Update to 2022-08-01 16:00
This commit is contained in:
parent
1650198b44
commit
576eba31fe
|
|
@ -16,63 +16,43 @@ consul_root_dir: /opt/consul
|
|||
# List of consul servers name or IP
|
||||
consul_servers: []
|
||||
|
||||
# List of services exposed by consul, the ports they use, and the list of IP
|
||||
# for which the service is accessible at the firewall level (if iptables_manage == True)
|
||||
consul_base_services:
|
||||
dns:
|
||||
port: "{{ consul_conf.ports.dns | default(8600) }}"
|
||||
src_ip: []
|
||||
proto: [tcp,udp]
|
||||
http:
|
||||
port: "{{ consul_conf.ports.http | default(8500) }}"
|
||||
src_ip: []
|
||||
proto: [tcp]
|
||||
https:
|
||||
port: "{{ consul_conf.ports.https | default(8501) }}"
|
||||
src_ip: []
|
||||
proto: [tcp]
|
||||
grpc:
|
||||
port: "{{ consul_conf.ports.groc | default(8502) }}"
|
||||
src_ip: []
|
||||
proto: [tcp]
|
||||
serf_lan:
|
||||
port: "{{ consul_conf.ports.serf_lan | default(8301) }}"
|
||||
src_ip: []
|
||||
proto: [tcp,udp]
|
||||
serf_wan:
|
||||
port: "{{ consul_conf.ports.serf_wan | default(8302) }}"
|
||||
src_ip: []
|
||||
proto: [tcp,udp]
|
||||
server:
|
||||
port: "{{ consul_conf.ports.server | default(8300) }}"
|
||||
src_ip: []
|
||||
proto: [tcp]
|
||||
sidecar_proxy:
|
||||
port: "{{ consul_conf.ports.sidecar_proxy_min | default(21000) }}:{{ consul_conf.ports.sidecar_proxy_max | default(21255) }}"
|
||||
src_ip: []
|
||||
proto: [tcp]
|
||||
consul_extra_services: {}
|
||||
consul_services: "{{ consul_base_services | combine(consul_extra_services, recursive=True) }}"
|
||||
|
||||
# Consul configuration (which will be converted to JSON)
|
||||
# The configuration is splited in a base conf and an extra conf, so you can override part of the config easily
|
||||
consul_base_conf:
|
||||
node_name: "{{ inventory_hostname }}"
|
||||
data_dir: "{{ consul_root_dir }}/data"
|
||||
client_addr: 0.0.0.0
|
||||
log_level: INFO
|
||||
bind_addr: 0.0.0.0
|
||||
|
||||
# Address that is advertised to the other nodes
|
||||
advertise_addr: "{{ ansible_default_ipv4.address }}"
|
||||
# You can also advertise the WAN addr
|
||||
# advertise_addr_wan: x.x.x.x
|
||||
|
||||
# You can define the datacenter in which this agent is running. The default value is dc1
|
||||
# datacenter: dc1
|
||||
|
||||
# Node name, which should be uniq in the region. Default is the hostname
|
||||
# node_name: nomade-fr-zone-c
|
||||
|
||||
# Optional encryption key for the gossip protocol
|
||||
# You can generate one with cinsul keygen. The key should be the same on all the members
|
||||
# encrypt: WSnGbK30nI6K/xk9w+AAtk0Y3RMXKoAlsj4VEICqi0I=
|
||||
|
||||
retry_join: "{{ consul_servers }}"
|
||||
bootstrap_expect: "{{ consul_servers | length }}"
|
||||
|
||||
server: "{{ (inventory_hostname in consul_servers) | ternary(True, False) }}"
|
||||
|
||||
ui_config:
|
||||
enabled: "{{ (inventory_hostname in consul_servers) | ternary(True, False) }}"
|
||||
connect:
|
||||
enabled: "{{ (inventory_hostname in consul_servers) | ternary(True, False) }}"
|
||||
|
||||
performance:
|
||||
raft_multiplier: 1
|
||||
|
||||
consul_extra_conf: {}
|
||||
consul_host_conf: {}
|
||||
consul_conf: "{{ consul_base_conf | combine(consul_extra_conf, recursive=True) | combine(consul_host_conf, recursive=True) }}"
|
||||
|
||||
# For example
|
||||
# consul_extra_conf:
|
||||
# datacenter: my-dc
|
||||
|
|
@ -81,9 +61,45 @@ consul_base_conf:
|
|||
# ui_config:
|
||||
# enabled: False
|
||||
|
||||
consul_extra_conf: {}
|
||||
# Host conf is just another level of configuration override
|
||||
consul_host_conf: {}
|
||||
|
||||
# Merge all the conf
|
||||
consul_conf: "{{ consul_base_conf | combine(consul_extra_conf, recursive=True) | combine(consul_host_conf, recursive=True) }}"
|
||||
# List of services exposed by consul, the ports they use, and the list of IP
|
||||
# for which the service is accessible at the firewall level (if iptables_manage == True)
|
||||
consul_base_services:
|
||||
dns:
|
||||
port: 8600
|
||||
src_ip: []
|
||||
proto: [tcp,udp]
|
||||
http:
|
||||
port: 8500
|
||||
src_ip: []
|
||||
proto: [tcp]
|
||||
https:
|
||||
port: 8501
|
||||
src_ip: []
|
||||
proto: [tcp]
|
||||
grpc:
|
||||
port: 8502
|
||||
src_ip: []
|
||||
proto: [tcp]
|
||||
serf_lan:
|
||||
port: 8301
|
||||
src_ip: []
|
||||
proto: [tcp,udp]
|
||||
serf_wan:
|
||||
port: 8302
|
||||
src_ip: []
|
||||
proto: [tcp,udp]
|
||||
server:
|
||||
port: 8300
|
||||
src_ip: []
|
||||
proto: [tcp]
|
||||
sidecar:
|
||||
port: 21000:21255
|
||||
src_ip: []
|
||||
proto: [tcp]
|
||||
expose:
|
||||
port: 21500:21755
|
||||
src_ip: []
|
||||
proto: [tcp]
|
||||
consul_extra_services: {}
|
||||
consul_host_services: {}
|
||||
consul_services: "{{ consul_base_services | combine(consul_extra_services, recursive=True) | combine(consul_host_services, recursive=True) }}"
|
||||
|
|
|
|||
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
- name: Deploy consul configuration
|
||||
template:
|
||||
src: consul.json.j2
|
||||
dest: "{{ consul_root_dir }}/etc/consul.json"
|
||||
src: consul.hcl.j2
|
||||
dest: "{{ consul_root_dir }}/etc/consul.hcl"
|
||||
owner: root
|
||||
group: "{{ consul_user }}"
|
||||
mode: 640
|
||||
validate: consul validate %s
|
||||
mode: 0640
|
||||
#validate: consul validate %s
|
||||
notify: restart consul
|
||||
tags: consul
|
||||
|
|
|
|||
|
|
@ -1,12 +1,26 @@
|
|||
---
|
||||
|
||||
- name: Detect installed version
|
||||
block:
|
||||
- import_tasks: ../includes/webapps_set_install_mode.yml
|
||||
vars:
|
||||
- root_dir: "{{ consul_root_dir }}"
|
||||
- version: "{{ consul_version }}"
|
||||
- set_fact: consul_install_mode={{ install_mode | default('none') }}
|
||||
- set_fact: consul_current_version={{ current_version | default('') }}
|
||||
- set_fact: consul_install_mode='none'
|
||||
tags: consul
|
||||
|
||||
- name: Detect if consul is installed
|
||||
stat: path=/usr/local/bin/consul
|
||||
register: consul_bin
|
||||
tags: consul
|
||||
|
||||
- when: not consul_bin.stat.exists
|
||||
set_fact: consul_install_mode='install'
|
||||
tags: consul
|
||||
|
||||
- when: consul_bin.stat.exists
|
||||
block:
|
||||
- name: Detect installed version
|
||||
shell: /usr/local/bin/consul version | head -1 | perl -pe 's/Consul v(\d+(\.\d+)*)/$1/'
|
||||
changed_when: False
|
||||
register: consul_current_version
|
||||
- set_fact: consul_current_version={{ consul_current_version.stdout }}
|
||||
tags: consul
|
||||
|
||||
- when: consul_bin.stat.exists and consul_current_version != consul_version
|
||||
set_fact: consul_install_mode='upgrade'
|
||||
|
||||
|
|
|
|||
|
|
@ -6,10 +6,10 @@
|
|||
state: "{{ (('tcp' in consul_services[item].proto or 'udp' in consul_services[item].proto) and consul_services[item].src_ip | length > 0) | ternary('present', 'absent') }}"
|
||||
rules: |
|
||||
{% if 'tcp' in consul_services[item].proto %}
|
||||
-A INPUT -m state --state NEW -p tcp --dport {{ consul_services[item].port }} -j ACCEPT
|
||||
-A INPUT -m state --state NEW -p tcp --dport {{ consul_services[item].port }} -s {{ consul_services[item].src_ip | join(',') }} -j ACCEPT
|
||||
{% endif %}
|
||||
{% if 'udp' in consul_services[item].proto %}
|
||||
-A INPUT -m state --state NEW -p udp --dport {{ consul_services[item].port }} -j ACCEPT
|
||||
-A INPUT -m state --state NEW -p udp --dport {{ consul_services[item].port }} -s {{ consul_services[item].src_ip | join(',') }} -j ACCEPT
|
||||
{% endif %}
|
||||
loop: "{{ consul_services.keys() | list }}"
|
||||
tags: firewall,consul
|
||||
|
|
|
|||
|
|
@ -26,9 +26,6 @@
|
|||
- include_tasks: services.yml
|
||||
tags: always
|
||||
|
||||
- include_tasks: write_version.yml
|
||||
tags: always
|
||||
|
||||
- include_tasks: archive_post.yml
|
||||
when: consul_install_mode | default('none') == 'upgrade'
|
||||
tags: always
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Write installed version
|
||||
copy: content={{ consul_version }} dest={{ consul_root_dir }}/meta/ansible_version
|
||||
tags: consul
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
data_dir = "{{ consul_root_dir }}/data"
|
||||
log_level = "{{ consul_conf.log_level }}"
|
||||
bind_addr = "0.0.0.0"
|
||||
client_addr = "0.0.0.0"
|
||||
|
||||
advertise_addr = "{{ consul_conf.advertise_addr }}"
|
||||
|
||||
{% if consul_conf.datacenter is defined %}
|
||||
datacenter = "{{ consul_conf.datacenter }}"
|
||||
{% endif %}
|
||||
|
||||
{% if consul_conf.node_name is defined %}
|
||||
node_name = {{ consul_conf.node_name }}
|
||||
{% endif %}
|
||||
|
||||
ports {
|
||||
{% for service in consul_services.keys() | list %}
|
||||
{% if service not in ['sidecar', 'expose'] and consul_services[service].port is defined %}
|
||||
{{ service }} = {{ consul_services[service].port }}
|
||||
{% elif service in ['sidecar', 'expose'] %}
|
||||
{{ service }}_min_port = {{ consul_services[service].port | split(':') | first }}
|
||||
{{ service }}_max_port = {{ consul_services[service].port | split(':') | last }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
}
|
||||
|
||||
bootstrap_expect = {{ consul_conf.bootstrap_expect }}
|
||||
|
||||
performance {
|
||||
raft_multiplier = {{ consul_conf.performance.raft_multiplier }}
|
||||
}
|
||||
|
||||
retry_join = [
|
||||
{% for server in consul_servers %}
|
||||
"{{ server }}",
|
||||
{% endfor %}
|
||||
]
|
||||
|
||||
server = {{ consul_conf.server | ternary('true', 'false') }}
|
||||
|
||||
{% if consul_conf.encrypt is defined %}
|
||||
encrypt = "{{ consul_conf.encrypt }}"
|
||||
{% endif %}
|
||||
|
||||
ui_config {
|
||||
enabled = {{ consul_conf.ui_config.enabled | ternary('true', 'false') }}
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
{{ consul_conf | to_nice_json(indent=2) }}
|
||||
|
|
@ -3,17 +3,18 @@ Description="HashiCorp Consul - A service mesh solution"
|
|||
Documentation=https://www.consul.io/
|
||||
Requires=network-online.target
|
||||
After=network-online.target
|
||||
ConditionFileNotEmpty={{ consul_root_dir }}/etc/consul.json
|
||||
ConditionFileNotEmpty={{ consul_root_dir }}/etc/consul.hcl
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=-{{ consul_root_dir }}/etc/consul.env
|
||||
User={{ consul_user }}
|
||||
Group={{ consul_user }}
|
||||
ExecStart={{ consul_root_dir }}/bin/consul agent -config-dir={{ consul_root_dir }}/etc/
|
||||
ExecStart={{ consul_root_dir }}/bin/consul agent -config-file={{ consul_root_dir }}/etc/consul.hcl
|
||||
ExecReload=/bin/kill --signal HUP $MAINPID
|
||||
KillMode=process
|
||||
KillSignal=SIGTERM
|
||||
Restart=on-failure
|
||||
RestartSec=2
|
||||
LimitNOFILE=65536
|
||||
|
||||
[Install]
|
||||
|
|
|
|||
|
|
@ -20,6 +20,13 @@ nomad_servers: []
|
|||
# Nomad configuration
|
||||
nomad_base_conf:
|
||||
log_level: INFO
|
||||
|
||||
# You can define the datacenter in which this agent is running. The default value is dc1
|
||||
# datacenter: dc1
|
||||
|
||||
# Node name, which should be uniq in the region. Default is the hostname
|
||||
# name: nomade-fr-zone-c
|
||||
|
||||
# Client related settings
|
||||
# The default is to act as a client if the hostname is not listed in nomad servers
|
||||
client:
|
||||
|
|
|
|||
|
|
@ -2,6 +2,16 @@ data_dir = "{{ nomad_root_dir }}/data"
|
|||
log_level = "{{ nomad_conf.log_level }}"
|
||||
bind_addr = "0.0.0.0"
|
||||
|
||||
{% if nomad_conf.datacenter is defined %}
|
||||
datacenter = "{{ nomad_conf.datacenter }}"
|
||||
{% endif %}
|
||||
|
||||
{% if nomad_conf.name is defined %}
|
||||
name = {{ nomad_conf.name }}
|
||||
{% endif %}
|
||||
|
||||
disable_update_check = true
|
||||
|
||||
advertise {
|
||||
{% for service in nomad_services.keys() | list %}
|
||||
{% if nomad_services[service].advertise is defined %}
|
||||
|
|
|
|||
Loading…
Reference in New Issue