Refactor 2

6 files changed, 71 insertions, 0 deletions

diff --git a/os/config/roles/consul/files/consul.service b/os/config/roles/consul/files/consul.service
new file mode 100644
index 0000000..ffaa2a3
--- /dev/null
+++ b/os/config/roles/consul/files/consul.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Consul
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul
+
+[Install]
+WantedBy=multi-user.target
diff --git a/os/config/roles/consul/tasks/main.yml b/os/config/roles/consul/tasks/main.yml
new file mode 100644
index 0000000..2b77080
--- /dev/null
+++ b/os/config/roles/consul/tasks/main.yml
@@ -0,0 +1,26 @@
+- name: "Set consul version"
+  set_fact:
+    consul_version: 1.8.0
+
+- name: "Download and install Consul for x86_64"
+  unarchive:
+    src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip"
+    dest: /usr/local/bin
+    remote_src: yes
+  when:
+    - "ansible_architecture == 'x86_64'"
+
+- name: "Create consul configuration directory"
+  file: path=/etc/consul/ state=directory
+
+- name: "Deploy consul configuration"
+  template: src=consul.json.j2 dest=/etc/consul/consul.json
+
+- name: "Deploy consul systemd service"
+  copy: src=consul.service dest=/etc/systemd/system/consul.service
+
+- name: "Enable consul systemd service at boot"
+  service: name=consul state=started enabled=yes daemon_reload=yes
+
+- name: "Deploy resolv.conf to use Consul"
+  template: src=resolv.conf.j2 dest=/etc/resolv.conf
diff --git a/os/config/roles/consul/templates/consul.json.j2 b/os/config/roles/consul/templates/consul.json.j2
new file mode 100644
index 0000000..b6c86aa
--- /dev/null
+++ b/os/config/roles/consul/templates/consul.json.j2
@@ -0,0 +1,30 @@
+{
+  "data_dir": "/var/lib/consul",
+  "bind_addr": "0.0.0.0",
+  "advertise_addr": "{{ public_ip }}",
+  "addresses": {
+    "dns": "0.0.0.0",
+    "http": "0.0.0.0"
+  },
+  "retry_join": [
+   {% for selected_host in groups['cluster_nodes']|reject("sameas", ansible_fqdn) %}{# @FIXME: Reject doesn't work #}
+     "{{ hostvars[selected_host]['private_ip'] }}" {{ "," if not loop.last else "" }}
+   {% endfor %}
+  ],
+  "bootstrap_expect": 3,
+  "server": true,
+  "ui": true,
+  "ports": {
+     "dns": 53
+  },
+  "recursors": [
+    "{{ dns_server }}"
+  ],
+  "encrypt": "{{ consul_gossip_encrypt }}",
+  "domain": "2.cluster.deuxfleurs.fr",
+  "performance": {
+    "raft_multiplier": 10,
+    "rpc_hold_timeout": "30s",
+    "leave_drain_time": "30s"
+  }
+}
diff --git a/os/config/roles/consul/templates/resolv.conf.j2 b/os/config/roles/consul/templates/resolv.conf.j2
new file mode 100644
index 0000000..2404034
--- /dev/null
+++ b/os/config/roles/consul/templates/resolv.conf.j2
@@ -0,0 +1,2 @@
+nameserver {{ private_ip }}
+nameserver {{ dns_server }}
diff --git a/os/config/roles/consul/vars/.gitignore b/os/config/roles/consul/vars/.gitignore
new file mode 100644
index 0000000..ff5c0bd
--- /dev/null
+++ b/os/config/roles/consul/vars/.gitignore
@@ -0,0 +1 @@
+main.yml
diff --git a/os/config/roles/consul/vars/main.yml.sample b/os/config/roles/consul/vars/main.yml.sample
new file mode 100644
index 0000000..9c44126
--- /dev/null
+++ b/os/config/roles/consul/vars/main.yml.sample
@@ -0,0 +1,2 @@
+---
+consul_gossip_encrypt: "<secret>"