From e0ae369ed1786b71045965d103a3bc8a3c5ecb3b Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Tue, 9 Aug 2022 13:00:15 +0200
Subject: [PATCH] Update to 2022-08-09 13:00

---
 roles/consul/tasks/conf.yml              |  66 ++++++++++++++++++++---
 roles/consul/templates/consul.hcl.j2     |   7 ---
 roles/consul/templates/consul.service.j2 |   2 +-
 roles/consul/templates/reload.hcl.j2     |   8 +++
 roles/nomad/tasks/.conf.yml.swp          | Bin 0 -> 12288 bytes
 roles/nomad/tasks/conf.yml               |  66 ++++++++++++++++++++---
 roles/nomad/templates/nomad.hcl.j2       |   1 -
 roles/nomad/templates/nomad.service.j2   |   2 +-
 roles/nomad/templates/reload.hcl.j2      |   1 +
 9 files changed, 127 insertions(+), 26 deletions(-)
 create mode 100644 roles/consul/templates/reload.hcl.j2
 create mode 100644 roles/nomad/tasks/.conf.yml.swp
 create mode 100644 roles/nomad/templates/reload.hcl.j2

diff --git a/roles/consul/tasks/conf.yml b/roles/consul/tasks/conf.yml
index 2fdd57f..9c17d76 100644
--- a/roles/consul/tasks/conf.yml
+++ b/roles/consul/tasks/conf.yml
@@ -1,12 +1,62 @@
 ---
 
 - name: Deploy consul configuration
-  template:
-    src: consul.hcl.j2
-    dest: "{{ consul_root_dir }}/etc/consul.hcl"
-    owner: root
-    group: "{{ consul_user }}"
-    mode: 0640
-    validate: consul validate -config-format=hcl %s
-  notify: restart consul
+  block:
+    - name: Deploy consul configuration
+      template:
+        src: consul.hcl.j2
+        dest: "{{ consul_root_dir }}/etc/consul.hcl"
+        owner: root
+        group: "{{ consul_user }}"
+        mode: 0640
+        backup: True
+      register: consul_main_conf
+      notify: restart consul
+
+    - name: Deploy consul reloadable configuration
+      template:
+        src: reload.hcl.j2
+        dest: "{{ consul_root_dir }}/etc/reload.hcl"
+        owner: root
+        group: "{{ consul_user }}"
+        mode: 0640
+        backup: True
+      register: consul_reload_conf
+      notify: reload consul
+
+    - name: Validate configuration
+      command: consul validate {{ consul_root_dir }}/etc
+      changed_when: False
+      become_user: "{{ consul_user }}"
+      register: consul_conf_validation
+
+  rescue:
+    - block:
+        - name: Restore main configuration
+          copy:
+            src: "{{ consul_main_conf.backup_file }}"
+            dest: "{{ consul_root_dir }}/etc/consul.hcl"
+            remote_src: True
+            owner: root
+            group: "{{ consul_user }}"
+            mode: 0640
+          when: consul_main_conf.backup_file is defined
+  
+        - name: Restore reloadable configuration
+          copy:
+            src: "{{ consul_reload_conf.backup_file }}"
+            dest: "{{ consul_root_dir }}/etc/reload.hcl"
+            remote_src: True
+            owner: root
+            group: "{{ consul_user }}"
+            mode: 0640
+          when: consul_reload_conf.backup_file is defined
+
   tags: consul
+
+- name: Fail if configuration validation failed
+  fail:
+    msg: "Failed to validate configuration: {{ consul_conf_validation.stdout }}"
+  when: consul_conf_validation.rc != 0
+  tags: consul
+
diff --git a/roles/consul/templates/consul.hcl.j2 b/roles/consul/templates/consul.hcl.j2
index d56dcca..05c0d56 100644
--- a/roles/consul/templates/consul.hcl.j2
+++ b/roles/consul/templates/consul.hcl.j2
@@ -1,5 +1,4 @@
 data_dir = "{{ consul_root_dir }}/data"
-log_level = "{{ consul_conf.log_level }}"
 bind_addr = "0.0.0.0"
 client_addr = "0.0.0.0"
 
@@ -13,12 +12,6 @@ datacenter = "{{ consul_conf.datacenter }}"
 node_name = {{ consul_conf.node_name }}
 {% endif %}
 
-node_meta {
-{% for meta in consul_conf.node_meta.keys() | list %}
-  {{ meta }} = "{{ consul_conf.node_meta[meta] }}"
-{% endfor %}
-}
-
 ports {
 {% for service in consul_services.keys() | list %}
 {% if service not in ['sidecar', 'expose'] and consul_services[service].port is defined %}
diff --git a/roles/consul/templates/consul.service.j2 b/roles/consul/templates/consul.service.j2
index b6ba9fa..b957b5d 100644
--- a/roles/consul/templates/consul.service.j2
+++ b/roles/consul/templates/consul.service.j2
@@ -10,7 +10,7 @@ Type=notify
 EnvironmentFile=-{{ consul_root_dir }}/etc/consul.env
 User={{ consul_user }}
 Group={{ consul_user }}
-ExecStart={{ consul_root_dir }}/bin/consul agent -config-file={{ consul_root_dir }}/etc/consul.hcl
+ExecStart={{ consul_root_dir }}/bin/consul agent -config-dir={{ consul_root_dir }}/etc/
 ExecReload=/bin/kill --signal HUP $MAINPID
 SuccessExitStatus=1
 Restart=on-failure
diff --git a/roles/consul/templates/reload.hcl.j2 b/roles/consul/templates/reload.hcl.j2
new file mode 100644
index 0000000..2bfe04b
--- /dev/null
+++ b/roles/consul/templates/reload.hcl.j2
@@ -0,0 +1,8 @@
+log_level = "{{ consul_conf.log_level }}"
+
+node_meta {
+{% for meta in consul_conf.node_meta.keys() | list %}
+  {{ meta }} = "{{ consul_conf.node_meta[meta] }}"
+{% endfor %}
+}
+
diff --git a/roles/nomad/tasks/.conf.yml.swp b/roles/nomad/tasks/.conf.yml.swp
new file mode 100644
index 0000000000000000000000000000000000000000..6408b6619e720a180caba1134d47b8ecbd6a192b
GIT binary patch
literal 12288
zcmeI2PiP!f9LHY*T5U`#6~UXoCeYi?ZvLP+Vo_p(B?KYH+{*Ut%-hX0GxL_2w+W#n
z3iTj@f;aKvwctg?LwoE=FVdSxkL{uK&`ap4=HU0upZ%AOp}9!pH}GMZ+4p|?`+fHJ
zn<Qi!we>42^o~;#I9?TEVSc~y=&R|mZy&xO{D%Mj;zw(%A1o|73m>o86(f&OwvBFA
zW@>Ye+AxXql;i2>@Y21ZfYmhdsxnT4MyRTZ4pmx>btL_&k?Cey^>o~HcB1fbAilx|
z*uV)4Op3YLnQYXjr!LZK7d|~f4Bo;9*Z><~18jf|umLu}2H3!9HDKCf;xi;aUKDV-
zcpV#hEl&A`4X^<=zy{a=8(;%$fDNz#Hoykh02?@k2Ba^<qccMM{SuPL|NqOs{}0aN
z8u$y`1Gm6;U=J*Vx54XR96UKE#2?^i@DtbrG57?$2`0efNg@6Ocfk+f3vd%$15aNO
z;y(Bld;`7)H^CNI2JeCw!MzC~egWSD1FnKgU>fY772*N-5u{)pTn2A|G4T7#Li`5q
zfZO0p@Hwb~v)};rTL;gq2R_&U8(;%$fDN#L|E&QcBU`CU*+YkdXnRA&#aZ1xd|2O-
zVc<&>=-5d-y7(T|u!<;3TP{s4$skld8BN79MRrrr>Ll3~mu}q1Lmvv38eew|?e0z?
zUK4R#QK48y$|W0>g63eT@)M9qwp`(tw!!3aS|0sXBr4R>&pzL2NN=;#t~Zf21u6Ne
z8N>)wZnLkE_K`yEt@*sp@~u{)J8e|lt*4W!q{zNpL!`H3mAI5>ZA9-XQKBMkR2|QH
zy0n&b)WDm*N=<)cySwfOHhNVVubLO&Y<Qtn)jP6iy@ZacGdEmr^K^U173EoJd=)9^
zL?KV>O5$16LHXFw-80xDkqqKf>^5urW7Uo>@_EGC2#1ssRj3haZ_|DuiAueWa&1%F
zBT=m&HMW_u6o<!0WQ(Yw@Q|^p+g|MNprPLMHe}pVem$RxB^jn=17de1W54*2BEfRf
zRBw2PTe7R|=q0_b&2lX}Z9Tu84EI-2PpnPQ+`#~4eb~Jz*<y!<^tF4jnJ6Fcp%EJ~
z(8mw+s6jr-oMtoHQ{h~nEs`}VYKPL`3rB6}gZ$3-p=yVEC$GDZFk%>s5ItF`k%{?N
oTip&W_Wswdx((F3rDdwR*PqMOz|S01SPa!jtAlGrrBV_90Q!M-8~^|S

literal 0
HcmV?d00001

diff --git a/roles/nomad/tasks/conf.yml b/roles/nomad/tasks/conf.yml
index 0689f37..e2de84f 100644
--- a/roles/nomad/tasks/conf.yml
+++ b/roles/nomad/tasks/conf.yml
@@ -1,12 +1,62 @@
 ---
 
 - name: Deploy nomad configuration
-  template:
-    src: nomad.hcl.j2
-    dest: "{{ nomad_root_dir }}/etc/nomad.hcl"
-    owner: root
-    group: "{{ nomad_user }}"
-    mode: 0640
-    validate: nomad config validate %s
-  notify: restart nomad
+  block:
+    - name: Deploy nomad configuration
+      template:
+        src: nomad.hcl.j2
+        dest: "{{ nomad_root_dir }}/etc/nomad.hcl"
+        owner: root
+        group: "{{ nomad_user }}"
+        mode: 0640
+        backup: True
+      register: nomad_main_conf
+      notify: restart nomad
+
+    - name: Deploy nomad reloadable configuration
+      template:
+        src: reload.hcl.j2
+        dest: "{{ nomad_root_dir }}/etc/reload.hcl"
+        owner: root
+        group: "{{ nomad_user }}"
+        mode: 0640
+        backup: True
+      register: nomad_reload_conf
+      notify: reload nomad
+
+    - name: Validate configuration
+      command: nomad config validate {{ nomad_root_dir }}/etc/nomad.hcl {{ nomad_root_dir }}/etc/reload.hcl
+      changed_when: False
+      become_user: "{{ nomad_user }}"
+      register: nomad_conf_validation
+
+  rescue:
+    - block:
+        - name: Restore main configuration
+          copy:
+            src: "{{ nomad_main_conf.backup_file }}"
+            dest: "{{ nomad_root_dir }}/etc/nomad.hcl"
+            remote_src: True
+            owner: root
+            group: "{{ nomad_user }}"
+            mode: 0640
+          when: nomad_main_conf.backup_file is defined
+  
+        - name: Restore reloadable configuration
+          copy:
+            src: "{{ nomad_reload_conf.backup_file }}"
+            dest: "{{ nomad_root_dir }}/etc/reload.hcl"
+            remote_src: True
+            owner: root
+            group: "{{ nomad_user }}"
+            mode: 0640
+          when: nomad_reload_conf.backup_file is defined
+
   tags: nomad
+
+- name: Fail if configuration validation failed
+  fail:
+    msg: "Failed to validate configuration: {{ nomad_conf_validation.stdout }}"
+  when: nomad_conf_validation.rc != 0
+  tags: nomad
+
diff --git a/roles/nomad/templates/nomad.hcl.j2 b/roles/nomad/templates/nomad.hcl.j2
index 3ff3d10..f117922 100644
--- a/roles/nomad/templates/nomad.hcl.j2
+++ b/roles/nomad/templates/nomad.hcl.j2
@@ -1,6 +1,5 @@
 data_dir = "{{ nomad_root_dir }}/data"
 plugin_dir = "{{ nomad_root_dir }}/plugins"
-log_level = "{{ nomad_conf.log_level }}"
 bind_addr = "0.0.0.0"
 
 {% if nomad_conf.datacenter is defined %}
diff --git a/roles/nomad/templates/nomad.service.j2 b/roles/nomad/templates/nomad.service.j2
index 222ba8f..b13c886 100644
--- a/roles/nomad/templates/nomad.service.j2
+++ b/roles/nomad/templates/nomad.service.j2
@@ -9,7 +9,7 @@ ConditionFileNotEmpty={{ nomad_root_dir }}/etc/nomad.hcl
 EnvironmentFile=-{{ nomad_root_dir }}/etc/nomad.env
 User={{ nomad_user }}
 Group={{ nomad_user }}
-ExecStart={{ nomad_root_dir }}/bin/nomad agent -config={{ nomad_root_dir }}/etc/nomad.hcl
+ExecStart={{ nomad_root_dir }}/bin/nomad agent -config={{ nomad_root_dir }}/etc/
 ExecReload=/bin/kill --signal HUP $MAINPID
 SuccessExitStatus=1
 Restart=on-failure
diff --git a/roles/nomad/templates/reload.hcl.j2 b/roles/nomad/templates/reload.hcl.j2
new file mode 100644
index 0000000..dd2fd43
--- /dev/null
+++ b/roles/nomad/templates/reload.hcl.j2
@@ -0,0 +1 @@
+log_level = "{{ nomad_conf.log_level }}"