Commit bb390607 authored by Aleksey Shirokih's avatar Aleksey Shirokih
Browse files

initial implementation of consul role

--HG--
branch : feature/microservices
parent 951c53bc
---
# File: defaults/main.yml - Default variables for Consul
## Core
consul_arch: "{% if 'x86_64' in ansible_architecture %}amd64{%else%} 386 {%endif%}"
consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_arch }}.zip"
consul_zip: "consul_{{ consul_version }}_{{ansible_system | lower}}_{{ consul_arch }}.zip"
consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{consul_zip}}"
consul_checksum_file_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version}}_SHA256SUMS"
consul_bin_path: "/usr/bin"
consul_node_role: client
consul_config_dir: "/etc/consul.d"
consul_data_path: "/var/consul"
consul_log_path: "/var/log/consul"
consul_pid_dir: "/var/run/consul"
consul_user: "consul"
consul_group: "bin"
consul_group_name: "all"
consul_datacenter: "dc1"
consul_domain: "consul"
consul_log_level: "INFO"
consul_syslog_enable: true
consul_bind_address: "{{ansible_host}}"
consul_dns_bind_address: "127.0.0.1"
consul_http_bind_address: "0.0.0.0"
consul_https_bind_address: "0.0.0.0"
consul_rpc_bind_address: "0.0.0.0"
consul_node_name: "{{ inventory_hostname_short }}"
consul_recursors: "{{ lookup('env','CONSUL_RECURSORS') | default('[]', true) }}"
consul_encryption_key: "{{ lookup('env','CONSUL_ENCRYPTION_KEY') | default('[]', true) }}"
consul_acl_master_token: "{{ lookup('env','CONSUL_MASTER_TOKEN') | default('[]', true) }}"
consul_acl_replication_token: "{{consul_acl_master_token}}"
## ACL
consul_acl_enable: yes
consul_acl_datacenter: "{{ consul_datacenter }}"
consul_acl_default_policy: "allow"
consul_acl_down_policy: "allow"
## TLS
consul_tls_enable: "{{ lookup('env','CONSUL_TLS_ENABLE') | default(false, true) }}"
consul_src_files: "{{ lookup('env','CONSUL_SRC_FILES') | default(role_path+'/files', true) }}"
consul_tls_dir: "{{ lookup('env','CONSUL_TLS_DIR') | default('/etc/consul/ssl', true) }}"
consul_ca_crt: "{{ lookup('env','CONSUL_CA_CRT') | default('ca.crt', true) }}"
consul_server_crt: "{{ lookup('env','CONSUL_SERVER_CRT') | default('server.crt', true) }}"
consul_server_key: "{{ lookup('env','CONSUL_SERVER_KEY') | default('server.key', true) }}"
consul_verify_incoming: false
consul_verify_outgoing: true
consul_verify_server_hostname: false
---
- name: restart consul
become: yes
service:
name: consul
state: restarted
---
galaxy_info:
author: Brian Shumate & Aleksey Shirokih
description: Consul cluster role
dependencies: []
---
# File: tasks/acl.yml - ACL tasks for Consul
- name: ACL bootstrap configuration
template:
src: config_acl.json.j2
dest: "{{ consul_config_dir }}/{{ item }}/config_acl.json"
with_items:
- bootstrap
- client
- server
notify:
- restart consul
- name: ACL policy configuration
template:
src: config_acl_policy.hcl.j2
dest: "{{ consul_config_dir }}/{{ item }}/config_acl_policy.hcl"
with_items:
- bootstrap
- client
- server
notify:
- restart consul
\ No newline at end of file
---
# File: tasks/client.yml - Ansible dependencies for Consul
- name: Install dependencies for configuration by ansible (1/2)
apt:
name: "{{ item }}"
state: installed
with_items:
- python-pip
- python-setuptools
- name: Install dependencies for configuration by ansible (2/2)
pip:
executable: pip
name: python-consul
---
# File: tasks/install.yml - package installation tasks for Consul
- include: "os/{{ ansible_distribution }}/main.yml"
- name: Get consul package checksum file
become: no
get_url:
url: "{{ consul_checksum_file_url }}"
dest: "/tmp/consul_{{ consul_version }}_SHA256SUMS"
- name: Get Consul package checksum
become: no
shell: "grep {{ consul_pkg }} /tmp/consul_{{ consul_version }}_SHA256SUMS"
register: consul_sha256
- name: Create tmp dir
become: no
file:
state: directory
path: "/tmp/{{consul_version}}/"
- name: Download Consul
become: no
get_url:
url: "{{ consul_zip_url }}"
dest: "/tmp/{{consul_version}}/{{ consul_pkg }}"
checksum: "sha256:{{ consul_sha256.stdout.split(' ')|first }}"
timeout: 42
- name: Unarchive Consul
become: no
unarchive:
src: "/tmp/{{consul_version}}/{{ consul_pkg }}"
dest: "/tmp/{{consul_version}}/"
creates: "/tmp/{{consul_version}}/consul"
remote_src: yes
- name: Install Consul
copy:
src: "/tmp/{{consul_version}}/consul"
dest: "{{consul_bin_path}}"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: "0755"
remote_src: yes
---
# File: tasks/main.yml - Main tasks for Consul
- name: Check bootstrapped state
stat:
path: /etc/consul/.consul_bootstrapped
register: bootstrap_marker
ignore_errors: true
- name: Add Consul user
user:
name: "{{consul_user}}"
comment: 'Consul user'
system: yes
- name: Install specified packages
include: install.yml
- name: Directories
file:
dest: "{{ item }}"
state: directory
owner: "{{ consul_user }}"
group: "{{ consul_group}}"
recurse: yes
with_items:
- "{{consul_data_path}}"
- "{{consul_log_path}}"
- "{{consul_pid_dir}}"
- "{{consul_config_dir}}"
- "{{consul_config_dir}}/bootstrap"
- "{{consul_config_dir}}/client"
- "{{consul_config_dir}}/server"
- name: Bootstrap configuration
template:
src: config_bootstrap.json.j2
dest: "{{ consul_config_dir }}/bootstrap/config.json"
notify:
- restart consul
- name: Client configuration
template:
src: config_client.json.j2
dest: "{{ consul_config_dir }}/client/config.json"
notify:
- restart consul
- name: Server configuration
template:
src: config_server.json.j2
dest: "{{ consul_config_dir }}/server/config.json"
notify:
- restart consul
- include: ../tasks/acl.yml
- block:
- name: systemd script
template:
src: consul_systemd.service.j2
dest: /lib/systemd/system/consul.service
owner: root
group: root
mode: 644
when: ansible_service_mgr == "systemd"
- name: look for bootstap consul
wait_for:
port: 8500
state: present
register: consul_state
- name: kill bootstap consul
shell: pkill -x consul
when: "'present' in consul_state.state"
- name: Consul down
wait_for:
port: 8301
state: stopped
- name: Start Consul
service:
name: consul
state: started
enabled: yes
- name: Consul up?
wait_for:
delay: 5
path: "{{consul_pid_dir}}/consul.pid"
state: present
- name: Bootstrapped marker
file:
dest: /etc/consul/.consul_bootstrapped
state: touch
- include: ../tasks/tls.yml
when: consul_tls_enable
- include: ../tasks/client.yml
when: consul_node_role == "client" and ansible_os_family == "Debian"
when: not bootstrap_marker.stat.exists
---
- name: Install consul dependencies
yum:
name: "{{item}}"
state: present
with_items:
- unzip
environment:
http_proxy: "{{http_proxy}}"
\ No newline at end of file
---
- name: Install consul dependencies
apt:
name: "{{item}}"
update_cache: yes
cache_valid_time: "{{apt_cache_valid_time | default (3600)}}"
with_items:
- ca-certificates
- unzip
environment:
https_proxy: "{{http_proxy}}"
http_proxy: "{{http_proxy}}"
tags:
- requirements
\ No newline at end of file
---
- name: Install consul dependencies
yum:
name: "{{item}}"
state: present
with_items:
- unzip
environment:
http_proxy: "{{http_proxy}}"
\ No newline at end of file
---
- name: Install consul dependencies
apt:
name: "{{item}}"
update_cache: yes
cache_valid_time: "{{apt_cache_valid_time | default (3600)}}"
with_items:
- ca-certificates
- unzip
environment:
https_proxy: "{{http_proxy}}"
http_proxy: "{{http_proxy}}"
tags:
- requirements
\ No newline at end of file
---
# File: tasks/tls.yml - TLS tasks for Consul
- name: Create SSL directory
file: "dest={{ consul_tls_dir }} state=directory owner=root group=root mode=755"
- block:
- name: Copy CA certificate
copy: "src={{ consul_src_files }}/{{ consul_ca_crt }} dest={{ consul_tls_dir }}/{{ consul_ca_crt }}"
- name: Copy server certificate
copy: "src={{ consul_src_files }}/{{ consul_server_crt }} dest={{ consul_tls_dir }}/{{ consul_server_crt }}"
- name: Copy server key
copy: "src={{ consul_src_files }}/{{ consul_server_key }} dest={{ consul_tls_dir }}/{{ consul_server_key }}"
- name: Server TLS configuration
template: "src=config_server_tls.json.j2 dest={{ consul_config_dir }}/server/config_server_tls.json"
......@@ -2,7 +2,7 @@
- name: Common tasks
hosts: all
become: no
any_errors_fatal: true
any_errors_fatal: false
vars_files:
- [ "vars/main.yml", "vars/local.yml" ]
vars:
......@@ -10,6 +10,12 @@
roles:
- role: pre
- role: consul
become: yes
when: consul_env
tags:
- consul
- role: node
become: yes
tags:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment