diff options
Diffstat (limited to 'ansible/roles/consul')
-rw-r--r-- | ansible/roles/consul/files/consul.service | 8 | ||||
-rw-r--r-- | ansible/roles/consul/handlers/main.yml | 4 | ||||
-rw-r--r-- | ansible/roles/consul/tasks/main.yml | 49 | ||||
-rw-r--r-- | ansible/roles/consul/templates/consul.json.j2 | 27 | ||||
-rw-r--r-- | ansible/roles/consul/vars/.gitignore | 1 | ||||
-rw-r--r-- | ansible/roles/consul/vars/main.yml.sample | 2 |
6 files changed, 91 insertions, 0 deletions
diff --git a/ansible/roles/consul/files/consul.service b/ansible/roles/consul/files/consul.service new file mode 100644 index 0000000..3993567 --- /dev/null +++ b/ansible/roles/consul/files/consul.service @@ -0,0 +1,8 @@ +[Unit] +Description=Consul + +[Service] +ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/consul/handlers/main.yml b/ansible/roles/consul/handlers/main.yml new file mode 100644 index 0000000..e8cd4a4 --- /dev/null +++ b/ansible/roles/consul/handlers/main.yml @@ -0,0 +1,4 @@ +--- + +- name: restart consul + service: name=consul state=restarted diff --git a/ansible/roles/consul/tasks/main.yml b/ansible/roles/consul/tasks/main.yml new file mode 100644 index 0000000..a943022 --- /dev/null +++ b/ansible/roles/consul/tasks/main.yml @@ -0,0 +1,49 @@ +- name: "Set consul version" + set_fact: + consul_version: 1.4.0 + +- name: "Download and install Consul for armv7l" + unarchive: + src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_arm.zip" + dest: /usr/local/bin + remote_src: yes + when: + - "ansible_architecture == 'armv7l'" + notify: + - restart consul + +- name: "Download and install Consul for x86_64" + unarchive: + src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip" + dest: /usr/local/bin + remote_src: yes + when: + - "ansible_architecture == 'x86_64'" + notify: + - restart consul + +- name: "Download and install Consul for arm64" + unarchive: + src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_arm64.zip" + dest: /usr/local/bin + remote_src: yes + when: + - "ansible_architecture == 'aarch64'" + notify: + - restart consul + +- name: "Create consul configuration directory" + file: path=/etc/consul/ state=directory + +- name: "Deploy consul configuration" + template: src=consul.json.j2 dest=/etc/consul/consul.json + notify: + - restart consul + +- name: "Deploy consul systemd service" + copy: src=consul.service dest=/etc/systemd/system/consul.service + notify: + - restart consul + +- name: "Enable consul systemd service at boot" + service: name=consul state=started enabled=yes daemon_reload=yes diff --git a/ansible/roles/consul/templates/consul.json.j2 b/ansible/roles/consul/templates/consul.json.j2 new file mode 100644 index 0000000..d1bd2d8 --- /dev/null +++ b/ansible/roles/consul/templates/consul.json.j2 @@ -0,0 +1,27 @@ +{ + "data_dir": "/var/lib/consul", + "bind_addr": "0.0.0.0", + "advertise_addr": "{{ public_ip }}", + "addresses": { + "dns": "0.0.0.0", + "http": "0.0.0.0" + }, + "retry_join": [ + {% for selected_host in groups['cluster_nodes']|reject("sameas", ansible_fqdn) %}{# @FIXME: Reject doesn't work #} + "{{ hostvars[selected_host]['private_ip'] }}" {{ "," if not loop.last else "" }} + {% endfor %} + ], + "bootstrap_expect": 3, + "server": true, + "ui": true, + "ports": { + "dns": 53 + }, + "encrypt": "{{ consul_gossip_encrypt }}", + "domain": "2.cluster.deuxfleurs.fr", + "performance": { + "raft_multiplier": 10, + "rpc_hold_timeout": "30s", + "leave_drain_time": "30s" + } +} diff --git a/ansible/roles/consul/vars/.gitignore b/ansible/roles/consul/vars/.gitignore new file mode 100644 index 0000000..ff5c0bd --- /dev/null +++ b/ansible/roles/consul/vars/.gitignore @@ -0,0 +1 @@ +main.yml diff --git a/ansible/roles/consul/vars/main.yml.sample b/ansible/roles/consul/vars/main.yml.sample new file mode 100644 index 0000000..9c44126 --- /dev/null +++ b/ansible/roles/consul/vars/main.yml.sample @@ -0,0 +1,2 @@ +--- +consul_gossip_encrypt: "<secret>" |