From 69fb3f11d11e9dd4d0a28743b2cf9f1d44cff83d Mon Sep 17 00:00:00 2001
From: pmikus <pmikus@cisco.com>
Date: Mon, 20 Sep 2021 08:03:55 +0000
Subject: [PATCH] Infra: Ansible Nomad, Consul

+ Fix idempotency
+ Fix APT download

Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I03304c1c229c921806658b0169bd230154d8dde9
---
 fdio.infra.ansible/roles/consul/defaults/main.yaml |  2 ++
 fdio.infra.ansible/roles/consul/tasks/main.yaml    | 38 ++++++++++++----------
 fdio.infra.ansible/roles/nomad/defaults/main.yaml  | 12 ++-----
 fdio.infra.ansible/roles/nomad/tasks/main.yaml     | 36 ++++++++++----------
 4 files changed, 43 insertions(+), 45 deletions(-)

diff --git a/fdio.infra.ansible/roles/consul/defaults/main.yaml b/fdio.infra.ansible/roles/consul/defaults/main.yaml
index 1bb72f1a15..3905d05e0a 100644
--- a/fdio.infra.ansible/roles/consul/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/consul/defaults/main.yaml
@@ -27,6 +27,7 @@ consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}"
 consul_version: "1.9.5"
 consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip"
 consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}"
+consul_force_update: false
 
 # Inst - System paths.
 consul_bin_dir: "/usr/local/bin"
@@ -42,6 +43,7 @@ consul_node_role: "both"
 consul_restart_handler_state: "restarted"
 nomad_restart_handler_state: "restarted"
 systemd_resolved_state: "stopped"
+consul_service_mgr: ""
 
 # Conf - User and group.
 consul_group: "consul"
diff --git a/fdio.infra.ansible/roles/consul/tasks/main.yaml b/fdio.infra.ansible/roles/consul/tasks/main.yaml
index f4e08259da..4e229714b7 100644
--- a/fdio.infra.ansible/roles/consul/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/consul/tasks/main.yaml
@@ -1,21 +1,16 @@
 ---
 # file: roles/consul/tasks/main.yaml
 
-- name: Inst - Update Package Cache (APT)
+- name: Install Dependencies
   apt:
-    update_cache: true
+    name: "{{ packages | flatten(levels=1) }}"
+    state: "present"
     cache_valid_time: 3600
+    install_recommends: false
   when:
     - ansible_distribution|lower == 'ubuntu'
   tags:
-    - consul-inst-prerequisites
-
-- name: Inst - Prerequisites
-  package:
-    name: "{{ packages | flatten(levels=1) }}"
-    state: latest
-  tags:
-    - consul-inst-prerequisites
+    - consul-inst-dependencies
 
 - name: Conf - Add Consul Group
   group:
@@ -33,13 +28,6 @@
   tags:
     - consul-conf-user
 
-- name: Inst - Clean Consul
-  file:
-    path: "{{ consul_inst_dir }}/consul"
-    state: "absent"
-  tags:
-    - consul-inst-package
-
 - name: Inst - Download Consul
   get_url:
     url: "{{ consul_zip_url }}"
@@ -47,11 +35,19 @@
   tags:
     - consul-inst-package
 
+- name: Inst - Clean Consul
+  file:
+    path: "{{ consul_inst_dir }}/consul"
+    state: "absent"
+  when:
+    - consul_force_update | bool
+  tags:
+    - consul-inst-package
+
 - name: Inst - Unarchive Consul
   unarchive:
     src: "{{ consul_inst_dir }}/{{ consul_pkg }}"
     dest: "{{ consul_inst_dir }}/"
-    creates: "{{ consul_inst_dir }}/consul"
     remote_src: true
   tags:
     - consul-inst-package
@@ -147,6 +143,8 @@
     mode: 0600
   no_log: true
   loop: "{{ consul_certificates | flatten(levels=1) }}"
+  when:
+    - consul_certificates is defined
   tags:
     - consul-conf
 
@@ -156,6 +154,8 @@
     enabled: false
     name: "systemd-resolved"
     state: "{{ systemd_resolved_state }}"
+  when:
+    - nomad_service_mgr == "systemd"
   tags:
     - consul-conf
 
@@ -169,6 +169,8 @@
   notify:
     - "Restart Consul"
     - "Restart Nomad"
+  when:
+    - nomad_service_mgr == "systemd"
   tags:
     - consul-conf
 
diff --git a/fdio.infra.ansible/roles/nomad/defaults/main.yaml b/fdio.infra.ansible/roles/nomad/defaults/main.yaml
index 2ace6b22d5..f58ac0961d 100644
--- a/fdio.infra.ansible/roles/nomad/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/nomad/defaults/main.yaml
@@ -5,7 +5,6 @@
 packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
 packages_base:
   - "curl"
-  - "git"
   - "unzip"
 packages_by_distro:
   ubuntu:
@@ -35,6 +34,7 @@ nomad_podman_pkg: "nomad-driver-podman_{{ nomad_podman_version }}_linux_{{nomad_
 nomad_podman_url: "https://releases.hashicorp.com/nomad-driver-podman/{{ nomad_podman_version }}"
 nomad_podman_zip_url: "{{ nomad_podman_url }}/{{ nomad_podman_pkg }}"
 nomad_podman_checksum_file_url: "{{ nomad_podman_url }}/nomad-driver-podman_{{ nomad_podman_version }}_SHA256SUMS"
+nomad_force_update: false
 
 # Paths
 nomad_inst_dir: "/opt"
@@ -48,6 +48,7 @@ nomad_ssl_dir: "/etc/nomad.d/ssl"
 
 # Initialization and startup script templates
 nomad_restart_handler_state: "restarted"
+nomad_service_mgr: ""
 
 # System user and group
 nomad_group: "nomad"
@@ -91,14 +92,7 @@ nomad_encrypt_enable: "{{ lookup('env','NOMAD_ENCRYPT_ENABLE') | default('false'
 nomad_raft_protocol: 2
 
 # Client settings
-nomad_certificates:
-  - src: "{{ file_nomad_ca_pem }}"
-    dest: "{{ nomad_ca_file }}"
-  - src: "{{ file_nomad_client_pem }}"
-    dest: "{{ nomad_cert_file }}"
-  - src: "{{ file_nomad_client_key_pem }}"
-    dest: "{{ nomad_key_file }}"
-nomad_node_class: ""
+nomad_node_class: "compute"
 nomad_no_host_uuid: true
 nomad_max_kill_timeout: "30s"
 nomad_gc_interval: "1m"
diff --git a/fdio.infra.ansible/roles/nomad/tasks/main.yaml b/fdio.infra.ansible/roles/nomad/tasks/main.yaml
index 997b1e9c91..8d58c8bb0e 100644
--- a/fdio.infra.ansible/roles/nomad/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/nomad/tasks/main.yaml
@@ -1,21 +1,16 @@
 ---
 # file: roles/nomad/tasks/main.yaml
 
-- name: Inst - Update Package Cache (APT)
+- name: Install Dependencies
   apt:
-    update_cache: true
+    name: "{{ packages | flatten(levels=1) }}"
+    state: "present"
     cache_valid_time: 3600
+    install_recommends: false
   when:
     - ansible_distribution|lower == 'ubuntu'
   tags:
-    - nomad-inst-prerequisites
-
-- name: Inst - Prerequisites
-  package:
-    name: "{{ packages | flatten(levels=1) }}"
-    state: latest
-  tags:
-    - nomad-inst-prerequisites
+    - nomad-inst-dependencies
 
 - name: Conf - Add Nomad Group
   group:
@@ -33,13 +28,6 @@
   tags:
     - nomad-conf-user
 
-- name: Inst - Clean Nomad
-  file:
-    path: "{{ nomad_inst_dir }}/nomad"
-    state: "absent"
-  tags:
-    - nomad-inst-package
-
 - name: Inst - Download Nomad
   get_url:
     url: "{{ nomad_zip_url }}"
@@ -47,11 +35,19 @@
   tags:
     - nomad-inst-package
 
+- name: Inst - Clean Nomad
+  file:
+    path: "{{ nomad_inst_dir }}/nomad"
+    state: "absent"
+  when:
+    - nomad_force_update | bool
+  tags:
+    - nomad-inst-package
+
 - name: Inst - Unarchive Nomad
   unarchive:
     src: "{{ nomad_inst_dir }}/{{ nomad_pkg }}"
     dest: "{{ nomad_inst_dir }}/"
-    creates: "{{ nomad_inst_dir }}/nomad"
     remote_src: true
   tags:
     - nomad-inst-package
@@ -169,6 +165,8 @@
     mode: 0600
   no_log: true
   loop: "{{ nomad_certificates | flatten(levels=1) }}"
+  when:
+    - nomad_certificates
   tags:
     - nomad-conf
 
@@ -181,6 +179,8 @@
     mode: 0644
   notify:
     - "Restart Nomad"
+  when:
+    - nomad_service_mgr == "systemd"
   tags:
     - nomad-conf
 
-- 
2.16.6