From 9d4a3e494783222f91af72acb0b22ecbfa977cdb Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Thu, 11 Aug 2022 11:00:17 +0200
Subject: [PATCH] Update to 2022-08-11 11:00

---
 roles/consul/defaults/main.yml       |   8 ++++++++
 roles/consul/tasks/archive_pre.yml   |  19 +++++++++++++++++--
 roles/consul/tasks/conf.yml          |  12 ++++++++++++
 roles/consul/tasks/facts.yml         |   1 +
 roles/consul/templates/consul.hcl.j2 |   4 ++++
 roles/nomad/defaults/main.yml        |   9 +++++++++
 roles/nomad/tasks/.conf.yml.swp      | Bin 12288 -> 0 bytes
 roles/nomad/tasks/conf.yml           |  13 +++++++++++++
 roles/nomad/templates/nomad.hcl.j2   |  16 ++++++++++++++++
 9 files changed, 80 insertions(+), 2 deletions(-)
 delete mode 100644 roles/nomad/tasks/.conf.yml.swp

diff --git a/roles/consul/defaults/main.yml b/roles/consul/defaults/main.yml
index 4fc8e44..bc3c329 100644
--- a/roles/consul/defaults/main.yml
+++ b/roles/consul/defaults/main.yml
@@ -13,6 +13,10 @@ consul_user: consul
 # Root directory where consul will be installed
 consul_root_dir: /opt/consul
 
+# If ACL are enabled, you need to set a management token for ansible
+# to be able to manage Consul (eg snapshot before upgrades)
+# consul_mgm_token: XXXXXXXXX
+
 # List of consul servers name or IP
 consul_servers: []
 
@@ -41,6 +45,10 @@ consul_base_conf:
   # You can define the datacenter in which this agent is running. The default value is dc1
   # datacenter: dc1
 
+  # When several DC are used, one must be set as the primary. This DC will be used as the
+  # source for ACL replication
+  # primary_datacenter: dc1
+
   # Node name, which should be uniq in the region. Default is the hostname
   # node_name: consule-fr-zone-c
 
diff --git a/roles/consul/tasks/archive_pre.yml b/roles/consul/tasks/archive_pre.yml
index 23ca131..0c83f4c 100644
--- a/roles/consul/tasks/archive_pre.yml
+++ b/roles/consul/tasks/archive_pre.yml
@@ -4,7 +4,22 @@
   file: path={{ consul_root_dir }}/archives/{{ consul_current_version }} state=directory
   tags: consul
 
-- name: Backup previous version
-  copy: src={{ consul_root_dir }}/bin/consul dest={{ consul_root_dir }}/archives/{{ consul_current_version }}/ remote_src=True
+- name: Snapshot consul data
+  command: "{{ consul_root_dir }}/bin/consul snapshot save {{ consul_root_dir }}/archives/{{ consul_current_version }}/consul.snap"
+  args:
+    creates: "{{ consul_root_dir }}/archives/{{ consul_current_version }}/consul.snap"
+  failed_when: False # If consul is not running, it'll fail, just continue
+  environment:
+    CONSUL_TOKEN: "{{ consul_mgm_token | default(omit) }}"
+  tags: consul
+
+- name: Backup previous version
+  synchronize:
+    src: "{{ consul_root_dir }}/{{ item }}"
+    dest: "{{ consul_root_dir }}/archives/{{ consul_current_version }}/"
+    compress: False
+  delegate_to: "{{ inventory_hostname }}"
+  loop:
+    - bin
   tags: consul
 
diff --git a/roles/consul/tasks/conf.yml b/roles/consul/tasks/conf.yml
index 9c17d76..7fb9a2a 100644
--- a/roles/consul/tasks/conf.yml
+++ b/roles/consul/tasks/conf.yml
@@ -60,3 +60,15 @@
   when: consul_conf_validation.rc != 0
   tags: consul
 
+# Now we remove the backup config to prevent consul warning about invalid config files
+- name: List backup conf
+  shell: ls -1 {{ consul_root_dir }}/etc/*.hcl.*
+  failed_when: False
+  changed_when: False
+  register: consul_backup_configs
+  tags: consul
+
+- name: Remove backup configs
+  file: path={{ item }} state=absent
+  loop: "{{ consul_backup_configs.stdout_lines }}"
+  tags: consul
diff --git a/roles/consul/tasks/facts.yml b/roles/consul/tasks/facts.yml
index be8d5ee..aac97bf 100644
--- a/roles/consul/tasks/facts.yml
+++ b/roles/consul/tasks/facts.yml
@@ -23,4 +23,5 @@
 
 - when: consul_bin.stat.exists and consul_current_version != consul_version
   set_fact: consul_install_mode='upgrade'
+  tags: consul
 
diff --git a/roles/consul/templates/consul.hcl.j2 b/roles/consul/templates/consul.hcl.j2
index 96d854e..4369660 100644
--- a/roles/consul/templates/consul.hcl.j2
+++ b/roles/consul/templates/consul.hcl.j2
@@ -8,6 +8,10 @@ advertise_addr = "{{ consul_conf.advertise_addr }}"
 datacenter = "{{ consul_conf.datacenter }}"
 {% endif %}
 
+{% if consul_conf.primary_datacenter is defined %}
+primary_datacenter = "{{ consul_conf.primary_datacenter }}"
+{% endif %}
+
 {% if consul_conf.node_name is defined %}
 node_name = {{ consul_conf.node_name }}
 {% endif %}
diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml
index e7e2eb7..69665ca 100644
--- a/roles/nomad/defaults/main.yml
+++ b/roles/nomad/defaults/main.yml
@@ -156,6 +156,15 @@ nomad_base_conf:
     publish_allocation_metrics: True
     publish_node_metrics: True
 
+  # Consul integration
+  # See https://www.nomadproject.io/docs/configuration/consul
+  consul:
+    # address: http://localhost:8500
+    # allow_unauthenticated: True
+    # tags: []
+
+
+
 # You can override part of the default config without rewriting everything else
 # the dict will get merged
 nomad_extra_conf: {}
diff --git a/roles/nomad/tasks/.conf.yml.swp b/roles/nomad/tasks/.conf.yml.swp
deleted file mode 100644
index 6408b6619e720a180caba1134d47b8ecbd6a192b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 12288
zcmeI2PiP!f9LHY*T5U`#6~UXoCeYi?ZvLP+Vo_p(B?KYH+{*Ut%-hX0GxL_2w+W#n
z3iTj@f;aKvwctg?LwoE=FVdSxkL{uK&`ap4=HU0upZ%AOp}9!pH}GMZ+4p|?`+fHJ
zn<Qi!we>42^o~;#I9?TEVSc~y=&R|mZy&xO{D%Mj;zw(%A1o|73m>o86(f&OwvBFA
zW@>Ye+AxXql;i2>@Y21ZfYmhdsxnT4MyRTZ4pmx>btL_&k?Cey^>o~HcB1fbAilx|
z*uV)4Op3YLnQYXjr!LZK7d|~f4Bo;9*Z><~18jf|umLu}2H3!9HDKCf;xi;aUKDV-
zcpV#hEl&A`4X^<=zy{a=8(;%$fDNz#Hoykh02?@k2Ba^<qccMM{SuPL|NqOs{}0aN
z8u$y`1Gm6;U=J*Vx54XR96UKE#2?^i@DtbrG57?$2`0efNg@6Ocfk+f3vd%$15aNO
z;y(Bld;`7)H^CNI2JeCw!MzC~egWSD1FnKgU>fY772*N-5u{)pTn2A|G4T7#Li`5q
zfZO0p@Hwb~v)};rTL;gq2R_&U8(;%$fDN#L|E&QcBU`CU*+YkdXnRA&#aZ1xd|2O-
zVc<&>=-5d-y7(T|u!<;3TP{s4$skld8BN79MRrrr>Ll3~mu}q1Lmvv38eew|?e0z?
zUK4R#QK48y$|W0>g63eT@)M9qwp`(tw!!3aS|0sXBr4R>&pzL2NN=;#t~Zf21u6Ne
z8N>)wZnLkE_K`yEt@*sp@~u{)J8e|lt*4W!q{zNpL!`H3mAI5>ZA9-XQKBMkR2|QH
zy0n&b)WDm*N=<)cySwfOHhNVVubLO&Y<Qtn)jP6iy@ZacGdEmr^K^U173EoJd=)9^
zL?KV>O5$16LHXFw-80xDkqqKf>^5urW7Uo>@_EGC2#1ssRj3haZ_|DuiAueWa&1%F
zBT=m&HMW_u6o<!0WQ(Yw@Q|^p+g|MNprPLMHe}pVem$RxB^jn=17de1W54*2BEfRf
zRBw2PTe7R|=q0_b&2lX}Z9Tu84EI-2PpnPQ+`#~4eb~Jz*<y!<^tF4jnJ6Fcp%EJ~
z(8mw+s6jr-oMtoHQ{h~nEs`}VYKPL`3rB6}gZ$3-p=yVEC$GDZFk%>s5ItF`k%{?N
oTip&W_Wswdx((F3rDdwR*PqMOz|S01SPa!jtAlGrrBV_90Q!M-8~^|S

diff --git a/roles/nomad/tasks/conf.yml b/roles/nomad/tasks/conf.yml
index e2de84f..ffe17e7 100644
--- a/roles/nomad/tasks/conf.yml
+++ b/roles/nomad/tasks/conf.yml
@@ -60,3 +60,16 @@
   when: nomad_conf_validation.rc != 0
   tags: nomad
 
+# Now we remove the backup config to prevent nomad warning about invalid config files
+- name: List backup conf
+  shell: ls -1 {{ nomad_root_dir }}/etc/*.hcl.*
+  failed_when: False
+  changed_when: False
+  register: nomad_backup_configs
+  tags: nomad
+
+- name: Remove backup configs
+  file: path={{ item }} state=absent
+  loop: "{{ nomad_backup_configs.stdout_lines }}"
+  tags: nomad
+
diff --git a/roles/nomad/templates/nomad.hcl.j2 b/roles/nomad/templates/nomad.hcl.j2
index f117922..b4c9c03 100644
--- a/roles/nomad/templates/nomad.hcl.j2
+++ b/roles/nomad/templates/nomad.hcl.j2
@@ -164,3 +164,19 @@ telemetry {
   publish_allocation_metrics = {{ nomad_conf.telemetry.publish_allocation_metrics | ternary('true', 'false') }}
   publish_node_metrics = {{ nomad_conf.telemetry.publish_node_metrics | ternary('true', 'false') }}
 }
+
+consul {
+{% if nomad_conf.consul.address is defined %}
+  address = "{{ nomad_conf.consul.address }}"
+{% endif %}
+{% if nomad_conf.consul.allow_unauthenticated is defined %}
+  allow_unauthenticated = {{ nomad_conf.consul.allow_unauthenticated | ternary('true', 'false') }}
+{% endif %}
+{% if nomad_conf.consul.tags is defined and nomad_conf.consul.tags is iterable %}
+  tags = [
+{% for tag in nomad_conf.consul.tags %}
+    "{{ tag }}"
+  ]
+{% endfor %}
+{% endif %}
+}