add consul role

2022-08-30 07:45:41 -05:00 · 2022-08-30 07:45:41 -05:00 · 789541a90f
commit 789541a90f
parent 4d07232525
8 changed files with 157 additions and 0 deletions
--- a/roles/consul/defaults/main.yaml
+++ b/roles/consul/defaults/main.yaml
@ -0,0 +1,21 @@
+---
+consul_package_name: consul
+consul_package_state: present
+consul_service_name: consul
+consul_service_state: started
+consul_service_enabled: true
+consul_etc_path: /etc/consul.d
+consul_config_path: "{{ consul_etc_path }}/consul.hcl"
+consul_config_template: consul.hcl.j2
+consul_user: consul
+consul_group: consul
+consul_config_owner: "{{ consul_user }}"
+consul_config_group: "{{ consul_group }}"
+consul_config_mode: 0644
+consul_data_dir: /opt/consul
+consul_bind_addr: "{{ ansible_default_ipv4.address }}"
+consul_server: false
+consul_bootstrap_expect: 1
+consul_ui_config_enabled: true
+consul_client_addr: 0.0.0.0
+consul_unbound_enabled: false
--- a/roles/consul/files/unbound-consul.conf
+++ b/roles/consul/files/unbound-consul.conf
@ -0,0 +1,9 @@
+# Ansible managed
+
+server:
+  do-not-query-localhost: no
+  domain-insecure: "consul"
+
+stub-zone:
+  name: "consul"
+  stub-addr: 127.0.0.1@8600
--- a/roles/consul/handlers/main.yaml
+++ b/roles/consul/handlers/main.yaml
@ -0,0 +1,12 @@
+---
+- name: reload consul
+  service:
+    name: "{{ consul_service_name }}"
+    state: reloaded
+  when: consul_service_enabled
+
+- name: restart consul
+  service:
+    name: "{{ consul_service_name }}"
+    state: restarted
+  when: consul_service_enabled
--- a/roles/consul/tasks/RedHat.yaml
+++ b/roles/consul/tasks/RedHat.yaml
@ -0,0 +1,18 @@
+---
+- name: install Hashicorp yum repo
+  yum_repository:
+    name: hashicorp
+    description: Hashicorp Stable - $basearch
+    baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/stable
+    enabled: 1
+    gpgcheck: 1
+    gpgkey: https://rpm.releases.hashicorp.com/gpg
+
+- name: install Hashicorp (test) yum repo
+  yum_repository:
+    name: hashicorp-test
+    description: Hashicorp Test - $basearch
+    baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/test
+    enabled: 0
+    gpgcheck: 1
+    gpgkey: https://rpm.releases.hashicorp.com/gpg
--- a/roles/consul/tasks/forward-unbound.yaml
+++ b/roles/consul/tasks/forward-unbound.yaml
@ -0,0 +1,9 @@
+---
+- name: configure unbound forwarder
+  copy:
+    src: unbound-consul.conf
+    dest: "{{ unbound_conf_d_path }}/consul.conf"
+    owner: root
+    group: root
+    mode: "0644"
+  notify: reload unbound
--- a/roles/consul/tasks/main.yaml
+++ b/roles/consul/tasks/main.yaml
@ -0,0 +1,47 @@
+---
+- name: gather os specific variables
+  include_vars: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: include os specific tasks
+  include_tasks: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
+
+- name: install
+  package:
+    name: "{{ consul_package_name | default('consul') }}"
+    state: "{{ consul_package_state | default('present') }}"
+
+- name: configure
+  template:
+    src: "{{ consul_config_template }}"
+    dest: "{{ consul_config_path }}"
+    owner: "{{ consul_config_owner }}"
+    group: "{{ consul_config_group }}"
+    mode: "{{ consul_config_mode }}"
+  notify: restart consul
+
+- name: service
+  service:
+    name: "{{ consul_service_name | default('consul') }}"
+    state: "{{ consul_service_state | default('started') }}"
+    enabled: "{{ consul_service_enabled | default(true) }}"
+
+- include: forward-unbound.yaml
+  when: consul_unbound_enabled
--- a/roles/consul/templates/consul.hcl.j2
+++ b/roles/consul/templates/consul.hcl.j2
@ -0,0 +1,41 @@
+// {{ ansible_managed }}
+
+data_dir = "{{ consul_data_dir }}"
+
+{% if consul_server is defined %}
+server = {{ (consul_server | lower) | default(false) }}
+{% endif %}
+
+{% if consul_bind_addr is defined %}
+bind_addr = "{{ (consul_bind_addr | lower) | default("0.0.0.0") }}"
+{% endif %}
+
+{% if consul_server is true and consul_bootstrap_expect is defined %}
+bootstrap_expect = {{ consul_bootstrap_expect }}
+{% endif %}
+
+{% if consul_retry_join is defined %}
+retry_join = [
+{%- set comma = joiner(",") -%}
+{%- for x in consul_retry_join | default([]) -%}
+{{ comma() }}"{{ x }}"
+{%- endfor -%} ]
+{% endif %}
+
+{% if consul_server_addresses is defined %}
+server_addresses = [
+{%- set comma = joiner(",") -%}
+{%- for x in consul_server_addresses | default([]) -%}
+{{ comma() }}"{{ x }}"
+{%- endfor -%} ]
+{% endif %}
+
+ui_config {
+{% if consul_ui_config_enabled is defined %}
+    enabled = {{ (consul_ui_config_enabled | lower) | default(false) }}
+{% endif %}
+}
+
+{% if consul_client_addr is defined %}
+client_addr = "{{ (consul_client_addr | lower) | default("0.0.0.0") }}"
+{% endif %}
--- a/roles/consul/vars/default.yaml
+++ b/roles/consul/vars/default.yaml