meta: flush_handlers

280
ansible/roles/ansible-consul/tasks/nix.yml
View file

@ -1,280 +0,0 @@
---
# Gathers facts (bind address) from servers not currently targeted.
# 'delegate_facts' is currently rather buggy in Ansible so this might not
# always work. Hence 'consul_gather_server_facts' defaults to 'no'.
- name: Gather facts from other servers
setup:
delegate_to: "{{ item }}"
delegate_facts: true
with_items: "{{ consul_servers | difference(play_hosts) }}"
ignore_errors: true
run_once: true
when: consul_gather_server_facts | bool
- name: Expose advertise_address(_wan) datacenter and node_role as facts
set_fact:
consul_advertise_address_wan: "{{ consul_advertise_address_wan }}"
consul_advertise_address: "{{ consul_advertise_address }}"
consul_bind_address: "{{ consul_bind_address }}"
consul_datacenter: "{{ consul_datacenter }}"
consul_node_role: "{{ consul_node_role }}"
- name: Read bootstrapped state
stat:
path: "{{ consul_bootstrap_state }}"
register: bootstrap_state
ignore_errors: true
tags: always
- name: Include user and group settings
import_tasks: user_group.yml
- name: Include directory settings
import_tasks: dirs.yml
- name: Check for existing Consul binary
stat:
path: "{{ consul_binary }}"
register: consul_binary_installed
- name: Calculate whether to install consul binary
set_fact:
consul_install_binary: "{{ consul_install_upgrade | bool or not consul_binary_installed.stat.exists }}"
- name: Install OS packages and consul - locally
include_tasks: install.yml
when:
- consul_install_binary | bool
- not consul_install_remotely | bool
- name: Install OS packages and consul - remotely
include_tasks: install_remote.yml
when:
- consul_install_binary | bool
- consul_install_remotely | bool
# XXX: Individual gossip tasks are deprecated and need to be removed
# - include_tasks: ../tasks/encrypt_gossip.yml
- block:
- block:
- name: Check for gossip encryption key on previously boostrapped server
slurp:
src: "{{ consul_config_path }}/config.json"
register: consul_config_b64
ignore_errors: true
- name: Deserialize existing configuration
set_fact:
consul_config: "{{ consul_config_b64.content | b64decode | from_json }}"
when: consul_config_b64.content is defined
- name: Save gossip encryption key from existing configuration
set_fact:
consul_raw_key: "{{ consul_config.encrypt }}"
when: consul_config is defined
no_log: true
when:
- consul_raw_key is not defined
- bootstrap_state.stat.exists | bool
- inventory_hostname in consul_servers
# Key provided by extra vars or the above block
- name: Write gossip encryption key locally for use with new servers
copy:
content: "{{ consul_raw_key }}"
dest: '/tmp/consul_raw.key'
mode: 0600
become: false
vars:
ansible_become: false
no_log: true
delegate_to: localhost
changed_when: false
when: consul_raw_key is defined
# Generate new key if none was found
- block:
- name: Generate gossip encryption key
shell: "PATH={{ consul_bin_path }}:$PATH consul keygen"
register: consul_keygen
- name: Write key locally to share with other nodes
copy:
content: "{{ consul_keygen.stdout }}"
dest: '/tmp/consul_raw.key'
become: false
vars:
ansible_become: false
delegate_to: localhost
no_log: true
run_once: true
when:
# if files '/tmp/consul_raw.key' exist
- lookup('first_found', dict(files=['/tmp/consul_raw.key'], skip=true)) | ternary(false, true)
- not bootstrap_state.stat.exists | bool
- name: Read gossip encryption key for servers that require it
set_fact:
consul_raw_key: "{{ lookup('file', '/tmp/consul_raw.key') }}"
no_log: true
when:
- consul_raw_key is not defined
- name: Delete gossip encryption key file
file:
path: '/tmp/consul_raw.key'
state: absent
become: false
vars:
ansible_become: false
run_once: true
delegate_to: localhost
changed_when: false
no_log: true
when:
- consul_encrypt_enable | bool
- name: Create ACL configuration
include_tasks: acl.yml
when: consul_acl_enable | bool
- name: Create Consul configuration
import_tasks: config.yml
- name: Create TLS configuration
include_tasks: tls.yml
when: consul_tls_enable | bool
- name: Create syslog configuration
import_tasks: syslog.yml
- name: Create BSD init script
template:
src: consul_bsdinit.j2
dest: /etc/rc.d/consul
owner: root
group: wheel
mode: 0755
when: ansible_os_family == "FreeBSD"
- name: Create SYSV init script
template:
src: consul_sysvinit.j2
dest: /etc/init.d/consul
owner: root
group: root
mode: 0755
when:
- not ansible_service_mgr == "systemd"
- not ansible_os_family == "Debian"
- not ansible_os_family == "FreeBSD"
- not ansible_os_family == "Solaris"
- name: Create Debian init script
template:
src: consul_debianinit.j2
dest: /etc/init.d/consul
owner: root
group: root
mode: 0755
when:
- not ansible_service_mgr == "systemd"
- ansible_os_family == "Debian"
- not ansible_os_family == "FreeBSD"
- not ansible_os_family == "Solaris"
- name: Create systemd script
template:
src: consul_systemd.service.j2
dest: /lib/systemd/system/consul.service
owner: root
group: root
mode: 0644
register: systemd_unit
notify: restart consul
when:
- ansible_service_mgr == "systemd"
- not ansible_os_family == "FreeBSD"
- not ansible_os_family == "Solaris"
- name: Reload systemd
systemd:
daemon_reload: true
when: systemd_unit is changed
- name: Enable consul at startup (systemd)
systemd:
name: consul
enabled: yes
when:
- ansible_service_mgr == "systemd"
- not ansible_os_family == "FreeBSD"
- not ansible_os_family == "Solaris"
- name: Create smf manifest
template:
src: consul_smf_manifest.j2
dest: "{{ consul_smf_manifest }}"
owner: root
group: root
mode: 0644
when: ansible_os_family == "Solaris"
register: smfmanifest
- name: Import smf manifest
shell: "svccfg import {{ consul_smf_manifest }}"
when:
- smfmanifest is changed
- ansible_os_family == "Solaris"
tags: skip_ansible_lint
- name: Import smf script
shell: "svcadm refresh consul"
when:
- smfmanifest is changed
- ansible_os_family == "Solaris"
tags: skip_ansible_lint
- name: Enable Consul Snapshots on servers
include_tasks: snapshot.yml
when:
- ansible_service_mgr == "systemd"
- not ansible_os_family == "FreeBSD"
- not ansible_os_family == "Solaris"
- consul_snapshot | bool
- block:
- name: Start Consul
service:
name: consul
state: started
enabled: true
- name: Check Consul HTTP API (via TCP socket)
wait_for:
delay: 15
port: "{{ consul_ports.http|int }}"
host: "{{ consul_addresses.http }}"
when: (consul_ports.http|int > -1) and (consul_addresses.http|ipaddr)
- name: Check Consul HTTP API (via unix socket)
wait_for:
delay: 15
path: "{{ consul_addresses.http | replace('unix://', '', 1) }}"
when: consul_addresses.http is match("unix://*")
- name: Create bootstrapped state file
file:
dest: "{{ consul_bootstrap_state }}"
state: touch
mode: 0600
- include_tasks: ../tasks/iptables.yml
when: consul_iptables_enable | bool
when: not bootstrap_state.stat.exists
- include_tasks: ../tasks/dnsmasq.yml
when: consul_dnsmasq_enable | bool

68
ansible/roles/ansible-consul/tasks/services.yml
View file

@ -1,68 +0,0 @@
---
## File: services.yml - services configuration
- name: "Configure consul services"
template:
dest: "{{ consul_configd_path }}/service_{{ item.name }}.json"
src: service.json.j2
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0644
with_items: "{{ consul_services }}"
notify:
- restart consul
- name: Get the list of service config file
find:
paths: "{{ consul_configd_path }}"
file_type: file
register: services_enabled_unix
when: ansible_os_family != 'Windows'
- name: Get the list of service config file [Windows]
win_find:
paths: "{{ consul_configd_path }}"
file_type: file
register: services_enabled_windows
when: ansible_os_family == 'Windows'
- name: set var for enabled services
set_fact:
services_enabled_files: "{{ services_enabled_unix['files'] }}"
when: ansible_os_family != 'Windows'
- name: set var for enabled services [Windows]
set_fact:
services_enabled_files: "{{ services_enabled_windows['files'] }}"
when: ansible_os_family == 'Windows'
- name: Set fact with list of existing configuration files
set_fact:
list_current_service_config: "{{ list_current_service_config |default([]) + [ item.path ] }}"
with_items: "{{ services_enabled_files }}"
- name: Set fact with list of service we manage
set_fact:
managed_files: "{{ managed_files |default([]) }} + \
[ '{{ consul_configd_path }}/service_{{ item.name }}.json' ]"
with_items: "{{ consul_services }}"
- name: Delete non declared services
file:
path: "{{ item }}"
state: absent
when: ansible_os_family != 'Windows' and item not in managed_files
with_items: "{{ list_current_service_config }}"
ignore_errors: "{{ ansible_check_mode }}"
notify:
- restart consul
- name: Delete non declared services [Windows]
win_file:
path: "{{ item }}"
state: absent
when: ansible_os_family == 'Windows' and item not in managed_files
with_items: "{{ list_current_service_config }}"
ignore_errors: "{{ ansible_check_mode }}"
notify:
- restart consul

53
ansible/roles/ansible-consul/tasks/snapshot.yml
View file

@ -1,53 +0,0 @@
---
# File: snapshot.yml - Create snapshot service
# template: consul_snapshot.service
# template: consul_snapshot.config /etc/consul/
# set snaps to {{ snap storage location }}
# create snaps folder
# handler: start / enable service
# add entry to tasks/main.yml
# update readme
# update defaults/main.yml
# update my vars file
- name: Create snapshot systemd script
template:
src: consul_systemd_snapshot.service.j2
dest: /lib/systemd/system/consul_snapshot.service
owner: root
group: root
mode: 0644
register: systemd_unit
notify: start snapshot
when:
- ansible_service_mgr == "systemd"
- not ansible_os_family == "FreeBSD"
- not ansible_os_family == "Solaris"
- consul_snapshot | bool
- name: Create snapshot agent config
template:
src: consul_snapshot.json.j2
dest: "{{ consul_config_path }}/consul_snapshot.json"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0644
notify: start snapshot
when:
- ansible_service_mgr == "systemd"
- not ansible_os_family == "FreeBSD"
- not ansible_os_family == "Solaris"
- consul_snapshot | bool
- name: Reload systemd
systemd:
daemon_reload: true
when: systemd_unit | changed
- name: Create snaps storage folder
file:
state: directory
path: "{{ consul_snapshot_storage }}"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0744

42
ansible/roles/ansible-consul/tasks/syslog.yml
View file

@ -1,42 +0,0 @@
---
# File: syslog.yml - syslog config for Consul logging
- name: Detect syslog program
stat:
path: /usr/sbin/syslog-ng
register: stat_syslogng
when:
- ansible_os_family != 'Windows'
- consul_configure_syslogd | bool
- name: Install syslog-ng config
template:
src: syslogng_consul.conf.j2
dest: /etc/syslog-ng/conf.d/consul.conf
owner: root
group: root
mode: 0444
when:
- ansible_os_family != 'Windows'
- consul_syslog_enable | bool
- consul_configure_syslogd | bool
- stat_syslogng.stat.exists
notify:
- restart syslog-ng
- restart consul
- name: Install rsyslogd config
template:
src: rsyslogd_00-consul.conf.j2
dest: /etc/rsyslog.d/00-consul.conf
owner: root
group: root
mode: 0444
when:
- ansible_os_family != 'Windows'
- consul_syslog_enable | bool
- consul_configure_syslogd | bool
- not stat_syslogng.stat.exists
notify:
- restart rsyslog
- restart consul

43
ansible/roles/ansible-consul/tasks/tls.yml
View file

@ -1,43 +0,0 @@
---
# File: tls.yml - TLS tasks for Consul
- block:
- name: Create SSL directory
file:
dest: "{{ consul_tls_dir }}"
state: directory
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0755
- name: Copy CA certificate
copy:
remote_src: "{{ consul_tls_files_remote_src }}"
src: "{{ consul_tls_src_files }}/{{ consul_tls_ca_crt | basename }}"
dest: "{{ consul_tls_dir }}/{{ consul_tls_ca_crt }}"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0644
notify: restart consul
- name: Copy server certificate
copy:
remote_src: "{{ consul_tls_files_remote_src }}"
src: "{{ consul_tls_src_files }}/{{ consul_tls_server_crt | basename }}"
dest: "{{ consul_tls_dir }}/{{ consul_tls_server_crt }}"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0644
notify: restart consul
- name: Copy server key
copy:
remote_src: "{{ consul_tls_files_remote_src }}"
src: "{{ consul_tls_src_files }}/{{ consul_tls_server_key | basename }}"
dest: "{{ consul_tls_dir }}/{{ consul_tls_server_key }}"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0600
notify: restart consul
when: consul_tls_copy_keys | bool

20
ansible/roles/ansible-consul/tasks/user_group.yml
View file

@ -1,20 +0,0 @@
---
# File: user_group.yml - User and group settings
# Add group
- name: Add Consul group
group:
name: "{{ consul_group }}"
state: present
when:
- consul_manage_group | bool
# Add user
- name: Add Consul user
user:
name: "{{ consul_user }}"
comment: "Consul user"
group: "{{ consul_group }}"
system: true
when:
- consul_manage_user | bool

166
ansible/roles/ansible-consul/tasks/windows.yml
View file

@ -1,166 +0,0 @@
---
# Gathers facts (bind address) from servers not currently targeted.
# 'delegate_facts' is currently rather buggy in Ansible so this might not
# always work. Hence 'consul_gather_server_facts' defaults to 'no'.
- name: (Windows) Gather facts from other servers
setup:
delegate_to: "{{ item }}"
delegate_facts: true
with_items: "{{ consul_servers | difference(play_hosts) }}"
ignore_errors: true
when: consul_gather_server_facts | bool
- name: (Windows) Expose bind_address, datacenter and node_role as facts
set_fact:
consul_bind_address: "{{ consul_bind_address }}"
consul_datacenter: "{{ consul_datacenter }}"
consul_node_role: "{{ consul_node_role }}"
- name: (Windows) Read bootstrapped state
win_stat:
path: "{{ consul_bootstrap_state }}"
register: bootstrap_state
ignore_errors: true
tags: always
- name: (Windows) Include directory settings
import_tasks: dirs.yml
- name: (Windows) Check for existing Consul binary
win_stat:
path: "{{ consul_binary }}"
register: consul_binary_installed
- name: (Windows) Install OS packages and consul
include_tasks: install_windows.yml
when:
- not consul_binary_installed.stat.exists | bool
- block:
- block:
- name: (Windows) Check for gossip encryption key on previously boostrapped server
slurp:
src: "{{ consul_config_path }}/config.json"
register: consul_config_b64
ignore_errors: true
- name: (Windows) Deserialize existing configuration
set_fact:
consul_config: "{{ consul_config_b64.content | b64decode | from_json }}"
when: consul_config_b64.content is defined
- name: (Windows) Save gossip encryption key from existing configuration
set_fact:
consul_raw_key: "{{ consul_config.encrypt }}"
when: consul_config is defined
no_log: true
when:
- consul_raw_key is not defined
- bootstrap_state.stat.exists | bool
- inventory_hostname in consul_servers
# Key provided by extra vars or the above block
- name: (Windows) Write gossip encryption key locally for use with new servers
copy:
content: "{{ consul_raw_key }}"
dest: '/tmp/consul_raw.key'
mode: 0700
become: false
vars:
ansible_become: false
no_log: true
run_once: true
register: consul_local_key
delegate_to: localhost
when: consul_raw_key is defined
# Generate new key if non was found
- block:
- name: (Windows) Generate gossip encryption key
win_shell: "{{ consul_binary }} keygen"
register: consul_keygen
- name: (Windows) Write key locally to share with other nodes
copy:
content: "{{ consul_keygen.stdout }}"
dest: '/tmp/consul_raw.key'
mode: 0700
become: false
vars:
ansible_become: false
delegate_to: localhost
no_log: true
run_once: true
when:
- not consul_local_key.changed
- not bootstrap_state.stat.exists | bool
- name: (Windows) Read gossip encryption key for servers that require it
set_fact:
consul_raw_key: "{{ lookup('file', '/tmp/consul_raw.key') }}"
no_log: true
when:
- consul_raw_key is not defined
- name: (Windows) Delete gossip encryption key file
file:
path: '/tmp/consul_raw.key'
state: absent
become: false
vars:
ansible_become: false
run_once: true
delegate_to: localhost
no_log: true
when:
- consul_encrypt_enable
- name: (Windows) Create Consul configuration
import_tasks: config_windows.yml
- name: (Windows) Ensure neither ACL nor TLS are requested
fail:
msg: "ACL and TLS are not supported on Windows hosts yet."
when:
- (consul_acl_enable | bool) or (consul_tls_enable | bool)
- name: (Windows) Create ACL configuration
include_tasks: acl.yml
when: consul_acl_enable | bool
- name: (Windows) Create TLS configuration
include_tasks: tls.yml
when: consul_tls_enable | bool
- block:
- name: Create Consul as a service
win_service:
name: Consul
path: "{{ consul_binary }} agent -config-file={{ consul_config_path }}/config.json -config-dir={{ consul_configd_path }}"
display_name: Consul Service
description: Consul
start_mode: auto
state: started
- name: (Windows) Check Consul HTTP API
win_wait_for:
delay: 5
port: 8500
- name: (Windows) Create bootstrapped state file
win_file:
dest: "{{ consul_bootstrap_state }}"
state: touch
when: ansible_os_family == "Windows"
- include_tasks: ../tasks/iptables.yml
when: consul_iptables_enable | bool
when: not bootstrap_state.stat.exists
- include_tasks: ../tasks/dnsmasq.yml
when: consul_dnsmasq_enable | bool

294
ansible/roles/ansible-consul/templates/config.json.j2
View file

@ -1,294 +0,0 @@
{# This template will be passed through the 'to_nice_json' filter #}
{# The filter fixes whitespace, indentation and comma's on the last item #}
{
{# Common Settings #}
{## Node ##}
{% if consul_node_name is defined %}
"node_name": "{{ consul_node_name }}",
{% endif %}
"datacenter": "{{ consul_datacenter }}",
"domain": "{{ consul_domain }}",
{% if consul_alt_domain %}
"alt_domain": "{{ consul_alt_domain }}",
{% endif %}
{% if consul_version is version_compare('0.7.3', '>=') and consul_node_meta | length > 0 %}
"node_meta": {{ consul_node_meta | default({})| to_json }},
{% endif %}
{# Performance Settings #}
"performance": {{ consul_performance | to_json }},
{## Addresses ##}
"bind_addr": "{{ consul_bind_address }}",
"advertise_addr": "{{ consul_advertise_address }}",
"advertise_addr_wan": "{{ consul_advertise_address_wan }}",
"translate_wan_addrs": {{ consul_translate_wan_address | bool | to_json }},
"client_addr": "{{ consul_client_address }}",
"addresses": {
{% if consul_version is version_compare('0.8.0', '<') %}
"rpc": "{{ consul_addresses.rpc }}",
{% endif %}
"dns": "{{ consul_addresses.dns }}",
"http": "{{ consul_addresses.http }}",
"https": "{{ consul_addresses.https }}",
{% if consul_version is version_compare('1.3.0', '>=') %}
"grpc": "{{ consul_addresses.grpc }}"
{% endif %}
},
{## Ports Used ##}
"ports": {
{% if consul_version is version_compare('0.8.0', '<') %}
"rpc": {{ consul_ports.rpc}},
{% endif %}
"dns": {{ consul_ports.dns }},
"http": {{ consul_ports.http }},
"https": {{ consul_ports.https }},
"serf_lan": {{ consul_ports.serf_lan }},
"serf_wan": {{ consul_ports.serf_wan }},
"server": {{ consul_ports.server }},
{% if consul_version is version_compare('1.3.0', '>=') %}
"grpc": {{ consul_ports.grpc }}
{% endif %}
},
{## Raft protocol ##}
"raft_protocol": {{ consul_raft_protocol }},
{## DNS ##}
{% if consul_recursors | length > 0 %}
"recursors": {{ consul_recursors | to_json }},
{% endif %}
{## Agent ##}
"data_dir": "{{ consul_data_path }}",
"log_level": "{{ consul_log_level }}",
{% if consul_syslog_enable | bool %}
"enable_syslog": {{ consul_syslog_enable | bool | to_json }},
"syslog_facility": "{{ consul_syslog_facility }}",
{% else %}
"log_file": "{{ consul_log_path }}/{{ consul_log_file }}",
"log_rotate_bytes": {{ consul_log_rotate_bytes }},
"log_rotate_duration": "{{ consul_log_rotate_duration }}",
{% if consul_version is version_compare('1.5.3', '>=') %}
"log_rotate_max_files": {{ consul_log_rotate_max_files }},
{% endif %}
{% endif %}
"disable_update_check": {{ consul_disable_update_check | bool | to_json }},
"enable_script_checks": {{ consul_enable_script_checks | bool | to_json }},
"enable_local_script_checks": {{ consul_enable_local_script_checks | bool | to_json }},
{% if leave_on_terminate is defined %}
"leave_on_terminate": {{ leave_on_terminate | bool | to_json }},
{% endif %}
{## Encryption and TLS ##}
{% if consul_encrypt_enable | bool %}
"encrypt": "{{ consul_raw_key }}",
"encrypt_verify_incoming": {{ consul_encrypt_verify_incoming | bool | to_json }},
"encrypt_verify_outgoing": {{ consul_encrypt_verify_outgoing | bool | to_json }},
{% endif %}
{% if consul_disable_keyring_file | bool %}
"disable_keyring_file": true,
{% endif %}
{% if consul_tls_enable | bool %}
"ca_file": "{{ consul_tls_dir }}/{{ consul_tls_ca_crt | basename }}",
"cert_file": "{{ consul_tls_dir }}/{{ consul_tls_server_crt | basename }}",
"key_file": "{{ consul_tls_dir }}/{{ consul_tls_server_key | basename }}",
"verify_incoming": {{ consul_tls_verify_incoming | bool | to_json }},
"verify_outgoing": {{ consul_tls_verify_outgoing | bool | to_json }},
"verify_incoming_rpc": {{consul_tls_verify_incoming_rpc | bool| to_json }},
"verify_incoming_https": {{consul_tls_verify_incoming_https | bool| to_json }},
"verify_server_hostname": {{ consul_tls_verify_server_hostname | bool | to_json }},
"tls_min_version": "{{ consul_tls_min_version }}",
{% if consul_tls_cipher_suites is defined and consul_tls_cipher_suites %}
"tls_cipher_suites": "{{ consul_tls_cipher_suites}}",
{% endif %}
"tls_prefer_server_cipher_suites": {{ consul_tls_prefer_server_cipher_suites | bool | to_json }},
{% if auto_encrypt is defined %}
"auto_encrypt": {
{% if auto_encrypt.enabled | bool and (item.config_version != 'client') | bool %}
"allow_tls": true,
{% endif %}
{% if auto_encrypt.enabled | bool and (item.config_version == 'client') | bool %}
"tls": true,
{% endif %}
{% if auto_encrypt.dns_san is defined %}
"dns_san": {{ auto_encrypt.dns_san | list | to_json }},
{% endif %}
{% if auto_encrypt.ip_san is defined %}
"ip_san": {{ auto_encrypt.ip_san | list | to_json }},
{% endif %}
},
{% endif %}
{% endif %}
{## LAN Join ##}
"retry_interval": "{{ consul_retry_interval }}",
"retry_max": {{ consul_retry_max | int }},
"retry_join":
{% if not consul_cloud_autodiscovery | bool %}
{% if not consul_retry_join_skip_hosts %}
{% for server in _consul_lan_servers %}
{% set _ = consul_join.append(hostvars[server]['consul_advertise_address'] | default(hostvars[server]['consul_bind_address']) | default(hostvars[server]['ansible_default_ipv4']['address']) | mandatory) %}
{% endfor %}
{% endif %}
{{ consul_join | map('ipwrap') | list | to_json }},
{% else %}
["{{ consul_cloud_autodiscovery_string }}"],
{% endif %}
{## Server/Client ##}
"server": {{ (item.config_version != 'client') | bool | to_json }},
{## Enable Connect on Server ##}
{% if consul_connect_enabled | bool %}
"connect": {
"enabled": true
},
{% endif %}
{# Client Settings #}
{% if (item.config_version == 'client') %}
{## ACLs ##}
{% if consul_acl_enable | bool %}
{% if consul_version is version_compare('1.4.0', '>=') %}
"primary_datacenter": "{{ consul_acl_datacenter }}",
"acl": {
"enabled": true,
"default_policy": "{{ consul_acl_default_policy }}",
"down_policy": "{{ consul_acl_down_policy }}",
"token_ttl": "{{ consul_acl_ttl }}",
"enable_token_persistence": {{ consul_acl_token_persistence | bool | to_json}},
"tokens": {
{% if consul_acl_token | trim != '' %}
"default": "{{ consul_acl_token }}",
{% endif %}
{% if consul_acl_agent_token | trim != '' %}
"agent": "{{ consul_acl_agent_token }}",
{% endif %}
{% if consul_acl_agent_master_token | trim != '' %}
"agent_master": "{{ consul_acl_agent_master_token }}",
{% endif %}
}
},
{% else %}
{% if consul_acl_token | trim != '' %}
"acl_token": "{{ consul_acl_token }}",
{% endif %}
{% if consul_acl_agent_token | trim != '' %}
"acl_agent_token": "{{ consul_acl_agent_token }}",
{% endif %}
{% if consul_acl_agent_master_token | trim != '' %}
"acl_agent_master_token": "{{ consul_acl_agent_master_token }}",
{% endif %}
"acl_ttl": "{{ consul_acl_ttl }}",
"acl_datacenter": "{{ consul_acl_datacenter }}",
"acl_down_policy": "{{ consul_acl_down_policy }}",
{% endif %}
{% endif %}
{% endif %}
{# Server Settings #}
{% if (item.config_version == 'server') or (item.config_version == 'bootstrap') %}
{## Bootstrap settings ##}
"bootstrap": {{ (item.config_version == 'bootstrap') | bool | to_json }},
{% if consul_bootstrap_expect and not (item.config_version == 'bootstrap') %}
"bootstrap_expect": {{ consul_bootstrap_expect_value }},
{## AutoPilot ##}
{% if consul_autopilot_enable | bool %}
"autopilot": {
"cleanup_dead_servers": {{ consul_autopilot_cleanup_dead_Servers | bool | to_json }},
"last_contact_threshold": "{{ consul_autopilot_last_contact_threshold }}",
"max_trailing_logs": {{ consul_autopilot_max_trailing_logs }},
"server_stabilization_time": "{{ consul_autopilot_server_stabilization_time }}"{{ ',' if consul_enterprise else '' }}
{% if consul_enterprise %}
"redundancy_zone_tag": "{{ consul_autopilot_redundancy_zone_tag }}",
"disable_upgrade_migration": {{ consul_autopilot_disable_upgrade_migration | bool | to_json }},
"upgrade_version_tag": "{{ consul_autopilot_upgrade_version_tag }}"
{% endif %}
},
{% endif %}
{% endif %}
{## WAN Join ##}
"retry_interval_wan": "{{ consul_retry_interval_wan }}",
"retry_max_wan": {{ consul_retry_max_wan | int }},
{% if _consul_wan_servercount | int > 0 %}
"retry_join_wan":
{% for server in _consul_wan_servers %}
{% set _ = consul_join_wan.append(hostvars[server]['consul_advertise_address_wan'] | default(hostvars[server]['consul_bind_address'])) %}
{% endfor %}
{{ consul_join_wan | map('ipwrap') | list | to_json }},
{% endif %}
{## ACLs ##}
{% if consul_acl_enable | bool %}
{% if consul_acl_replication_enable | trim != '' %}
"enable_acl_replication": {{ consul_acl_replication_enable | bool | to_json }},
{% endif %}
{% if consul_version is version_compare('1.4.0', '>=') %}
"primary_datacenter": "{{ consul_acl_datacenter }}",
"acl": {
"enabled": true,
"default_policy": "{{ consul_acl_default_policy }}",
"down_policy": "{{ consul_acl_down_policy }}",
"token_ttl": "{{ consul_acl_ttl }}",
"enable_token_persistence": {{ consul_acl_token_persistence | bool | to_json}},
"tokens": {
{% if consul_acl_token | trim != '' %}
"default": "{{ consul_acl_token }}",
{% endif %}
{% if consul_acl_agent_token | trim != '' %}
"agent": "{{ consul_acl_agent_token }}",
{% endif %}
{% if consul_acl_agent_master_token | trim != '' %}
"agent_master": "{{ consul_acl_agent_master_token }}",
{% endif %}
{% if consul_version is version_compare('0.9.1', '<') or consul_acl_master_token | trim != '' %}
"master": "{{ consul_acl_master_token }}",
{% endif %}
{% if consul_acl_replication_token | trim != '' %}
"replication": "{{ consul_acl_replication_token }}",
{% endif %}
}
},
{% else %}
{% if consul_acl_token | trim != '' %}
"acl_token": "{{ consul_acl_token }}",
{% endif %}
{% if consul_acl_agent_token | trim != '' %}
"acl_agent_token": "{{ consul_acl_agent_token }}",
{% endif %}
{% if consul_acl_agent_master_token | trim != '' %}
"acl_agent_master_token": "{{ consul_acl_agent_master_token }}",
{% endif %}
"acl_ttl": "{{ consul_acl_ttl }}",
"acl_datacenter": "{{ consul_acl_datacenter }}",
"acl_down_policy": "{{ consul_acl_down_policy }}",
{% if consul_version is version_compare('0.9.1', '<') or
consul_acl_master_token | trim != '' %}
"acl_master_token": "{{ consul_acl_master_token }}",
{% endif %}
{% if consul_acl_replication_enable | trim != '' %}
"enable_acl_replication": {{ consul_acl_replication_enable | bool | to_json }},
{% endif %}
{% if consul_acl_replication_token | trim != '' %}
"acl_replication_token": "{{ consul_acl_replication_token }}",
{% endif %}
"acl_default_policy": "{{ consul_acl_default_policy }}",
{% endif %}
{% endif %}
{% endif %}
{## UI ##}
"ui": {{ consul_ui | bool | to_json }}
{## Limits ##}
{% if consul_version is version_compare('0.9.3', '>=') and consul_limits | length > 0 %}
"limits": {{ consul_limits | default({})| to_json }},
{% endif %}
}

44
ansible/roles/ansible-consul/templates/configd_50acl_policy.hcl.j2
View file

@ -1,44 +0,0 @@
# Default all keys to read-only
key "" {
policy = "read"
}
key "foo/" {
policy = "write"
}
key "foo/private/" {
# Deny access to the dir "foo/private"
policy = "deny"
}
# Default all services to allow registration. Also permits all
# services to be discovered.
service "" {
policy = "write"
}
# Deny registration access to services prefixed "secure-".
# Discovery of the service is still allowed in read mode.
service "secure-" {
policy = "read"
}
# Allow firing any user event by default.
event "" {
policy = "write"
}
# Deny firing events prefixed with "destroy-".
event "destroy-" {
policy = "deny"
}
# Default prepared queries to read-only.
query "" {
policy = "read"
}
# Read-only mode for the encryption keyring by default (list only)
keyring = "read"
# Read-only mode for Consul operator interfaces (list only)
operator = "read"

6
ansible/roles/ansible-consul/templates/configd_50custom.json.j2
View file

@ -1,6 +0,0 @@
{# consul_config_custom variables are free-style, passed through a hash -#}
{% if consul_config_custom -%}
{{ consul_config_custom | to_nice_json }}
{% else %}
{}
{% endif %}

49
ansible/roles/ansible-consul/templates/consul_bsdinit.j2
View file

@ -1,49 +0,0 @@
#!/bin/sh
# PROVIDE: consul
# REQUIRE: LOGIN
# KEYWORD: shutdown
# shellcheck disable=SC1091
. /etc/rc.subr
name="consul"
# shellcheck disable=2034
rcvar=$(set_rcvar)
load_rc_config $name
# shellcheck disable=2154
: "${consul_enable="NO"}"
# shellcheck disable=2154
: "${consul_users="consul"}"
# shellcheck disable=2034
restart_cmd=consul_restart
# shellcheck disable=2034
start_cmd=consul_start
# shellcheck disable=2034
stop_cmd=consul_stop
consul_start() {
echo "Starting ${name}."
for user in ${consul_users}; do
mkdir {{ consul_run_path }}
chown -R "{{ consul_user }}:{{ consul_group }}" {{ consul_run_path }}
su -m "${user}" -c "{{ consul_bin_path }}/consul agent -config-file={{ consul_config_path }}/config.json -config-dir={{ consul_configd_path }} -pid-file={{ consul_run_path }}/consul.pid&"
done
}
consul_stop() {
echo "Stopping $name."
pids=$(pgrep consul)
pkill consul
wait_for_pids "${pids}"
}
consul_restart() {
consul_stop
consul_start
}
run_rc_command "$1"

129
ansible/roles/ansible-consul/templates/consul_debianinit.j2
View file

@ -1,129 +0,0 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: consul
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: S 0 1 6
# Short-Description: Distributed service discovery framework
# Description: Distributed service discovery / health check framework
### END INIT INFO
# Do NOT "set -e"
# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH="{{ consul_bin_path }}:/usr/sbin:/usr/bin:/sbin:/bin"
DESC="Consul service discovery framework"
NAME="consul"
DAEMON="{{ consul_bin_path }}/${NAME}"
PIDFILE="{{ consul_run_path }}/${NAME}.pid"
DAEMON_ARGS="agent -config-file={{ consul_config_path }}/config.json -config-dir={{ consul_configd_path }}"
USER={{ consul_user }}
SCRIPTNAME=/etc/init.d/"${NAME}"
# Exit if Consul is not installed
[ -x "${DAEMON}" ] || exit 0
# Read default variables file
[ -r /etc/default/"${NAME}" ] && . /etc/default/"${NAME}"
# Source rcS variables
[ -f /etc/default/rcS ] && . /etc/default/rcS
# Source LSB functions
. /lib/lsb/init-functions
# Make sure PID dir exists
mkrundir() {
[ ! -d {{ consul_run_path }} ] && mkdir -p {{ consul_run_path }}
chown {{ consul_user }} {{ consul_run_path }}
}
# Start the Consul service
do_start() {
echo "Starting consul and backgrounding"
mkrundir
start-stop-daemon --start --quiet --pidfile "${PIDFILE}" --exec "${DAEMON}" --chuid "${USER}" --background --make-pidfile --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile "${PIDFILE}" --exec "${DAEMON}" --chuid "${USER}" --background --make-pidfile -- \
${DAEMON_ARGS} \
|| return 2
echo -n "Waiting for Consul service..."
for i in `seq 1 30`; do
if ! start-stop-daemon --quiet --stop --test --pidfile "${PIDFILE}" --exec "${DAEMON}" --user "${USER}"; then
echo " FAIL: consul process died"
return 2
fi
if "${DAEMON}" info >/dev/null; then
echo " OK"
return 0
fi
echo -n .
sleep 1
done
echo " FAIL: consul process is alive, but is not listening."
return 2
}
# Stop the Consul service
do_stop() {
"${DAEMON}" leave
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile "${PIDFILE}" --name "${NAME}"
RETVAL="$?"
[ "${RETVAL}" = 2 ] && return 2
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec "${DAEMON}"
[ "$?" = 2 ] && return 2
rm -f "${PIDFILE}"
return "${RETVAL}"
}
# Reload Consul
do_reload() {
start-stop-daemon --stop --signal 1 --quiet --pidfile "${PIDFILE}" --name "${NAME}"
return 0
}
case "$1" in
start)
[ "${VERBOSE}" != no ] && log_daemon_msg "Starting ${DESC}" "${NAME}"
do_start
case "$?" in
0|1) [ "${VERBOSE}" != no ] && log_end_msg 0 ;;
2) [ "${VERBOSE}" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "${VERBOSE}" != no ] && log_daemon_msg "Stopping ${DESC}" "${NAME}"
do_stop
case "$?" in
0|1) [ "${VERBOSE}" != no ] && log_end_msg 0 ;;
2) [ "${VERBOSE}" != no ] && log_end_msg 1 ;;
esac
;;
restart|force-reload)
log_daemon_msg "Restarting ${DESC}" "${NAME}"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;;
*) log_end_msg 1 ;;
esac
;;
*)
# Stop failed
log_end_msg 1
;;
esac
;;
*)
echo "Usage: ${SCRIPTNAME} {start|stop|restart|force-reload}" >&2
exit 3
;;
esac
:

53
ansible/roles/ansible-consul/templates/consul_smf_manifest.j2
View file

@ -1,53 +0,0 @@
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
Created by Manifold
-->
<service_bundle type="manifest" name="consul">
<service name="network/consul" type="service" version="1">
<create_default_instance enabled="false"/>
<single_instance/>
<dependency name="network" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/milestone/network:default"/>
</dependency>
<dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/system/filesystem/local"/>
</dependency>
<method_context>
<method_credential user="{{ consul_user }}" group="{{ consul_group }}"/>
</method_context>
<exec_method type="method" name="start" exec="{{ consul_bin_path }}/consul agent -config-file={{ consul_config_path}}/config.json -config-dir={{ consul_configd_path }} -pid-file={{ consul_run_path }}/consul.pid" timeout_seconds="60"/>
<exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>
<property_group name="startd" type="framework">
<propval name="duration" type="astring" value="child"/>
<propval name="ignore_error" type="astring" value="core,signal"/>
</property_group>
<property_group name="application" type="application">
<propval name="config_dir" type="astring" value="{{ consul_configd_path }}"/>
</property_group>
<stability value="Evolving"/>
<template>
<common_name>
<loctext xml:lang="C">
Consul Service Discovery
</loctext>
</common_name>
</template>
</service>
</service_bundle>

27
ansible/roles/ansible-consul/templates/consul_snapshot.json.j2
View file

@ -1,27 +0,0 @@
{
"snapshot_agent": {
"http_addr": "{% if consul_tls_enable | bool %}https://{% endif %}{{ consul_client_address }}:{% if consul_tls_enable | bool %}{{ consul_ports.https }}{% else %}{{ consul_ports.http }}{% endif %}",
{% if consul_tls_enable | bool -%}
"ca_file": "{{ consul_tls_dir }}/{{ consul_tls_ca_crt }}",
"cert_file": "{{ consul_tls_dir }}/{{ consul_tls_server_crt }}",
"key_file": "{{ consul_tls_dir }}/{{ consul_tls_server_key }}",
{% endif %}
"log": {
"level": "INFO",
"enable_syslog": true,
"syslog_facility": "LOCAL0"
},
"snapshot": {
"interval": "{{ consul_snapshot_interval }}",
"retain": {{ consul_snapshot_retain }},
"stale": false,
"service": "consul_snapshot",
"deregister_after": "72h",
"lock_key": "consul_snapshot/lock",
"max_failures": 3
},
"local_storage": {
"path": "{{ consul_snapshot_storage }}"
}
}
}

44
ansible/roles/ansible-consul/templates/consul_systemd.service.j2
View file

@ -1,44 +0,0 @@
### BEGIN INIT INFO
# Provides: consul
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Consul agent
# Description: Consul service discovery framework
### END INIT INFO
[Unit]
Description=Consul agent
Requires=network-online.target
After=network-online.target
[Service]
User={{ consul_user }}
Group={{ consul_group }}
PIDFile={{ consul_run_path }}/consul.pid
PermissionsStartOnly=true
{% if consul_ui_legacy %}
Environment=CONSUL_UI_LEGACY=true
{% endif %}
ExecStartPre=-/bin/mkdir -m 0750 -p {{ consul_run_path }}
ExecStartPre=/bin/chown -R {{ consul_user }}:{{ consul_group }} {{ consul_run_path }}
ExecStart={{ consul_bin_path }}/consul agent \
-config-file={{ consul_config_path }}/config.json \
-config-dir={{ consul_configd_path}} \
-pid-file={{ consul_run_path }}/consul.pid
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
KillSignal=SIGTERM
Restart=on-failure
RestartSec={{ consul_systemd_restart_sec }}s
StandardOutput=null
StandardError=null
{% for var in consul_env_vars %}
Environment={{ var }}
{% endfor %}
LimitNOFILE={{ consul_systemd_limit_nofile }}
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target

33
ansible/roles/ansible-consul/templates/consul_systemd_snapshot.service.j2
View file

@ -1,33 +0,0 @@
### BEGIN INIT INFO
# Provides: consul
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Consul snapshot agent
# Description: Consul service snapshot agent
### END INIT INFO
[Unit]
Description=Consul snapshot agent
Requires=network-online.target
Requisite=consul.service
After=network-online.target
[Service]
User={{ consul_user }}
Group={{ consul_group }}
PIDFile={{ consul_run_path }}/consul_snapshot.pid
PermissionsStartOnly=true
ExecStart={{ consul_bin_path }}/consul snapshot agent \
-config-file={{ consul_config_path }}/consul_snapshot.json
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGTERM
Restart=on-failure
RestartSec=42s
{% for var in consul_env_vars %}
Environment={{ var }}
{% endfor %}
[Install]
WantedBy=multi-user.target

96
ansible/roles/ansible-consul/templates/consul_sysvinit.j2
View file

@ -1,96 +0,0 @@
#!/bin/bash
#
# chkconfig: 2345 95 95
# description: Consul service discovery framework
# processname: consul
# pidfile: {{ consul_run_path }}/consul.pid
{% if ansible_distribution == "Ubuntu" %}
. /lib/lsb/init-functions
{% else %}
. /etc/init.d/functions
{% endif %}
CONSUL={{ consul_bin_path }}/consul
CONFIG={{ consul_config_path }}/config.json
CONFIGD={{ consul_configd_path }}
PID_FILE={{ consul_run_path }}/consul.pid
LOCK_FILE=/var/lock/subsys/consul
{% if consul_ui_legacy %}
CONSUL_UI_LEGACY=true
{% endif %}
[ -e /etc/sysconfig/consul ] && . /etc/sysconfig/consul
export GOMAXPROCS=$(nproc)
mkrundir() {
[ ! -d {{ consul_run_path }} ] && mkdir -p {{ consul_run_path }}
chown {{ consul_user }} {{ consul_run_path }}
}
KILLPROC_OPT="-p ${PID_FILE}"
mkpidfile() {
mkrundir
[ ! -f "${PID_FILE}" ] && pidofproc "${CONSUL}" > "${PID_FILE}"
chown -R {{ consul_user }} {{ consul_run_path }}
if [ $? -ne 0 ] ; then
rm "${PID_FILE}"
KILLPROC_OPT=""
fi
}
start() {
echo -n "Starting consul: "
mkrundir
mkpidfile
# [ -f "${PID_FILE}" ] && rm "${PID_FILE}"
daemon --user={{ consul_user }} \
--pidfile="${PID_FILE}" \
"${CONSUL}" agent -config-file="${CONFIG}" -config-dir="${CONFIGD}" -pid-file="${PID_FILE}" &
retcode=$?
touch ${LOCK_FILE}
return "${retcode}"
}
stop() {
echo -n "Shutting down consul: "
if ("${CONSUL}" info 2>/dev/null | grep -q 'server = false' 2>/dev/null) ; then
"${CONSUL}" leave
fi
mkpidfile
killproc "${KILLPROC_OPT}" "${CONSUL}" -SIGTERM
retcode=$?
rm -f "${LOCK_FILE}" "${PID_FILE}"
return "${retcode}"
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
"${CONSUL}" info
;;
restart)
stop
start
;;
reload)
mkpidfile
killproc "${KILLPROC_OPT}" "${CONSUL}" -HUP
;;
condrestart)
[ -f ${LOCK_FILE} ] && restart || :
;;
*)
echo "Usage: consul {start|stop|status|reload|restart}"
exit 1
;;
esac
exit $?

52
ansible/roles/ansible-consul/templates/dnsmasq-10-consul.j2
View file

@ -1,52 +0,0 @@
{# Enable forward lookups for the consul domain with conditional delegation -#}
{% if consul_delegate_datacenter_dns | bool -%}
server=/{{ consul_datacenter }}.{{ consul_domain }}/{{ consul_dnsmasq_consul_address }}#{{ consul_ports.dns }}
{% if consul_alt_domain -%}
server=/{{ consul_datacenter }}.{{ consul_alt_domain }}/{{ consul_dnsmasq_consul_address }}#{{ consul_ports.dns }}
{% endif -%}
{% else %}
server=/{{ consul_domain }}/{{ consul_dnsmasq_consul_address }}#{{ consul_ports.dns }}
{% if consul_alt_domain -%}
server=/{{ consul_alt_domain }}/{{ consul_dnsmasq_consul_address }}#{{ consul_ports.dns }}
{% endif -%}
{% endif -%}
{# Only bind to specific interfaces -#}
{% if consul_dnsmasq_bind_interfaces | bool -%}
bind-interfaces
{% endif -%}
{# Reverse DNS lookups -#}
{% for revserver in consul_dnsmasq_revservers -%}
rev-server={{ revserver }},{{ consul_dnsmasq_consul_address }}#{{ consul_ports.dns }}
{% endfor -%}
{# Only accept DNS queries from hosts in the local subnet -#}
{% if consul_dnsmasq_local_service | bool -%}
local-service
{% endif -%}
{# Don't poll /etc/resolv.conf for changes -#}
{% if consul_dnsmasq_no_poll | bool -%}
no-poll
{% endif -%}
{# Dont use /etc/resolv.conf to get upstream servers -#}
{% if consul_dnsmasq_no_resolv | bool -%}
no-resolv
{% endif -%}
{# Upstream DNS servers -#}
{% for server in consul_dnsmasq_servers -%}
server={{ server }}
{% endfor -%}
{# Custom listen addresses -#}
{% for address in consul_dnsmasq_listen_addresses -%}
listen-address={{ address }}
{% endfor -%}
{# Cache size -#}
{% if consul_dnsmasq_cache > 0 -%}
cache-size={{ consul_dnsmasq_cache }}
{% endif -%}

1
ansible/roles/ansible-consul/templates/rsyslogd_00-consul.conf.j2
View file

@ -1 +0,0 @@
{{ consul_syslog_facility }}.* {{ consul_log_path }}/{{ consul_log_file }}

39
ansible/roles/ansible-consul/templates/service.json.j2
View file

@ -1,39 +0,0 @@
{
"service": {
"name": "{{ item.name }}",
{% if item.id is defined -%}
"id": "{{ item.id }}",
{% endif -%}
{% if item.port is defined -%}
"port": {{ item.port }},
{% endif -%}
{% if item.address is defined -%}
"address": "{{ item.address }}",
{% endif -%}
{% if item.enable_tag_override is defined -%}
"enable_tag_override": {{ item.enable_tag_override | bool | to_json }},
{% endif -%}
{% if item.kind is defined -%}
"kind": "{{ item.kind }}",
{% endif -%}
{% if item.proxy is defined -%}
"proxy": {{ item.proxy | to_json(sort_keys=True) }},
{% endif -%}
{% if item.meta is defined -%}
"meta": {{ item.meta | to_json(sort_keys=True) }},
{% endif -%}
{% if item.checks is defined -%}
"checks": {{ item.checks | to_json(sort_keys=True) }},
{% endif -%}
{% if item.connect is defined -%}
"connect": {{ item.connect | to_json(sort_keys=True) }},
{% endif -%}
{% if item.weights is defined -%}
"weights": {{ item.weights | to_json(sort_keys=True) }},
{% endif -%}
{% if item.token is defined -%}
"token": {{ item.token | to_json }},
{% endif -%}
"tags": {{ item.tags|default([])|to_json(sort_keys=True) }}
}
}

3
ansible/roles/ansible-consul/templates/syslogng_consul.conf.j2
View file

@ -1,3 +0,0 @@
destination d_consul { file("{{ consul_log_path }}/{{ consul_log_file }}"); };
filter f_consul { facility({{ consul_syslog_facility }}); };
log { source(s_sys); filter(f_consul); destination(d_consul); };

2
ansible/roles/ansible-consul/tests/inventory
View file

@ -1,2 +0,0 @@
localhost consul_node_role=bootstrap

7
ansible/roles/ansible-consul/tests/test.yml
View file

@ -1,7 +0,0 @@
---
- hosts: localhost
remote_user: root
become: yes
become_user: root
roles:
- ansible-consul

213
ansible/roles/ansible-consul/tests/test_vars.yml
View file

@ -1,213 +0,0 @@
---
ansible_os_family: unix
ansible_default_ipv4:
interface: eth0
ansible_eth0:
ipv4:
address: "1.1.1.1"
ansible_system: ubuntu
consul_raw_key: consul_raw_key
_consul_lan_servers:
- localhost
_consul_wan_servercount: 1
_consul_wan_servers:
- localhost
item:
config_version: bootstrap
## Core
consul_debug: false
is_virtualenv: "{{ lookup('env','VIRTUAL_ENV') | default('', true) }}"
### Package
consul_version: "{{ lookup('env','CONSUL_VERSION') | default('1.3.1', true) }}"
consul_architecture_map:
# this first entry seems redundant
# (but it's required for reasons)
amd64: amd64
x86_64: amd64
# todo: arm32 / armelv5
armv6l: armhfv6
armv7l: armhfv6
aarch64: arm64
32-bit: "386"
64-bit: amd64
consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}"
consul_os: "\
{% if ansible_os_family == 'Windows' %}\
{{ 'windows' }}\
{% else %}\
{{ ansible_system | lower }}\
{% endif %}"
consul_pkg: "consul_{{ consul_version }}_{{ consul_os }}_{{ consul_architecture }}.zip"
consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_{{ consul_os }}_{{ consul_architecture }}.zip"
consul_checksum_file_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_SHA256SUMS"
### Install Method
consul_install_remotely: false
consul_install_upgrade: false
### Paths
consul_bin_path: "/usr/local/bin"
consul_config_path: "/etc/consul"
consul_configd_path: "{{ consul_config_path }}/consul.d"
consul_bootstrap_state: "{{ consul_config_path }}/.consul_bootstrapped"
consul_data_path: "/var/consul"
consul_log_path: "/var/log/consul"
consul_run_path: "/var/run/consul"
consul_binary: "{{ consul_bin_path }}/consul"
### System user and group
consul_manage_user: true
consul_user: "consul"
consul_manage_group: true
consul_group: "bin"
### Consul settings
consul_datacenter: "{{ lookup('env','CONSUL_DATACENTER') | default('dc1', true) }}"
consul_domain: "{{ lookup('env','CONSUL_DOMAIN') | default('consul', true) }}"
consul_node_meta: {}
consul_log_level: "{{ lookup('env','CONSUL_LOG_LEVEL') | default('INFO', true) }}"
consul_syslog_enable: "{{ lookup('env','CONSUL_SYSLOG_ENABLE') | default(true, true) }}"
consul_syslog_facility: "{{ lookup('env','CONSUL_SYSLOG_FACILITY') | default('local0', true) }}"
consul_iface: "\
{% if ansible_os_family == 'Windows' %}\
{{ lookup('env','CONSUL_IFACE') | default(ansible_interfaces[0].interface_name, true) }}\
{% else %}\
{{ lookup('env','CONSUL_IFACE') | default(ansible_default_ipv4.interface, true) }}\
{% endif %}"
consul_node_role: "{{ lookup('env','CONSUL_NODE_ROLE') | default('client', true) }}"
consul_recursors: "{{ lookup('env','CONSUL_RECURSORS') | default('[]', true) }}"
consul_bootstrap_expect: "{{ lookup('env','CONSUL_BOOTSTRAP_EXPECT') | default(false, true) }}"
consul_ui: "{{ lookup('env', 'CONSUL_UI') | default(true, true) }}"
consul_disable_update_check: false
consul_enable_script_checks: false
consul_enable_local_script_checks: false
consul_raft_protocol: "\
{% if consul_version is version_compare('0.7.0', '<=') %}\
1\
{% else %}\
3\
{% endif %}"
consul_retry_join_skip_hosts: false
consul_retry_interval: "30s"
consul_retry_interval_wan: "30s"
consul_retry_max: 0
consul_retry_max_wan: 0
### Addresses
consul_bind_address: "\
{% if ansible_system == 'FreeBSD' %}\
{{ lookup('env','CONSUL_BIND_ADDRESS') | default(hostvars[inventory_hostname]['ansible_'+ consul_iface ]['ipv4'][0]['address'], true) }}\
{% elif ansible_os_family == 'Windows' %}\
{{ lookup('env','CONSUL_BIND_ADDRESS') | default(hostvars[inventory_hostname]['ansible_ip_addresses'][0], true) }}\
{% else %}\
{{ lookup('env','CONSUL_BIND_ADDRESS') | default(hostvars[inventory_hostname]['ansible_'+ consul_iface ]['ipv4']['address'], true) }}\
{% endif %}"
consul_advertise_address: "{{ consul_bind_address }}"
consul_advertise_address_wan: "{{ consul_bind_address }}"
consul_advertise_addresses:
serf_lan: "{{ consul_advertise_addresses_serf_lan | default(consul_advertise_address+':'+consul_ports.serf_lan) }}"
serf_wan: "{{ consul_advertise_addresses_serf_wan | default(consul_advertise_address_wan+':'+consul_ports.serf_wan) }}"
rpc: "{{ consul_advertise_addresses_rpc | default(consul_bind_address+':'+consul_ports.server) }}"
consul_client_address: '127.0.0.1'
consul_addresses:
dns: "{{ consul_addresses_dns | default(consul_client_address, true) }}"
http: "{{ consul_addresses_http | default(consul_client_address, true) }}"
https: "{{ consul_addresses_https | default(consul_client_address, true) }}"
rpc: "{{ consul_addresses_rpc | default(consul_client_address, true) }}"
grpc: "{{ consul_addresses_grpc | default(consul_client_address, true) }}"
### Ports
consul_ports:
dns: "{{ consul_ports_dns | default('8600', true) }}"
http: "{{ consul_ports_http | default('8500', true) }}"
https: "{{ consul_ports_https | default('-1', true) }}"
rpc: "{{ consul_ports_rpc | default('8400', true) }}"
serf_lan: "{{ consul_ports_serf_lan | default('8301', true) }}"
serf_wan: "{{ consul_ports_serf_wan | default('8302', true) }}"
server: "{{ consul_ports_server | default('8300', true) }}"
grpc: "{{ consul_ports_grpc | default('-1', true) }}"
### Servers
consul_group_name: "{{ lookup('env','CONSUL_GROUP_NAME') | default('consul_instances', true) }}"
consul_join: ["127.0.0.1"]
consul_join_wan: []
consul_servers: "\
{% set _consul_servers = [] %}\
{% for host in groups[consul_group_name] %}\
{% set _consul_node_role = hostvars[host]['consul_node_role'] | default('client', true) %}\
{% if ( _consul_node_role == 'server' or _consul_node_role == 'bootstrap') %}\
{% if _consul_servers.append(host) %}{% endif %}\
{% endif %}\
{% endfor %}\
{{ _consul_servers }}"
consul_gather_server_facts: false
## ACL
consul_acl_policy: false
### Shared ACL config ###
consul_acl_enable: "{{ lookup('env','CONSUL_ACL_ENABLE') | default(false, true) }}"
consul_acl_ttl: "{{ lookup('env','CONSUL_ACL_TTL') | default('30s', true) }}"
consul_acl_datacenter: "{{ lookup('env','CONSUL_ACL_DATACENTER') | default(consul_datacenter, true) }}"
consul_acl_down_policy: "{{ lookup('env','CONSUL_ACL_DOWN_POLICY') | default('extend-cache', true) }}"
consul_acl_token: "{{ lookup('env','CONSUL_ACL_TOKEN') | default('', true) }}"
consul_acl_agent_token: "{{ lookup('env','CONSUL_ACL_AGENT_TOKEN') | default('', true) }}"
consul_acl_agent_master_token: "{{ lookup('env','CONSUL_ACL_AGENT_MASTER_TOKEN') | default('', true) }}"
### Server ACL settings ###
consul_acl_default_policy: "{{ lookup('env','CONSUL_ACL_DEFAULT_POLICY') | default('allow', true) }}"
consul_acl_master_token: "{{ lookup('env','CONSUL_ACL_MASTER_TOKEN') | default('42424242-4242-4242-4242-424242424242', true) }}"
consul_acl_master_token_display: "{{ lookup('env','CONSUL_ACL_MASTER_TOKEN_DISPLAY') | default(false, true) }}"
consul_acl_replication_enable: "{{ lookup('env','CONSUL_ACL_REPLICATION_ENABLE') | default('',true) }}"
consul_acl_replication_token: "{{ lookup('env','CONSUL_ACL_REPLICATION_TOKEN') | default('', true) }}"
## gossip encryption
consul_encrypt_enable: "{{ lookup('env','CONSUL_ENCRYPT_ENABLE') | default(true, true) }}"
consul_encrypt_verify_incoming: true
consul_encrypt_verify_outgoing: true
consul_disable_keyring_file: "{{ lookup('env','CONSUL_DISABLE_KEYRING_FILE') | default(false, true) }}"
## TLS
consul_tls_enable: "{{ lookup('env','CONSUL_TLS_ENABLE') | default(false, true) }}"
consul_tls_src_files: "{{ lookup('env','CONSUL_TLS_SRC_FILES') | default(role_path+'/files', true) }}"
consul_tls_dir: "{{ lookup('env','CONSUL_TLS_DIR') | default('/etc/consul/ssl', true) }}"
consul_tls_ca_crt: "{{ lookup('env','CONSUL_TLS_CA_CRT') | default('ca.crt', true) }}"
consul_tls_server_crt: "{{ lookup('env','CONSUL_SERVER_CRT') | default('server.crt', true) }}"
consul_tls_server_key: "{{ lookup('env','CONSUL_SERVER_KEY') | default('server.key', true) }}"
consul_tls_copy_keys: true
consul_tls_verify_incoming: false
consul_tls_verify_outgoing: true
consul_tls_verify_incoming_rpc: false
consul_tls_verify_incoming_https: false
consul_tls_verify_server_hostname: false
## DNS
consul_dnsmasq_enable: "{{ lookup('env','CONSUL_DNSMASQ_ENABLE') | default(false, true) }}"
consul_dnsmasq_consul_address: "\
{# Use localhost if DNS is listening on all interfaces #}\
{% if consul_addresses.dns == '0.0.0.0' %}\
127.0.0.1\
{% else %}\
{{ consul_addresses.dns }}\
{% endif %}"
consul_dnsmasq_cache: -1
consul_dnsmasq_servers:
- 8.8.8.8
- 8.8.4.4
consul_dnsmasq_revservers: []
consul_dnsmasq_no_poll: false
consul_dnsmasq_no_resolv: false
consul_dnsmasq_local_service: false
consul_dnsmasq_listen_addresses: []
consul_iptables_enable: "{{ lookup('env','CONSUL_IPTABLES_ENABLE') | default(false, true) }}"
# Performance
consul_performance:
raft_multiplier: 1
leave_drain_time: 5s
rpc_hold_timeout: 7s

6
ansible/roles/ansible-consul/vars/Amazon.yml
View file

@ -1,6 +0,0 @@
---
# File: Archlinux.yml - Archlinux variables for Consul
consul_os_packages:
- git
- unzip
consul_syslog_enable: false

7
ansible/roles/ansible-consul/vars/Archlinux.yml
View file

@ -1,7 +0,0 @@
---
# File: Archlinux.yml - Archlinux variables for Consul
consul_os_packages:
- unzip
consul_syslog_enable: false

5
ansible/roles/ansible-consul/vars/Debian.yml
View file

@ -1,5 +0,0 @@
---
# File: Debian.yml - Debian OS variables for Consul
consul_os_packages:
- unzip

5
ansible/roles/ansible-consul/vars/FreeBSD.yml
View file

@ -1,5 +0,0 @@
---
# File: FreeBSD.yml - FreeBSD OS variables for Consul
consul_os_packages:
- unzip

13
ansible/roles/ansible-consul/vars/RedHat.yml
View file

@ -1,13 +0,0 @@
---
# File: RedHat.yml - Red Hat OS variables for Consul
consul_os_packages:
- "{% if ( ansible_distribution == 'Fedora' and ansible_distribution_version is version('28', '<') ) or \
( ansible_distribution == 'CentOS' and ansible_distribution_version is version('8', '<') ) or \
( ansible_distribution == 'OracleLinux' and ansible_distribution_version is version('8', '<') ) \
%}\
libselinux-python\
{% else %}\
python3-libselinux\
{% endif %}"
- unzip

8
ansible/roles/ansible-consul/vars/Solaris.yml
View file

@ -1,8 +0,0 @@
---
# File: Solaris.yml - Solaris OS variables for Consul
consul_os_packages:
- unzip
consul_pkg: "consul_{{ consul_version }}_solaris_amd64.zip"
consul_smf_manifest: "/opt/local/lib/svc/manifest/consul.xml"

17
ansible/roles/ansible-consul/vars/Windows.yml
View file

@ -1,17 +0,0 @@
---
# File: Windows.yml - Windows OS variables for Consul
# paths
consul_windows_path: /ProgramData/consul
consul_bin_path: "{{consul_windows_path}}/bin"
consul_config_path: "{{consul_windows_path}}/config"
consul_configd_path: "{{consul_config_path}}.d/"
consul_bootstrap_state: "{{consul_windows_path}}/.consul_bootstrapped"
consul_data_path: "{{consul_windows_path}}/data"
consul_log_path: "{{consul_windows_path}}/log"
consul_run_path: "{{consul_windows_path}}"
consul_binary: "{{consul_windows_path}}/bin/consul.exe"
consul_syslog_enable: false
# users
consul_user: LocalSystem

35
ansible/roles/ansible-consul/vars/main.yml
View file

@ -1,35 +0,0 @@
---
# Pure internal helper variables
_consul_lan_servers: "\
{% set __consul_lan_servers = [] %}\
{% for server in consul_servers %}\
{% set _consul_datacenter = hostvars[server]['consul_datacenter'] | default('dc1', true) %}\
{% if _consul_datacenter == consul_datacenter %}\
{% if __consul_lan_servers.append(server) %}{% endif %}\
{% endif %}\
{% endfor %}\
{{ __consul_lan_servers }}"
_consul_lan_servercount: "{{ (_consul_lan_servers | length) + (consul_join | length) }}"
_consul_wan_servers: "\
{% set __consul_wan_servers = [] %}\
{% for server in consul_servers %}\
{% set _consul_datacenter = hostvars[server]['consul_datacenter'] | default('dc1', true) %}\
{% if _consul_datacenter != consul_datacenter %}\
{% if __consul_wan_servers.append(server) %}{% endif %}\
{% endif %}\
{% endfor %}\
{{ __consul_wan_servers }}"
_consul_wan_servercount: "{{ (_consul_wan_servers | length) + (consul_join_wan | length) }}"
_consul_bootstrap_servers: "\
{% set __consul_bootstrap_servers = [] %}\
{% for server in _consul_lan_servers %}\
{% set _consul_node_role = hostvars[server]['consul_node_role'] | default('client', true) %}\
{% if _consul_node_role == 'bootstrap' %}\
{% if __consul_bootstrap_servers.append(server) %}{% endif %}\
{% endif %}\
{% endfor %}\
{{ __consul_bootstrap_servers }}"
_consul_bootstrap_server: "{{ _consul_bootstrap_servers[0] }}"

1
ansible/roles/ansible-consul/version.txt
View file

@ -1 +0,0 @@
v2.6.0

8
ansible/roles/requirements.yml
View file

@ -1,5 +1,5 @@
---
- src: https://github.com/ansible-community/ansible-consul.git
name: ansible-consul
scm: git
version: master
# - src: https://github.com/ansible-community/ansible-consul.git
# name: ansible-consul
# scm: git
# version: master