From 789541a90f15dd07e86f406ce9601b347af854af Mon Sep 17 00:00:00 2001
From: Ryan Cavicchioni <ryan@cavi.cc>
Date: Tue, 30 Aug 2022 07:45:41 -0500
Subject: [PATCH] add consul role

---
 roles/consul/defaults/main.yaml         | 21 +++++++++++
 roles/consul/files/unbound-consul.conf  |  9 +++++
 roles/consul/handlers/main.yaml         | 12 +++++++
 roles/consul/tasks/RedHat.yaml          | 18 ++++++++++
 roles/consul/tasks/forward-unbound.yaml |  9 +++++
 roles/consul/tasks/main.yaml            | 47 +++++++++++++++++++++++++
 roles/consul/templates/consul.hcl.j2    | 41 +++++++++++++++++++++
 roles/consul/vars/default.yaml          |  0
 8 files changed, 157 insertions(+)
 create mode 100644 roles/consul/defaults/main.yaml
 create mode 100644 roles/consul/files/unbound-consul.conf
 create mode 100644 roles/consul/handlers/main.yaml
 create mode 100644 roles/consul/tasks/RedHat.yaml
 create mode 100644 roles/consul/tasks/forward-unbound.yaml
 create mode 100644 roles/consul/tasks/main.yaml
 create mode 100644 roles/consul/templates/consul.hcl.j2
 create mode 100644 roles/consul/vars/default.yaml

diff --git a/roles/consul/defaults/main.yaml b/roles/consul/defaults/main.yaml
new file mode 100644
index 0000000..52d3894
--- /dev/null
+++ b/roles/consul/defaults/main.yaml
@@ -0,0 +1,21 @@
+---
+consul_package_name: consul
+consul_package_state: present
+consul_service_name: consul
+consul_service_state: started
+consul_service_enabled: true
+consul_etc_path: /etc/consul.d
+consul_config_path: "{{ consul_etc_path }}/consul.hcl"
+consul_config_template: consul.hcl.j2
+consul_user: consul
+consul_group: consul
+consul_config_owner: "{{ consul_user }}"
+consul_config_group: "{{ consul_group }}"
+consul_config_mode: 0644
+consul_data_dir: /opt/consul
+consul_bind_addr: "{{ ansible_default_ipv4.address }}"
+consul_server: false
+consul_bootstrap_expect: 1
+consul_ui_config_enabled: true
+consul_client_addr: 0.0.0.0
+consul_unbound_enabled: false
diff --git a/roles/consul/files/unbound-consul.conf b/roles/consul/files/unbound-consul.conf
new file mode 100644
index 0000000..54f85d2
--- /dev/null
+++ b/roles/consul/files/unbound-consul.conf
@@ -0,0 +1,9 @@
+# Ansible managed
+
+server:
+  do-not-query-localhost: no
+  domain-insecure: "consul"
+
+stub-zone:
+  name: "consul"
+  stub-addr: 127.0.0.1@8600
diff --git a/roles/consul/handlers/main.yaml b/roles/consul/handlers/main.yaml
new file mode 100644
index 0000000..23d953d
--- /dev/null
+++ b/roles/consul/handlers/main.yaml
@@ -0,0 +1,12 @@
+---
+- name: reload consul
+  service:
+    name: "{{ consul_service_name }}"
+    state: reloaded
+  when: consul_service_enabled
+
+- name: restart consul
+  service:
+    name: "{{ consul_service_name }}"
+    state: restarted
+  when: consul_service_enabled
diff --git a/roles/consul/tasks/RedHat.yaml b/roles/consul/tasks/RedHat.yaml
new file mode 100644
index 0000000..2485e13
--- /dev/null
+++ b/roles/consul/tasks/RedHat.yaml
@@ -0,0 +1,18 @@
+---
+- name: install Hashicorp yum repo
+  yum_repository:
+    name: hashicorp
+    description: Hashicorp Stable - $basearch
+    baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/stable
+    enabled: 1
+    gpgcheck: 1
+    gpgkey: https://rpm.releases.hashicorp.com/gpg
+
+- name: install Hashicorp (test) yum repo
+  yum_repository:
+    name: hashicorp-test
+    description: Hashicorp Test - $basearch
+    baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/test
+    enabled: 0
+    gpgcheck: 1
+    gpgkey: https://rpm.releases.hashicorp.com/gpg
diff --git a/roles/consul/tasks/forward-unbound.yaml b/roles/consul/tasks/forward-unbound.yaml
new file mode 100644
index 0000000..27eddef
--- /dev/null
+++ b/roles/consul/tasks/forward-unbound.yaml
@@ -0,0 +1,9 @@
+---
+- name: configure unbound forwarder
+  copy:
+    src: unbound-consul.conf
+    dest: "{{ unbound_conf_d_path }}/consul.conf"
+    owner: root
+    group: root
+    mode: "0644"
+  notify: reload unbound
diff --git a/roles/consul/tasks/main.yaml b/roles/consul/tasks/main.yaml
new file mode 100644
index 0000000..8ef73fe
--- /dev/null
+++ b/roles/consul/tasks/main.yaml
@@ -0,0 +1,47 @@
+---
+- name: gather os specific variables
+  include_vars: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: include os specific tasks
+  include_tasks: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
+
+- name: install
+  package:
+    name: "{{ consul_package_name | default('consul') }}"
+    state: "{{ consul_package_state | default('present') }}"
+
+- name: configure
+  template:
+    src: "{{ consul_config_template }}"
+    dest: "{{ consul_config_path }}"
+    owner: "{{ consul_config_owner }}"
+    group: "{{ consul_config_group }}"
+    mode: "{{ consul_config_mode }}"
+  notify: restart consul
+
+- name: service
+  service:
+    name: "{{ consul_service_name | default('consul') }}"
+    state: "{{ consul_service_state | default('started') }}"
+    enabled: "{{ consul_service_enabled | default(true) }}"
+
+- include: forward-unbound.yaml
+  when: consul_unbound_enabled
diff --git a/roles/consul/templates/consul.hcl.j2 b/roles/consul/templates/consul.hcl.j2
new file mode 100644
index 0000000..39d0a70
--- /dev/null
+++ b/roles/consul/templates/consul.hcl.j2
@@ -0,0 +1,41 @@
+// {{ ansible_managed }}
+
+data_dir = "{{ consul_data_dir }}"
+
+{% if consul_server is defined %}
+server = {{ (consul_server | lower) | default(false) }}
+{% endif %}
+
+{% if consul_bind_addr is defined %}
+bind_addr = "{{ (consul_bind_addr | lower) | default("0.0.0.0") }}"
+{% endif %}
+
+{% if consul_server is true and consul_bootstrap_expect is defined %}
+bootstrap_expect = {{ consul_bootstrap_expect }}
+{% endif %}
+
+{% if consul_retry_join is defined %}
+retry_join = [
+{%- set comma = joiner(",") -%}
+{%- for x in consul_retry_join | default([]) -%}
+{{ comma() }}"{{ x }}"
+{%- endfor -%} ]
+{% endif %}
+
+{% if consul_server_addresses is defined %}
+server_addresses = [
+{%- set comma = joiner(",") -%}
+{%- for x in consul_server_addresses | default([]) -%}
+{{ comma() }}"{{ x }}"
+{%- endfor -%} ]
+{% endif %}
+
+ui_config {
+{% if consul_ui_config_enabled is defined %}
+    enabled = {{ (consul_ui_config_enabled | lower) | default(false) }}
+{% endif %}
+}
+
+{% if consul_client_addr is defined %}
+client_addr = "{{ (consul_client_addr | lower) | default("0.0.0.0") }}"
+{% endif %}
diff --git a/roles/consul/vars/default.yaml b/roles/consul/vars/default.yaml
new file mode 100644
index 0000000..e69de29