Commit 5a9f9fc5 authored by Aleksey Shirokih's avatar Aleksey Shirokih
Browse files

merge ansible from dcs

--HG--
branch : feature/microservices
parent 4b4a40f2
......@@ -162,6 +162,21 @@ services:
description: Virtual ip sync
level: global
consul:
description: Cluster kv
level: global
port: 8500
haproxy:
description: HA balancer
level: global
patroni:
description: Postgres HA template
level: global
port: 8008
config:
noc:
installation_name:
......@@ -442,19 +457,19 @@ config:
default: 9.4
description: <strong>There will be no automatic migration beetween versions.</strong> Valid versions are 9.4, 9.6. Use <a href=https://www.postgresql.org/docs/9.6/static/upgrading.html> docs </a> before changing that field.
postgres_wal_directory:
superuser_password:
label: Postgresql superuser password
type: str
label: Postgresql wal directory
default: /var/lib/postgresql/9.4/main/pg_xlog
description: Unused
default: noc
description: Password for user "superuser"
postgres_data_directory:
replicator_password:
label: Postgresql replicator password
type: str
label: Postgresql data directory
default: /var/lib/postgresql/9.4/main/
description: Unused
default: noc
description: Password for user "replicator"
postgres_max_clients:
max_clients:
type: int
label: Postgresql max clients
default: 300
......@@ -553,10 +568,28 @@ config:
keepalived:
password:
label: Keepalived password
label: Keepalived password. max 8 chars
type: str
default: noc
virtual_ip:
nginx_virtual_ip:
label: Nginx virtual IP
type: str
patroni_virtual_ip:
label: Patroni virtual IP
type: str
consul:
token:
label: consul token
type: str
replication_token:
label: consul replication token
type: str
patroni:
rest_password:
label: Patroni REST password
type: str
\ No newline at end of file
......@@ -19,7 +19,7 @@
roles:
- role: mongod_disks
become: yes
when: "{{ has_svc_mongod | default(False) or consul_env}}"
when: "has_svc_mongod | default(False) or consul_env"
tags:
- disk
......@@ -32,7 +32,7 @@
roles:
- role: postgres_disks
become: yes
when: "{{ has_svc_postgres | default(False) or consul_env}}"
when: "has_svc_postgres | default(False) or consul_env"
tags:
- disk
......@@ -45,6 +45,6 @@
roles:
- role: influxdb_disks
become: yes
when: "{{ has_svc_influxdb | default(False) or consul_env}}"
when: "has_svc_influxdb | default(False) or consul_env"
tags:
- disk
......@@ -11,7 +11,7 @@
- role: keepalived
become: yes
when: "{{ has_svc_nginx | default(False) or consul_env}}"
when: "has_svc_nginx | default(False) or consul_env"
tags:
- keepalived
- role: post
......
......@@ -8,7 +8,7 @@ class LookupModule(LookupBase):
def run(self, terms='', **kwargs):
tag = cli.get_opt('tags')
if tag:
tags = cli.get_opt('tags').split(',')
tags = cli.get_opt('tags')
else:
tags = []
return [ tags ]
......@@ -61,4 +61,5 @@
notify: reload telegraf
when: noc_cfg1.changed or noc_cfg2.changed or noc_cfg3.changed or noc_cfg4.changed
tags:
- config
\ No newline at end of file
- config
- telegraf
......@@ -9,6 +9,8 @@
when: noc_cfg1.changed or noc_cfg2.changed or noc_cfg3.changed or noc_cfg4.changed
tags:
- config
- telegraf
- name: Install assets
command: "{{ noc_root }}/scripts/deploy/install-packages requirements/{{ item }}.json"
......
......@@ -9,6 +9,8 @@
when: noc_cfg1.changed or noc_cfg2.changed or noc_cfg3.changed or noc_cfg4.changed
tags:
- config
- telegraf
- name: Install assets
command: "{{ noc_root }}/scripts/deploy/install-packages requirements/{{ item }}.json"
......
......@@ -7,4 +7,5 @@
notify: reload telegraf
when: noc_cfg1.changed or noc_cfg2.changed or noc_cfg3.changed or noc_cfg4.changed
tags:
- config
\ No newline at end of file
- config
- telegraf
......@@ -9,6 +9,8 @@
when: noc_cfg1.changed or noc_cfg2.changed or noc_cfg3.changed or noc_cfg4.changed
tags:
- config
- telegraf
- name: Install classifier python packages
pip:
......
......@@ -16,7 +16,10 @@
get_url:
url: "{{ consul_template_download_url }}"
dest: "{{consul_template_dl_dir}}"
validate_certs: no
when: consul_template_archive_stat.stat.exists == False
tags:
- requirements
environment:
https_proxy: "{{http_proxy}}"
......@@ -28,14 +31,16 @@
group: "root"
copy: False
creates: "{{consul_template_dl_dir}}/{{ consul_template_binary }}"
tags:
- requirements
- debug: msg="{{consul_template_dl_dir}}/{{ consul_template_binary }}"
- name: copy consul-template binary into place
copy:
src: "{{consul_template_dl_dir}}/{{ consul_template_binary }}"
dest: "{{consul_template_bin_path}}/{{ consul_template_binary }}"
remote_src: yes
tags:
- requirements
- name: Update consul-template permissions
file:
......@@ -43,19 +48,24 @@
owner: "{{consul_template_user}}"
group: "{{consul_template_group}}"
mode: "0755"
tags:
- requirements
- name: consul-template config file
template:
src: "{{ consul_template_config_file_template }}"
dest: "{{consul_template_config_dir}}/{{ consul_template_config_file }}"
mode: 0755
tags:
- config
- name: copy consul-template systemd service configuration
template:
src: consul-template.service.j2
dest: /etc/systemd/system/consul-template.service
mode: 0755
tags:
- config
- service:
name: consul-template
......
---
# File: defaults/main.yml - Default variables for Consul
## Core
consul_arch: "{% if 'x86_64' in ansible_architecture %}amd64{%else%}386{%endif%}"
consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_arch }}.zip"
consul_zip: "consul_{{ consul_version }}_{{ansible_system | lower}}_{{ consul_arch }}.zip"
consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{consul_zip}}"
### Package
consul_architecture_map:
# this first entry seems... redundant (but it's required for reasons)
amd64: amd64
x86_64: amd64
armv7l: arm
aarch64: arm64
consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}"
consul_os: "{{ ansible_system|lower }}"
consul_pkg: "consul_{{ consul_version }}_{{ consul_os }}_{{ consul_architecture }}.zip"
consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_{{ consul_os }}_{{ consul_architecture }}.zip"
consul_checksum_file_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version}}_SHA256SUMS"
consul_bin_path: "/usr/bin"
consul_node_role: client
consul_config_dir: "/etc/consul.d"
### Paths
consul_bin_path: "/bin"
consul_config_path: "{{etc_prefix}}/consul"
consul_configd_path: "{{etc_prefix}}/consul.d"
consul_data_path: "/var/consul"
consul_log_path: "/var/log/consul"
consul_pid_dir: "/var/run/consul"
consul_pid_path: "/var/run/consul/consul.pid"
### System user and group
consul_manage_user: yes
consul_user: "consul"
consul_group: "bin"
consul_group_name: "all"
consul_datacenter: "dc1"
### Consul settings
consul_datacenter: "{{noc_env | lower}}"
consul_domain: "consul"
consul_log_level: "INFO"
consul_syslog_enable: true
consul_bind_address: "{{ansible_host}}"
consul_dns_bind_address: "127.0.0.1"
consul_syslog_enable: "True"
consul_iface: "{{ ansible_default_ipv4.interface}}"
consul_node_name: "{{ inventory_hostname_short }}"
consul_recursors: ["{{tower_ip}}"]
consul_node_role: "{% if has_svc_consul_server is defined%}bootstrap{% elif has_svc_consul is defined %}server{% else %}client{%endif%}"
consul_raw_key: "{{ lookup('consul_key', tower_data + '/consul/secret.key') }}"
### Addresses
consul_dns_bind_address: "0.0.0.0"
consul_http_bind_address: "0.0.0.0"
consul_https_bind_address: "0.0.0.0"
consul_rpc_bind_address: "0.0.0.0"
consul_node_name: "{{ inventory_hostname_short }}"
consul_recursors: "{{ lookup('env','CONSUL_RECURSORS') | default('[]', true) }}"
consul_key: "{{ lookup('consul_key', tower_data + '/consul/secret.key') }}"
consul_encryption_key: "{{ lookup('env','CONSUL_ENCRYPTION_KEY') | default(consul_key, true) }}"
consul_acl_master_token: "{{ lookup('env','CONSUL_MASTER_TOKEN') | default('[]', true) }}"
consul_acl_replication_token: "{{consul_acl_master_token}}"
consul_vault_address: "{{ vault_address | default('0.0.0.0', true) }}"
### Ports
consul_ports:
http: 8500
https: -1
dns: 8600
### Servers
consul_servers: "\
{% set _consul_servers = [] %}\
{% for host in groups[has_svc_consul] %}\
{% set _consul_node_role = hostvars[host]['consul_node_role']|default('client', true) %}\
{% if ( _consul_node_role == 'server' or _consul_node_role == 'bootstrap') %}\
{% if _consul_servers.append(host) %}{% endif %}\
{% endif %}\
{% endfor %}\
{{ _consul_servers }}"
consul_gather_server_facts: no
## ACL
consul_acl_enable: yes
consul_acl_datacenter: "{{ consul_datacenter }}"
consul_acl_enable: True
consul_acl_datacenter: "{{noc_env}}"
consul_acl_default_policy: "allow"
consul_acl_down_policy: "allow"
## TLS
consul_tls_enable: "{{ lookup('env','CONSUL_TLS_ENABLE') | default(false, true) }}"
consul_src_files: "{{ lookup('env','CONSUL_SRC_FILES') | default(role_path+'/files', true) }}"
consul_tls_dir: "{{ lookup('env','CONSUL_TLS_DIR') | default('{{consul_config_dir}}/ssl', true) }}"
consul_ca_crt: "{{ lookup('env','CONSUL_CA_CRT') | default('ca.crt', true) }}"
consul_server_crt: "{{ lookup('env','CONSUL_SERVER_CRT') | default('server.crt', true) }}"
consul_server_key: "{{ lookup('env','CONSUL_SERVER_KEY') | default('server.key', true) }}"
consul_verify_incoming: false
consul_verify_outgoing: true
consul_verify_server_hostname: false
consul_acl_master_token_display: False
consul_acl_replication_token_display: False
\ No newline at end of file
---
# File: main.yml - Handlers for Consul
- name: restart consul
become: yes
service:
name: consul
state: restarted
- name: start consul
service:
name: consul
enabled: yes
state: started
- name: reload telegraf
become: yes
service:
name: telegraf
state: restarted
- name: reload systemd
systemd:
name: consul
daemon_reload: yes
......@@ -2,4 +2,5 @@
galaxy_info:
author: Brian Shumate & Aleksey Shirokih
description: Consul cluster role
license: BSD
dependencies: []
---
# File: tasks/acl.yml - ACL tasks for Consul
- name: ACL bootstrap configuration
template:
src: config_acl.json.j2
dest: "{{ consul_config_dir }}/{{ item }}/config_acl.json"
with_items:
- bootstrap
- client
- server
notify:
- restart consul
# File: acl.yml - ACL tasks for Consul
- name: ACL policy configuration
template:
src: config_acl_policy.hcl.j2
dest: "{{ consul_config_dir }}/{{ item }}/config_acl_policy.hcl"
with_items:
- bootstrap
- client
- server
src: configd_50acl_policy.hcl.j2
dest: "{{ consul_configd_path }}/50acl_policy.hcl"
owner: "{{ consul_user }}"
group: "{{ consul_group}}"
notify:
- restart consul
\ No newline at end of file
- restart consul
---
# File: config.yml - Consul configuration tasks
- name: Bootstrap configuration
template:
src: config_bootstrap.json.j2
dest: "{{ item.dest }}"
owner: "{{ consul_user }}"
group: "{{ consul_group}}"
with_items:
- dest: "{{ consul_config_path }}/config.json"
when: "{{ consul_node_role == 'bootstrap' }}"
when:
- item.when
notify:
- restart consul
tags:
- config
- name: Server configuration
template:
src: config_server.json.j2
dest: "{{ item.dest }}"
owner: "{{ consul_user }}"
group: "{{ consul_group}}"
with_items:
- dest: "{{ consul_config_path }}/config.json"
when: "{{ consul_node_role == 'server' }}"
when:
- item.when
notify:
- restart consul
tags:
- config
- name: Client configuration
template:
src: config_client.json.j2
dest: "{{ item.dest }}"
owner: "{{ consul_user }}"
group: "{{ consul_group}}"
with_items:
- dest: "{{ consul_config_path }}/config.json"
when: "{{ consul_node_role == 'client' }}"
when:
- item.when
notify:
- restart consul
tags:
- config
- name: Perfomance configuration
template:
src: perfomance.json.j2
dest: "{{ consul_configd_path }}/perfomance.json"
owner: "{{ consul_user }}"
group: "{{ consul_group}}"
when: "'prod' in noc_env_type"
notify:
- restart consul
tags:
- config
- name: setup resolv.conf
lineinfile:
line: "search service.{{consul_datacenter}}.{{consul_domain}}"
dest: /etc/resolv.conf
regexp: "^search.+"
when: "'prod' in noc_env_type"
tags:
- config
\ No newline at end of file
---
# File: dirs.yml - Directory settings
- name: Create directories
file:
dest: "{{ item }}"
state: directory
owner: "{{ consul_user }}"
group: "{{ consul_group}}"
with_items:
- "{{consul_config_path}}"
- /var/consul
- /var/log/consul
- /var/run/consul
- "{{consul_configd_path}}"
---
# File: tasks/install.yml - package installation tasks for Consul
# File: install_remote.yml - package installation tasks for Consul
- include: "os/{{ ansible_distribution }}/main.yml"
- name: Ensure remote consul dir exists
file:
path: /tmp/consul
state: directory
- name: Check Consul package checksum file2
stat:
path: "/tmp/consul/consul_{{ consul_version }}_SHA256SUMS"
register: consul_checksum
tags:
- requirements
- name: Get consul package checksum file
become: no
- name: Get Consul package checksum file
get_url:
url: "{{ consul_checksum_file_url }}"
dest: "/tmp/consul_{{ consul_version }}_SHA256SUMS"
dest: "/tmp/consul/consul_{{ consul_version }}_SHA256SUMS"
validate_certs: no
when: consul_checksum.stat.exists == False
tags:
- requirements
environment:
https_proxy: "{{http_proxy}}"
- name: Get Consul package checksum
become: no
shell: "grep {{ consul_pkg }} /tmp/consul_{{ consul_version }}_SHA256SUMS"
shell: "grep {{ consul_pkg }} /tmp/consul/consul_{{ consul_version }}_SHA256SUMS"
register: consul_sha256
changed_when: false
tags:
- requirements
- name: Create tmp dir
become: no
file:
state: directory
path: "/tmp/{{consul_version}}/"
- name: Check Consul package file
stat:
path: "/tmp/consul/{{ consul_pkg }}"
register: consul_package
tags:
- requirements
- name: Download Consul
become: no
get_url:
url: "{{ consul_zip_url }}"
dest: "/tmp/{{consul_version}}/{{ consul_pkg }}"
dest: "/tmp/consul/{{ consul_pkg }}"
checksum: "sha256:{{ consul_sha256.stdout.split(' ')|first }}"
timeout: 42
validate_certs: no
when: consul_package.stat.exists == False
tags:
- requirements
environment:
https_proxy: "{{http_proxy}}"
- name: Unarchive Consul
become: no
- name: Unarchive Consul and install binary
unarchive:
src: "/tmp/{{consul_version}}/{{ consul_pkg }}"
dest: "/tmp/{{consul_version}}/"
creates: "/tmp/{{consul_version}}/consul"
remote_src: yes
- name: Install Consul
copy:
src: "/tmp/{{consul_version}}/consul"
dest: "{{consul_bin_path}}"
src: "/tmp/consul/{{ consul_pkg }}"
dest: "{{ consul_bin_path }}"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: "0755"
remote_src: yes
mode: 0755
creates: "{{ consul_bin_path }}/consul"
tags:
- requirements
- name: Cleanup
file:
path: "{{ item }}"
state: absent
with_fileglob: "/tmp/consul"
tags:
- requirements
---
# File: tasks/main.yml - Main tasks for Consul
# File: main.yml - Main tasks for Consul
- name: Expose consul_node_role as fact
set_fact:
consul_node_role: "{{ consul_node_role }}"
tags:
- config
- name: "Include OS-specific tasks"
include: "os/{{ ansible_distribution }}/main.yml"
- name: Check bootstrapped state
stat:
path: "{{consul_config_dir}}/.consul_bootstrapped"
path: "{{consul_config_path}}/.consul_bootstrapped"
register: bootstrap_marker
ignore_errors: true
tags: always