X-Git-Url: https://gerrit.fd.io/r/gitweb?p=csit.git;a=blobdiff_plain;f=fdio.infra.ansible%2Froles%2Fconsul%2Fdefaults%2Fmain.yaml;h=503857de92fe7e0d64d7064b502736d6f0e9ff3c;hp=786554eb58ec16d11db8e2cef9f56f547cb76947;hb=2720dc186a1e488833533bfa8e14bfaa578aabca;hpb=df5672b3d9c29b51397f4770eb992c9f3f3955ce diff --git a/fdio.infra.ansible/roles/consul/defaults/main.yaml b/fdio.infra.ansible/roles/consul/defaults/main.yaml index 786554eb58..503857de92 100644 --- a/fdio.infra.ansible/roles/consul/defaults/main.yaml +++ b/fdio.infra.ansible/roles/consul/defaults/main.yaml @@ -3,14 +3,9 @@ # Inst - Prerequisites. packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}" - packages_base: - - "cgroup-bin" - "curl" - - "git" - - "libcgroup1" - "unzip" - - "htop" packages_by_distro: ubuntu: - [] @@ -20,7 +15,7 @@ packages_by_arch: x86_64: - [] -# Inst - Download Consul. +# Inst - Consul Map. consul_architecture_map: amd64: "amd64" x86_64: "amd64" @@ -29,9 +24,10 @@ consul_architecture_map: 32-bit: "386" 64-bit: "amd64" consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}" -consul_version: "1.8.6" +consul_version: "1.12.2" consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip" consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}" +consul_force_update: false # Inst - System paths. consul_bin_dir: "/usr/local/bin" @@ -41,42 +37,20 @@ consul_inst_dir: "/opt" consul_lockfile: "/var/lock/subsys/consul" consul_run_dir: "/var/run/consul" consul_ssl_dir: "/etc/consul.d/ssl" -nomad_config_dir: "/etc/nomad.d" # Conf - Service. consul_node_role: "both" consul_restart_handler_state: "restarted" nomad_restart_handler_state: "restarted" systemd_resolved_state: "stopped" +consul_service_mgr: "" # Conf - User and group. consul_group: "consul" consul_group_state: "present" -consul_manage_group: true -consul_manage_user: true consul_user: "consul" -consul_user_groups: [ docker, nomad, consul, root ] consul_user_state: "present" -# Conf - nomad.d/consul.hcl -consul_nomad_integration: true -consul_certificates: - - src: "{{ vault_consul_v1_ca_file }}" - dest: "{{ consul_ca_file }}" - - src: "{{ vault_consul_v1_cert_file }}" - dest: "{{ consul_cert_file }}" - - src: "{{ vault_consul_v1_key_file }}" - dest: "{{ consul_key_file }}" - -consul_auto_advertise: true -consul_checks_use_advertise: true -consul_server_service_name: "nomad" -consul_client_service_name: "nomad-client" -consul_server_auto_join: false -consul_client_auto_join: true -consul_ACL_token_set: false -consul_token: "consul_token_default" - # Conf - base.hcl consul_bind_addr: "{{ ansible_default_ipv4.address }}" consul_client_addr: "0.0.0.0" @@ -92,10 +66,22 @@ consul_encrypt: "" consul_ca_file: "{{ consul_ssl_dir }}/ca.pem" consul_cert_file: "{{ consul_ssl_dir }}/consul.pem" consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem" -consul_ui: true +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: false +consul_ui_config: + enabled: true consul_recursors: - 1.1.1.1 - 8.8.8.8 +consul_certificates: + - src: "{{ file_consul_ca_pem }}" + dest: "{{ consul_ca_file }}" + - src: "{{ file_consul_server_0_pem }}" + dest: "{{ consul_cert_file }}" + - src: "{{ file_consul_server_0_key_pem }}" + dest: "{{ consul_key_file }}" # Conf - ports.hcl consul_port_dns: 53 @@ -107,4 +93,4 @@ consul_port_serf_wan: 8302 consul_port_server: 8300 # Conf - services.json -consul_services: false \ No newline at end of file +consul_services: false