diff --git a/roles/consul/defaults/main.yml b/roles/consul/defaults/main.yml index 4fc8e44..bc3c329 100644 --- a/roles/consul/defaults/main.yml +++ b/roles/consul/defaults/main.yml @@ -13,6 +13,10 @@ consul_user: consul # Root directory where consul will be installed consul_root_dir: /opt/consul +# If ACL are enabled, you need to set a management token for ansible +# to be able to manage Consul (eg snapshot before upgrades) +# consul_mgm_token: XXXXXXXXX + # List of consul servers name or IP consul_servers: [] @@ -41,6 +45,10 @@ consul_base_conf: # You can define the datacenter in which this agent is running. The default value is dc1 # datacenter: dc1 + # When several DC are used, one must be set as the primary. This DC will be used as the + # source for ACL replication + # primary_datacenter: dc1 + # Node name, which should be uniq in the region. Default is the hostname # node_name: consule-fr-zone-c diff --git a/roles/consul/tasks/archive_pre.yml b/roles/consul/tasks/archive_pre.yml index 23ca131..0c83f4c 100644 --- a/roles/consul/tasks/archive_pre.yml +++ b/roles/consul/tasks/archive_pre.yml @@ -4,7 +4,22 @@ file: path={{ consul_root_dir }}/archives/{{ consul_current_version }} state=directory tags: consul -- name: Backup previous version - copy: src={{ consul_root_dir }}/bin/consul dest={{ consul_root_dir }}/archives/{{ consul_current_version }}/ remote_src=True +- name: Snapshot consul data + command: "{{ consul_root_dir }}/bin/consul snapshot save {{ consul_root_dir }}/archives/{{ consul_current_version }}/consul.snap" + args: + creates: "{{ consul_root_dir }}/archives/{{ consul_current_version }}/consul.snap" + failed_when: False # If consul is not running, it'll fail, just continue + environment: + CONSUL_TOKEN: "{{ consul_mgm_token | default(omit) }}" + tags: consul + +- name: Backup previous version + synchronize: + src: "{{ consul_root_dir }}/{{ item }}" + dest: "{{ consul_root_dir }}/archives/{{ consul_current_version }}/" + compress: False + delegate_to: "{{ inventory_hostname }}" + loop: + - bin tags: consul diff --git a/roles/consul/tasks/conf.yml b/roles/consul/tasks/conf.yml index 9c17d76..7fb9a2a 100644 --- a/roles/consul/tasks/conf.yml +++ b/roles/consul/tasks/conf.yml @@ -60,3 +60,15 @@ when: consul_conf_validation.rc != 0 tags: consul +# Now we remove the backup config to prevent consul warning about invalid config files +- name: List backup conf + shell: ls -1 {{ consul_root_dir }}/etc/*.hcl.* + failed_when: False + changed_when: False + register: consul_backup_configs + tags: consul + +- name: Remove backup configs + file: path={{ item }} state=absent + loop: "{{ consul_backup_configs.stdout_lines }}" + tags: consul diff --git a/roles/consul/tasks/facts.yml b/roles/consul/tasks/facts.yml index be8d5ee..aac97bf 100644 --- a/roles/consul/tasks/facts.yml +++ b/roles/consul/tasks/facts.yml @@ -23,4 +23,5 @@ - when: consul_bin.stat.exists and consul_current_version != consul_version set_fact: consul_install_mode='upgrade' + tags: consul diff --git a/roles/consul/templates/consul.hcl.j2 b/roles/consul/templates/consul.hcl.j2 index 96d854e..4369660 100644 --- a/roles/consul/templates/consul.hcl.j2 +++ b/roles/consul/templates/consul.hcl.j2 @@ -8,6 +8,10 @@ advertise_addr = "{{ consul_conf.advertise_addr }}" datacenter = "{{ consul_conf.datacenter }}" {% endif %} +{% if consul_conf.primary_datacenter is defined %} +primary_datacenter = "{{ consul_conf.primary_datacenter }}" +{% endif %} + {% if consul_conf.node_name is defined %} node_name = {{ consul_conf.node_name }} {% endif %} diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml index e7e2eb7..69665ca 100644 --- a/roles/nomad/defaults/main.yml +++ b/roles/nomad/defaults/main.yml @@ -156,6 +156,15 @@ nomad_base_conf: publish_allocation_metrics: True publish_node_metrics: True + # Consul integration + # See https://www.nomadproject.io/docs/configuration/consul + consul: + # address: http://localhost:8500 + # allow_unauthenticated: True + # tags: [] + + + # You can override part of the default config without rewriting everything else # the dict will get merged nomad_extra_conf: {} diff --git a/roles/nomad/tasks/.conf.yml.swp b/roles/nomad/tasks/.conf.yml.swp deleted file mode 100644 index 6408b66..0000000 Binary files a/roles/nomad/tasks/.conf.yml.swp and /dev/null differ diff --git a/roles/nomad/tasks/conf.yml b/roles/nomad/tasks/conf.yml index e2de84f..ffe17e7 100644 --- a/roles/nomad/tasks/conf.yml +++ b/roles/nomad/tasks/conf.yml @@ -60,3 +60,16 @@ when: nomad_conf_validation.rc != 0 tags: nomad +# Now we remove the backup config to prevent nomad warning about invalid config files +- name: List backup conf + shell: ls -1 {{ nomad_root_dir }}/etc/*.hcl.* + failed_when: False + changed_when: False + register: nomad_backup_configs + tags: nomad + +- name: Remove backup configs + file: path={{ item }} state=absent + loop: "{{ nomad_backup_configs.stdout_lines }}" + tags: nomad + diff --git a/roles/nomad/templates/nomad.hcl.j2 b/roles/nomad/templates/nomad.hcl.j2 index f117922..b4c9c03 100644 --- a/roles/nomad/templates/nomad.hcl.j2 +++ b/roles/nomad/templates/nomad.hcl.j2 @@ -164,3 +164,19 @@ telemetry { publish_allocation_metrics = {{ nomad_conf.telemetry.publish_allocation_metrics | ternary('true', 'false') }} publish_node_metrics = {{ nomad_conf.telemetry.publish_node_metrics | ternary('true', 'false') }} } + +consul { +{% if nomad_conf.consul.address is defined %} + address = "{{ nomad_conf.consul.address }}" +{% endif %} +{% if nomad_conf.consul.allow_unauthenticated is defined %} + allow_unauthenticated = {{ nomad_conf.consul.allow_unauthenticated | ternary('true', 'false') }} +{% endif %} +{% if nomad_conf.consul.tags is defined and nomad_conf.consul.tags is iterable %} + tags = [ +{% for tag in nomad_conf.consul.tags %} + "{{ tag }}" + ] +{% endfor %} +{% endif %} +}