dest: "{{ consul_cert_file }}"
- src: "{{ file_consul_server_0_key_pem }}"
dest: "{{ consul_key_file }}"
+consul_verify_incoming: false
+consul_verify_outgoing: false
+consul_vefify_server_hostname: false
+consul_allow_tls: true
consul_datacenter: "yul1"
+consul_node_role: "both"
consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
-consul_node_role: "both"
+consul_retry_join: true
consul_retry_servers:
- "10.30.51.26"
- "10.30.51.24"
dest: "{{ consul_cert_file }}"
- src: "{{ file_consul_server_1_key_pem }}"
dest: "{{ consul_key_file }}"
+consul_verify_incoming: false
+consul_verify_outgoing: false
+consul_vefify_server_hostname: false
+consul_allow_tls: true
consul_datacenter: "yul1"
+consul_node_role: "both"
consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
-consul_node_role: "both"
+consul_retry_join: true
consul_retry_servers:
- "10.30.51.23"
- "10.30.51.26"
dest: "{{ consul_cert_file }}"
- src: "{{ file_consul_server_2_key_pem }}"
dest: "{{ consul_key_file }}"
+consul_verify_incoming: false
+consul_verify_outgoing: false
+consul_vefify_server_hostname: false
+consul_allow_tls: true
consul_datacenter: "yul1"
+consul_node_role: "both"
consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
-consul_node_role: "both"
+consul_retry_join: true
consul_retry_servers:
- "10.30.51.23"
- "10.30.51.24"
dest: "{{ consul_cert_file }}"
- src: "{{ file_consul_server_3_key_pem }}"
dest: "{{ consul_key_file }}"
+consul_verify_incoming: false
+consul_verify_outgoing: false
+consul_vefify_server_hostname: false
+consul_allow_tls: true
consul_datacenter: "yul1"
+consul_node_role: "both"
consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
-consul_node_role: "both"
+consul_retry_join: true
consul_retry_servers:
- "10.30.51.23"
- "10.30.51.24"
- "10.30.51.24:4647"
- "10.30.51.25:4647"
-# Consul settigs.
+# Consul settings.
nomad_use_consul: true
consul_certificates:
- - src: "{{ file_consul_ca_pem }}"
+ - src: "{{ file_consul_agent_ca_pem }}"
dest: "{{ consul_ca_file }}"
+ - src: "{{ file_consul_server_0_pem }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ file_consul_server_0_key_pem }}"
+ dest: "{{ consul_key_file }}"
+consul_verify_incoming: false
+consul_verify_outgoing: false
+consul_vefify_server_hostname: false
+consul_allow_tls: false
consul_datacenter: "yul1"
+consul_node_role: "client"
consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
-consul_node_role: "client"
+consul_retry_join: true
consul_retry_servers:
- "10.30.51.23"
- "10.30.51.24"
- "10.30.51.24:4647"
- "10.30.51.25:4647"
-# Consul settigs.
+# Consul settings.
nomad_use_consul: true
consul_certificates:
- - src: "{{ file_consul_ca_pem }}"
+ - src: "{{ file_consul_agent_ca_pem }}"
dest: "{{ consul_ca_file }}"
+ - src: "{{ file_consul_server_0_pem }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ file_consul_server_0_key_pem }}"
+ dest: "{{ consul_key_file }}"
+consul_verify_incoming: false
+consul_verify_outgoing: false
+consul_vefify_server_hostname: false
+consul_allow_tls: false
consul_datacenter: "yul1"
+consul_node_role: "client"
consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
-consul_node_role: "client"
+consul_retry_join: true
consul_retry_servers:
- "10.30.51.23"
- "10.30.51.24"
# Consul settigs.
nomad_use_consul: true
consul_certificates:
- - src: "{{ file_consul_ca_pem }}"
+ - src: "{{ file_consul_agent_ca_pem }}"
dest: "{{ consul_ca_file }}"
+ - src: "{{ file_consul_server_0_pem }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ file_consul_server_0_key_pem }}"
+ dest: "{{ consul_key_file }}"
+consul_verify_incoming: false
+consul_verify_outgoing: false
+consul_vefify_server_hostname: false
+consul_allow_tls: false
consul_datacenter: "yul1"
+consul_node_role: "client"
consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
-consul_node_role: "client"
+consul_retry_join: true
consul_retry_servers:
- "10.30.51.23"
- "10.30.51.24"
# Consul settigs.
nomad_use_consul: true
consul_certificates:
- - src: "{{ file_consul_ca_pem }}"
+ - src: "{{ file_consul_agent_ca_pem }}"
dest: "{{ consul_ca_file }}"
+ - src: "{{ file_consul_server_0_pem }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ file_consul_server_0_key_pem }}"
+ dest: "{{ consul_key_file }}"
+consul_verify_incoming: false
+consul_verify_outgoing: false
+consul_vefify_server_hostname: false
+consul_allow_tls: false
consul_datacenter: "yul1"
+consul_node_role: "client"
consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
-consul_node_role: "client"
+consul_retry_join: true
consul_retry_servers:
- "10.30.51.23"
- "10.30.51.24"
# Consul settigs.
nomad_use_consul: true
consul_certificates:
- - src: "{{ file_consul_ca_pem }}"
+ - src: "{{ file_consul_agent_ca_pem }}"
dest: "{{ consul_ca_file }}"
+ - src: "{{ file_consul_server_0_pem }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ file_consul_server_0_key_pem }}"
+ dest: "{{ consul_key_file }}"
+consul_verify_incoming: false
+consul_verify_outgoing: false
+consul_vefify_server_hostname: false
+consul_allow_tls: false
consul_datacenter: "yul1"
+consul_node_role: "client"
consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
-consul_node_role: "client"
+consul_retry_join: true
consul_retry_servers:
- "10.30.51.23"
- "10.30.51.24"
# Consul settigs.
nomad_use_consul: true
consul_certificates:
- - src: "{{ file_consul_ca_pem }}"
+ - src: "{{ file_consul_agent_ca_pem }}"
dest: "{{ consul_ca_file }}"
+ - src: "{{ file_consul_server_0_pem }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ file_consul_server_0_key_pem }}"
+ dest: "{{ consul_key_file }}"
+consul_verify_incoming: false
+consul_verify_outgoing: false
+consul_vefify_server_hostname: false
+consul_allow_tls: false
consul_datacenter: "yul1"
+consul_node_role: "client"
consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
-consul_node_role: "client"
+consul_retry_join: true
consul_retry_servers:
- "10.30.51.23"
- "10.30.51.24"
# Consul settings.
nomad_use_consul: true
consul_certificates:
- - src: "{{ file_consul_ca_pem }}"
+ - src: "{{ file_consul_agent_ca_pem }}"
dest: "{{ consul_ca_file }}"
+ - src: "{{ file_consul_server_0_pem }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ file_consul_server_0_key_pem }}"
+ dest: "{{ consul_key_file }}"
+consul_verify_incoming: false
+consul_verify_outgoing: false
+consul_vefify_server_hostname: false
+consul_allow_tls: false
consul_datacenter: "yul1"
+consul_node_role: "client"
consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
-consul_node_role: "client"
+consul_retry_join: true
consul_retry_servers:
- "10.30.51.23"
- "10.30.51.24"
# Consul settings.
nomad_use_consul: true
consul_certificates:
- - src: "{{ file_consul_ca_pem }}"
+ - src: "{{ file_consul_agent_ca_pem }}"
dest: "{{ consul_ca_file }}"
+ - src: "{{ file_consul_server_0_pem }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ file_consul_server_0_key_pem }}"
+ dest: "{{ consul_key_file }}"
+consul_verify_incoming: false
+consul_verify_outgoing: false
+consul_vefify_server_hostname: false
+consul_allow_tls: false
consul_datacenter: "yul1"
+consul_node_role: "client"
consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
-consul_node_role: "client"
+consul_retry_join: true
consul_retry_servers:
- "10.30.51.23"
- "10.30.51.24"
---
-# file: roles/consul/defaults/main.yaml
+# file: defaults/main.yaml
# Inst - Prerequisites.
packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
32-bit: "386"
64-bit: "amd64"
consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}"
-consul_version: "1.12.2"
+consul_version: "1.16.1"
consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip"
consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}"
consul_force_update: false
# Conf - User and group.
consul_group: "consul"
-consul_group_state: "present"
consul_user: "consul"
-consul_user_state: "present"
# Conf - base.hcl
+consul_allow_tls: true
consul_bind_addr: "{{ ansible_default_ipv4.address }}"
+consul_bootstrap_expect: 1
consul_client_addr: "0.0.0.0"
consul_datacenter: "dc1"
consul_disable_update_check: true
consul_enable_debug: false
consul_enable_syslog: true
+consul_encrypt: ""
consul_log_level: "INFO"
consul_node_name: "{{ inventory_hostname }}"
-consul_retry_join: true
-consul_bootstrap_expect: 2
-consul_encrypt: ""
-consul_ca_file: "{{ consul_ssl_dir }}/ca.pem"
-consul_cert_file: "{{ consul_ssl_dir }}/consul.pem"
-consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem"
-consul_verify_incoming: false
-consul_verify_outgoing: false
-consul_vefify_server_hostname: false
-consul_allow_tls: false
-consul_ui_config:
- enabled: true
consul_recursors:
- 1.1.1.1
- 8.8.8.8
-consul_certificates:
- - src: "{{ file_consul_ca_pem }}"
- dest: "{{ consul_ca_file }}"
- - src: "{{ file_consul_server_0_pem }}"
- dest: "{{ consul_cert_file }}"
- - src: "{{ file_consul_server_0_key_pem }}"
- dest: "{{ consul_key_file }}"
+consul_retry_join: false
+consul_ui_config:
+ enabled: true
+consul_verify_incoming: true
+consul_verify_outgoing: true
+consul_vefify_server_hostname: false
+consul_ca_file: "{{ consul_ssl_dir }}/ca.pem"
+consul_cert_file: "{{ consul_ssl_dir }}/consul.pem"
+consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem"
# Conf - ports.hcl
consul_port_dns: 53
---
-# file roles/consul/handlers/main.yaml
+# file handlers/main.yaml
- name: Restart Nomad
ansible.builtin.systemd:
---
-# file: roles/consul/meta/main.yaml
+# file: meta/main.yaml
dependencies: []
+
galaxy_info:
- role_name: consul
- author: fd.io
- description: Hashicrop Consul.
- company: none
+ role_name: "consul"
+ author: "pmikus"
+ description: "Hashicorp Consul."
+ company: "none"
license: "license (Apache)"
- min_ansible_version: 2.9
+ min_ansible_version: "2.9"
platforms:
- - name: Ubuntu
+ - name: "Ubuntu"
versions:
- - jammy
+ - "focal"
+ - "jammy"
+ - "kinetic"
galaxy_tags:
- - consul
+ - "consul"
+ - "hashicorp"
---
-# file: roles/consul/tasks/main.yaml
+# file: tasks/main.yaml
-- name: Inst - Update Repositories Cache
- apt:
+- name: Update Repositories Cache
+ ansible.builtin.apt:
update_cache: true
when:
- ansible_os_family == 'Debian'
tags:
- consul-inst-package
-- name: Inst - Dependencies
- apt:
+- name: Dependencies
+ ansible.builtin.apt:
name: "{{ packages | flatten(levels=1) }}"
state: "present"
cache_valid_time: 3600
tags:
- consul-inst-dependencies
-- name: Conf - Add Consul Group
- group:
+- name: Add Consul Group
+ ansible.builtin.group:
name: "{{ consul_group }}"
- state: "{{ consul_group_state }}"
+ state: "present"
tags:
- consul-conf-user
-- name: Conf - Add Consul user
- user:
+- name: Add Consul user
+ ansible.builtin.user:
name: "{{ consul_user }}"
group: "{{ consul_group }}"
- state: "{{ consul_user_state }}"
+ state: "present"
system: true
tags:
- consul-conf-user
-- name: Inst - Download Consul
- get_url:
+- name: Download Consul
+ ansible.builtin.get_url:
url: "{{ consul_zip_url }}"
dest: "{{ consul_inst_dir }}/{{ consul_pkg }}"
tags:
- consul-inst-package
-- name: Inst - Clean Consul
- file:
+- name: Clean Consul
+ ansible.builtin.file:
path: "{{ consul_inst_dir }}/consul"
state: "absent"
when:
tags:
- consul-inst-package
-- name: Inst - Unarchive Consul
- unarchive:
+- name: Unarchive Consul
+ ansible.builtin.unarchive:
src: "{{ consul_inst_dir }}/{{ consul_pkg }}"
dest: "{{ consul_inst_dir }}/"
remote_src: true
tags:
- consul-inst-package
-- name: Inst - Consul
- copy:
+- name: Consul
+ ansible.builtin.copy:
src: "{{ consul_inst_dir }}/consul"
dest: "{{ consul_bin_dir }}"
owner: "{{ consul_user }}"
tags:
- consul-inst-package
-- name: Conf - Create Directories "{{ consul_data_dir }}"
- file:
- dest: "{{ consul_data_dir }}"
- state: directory
- owner: "{{ consul_user }}"
- group: "{{ consul_group }}"
- tags:
- - consul-conf
-
-- name: Conf - Create Directories "{{ consul_ssl_dir }}"
- file:
- dest: "{{ consul_ssl_dir }}"
- state: directory
- owner: "{{ consul_user }}"
- group: "{{ consul_group }}"
- tags:
- - consul-conf
-
-- name: Conf - Create Config Directory
- file:
- dest: "{{ consul_config_dir }}"
- state: directory
+- name: Create Directories
+ ansible.builtin.file:
+ dest: "{{ item }}"
+ state: "directory"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0755
+ with_items:
+ - "{{ consul_data_dir }}"
+ - "{{ nomad_config_dir }}"
+ - "{{ nomad_ssl_dir }}"
tags:
- consul-conf
-- name: Conf - Base Configuration
- template:
- src: base.hcl.j2
- dest: "{{ consul_config_dir }}/base.hcl"
+- name: Base Configuration
+ ansible.builtin.template:
+ src: "{{ item }}.hcl.j2"
+ dest: "{{ consul_config_dir }}/{{ item }}.hcl"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0644
+ with_items:
+ - "base"
+ - "ports"
+ - "telemetry"
tags:
- consul-conf
-- name: Conf - Ports Configuration
- template:
- src: ports.hcl.j2
- dest: "{{ consul_config_dir }}/ports.hcl"
- owner: "{{ consul_user }}"
- group: "{{ consul_group }}"
- mode: 0644
- tags:
- - consul-conf
-
-- name: Conf - Telemetry Configuration
- template:
- src: telemetry.hcl.j2
- dest: "{{ consul_config_dir }}/telemetry.hcl"
- owner: "{{ consul_user }}"
- group: "{{ consul_group }}"
- mode: 0644
- tags:
- - consul-conf
-
-- name: Conf - Services Configuration
- template:
- src: services.json.j2
- dest: "{{ consul_config_dir }}/services.json"
- owner: "{{ consul_user }}"
- group: "{{ consul_group }}"
- mode: 0644
- when:
- - consul_services
- tags:
- - consul-conf
-
-- name: Conf - Copy Certificates And Keys
- copy:
+- name: Copy Certificates And Keys
+ ansible.builtin.copy:
content: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ consul_user }}"
tags:
- consul-conf
-- name: Conf - Stop Systemd-resolved
- systemd:
+- name: Stop Systemd-resolved
+ ansible.builtin.systemd:
daemon_reload: true
enabled: false
name: "systemd-resolved"
tags:
- consul-conf
-- name: Conf - System.d Script
- template:
+- name: System.d Script
+ ansible.builtin.template:
src: "consul_systemd.service.j2"
dest: "/lib/systemd/system/consul.service"
owner: "root"
mode: 0644
notify:
- "Restart Consul"
- - "Restart Nomad"
when:
- consul_service_mgr == "systemd"
tags:
- consul-conf
-- name: Meta - Flush handlers
- meta: flush_handlers
+- name: Flush handlers
+ ansible.builtin.meta: flush_handlers
dns = {{ consul_port_dns }}
http = {{ consul_port_http }}
https = {{ consul_port_https }}
- grpc = {{ consul_port_grpc }}
+ grpc_tls = {{ consul_port_grpc }}
serf_lan = {{ consul_port_serf_lan }}
serf_wan = {{ consul_port_serf_wan }}
server = {{ consul_port_server }}
+++ /dev/null
-{
- "services": [
-{% for item in consul_services %}
- {
- "name": "{{ item.name }}",
- "port": {{ item.port }}
- }
-{%- if not loop.last %},
-{% endif %}
-{% endfor %}
-
- ]
-}
\ No newline at end of file
---
-# file: roles/consul/vars/main.yaml
+# file: vars/main.yaml
consul_node_client: "{{ (consul_node_role == 'client') or (consul_node_role == 'both') }}"
consul_node_server: "{{ (consul_node_role == 'server') or (consul_node_role == 'both') }}"
Code Review / csit.git / commitdiff