From 37337e09e81af58459d8029b00ca50d0f8d5897a Mon Sep 17 00:00:00 2001
From: pmikus <pmikus@cisco.com>
Date: Mon, 23 Nov 2020 13:56:20 +0000
Subject: [PATCH] Ansible: Hashicorp Consul

Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I56987d744d9143a95954d85f2557cda07220c681
---
 .../lf_inventory/host_vars/10.30.51.28.yaml        |  21 +++
 .../lf_inventory/host_vars/10.30.51.29.yaml        |  21 +++
 .../lf_inventory/host_vars/10.30.51.30.yaml        |  20 +++
 .../lf_inventory/host_vars/10.30.51.32.yaml        |  20 +++
 .../lf_inventory/host_vars/10.30.51.33.yaml        |  20 +++
 .../lf_inventory/host_vars/10.30.51.34.yaml        |  21 +++
 .../lf_inventory/host_vars/10.30.51.35.yaml        |  21 +++
 .../lf_inventory/host_vars/10.30.51.39.yaml        |  21 +++
 .../lf_inventory/host_vars/10.30.51.40.yaml        |  21 +++
 .../lf_inventory/host_vars/10.30.51.50.yaml        |  34 +++++
 .../lf_inventory/host_vars/10.30.51.51.yaml        |  34 +++++
 .../lf_inventory/host_vars/10.30.51.65.yaml        |  21 +++
 .../lf_inventory/host_vars/10.30.51.66.yaml        |  21 +++
 .../lf_inventory/host_vars/10.30.51.67.yaml        |  21 +++
 .../lf_inventory/host_vars/10.30.51.68.yaml        |  21 +++
 .../lf_inventory/host_vars/10.30.51.70.yaml        |  21 +++
 .../lf_inventory/host_vars/10.30.51.71.yaml        |  21 +++
 .../lf_inventory/host_vars/10.32.8.14.yaml         |  29 ++++
 .../lf_inventory/host_vars/10.32.8.15.yaml         |  29 ++++
 .../lf_inventory/host_vars/10.32.8.16.yaml         |  20 +++
 resources/tools/testbed-setup/ansible/nomad.yaml   |   4 +
 .../ansible/roles/consul/defaults/main.yaml        | 114 ++++++++++++++
 .../ansible/roles/consul/handlers/main.yaml        |  23 +++
 .../ansible/roles/consul/meta/main.yaml            |   9 ++
 .../ansible/roles/consul/tasks/main.yaml           | 164 +++++++++++++++++++++
 .../ansible/roles/consul/templates/base.hcl.j2     |  30 ++++
 .../ansible/roles/consul/templates/consul.hcl.j2   |  20 +++
 .../consul/templates/consul_systemd.service.j2     |  21 +++
 .../ansible/roles/consul/templates/ports.hcl.j2    |   9 ++
 .../roles/consul/templates/services.json.j2        |  13 ++
 .../ansible/roles/consul/vars/main.yaml            |   5 +
 .../ansible/roles/nomad/defaults/main.yaml         |   1 +
 .../ansible/roles/nomad/templates/client.hcl.j2    |   9 ++
 .../roles/nomad/templates/nomad_systemd.service.j2 |   2 +-
 .../tools/testbed-setup/ansible/vpp_device.yaml    |   8 +-
 35 files changed, 887 insertions(+), 3 deletions(-)
 create mode 100644 resources/tools/testbed-setup/ansible/roles/consul/defaults/main.yaml
 create mode 100644 resources/tools/testbed-setup/ansible/roles/consul/handlers/main.yaml
 create mode 100644 resources/tools/testbed-setup/ansible/roles/consul/meta/main.yaml
 create mode 100644 resources/tools/testbed-setup/ansible/roles/consul/tasks/main.yaml
 create mode 100644 resources/tools/testbed-setup/ansible/roles/consul/templates/base.hcl.j2
 create mode 100644 resources/tools/testbed-setup/ansible/roles/consul/templates/consul.hcl.j2
 create mode 100644 resources/tools/testbed-setup/ansible/roles/consul/templates/consul_systemd.service.j2
 create mode 100644 resources/tools/testbed-setup/ansible/roles/consul/templates/ports.hcl.j2
 create mode 100644 resources/tools/testbed-setup/ansible/roles/consul/templates/services.json.j2
 create mode 100644 resources/tools/testbed-setup/ansible/roles/consul/vars/main.yaml

diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.28.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.28.yaml
index 34e03fec7b..be55243199 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.28.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.28.yaml
@@ -36,3 +36,24 @@ nomad_options:
   driver.whitelist: "docker,raw_exec,exec"
   fingerprint.network.disallow_link_local: true
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v2_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v2_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v2_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.29.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.29.yaml
index 53eea0d12d..18e657f34e 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.29.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.29.yaml
@@ -35,3 +35,24 @@ nomad_options:
   docker.privileged.enabled: true
   driver.whitelist: "docker,raw_exec,exec"
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v1_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v1_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v1_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml
index 5b8133ef84..d4e81be8ba 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml
@@ -38,3 +38,23 @@ nomad_options:
   fingerprint.network.disallow_link_local: true
 nomad_retry_servers: [ "10.30.51.32", "10.30.51.33" ]
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v2_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v2_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v2_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "both"
+consul_retry_servers:
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.32.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.32.yaml
index fe5c37935e..4cc25c4680 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.32.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.32.yaml
@@ -37,3 +37,23 @@ nomad_options:
   driver.whitelist: "docker,raw_exec,exec"
 nomad_retry_servers: [ "10.30.51.33", "10.30.51.30" ]
 nomad_servers: [ "10.30.51.32:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v2_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v2_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v2_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "both"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.33.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.33.yaml
index ef8ced7262..af9d3e7855 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.33.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.33.yaml
@@ -37,3 +37,23 @@ nomad_options:
   driver.whitelist: "docker,raw_exec,exec"
 nomad_retry_servers: [ "10.30.51.32", "10.30.51.30" ]
 nomad_servers: [ "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v2_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v2_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v2_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "both"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.34.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.34.yaml
index d0afca9164..accaaa5de3 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.34.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.34.yaml
@@ -37,3 +37,24 @@ nomad_options:
   driver.whitelist: "docker,raw_exec,exec"
 nomad_retry_servers: [ "10.30.51.32", "10.30.51.33" ]
 nomad_servers: [ "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v2_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v2_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v2_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.35.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.35.yaml
index 75980daf86..269c2be0c4 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.35.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.35.yaml
@@ -37,3 +37,24 @@ nomad_options:
   driver.whitelist: "docker,raw_exec,exec"
 nomad_retry_servers: [ "10.30.51.32", "10.30.51.33" ]
 nomad_servers: [ "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v2_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v2_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v2_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.39.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.39.yaml
index 41b3ed2238..3e5a524dbf 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.39.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.39.yaml
@@ -39,3 +39,24 @@ nomad_options:
   driver.whitelist: "docker,raw_exec,exec"
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
 nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v1_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v1_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v1_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.40.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.40.yaml
index a91ed66a33..fe8079bec8 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.40.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.40.yaml
@@ -39,3 +39,24 @@ nomad_options:
   driver.whitelist: "docker,raw_exec,exec"
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
 nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v1_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v1_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v1_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.50.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.50.yaml
index 20dc7a5880..b8ff3db983 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.50.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.50.yaml
@@ -8,6 +8,19 @@ grub:
 inventory_ipmi_hostname: "10.30.50.47"
 cpu_microarchitecture: "skylake"
 
+# User management.
+users:
+  - username: localadmin
+    groups: [adm, sudo]
+    password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1"
+    ssh_key:
+      - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com"
+  - username: testuser
+    groups: [adm, sudo]
+    password: "$6$zpBUdQ4q$P2zKclumvCndWujgP/qQ8eMk3YZk7ESAom04Fqp26hJH2jWkMXEX..jqxzMdDLJKiDaDHIaSkQMVjHzd3cRLs1"
+    ssh_key:
+      - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com"
+
 # Nomad settings.
 nomad_certificates:
   - src: "{{ vault_nomad_v1_ca_file }}"
@@ -27,3 +40,24 @@ nomad_options:
   docker.volumes.enabled: true
   driver.whitelist: "docker,raw_exec,exec"
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v1_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v1_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v1_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.51.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.51.yaml
index f518fa5704..15395cc487 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.51.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.51.yaml
@@ -8,6 +8,19 @@ grub:
 inventory_ipmi_hostname: "10.30.50.48"
 cpu_microarchitecture: "skylake"
 
+# User management.
+users:
+  - username: localadmin
+    groups: [adm, sudo]
+    password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1"
+    ssh_key:
+      - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com"
+  - username: testuser
+    groups: [adm, sudo]
+    password: "$6$zpBUdQ4q$P2zKclumvCndWujgP/qQ8eMk3YZk7ESAom04Fqp26hJH2jWkMXEX..jqxzMdDLJKiDaDHIaSkQMVjHzd3cRLs1"
+    ssh_key:
+      - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com"
+
 # Nomad settings.
 nomad_certificates:
   - src: "{{ vault_nomad_v1_ca_file }}"
@@ -27,3 +40,24 @@ nomad_options:
   docker.volumes.enabled: true
   driver.whitelist: "docker,raw_exec,exec"
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v1_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v1_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v1_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.65.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.65.yaml
index 30a8bc0525..bbceed229b 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.65.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.65.yaml
@@ -39,3 +39,24 @@ nomad_options:
   driver.whitelist: "docker,raw_exec,exec"
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
 nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v1_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v1_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v1_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.66.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.66.yaml
index 3bb4c32a41..da9c918272 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.66.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.66.yaml
@@ -39,3 +39,24 @@ nomad_options:
   driver.whitelist: "docker,raw_exec,exec"
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
 nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v1_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v1_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v1_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.67.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.67.yaml
index b65abe4638..a36c1151e0 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.67.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.67.yaml
@@ -39,3 +39,24 @@ nomad_options:
   driver.whitelist: "docker,raw_exec,exec"
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
 nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v1_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v1_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v1_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.68.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.68.yaml
index a5410850a3..88f0026f41 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.68.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.68.yaml
@@ -39,3 +39,24 @@ nomad_options:
   driver.whitelist: "docker,raw_exec,exec"
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
 nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v1_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v1_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v1_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.70.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.70.yaml
index b7d2d15cf8..a9953f549b 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.70.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.70.yaml
@@ -44,3 +44,24 @@ nomad_options:
   driver.whitelist: "docker,raw_exec,exec"
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
 nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v1_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v1_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v1_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.71.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.71.yaml
index a6cc611d73..6f2ca4aee8 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.71.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.30.51.71.yaml
@@ -44,3 +44,24 @@ nomad_options:
   driver.whitelist: "docker,raw_exec,exec"
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
 nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v1_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v1_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v1_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
+  - "10.30.51.16"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.32.8.14.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.32.8.14.yaml
index 3f426b79ec..4c912e685f 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.32.8.14.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.32.8.14.yaml
@@ -38,3 +38,32 @@ nomad_options:
   fingerprint.network.disallow_link_local: true
 nomad_retry_servers: [ "10.30.51.30", "10.30.51.32", "10.30.51.33" ]
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
+nomad_volumes:
+  - name: "prod-volume-data1-1"
+    path: "/data"
+    read_only: false
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v3_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v3_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v3_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "both"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.15"
+  - "10.30.51.16"
+consul_services:
+  - name: "storage1"
+    port: 9000
+  - name: "nginx1"
+    port: 443
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.32.8.15.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.32.8.15.yaml
index e91dcda023..79650198d1 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.32.8.15.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.32.8.15.yaml
@@ -38,3 +38,32 @@ nomad_options:
   fingerprint.network.disallow_link_local: true
 nomad_retry_servers: [ "10.30.51.30", "10.30.51.32", "10.30.51.33" ]
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
+nomad_volumes:
+  - name: "prod-volume-data2-1"
+    path: "/data"
+    read_only: false
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v3_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v3_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v3_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "both"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.16"
+consul_services:
+  - name: "storage2"
+    port: 9000
+  - name: "nginx2"
+    port: 443
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.32.8.16.yaml b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.32.8.16.yaml
index d7aac45a66..906fa82fbb 100644
--- a/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.32.8.16.yaml
+++ b/resources/tools/testbed-setup/ansible/inventories/lf_inventory/host_vars/10.32.8.16.yaml
@@ -38,3 +38,23 @@ nomad_options:
   fingerprint.network.disallow_link_local: true
 nomad_retry_servers: [ "10.30.51.30", "10.30.51.32", "10.30.51.33" ]
 nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647", "10.30.51.30:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_nomad_v3_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_nomad_v3_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_nomad_v3_key_file }}"
+    dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "both"
+consul_retry_servers:
+  - "10.30.51.30"
+  - "10.30.51.32"
+  - "10.30.51.33"
+  - "10.30.51.14"
+  - "10.30.51.15"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/nomad.yaml b/resources/tools/testbed-setup/ansible/nomad.yaml
index b09245cfdb..653215651a 100644
--- a/resources/tools/testbed-setup/ansible/nomad.yaml
+++ b/resources/tools/testbed-setup/ansible/nomad.yaml
@@ -8,7 +8,11 @@
   roles:
     - role: user_add
       tags: user_add
+    - role: baremetal
+      tags: baremetal
     - role: docker
       tags: docker
     - role: nomad
       tags: nomad
+    - role: consul
+      tags: consul
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/roles/consul/defaults/main.yaml b/resources/tools/testbed-setup/ansible/roles/consul/defaults/main.yaml
new file mode 100644
index 0000000000..4825afab35
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/consul/defaults/main.yaml
@@ -0,0 +1,114 @@
+---
+# file: roles/consul/defaults/main.yaml
+
+# Inst - Prerequisites.
+packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+  - "cgroup-bin"
+  - "curl"
+  - "git"
+  - "libcgroup1"
+  - "unzip"
+  - "htop"
+packages_by_distro:
+  ubuntu:
+    - []
+packages_by_arch:
+  aarch64:
+    - []
+  x86_64:
+    - []
+
+# Inst - Download Consul.
+consul_architecture_map:
+  amd64: "amd64"
+  x86_64: "amd64"
+  armv7l: "arm"
+  aarch64: "arm64"
+  32-bit: "386"
+  64-bit: "amd64"
+consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}"
+consul_version: "1.8.6"
+consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip"
+consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}"
+
+# Inst - System paths.
+consul_bin_dir: "/usr/local/bin"
+consul_config_dir: "/etc/consul.d"
+consul_data_dir: "/var/consul"
+consul_inst_dir: "/opt"
+consul_lockfile: "/var/lock/subsys/consul"
+consul_run_dir: "/var/run/consul"
+consul_ssl_dir: "/etc/consul.d/ssl"
+nomad_config_dir: "/etc/nomad.d"
+
+# Conf - Service.
+consul_node_role: "both"
+consul_restart_handler_state: "restarted"
+nomad_restart_handler_state: "restarted"
+systemd_resolved_state: "stopped"
+
+# Conf - User and group.
+consul_group: "consul"
+consul_group_state: "present"
+consul_manage_group: true
+consul_manage_user: true
+consul_user: "consul"
+consul_user_groups: [ docker, nomad, consul, root ]
+consul_user_state: "present"
+
+# Conf - nomad.d/consul.hcl
+consul_nomad_integration: true
+consul_certificates:
+  - src: "{{ vault_consul_ca_file }}"
+    dest: "{{ consul_ca_file }}"
+  - src: "{{ vault_consul_cert_file }}"
+    dest: "{{ consul_cert_file }}"
+  - src: "{{ vault_consul_key_file }}"
+    dest: "{{ consul_key_file }}"
+
+consul_address: "127.0.0.1:8500"
+consul_auth: ""
+consul_auto_advertise: true
+consul_checks_use_advertise: false
+consul_server_service_name: "nomad"
+consul_client_service_name: "nomad-client"
+consul_server_auto_join: false
+consul_client_auto_join: false
+consul_ssl: true
+consul_verify_ssl: true
+consul_ACL_token_set: false
+consul_token: "consul_token_default"
+
+# Conf - base.hcl
+consul_bind_addr: "{{ ansible_default_ipv4.address }}"
+consul_client_addr: "0.0.0.0"
+consul_datacenter: "dc1"
+consul_disable_update_check: true
+consul_enable_debug: false
+consul_enable_syslog: true
+consul_log_level: "INFO"
+consul_node_name: "{{ inventory_hostname }}"
+consul_retry_join: true
+consul_bootstrap_expect: 2
+consul_encrypt: ""
+consul_ca_file: "{{ consul_ssl_dir }}/ca.pem"
+consul_cert_file: "{{ consul_ssl_dir }}/consul.pem"
+consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem"
+consul_ui: true
+consul_recursors:
+  - 1.1.1.1
+  - 8.8.8.8
+
+# Conf - ports.hcl
+consul_port_dns: 53
+consul_port_http: 8500
+consul_port_https: 8501
+consul_port_grpc: 8502
+consul_port_serf_lan: 8301
+consul_port_serf_wan: 8302
+consul_port_server: 8300
+
+# Conf - services.json
+consul_services: false
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/roles/consul/handlers/main.yaml b/resources/tools/testbed-setup/ansible/roles/consul/handlers/main.yaml
new file mode 100644
index 0000000000..338baea74e
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/consul/handlers/main.yaml
@@ -0,0 +1,23 @@
+---
+# file roles/consul/handlers/main.yaml
+
+- name: Restart Nomad
+  systemd:
+    daemon_reload: true
+    enabled: true
+    name: "nomad"
+    state: "{{ nomad_restart_handler_state }}"
+
+- name: Restart Consul
+  systemd:
+    daemon_reload: true
+    enabled: true
+    name: "consul"
+    state: "{{ consul_restart_handler_state }}"
+
+- name: Stop Systemd-resolved
+  systemd:
+    daemon_reload: true
+    enabled: false
+    name: "systemd-resolved"
+    state: "{{ systemd_resolved_state }}"
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/roles/consul/meta/main.yaml b/resources/tools/testbed-setup/ansible/roles/consul/meta/main.yaml
new file mode 100644
index 0000000000..4ada8efad6
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/consul/meta/main.yaml
@@ -0,0 +1,9 @@
+---
+# file: roles/consul/meta/main.yaml
+
+# desc: Install consul from stable branch and configure service.
+# inst: Consul
+# conf: ?
+# info: 1.0 - added role
+
+dependencies: [ ]
diff --git a/resources/tools/testbed-setup/ansible/roles/consul/tasks/main.yaml b/resources/tools/testbed-setup/ansible/roles/consul/tasks/main.yaml
new file mode 100644
index 0000000000..c40fab79e3
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/consul/tasks/main.yaml
@@ -0,0 +1,164 @@
+---
+# file: roles/consul/tasks/main.yaml
+
+- name: Inst - Prerequisites
+  package:
+    name: "{{ packages | flatten(levels=1) }}"
+    state: latest
+    update_cache: true
+  tags:
+    - consul-inst-prerequisites
+
+- name: Conf - Add Consul Group
+  group:
+    name: "{{ consul_group }}"
+    state: "{{ consul_group_state }}"
+  when:
+    - consul_manage_group | bool
+  tags:
+    - consul-conf-user
+
+- name: Conf - Add Consul user
+  user:
+    name: "{{ consul_user }}"
+    group: "{{ consul_group }}"
+    groups: "{{ consul_user_groups }}"
+    state: "{{ consul_user_state }}"
+    system: true
+  when:
+    - consul_manage_user | bool
+  tags:
+    - consul-conf-user
+
+- name: Inst - Clean Consul
+  file:
+    path: "{{ consul_inst_dir }}/consul"
+    state: "absent"
+  tags:
+    - consul-inst-package
+
+- name: Inst - Download Consul
+  get_url:
+    url: "{{ consul_zip_url }}"
+    dest: "{{ consul_inst_dir }}/{{ consul_pkg }}"
+  tags:
+    - consul-inst-package
+
+- name: Inst - Unarchive Consul
+  unarchive:
+    src: "{{ consul_inst_dir }}/{{ consul_pkg }}"
+    dest: "{{ consul_inst_dir }}/"
+    creates: "{{ consul_inst_dir }}/consul"
+    remote_src: true
+  tags:
+    - consul-inst-package
+
+- name: Inst - Consul
+  copy:
+    src: "{{ consul_inst_dir }}/consul"
+    dest: "{{ consul_bin_dir }}"
+    owner: "{{ consul_user }}"
+    group: "{{ consul_group }}"
+    force: true
+    mode: 0755
+    remote_src: true
+  tags:
+    - consul-inst-package
+
+- name: Conf - Create Directories "{{ consul_data_dir }}"
+  file:
+    dest: "{{ consul_data_dir }}"
+    state: directory
+    owner: "{{ consul_user }}"
+    group: "{{ consul_group }}"
+  tags:
+    - consul-conf
+
+- name: Conf - Create Directories "{{ consul_ssl_dir }}"
+  file:
+    dest: "{{ consul_ssl_dir }}"
+    state: directory
+    owner: "{{ consul_user }}"
+    group: "{{ consul_group }}"
+  tags:
+    - consul-conf
+
+- name: Conf - Create Config Directory
+  file:
+    dest: "{{ consul_config_dir }}"
+    state: directory
+    owner: "{{ consul_user }}"
+    group: "{{ consul_group }}"
+    mode: 0755
+  tags:
+    - consul-conf
+
+- name: Conf - Nomad integration Consul Configuration
+  template:
+    src: consul.hcl.j2
+    dest: "{{ nomad_config_dir }}/consul.hcl"
+    owner: "nomad"
+    group: "nomad"
+    mode: 0644
+  when:
+    - consul_nomad_integration | bool
+  tags:
+    - consul-conf
+
+- name: Conf - Base Configuration
+  template:
+    src: base.hcl.j2
+    dest: "{{ consul_config_dir }}/base.hcl"
+    owner: "{{ consul_user }}"
+    group: "{{ consul_group }}"
+    mode: 0644
+  tags:
+    - consul-conf
+
+- name: Conf - Ports Configuration
+  template:
+    src: ports.hcl.j2
+    dest: "{{ consul_config_dir }}/ports.hcl"
+    owner: "{{ consul_user }}"
+    group: "{{ consul_group }}"
+    mode: 0644
+  tags:
+    - consul-conf
+
+- name: Conf - Services Configuration
+  template:
+    src: services.json.j2
+    dest: "{{ consul_config_dir }}/services.json"
+    owner: "{{ consul_user }}"
+    group: "{{ consul_group }}"
+    mode: 0644
+  when:
+    - consul_services
+  tags:
+    - consul-conf
+
+- name: Conf - Copy Certificates And Keys
+  copy:
+    content: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ consul_user }}"
+    group: "{{ consul_group }}"
+    mode: 0600
+  no_log: true
+  loop: "{{ consul_certificates | flatten(levels=1) }}"
+  tags:
+    - consul-conf
+
+- name: Conf - System.d Script
+  template:
+    src: "consul_systemd.service.j2"
+    dest: "/lib/systemd/system/consul.service"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  notify:
+    - "Restart Consul"
+    - "Stop Systemd-resolved"
+#    - "Restart Nomad"
+  tags:
+    - consul-conf
diff --git a/resources/tools/testbed-setup/ansible/roles/consul/templates/base.hcl.j2 b/resources/tools/testbed-setup/ansible/roles/consul/templates/base.hcl.j2
new file mode 100644
index 0000000000..11743fa420
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/consul/templates/base.hcl.j2
@@ -0,0 +1,30 @@
+node_name = "{{ consul_node_name }}"
+datacenter = "{{ consul_datacenter }}"
+
+bind_addr = "{{ consul_bind_addr }}"
+client_addr = "{{ consul_client_addr }}"
+data_dir = "{{ consul_data_dir }}"
+
+enable_syslog = {{ consul_enable_syslog | bool | lower }}
+enable_debug = {{ consul_enable_debug | bool | lower }}
+disable_update_check = {{ consul_disable_update_check | bool | lower }}
+log_level = "{{ consul_log_level }}"
+
+server = {{ consul_node_server | bool | lower }}
+encrypt = "{{ consul_encrypt }}"
+{% if consul_node_server | bool == True %}
+bootstrap_expect = {{ consul_bootstrap_expect }}
+{% endif %}
+{% if consul_retry_join | bool -%}
+retry_join = [ {% for ip_port in consul_retry_servers -%} "{{ ip_port }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ]
+{%- endif %}
+
+ui = {{ consul_ui | bool | lower }}
+
+ca_file = "{{ consul_ca_file }}"
+cert_file = "{{ consul_cert_file }}"
+key_file = "{{ consul_key_file }}"
+
+{% if consul_recursors -%}
+recursors = [ {% for server in consul_recursors -%} "{{ server }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ]
+{%- endif %}
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/roles/consul/templates/consul.hcl.j2 b/resources/tools/testbed-setup/ansible/roles/consul/templates/consul.hcl.j2
new file mode 100644
index 0000000000..6bd235f28d
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/consul/templates/consul.hcl.j2
@@ -0,0 +1,20 @@
+consul {
+    address = "{{ consul_address }}"
+    auth = "{{ consul_auth }}"
+    auto_advertise = {{ consul_auto_advertise | bool | lower }}
+    ca_file = "{{ consul_ca_file }}"
+    cert_file = "{{ consul_cert_file }}"
+    checks_use_advertise = {{ consul_checks_use_advertise | bool | lower }}
+    client_auto_join = {{ consul_client_auto_join | bool | lower }}
+    client_service_name = "{{ consul_client_service_name }}"
+    key_file = "{{ consul_key_file }}"
+    server_service_name = "{{ consul_server_service_name }}"
+    server_auto_join = {{ consul_server_auto_join | bool | lower }}
+    ssl = {{ consul_ssl | bool | lower }}
+    verify_ssl = {{ consul_verify_ssl | bool | lower }}
+
+{% if consul_ACL_token_set == True %}
+    token = "{{ consul_token }}"
+{% endif %}
+
+}
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/roles/consul/templates/consul_systemd.service.j2 b/resources/tools/testbed-setup/ansible/roles/consul/templates/consul_systemd.service.j2
new file mode 100644
index 0000000000..8e1ef1310d
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/consul/templates/consul_systemd.service.j2
@@ -0,0 +1,21 @@
+[Unit]
+Description=Consul Service
+Documentation=https://www.nomadproject.io/docs/
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+# TODO: Decrease privilege
+ExecReload=/bin/kill -SIGHUP $MAINPID
+ExecStart={{ consul_bin_dir }}/consul agent -config-dir {{ consul_config_dir }}
+KillSignal=SIGTERM
+LimitNOFILE=infinity
+LimitNPROC=infinity
+Restart=on-failure
+RestartSec=1
+User=root
+Group=root
+Environment="GOMAXPROCS=2"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/resources/tools/testbed-setup/ansible/roles/consul/templates/ports.hcl.j2 b/resources/tools/testbed-setup/ansible/roles/consul/templates/ports.hcl.j2
new file mode 100644
index 0000000000..a658060ce8
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/consul/templates/ports.hcl.j2
@@ -0,0 +1,9 @@
+ports {
+    dns = {{ consul_port_dns }}
+    http = {{ consul_port_http }}
+    https = {{ consul_port_https }}
+    grpc = {{ consul_port_grpc }}
+    serf_lan = {{ consul_port_serf_lan }}
+    serf_wan = {{ consul_port_serf_wan }}
+    server = {{ consul_port_server }}
+}
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/roles/consul/templates/services.json.j2 b/resources/tools/testbed-setup/ansible/roles/consul/templates/services.json.j2
new file mode 100644
index 0000000000..3245ba92a4
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/consul/templates/services.json.j2
@@ -0,0 +1,13 @@
+{
+    "services": [
+{% for item in consul_services %}
+        {
+            "name": "{{ item.name }}",
+            "port": {{ item.port }}
+        }
+{%- if not loop.last %},
+{% endif %}
+{% endfor %}
+
+    ]
+}
\ No newline at end of file
diff --git a/resources/tools/testbed-setup/ansible/roles/consul/vars/main.yaml b/resources/tools/testbed-setup/ansible/roles/consul/vars/main.yaml
new file mode 100644
index 0000000000..b46333a7a7
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/consul/vars/main.yaml
@@ -0,0 +1,5 @@
+---
+# file: roles/consul/vars/main.yaml
+
+consul_node_client: "{{ (consul_node_role == 'client') or (consul_node_role == 'both') }}"
+consul_node_server: "{{ (consul_node_role == 'server') or (consul_node_role == 'both') }}"
diff --git a/resources/tools/testbed-setup/ansible/roles/nomad/defaults/main.yaml b/resources/tools/testbed-setup/ansible/roles/nomad/defaults/main.yaml
index f88e882fce..864890c11e 100644
--- a/resources/tools/testbed-setup/ansible/roles/nomad/defaults/main.yaml
+++ b/resources/tools/testbed-setup/ansible/roles/nomad/defaults/main.yaml
@@ -84,6 +84,7 @@ nomad_node_class: ""
 nomad_no_host_uuid: true
 nomad_options: {}
 nomad_servers: []
+nomad_volumes: []
 
 # Conf - server.hcl
 nomad_bootstrap_expect: 2
diff --git a/resources/tools/testbed-setup/ansible/roles/nomad/templates/client.hcl.j2 b/resources/tools/testbed-setup/ansible/roles/nomad/templates/client.hcl.j2
index f15616144f..f245697a22 100644
--- a/resources/tools/testbed-setup/ansible/roles/nomad/templates/client.hcl.j2
+++ b/resources/tools/testbed-setup/ansible/roles/nomad/templates/client.hcl.j2
@@ -19,4 +19,13 @@ client {
     }
     {% endif %}
 
+    {% if nomad_volumes -%}
+    {% for volume in nomad_volumes -%}
+    host_volume "{{ volume.name }}" {
+        path = "{{ volume.path }}"
+        read_only = {{ volume.read_only | bool | lower }}
+    }
+    {% endfor -%}
+    {% endif %}
+
 }
diff --git a/resources/tools/testbed-setup/ansible/roles/nomad/templates/nomad_systemd.service.j2 b/resources/tools/testbed-setup/ansible/roles/nomad/templates/nomad_systemd.service.j2
index efe2e30bd6..2a87c65063 100644
--- a/resources/tools/testbed-setup/ansible/roles/nomad/templates/nomad_systemd.service.j2
+++ b/resources/tools/testbed-setup/ansible/roles/nomad/templates/nomad_systemd.service.j2
@@ -6,7 +6,7 @@ After=network-online.target
 
 [Service]
 # TODO: Decrease privilege
-ExecReload=/bin/kill -SIGKILL $MAINPID
+ExecReload=/bin/kill -SIGHUP $MAINPID
 ExecStart={{ nomad_bin_dir }}/nomad agent -config={{ nomad_config_dir }}
 KillSignal=SIGTERM
 LimitNOFILE=infinity
diff --git a/resources/tools/testbed-setup/ansible/vpp_device.yaml b/resources/tools/testbed-setup/ansible/vpp_device.yaml
index aae5ad3039..363d1b190a 100644
--- a/resources/tools/testbed-setup/ansible/vpp_device.yaml
+++ b/resources/tools/testbed-setup/ansible/vpp_device.yaml
@@ -6,19 +6,23 @@
   become: yes
   become_user: root
   roles:
+    - role: user_add
+      tags: user_add
     - role: baremetal
       tags: baremetal
     - role: common
       tags: common
     - role: docker
       tags: docker
+    - role: nomad
+      tags: nomad
+    - role: consul
+      tags: consul
     - role: vpp_device
       tags: vpp_device
     - role: kernel_vm
       tags: kernel_vm
     - role: csit_sut_image
       tags: csit_sut_image
-    - role: nomad
-      tags: nomad
     - role: cleanup
       tags: cleanup
-- 
2.16.6