hcp-ansible/roles/consul/README.md

228 lines
14 KiB
Markdown
Raw Normal View History

<!-- DOCSIBLE START -->
# 📃 Role overview
## consul
Description: Install and configure hashicorp consul for debian-based distros.
| Field | Value |
|--------------------- |-----------------|
| Readme update | 26/08/2024 |
### Defaults
**These are static variables with lower priority**
#### File: defaults/main.yml
| Var | Type | Value |Required | Title |
|--------------|--------------|-------------|-------------|-------------|
| [consul_version](defaults/main.yml#L4) | str | `latest` | n/a | n/a |
| [consul_start_service](defaults/main.yml#L5) | bool | `True` | n/a | n/a |
| [consul_config_dir](defaults/main.yml#L6) | str | `/etc/consul.d` | n/a | n/a |
| [consul_data_dir](defaults/main.yml#L7) | str | `/opt/consul` | n/a | n/a |
| [consul_certs_dir](defaults/main.yml#L8) | str | `{{ consul_config_dir }}/tls` | n/a | n/a |
| [consul_logs_dir](defaults/main.yml#L9) | str | `/var/log/consul` | n/a | n/a |
| [consul_envoy_install](defaults/main.yml#L11) | bool | `False` | n/a | n/a |
| [consul_envoy_version](defaults/main.yml#L12) | str | `latest` | n/a | n/a |
| [consul_extra_files](defaults/main.yml#L14) | bool | `False` | n/a | n/a |
| [consul_extra_files_list](defaults/main.yml#L15) | list | `[]` | n/a | n/a |
| [consul_env_variables](defaults/main.yml#L17) | dict | `{}` | n/a | n/a |
| [consul_extra_configuration](defaults/main.yml#L28) | dict | `{}` | n/a | n/a |
| [consul_domain](defaults/main.yml#L34) | str | `consul` | n/a | n/a |
| [consul_datacenter](defaults/main.yml#L35) | str | `dc1` | n/a | n/a |
| [consul_primary_datacenter](defaults/main.yml#L36) | str | `{{ consul_datacenter }}` | n/a | n/a |
| [consul_gossip_encryption_key](defaults/main.yml#L37) | str | `{{ 'mysupersecretgossipencryptionkey'\|b64encode }}` | n/a | n/a |
| [consul_enable_script_checks](defaults/main.yml#L38) | bool | `False` | n/a | n/a |
| [consul_leave_on_terminate](defaults/main.yml#L44) | bool | `True` | n/a | n/a |
| [consul_rejoin_after_leave](defaults/main.yml#L45) | bool | `True` | n/a | n/a |
| [consul_join_configuration](defaults/main.yml#L51) | dict | `{'retry_join': ['{{ ansible_default_ipv4.address }}'], 'retry_interval': '30s', 'retry_max': 0}` | n/a | n/a |
| [consul_enable_server](defaults/main.yml#L61) | bool | `True` | n/a | n/a |
| [consul_bootstrap_expect](defaults/main.yml#L62) | int | `1` | n/a | n/a |
| [consul_ui_configuration](defaults/main.yml#L68) | dict | `{'enabled': '{{ consul_enable_server }}'}` | n/a | n/a |
| [consul_bind_addr](defaults/main.yml#L75) | str | `0.0.0.0` | n/a | n/a |
| [consul_advertise_addr](defaults/main.yml#L76) | str | `{{ ansible_default_ipv4.address }}` | n/a | n/a |
| [consul_address_configuration](defaults/main.yml#L77) | dict | `{'client_addr': '{{ consul_bind_addr }}', 'bind_addr': '{{ consul_advertise_addr }}', 'advertise_addr': '{{ consul_advertise_addr }}'}` | n/a | n/a |
| [consul_acl_configuration](defaults/main.yml#L86) | dict | `{'enabled': False, 'default_policy': 'deny', 'enable_token_persistence': True}` | n/a | n/a |
| [consul_mesh_configuration](defaults/main.yml#L97) | dict | `{'enabled': False}` | n/a | n/a |
| [consul_dns_configuration](defaults/main.yml#L104) | dict | `{'allow_stale': True, 'enable_truncate': True, 'only_passing': True}` | n/a | n/a |
| [consul_enable_tls](defaults/main.yml#L113) | bool | `False` | n/a | n/a |
| [consul_tls_configuration](defaults/main.yml#L114) | dict | `{'defaults': {'ca_file': '/etc/ssl/certs/ca-certificates.crt', 'cert_file': '{{ consul_certs_dir }}/cert.pem', 'key_file': '{{ consul_certs_dir }}/key.pem', 'verify_incoming': False, 'verify_outgoing': True}, 'internal_rpc': {'verify_server_hostname': True}}` | n/a | n/a |
| [consul_certificates_extra_files_dir](defaults/main.yml#L124) | list | `[]` | n/a | n/a |
| [consul_enable_prometheus_metrics](defaults/main.yml#L133) | bool | `False` | n/a | n/a |
| [consul_prometheus_retention_time](defaults/main.yml#L134) | str | `60s` | n/a | n/a |
| [consul_telemetry_configuration](defaults/main.yml#L135) | dict | `{}` | n/a | n/a |
| [consul_log_level](defaults/main.yml#L141) | str | `info` | n/a | n/a |
| [consul_enable_log_to_file](defaults/main.yml#L142) | bool | `False` | n/a | n/a |
| [consul_log_to_file_configuration](defaults/main.yml#L143) | dict | `{'log_file': '{{ consul_logs_dir }}/consul.log', 'log_rotate_duration': '24h', 'log_rotate_max_files': 30}` | n/a | n/a |
### Vars
**These are variables with higher priority**
#### File: vars/main.yml
| Var | Type | Value |Required | Title |
|--------------|--------------|-------------|-------------|-------------|
| [consul_user](vars/main.yml#L3) | str | `consul` | n/a | n/a |
| [consul_group](vars/main.yml#L4) | str | `consul` | n/a | n/a |
| [consul_binary_path](vars/main.yml#L5) | str | `/usr/local/bin/consul` | n/a | n/a |
| [consul_envoy_binary_path](vars/main.yml#L6) | str | `/usr/local/bin/envoy` | n/a | n/a |
| [consul_deb_architecture_map](vars/main.yml#L7) | dict | `{'x86_64': 'amd64', 'aarch64': 'arm64', 'armv7l': 'arm', 'armv6l': 'arm'}` | n/a | n/a |
| [consul_envoy_architecture_map](vars/main.yml#L12) | dict | `{'x86_64': 'x86_64', 'aarch64': 'aarch64'}` | n/a | n/a |
| [consul_architecture](vars/main.yml#L15) | str | `{{ consul_deb_architecture_map[ansible_architecture] \| default(ansible_architecture) }}` | n/a | n/a |
| [consul_envoy_architecture](vars/main.yml#L16) | str | `{{ consul_envoy_architecture_map[ansible_architecture] \| default(ansible_architecture) }}` | n/a | n/a |
| [consul_service_name](vars/main.yml#L17) | str | `consul` | n/a | n/a |
| [consul_github_api](vars/main.yml#L18) | str | `https://api.github.com/repos` | n/a | n/a |
| [consul_envoy_github_project](vars/main.yml#L19) | str | `envoyproxy/envoy` | n/a | n/a |
| [consul_github_project](vars/main.yml#L20) | str | `hashicorp/consul` | n/a | n/a |
| [consul_github_url](vars/main.yml#L21) | str | `https://github.com` | n/a | n/a |
| [consul_repository_url](vars/main.yml#L22) | str | `https://releases.hashicorp.com/consul` | n/a | n/a |
| [consul_configuration](vars/main.yml#L24) | dict | `{'domain': '{{ consul_domain }}', 'datacenter': '{{ consul_datacenter }}', 'primary_datacenter': '{{ consul_primary_datacenter }}', 'data_dir': '{{ consul_data_dir }}', 'encrypt': '{{ consul_gossip_encryption_key }}', 'server': '{{ consul_enable_server }}', 'ui_config': '{{ consul_ui_configuration }}', 'connect': '{{ consul_mesh_configuration }}', 'leave_on_terminate': '{{ consul_leave_on_terminate }}', 'rejoin_after_leave': '{{ consul_rejoin_after_leave }}', 'enable_script_checks': '{{ consul_enable_script_checks }}', 'enable_syslog': True, 'acl': '{{ consul_acl_configuration }}', 'dns_config': '{{ consul_dns_configuration }}', 'log_level': '{{ consul_log_level }}', 'ports': {'dns': 8600, 'server': 8300, 'serf_lan': 8301, 'serf_wan': 8302, 'sidecar_min_port': 21000, 'sidecar_max_port': 21255, 'expose_min_port': 21500, 'expose_max_port': 21755}}` | n/a | n/a |
| [consul_configuration_string](vars/main.yml#L50) | str | `<multiline value>` | n/a | n/a |
| [consul_server_configuration_string](vars/main.yml#L57) | str | `<multiline value>` | n/a | n/a |
### Tasks
#### File: tasks/recursive_copy_extra_dirs.yml
| Name | Module | Has Conditions |
| ---- | ------ | --------- |
| Consul \| Ensure destination directory exists | ansible.builtin.file | False |
| Consul \| Create extra directory sources | ansible.builtin.file | True |
| Consul \| Template extra directory sources | ansible.builtin.template | True |
#### File: tasks/merge_variables.yml
| Name | Module | Has Conditions |
| ---- | ------ | --------- |
| Consul \| Merge stringified configuration | vars | False |
| Consul \| Merge server specific stringified configuration | vars | True |
| Consul \| Merge join configuration | vars | False |
| Consul \| Merge addresses configuration | vars | False |
| Consul \| Merge TLS configuration | block | True |
| Consul \| Merge TLS configuration | vars | False |
| Consul \| Add certificates directory to extra_files_dir | ansible.builtin.set_fact | False |
| Consul \| Merge extra configuration settings | vars | False |
| Consul \| Merge log to file configuration | vars | True |
| Consul \| Merge telemetry configuration | block | False |
| Consul \| Merge prometheus metrics configuration | vars | True |
| Consul \| Merge telemtry configuration | vars | False |
#### File: tasks/main.yml
| Name | Module | Has Conditions |
| ---- | ------ | --------- |
| Consul \| Set reload-check & restart-check variable | ansible.builtin.set_fact | False |
| Consul \| Import merge_variables.yml | ansible.builtin.include_tasks | False |
| Consul \| Import prerequisites.yml | ansible.builtin.include_tasks | False |
| Consul \| Import install_envoy.yml | ansible.builtin.include_tasks | True |
| Consul \| Import install.yml | ansible.builtin.include_tasks | False |
| Consul \| Import configure.yml | ansible.builtin.include_tasks | False |
| Consul \| Populate service facts | ansible.builtin.service_facts | False |
| Consul \| Set restart-check variable | ansible.builtin.set_fact | True |
| Consul \| Enable service: {{ consul_service_name }} | ansible.builtin.service | False |
| Consul \| Reload systemd daemon | ansible.builtin.systemd | True |
| Consul \| Start service: {{ consul_service_name }} | ansible.builtin.service | True |
#### File: tasks/install.yml
| Name | Module | Has Conditions |
| ---- | ------ | --------- |
| Consul \| Get latest release of consul | block | True |
| Consul \| Get latest consul release from github api | ansible.builtin.uri | False |
| Consul \| Set wanted consul version to latest tag | ansible.builtin.set_fact | False |
| Consul \| Set wanted consul version to {{ consul_version }} | ansible.builtin.set_fact | True |
| Consul \| Get current consul version | block | False |
| Consul \| Stat consul version file | ansible.builtin.stat | False |
| Consul \| Get current consul version | ansible.builtin.slurp | True |
| Consul \| Download and install consul binary | block | True |
| Consul \| Set consul package name to download | ansible.builtin.set_fact | False |
| Consul \| Download checksum file for consul archive | ansible.builtin.get_url | False |
| Consul \| Extract correct checksum from checksum file | ansible.builtin.command | False |
| Consul \| Parse the expected checksum | ansible.builtin.set_fact | False |
| Consul \| Download consul binary archive | ansible.builtin.get_url | False |
| Consul \| Create temporary directory for archive decompression | ansible.builtin.file | False |
| Consul \| Unpack consul archive | ansible.builtin.unarchive | False |
| Consul \| Copy consul binary to {{ consul_binary_path }} | ansible.builtin.copy | False |
| Consul \| Update consul version file | ansible.builtin.copy | False |
| Consul \| Set restart-check variable | ansible.builtin.set_fact | False |
| Consul \| Cleanup temporary directory | ansible.builtin.file | False |
| Consul \| Copy systemd service file for consul | ansible.builtin.template | False |
| Consul \| Set reload-check & restart-check variable | ansible.builtin.set_fact | True |
#### File: tasks/install_envoy.yml
| Name | Module | Has Conditions |
| ---- | ------ | --------- |
| Consul \| Get release for envoy:{{ consul_envoy_version }} | vars | False |
| Consul \| Check if envoy is already installed | ansible.builtin.stat | False |
| Consul \| Check current envoy version | ansible.builtin.command | True |
| Consul \| Set facts for wanted envoy release | ansible.builtin.set_fact | True |
| Consul \| Set facts for current envoy release | ansible.builtin.set_fact | True |
| Consul \| Create envoy directory | ansible.builtin.file | False |
| Consul \| Install envoy | block | True |
| Consul \| Remove old compose binary if different | ansible.builtin.file | False |
| Consul \| Download and install envoy version:{{ consul_envoy_version }} | ansible.builtin.get_url | False |
| Consul \| Update version file | ansible.builtin.copy | False |
#### File: tasks/prerequisites.yml
| Name | Module | Has Conditions |
| ---- | ------ | --------- |
| Consul \| Create group {{ consul_group }} | ansible.builtin.group | False |
| Consul \| Create user {{ consul_user }} | ansible.builtin.user | False |
| Consul \| Create directory {{ consul_config_dir }} | ansible.builtin.file | False |
| Consul \| Create directory {{ consul_data_dir}} | ansible.builtin.file | False |
| Consul \| Create directory {{ consul_certs_dir }} | ansible.builtin.file | False |
| Consul \| Create directory {{ consul_logs_dir }} | ansible.builtin.file | True |
#### File: tasks/configure.yml
| Name | Module | Has Conditions |
| ---- | ------ | --------- |
| Consul \| Create consul.env | ansible.builtin.template | False |
| Consul \| Copy consul.json template | ansible.builtin.template | False |
| Consul \| Set restart-check variable | ansible.builtin.set_fact | True |
| Consul \| Copy extra configuration files | block | True |
| Consul \| Get extra file types | ansible.builtin.stat | False |
| Consul \| Set list for file sources | vars | True |
| Consul \| Set list for directory sources | vars | True |
| Consul \| Template extra file sources | ansible.builtin.template | True |
| Consul \| Template extra directory sources | ansible.builtin.include_tasks | True |
## Author Information
Bertrand Lanson
#### License
license (BSD, MIT)
#### Minimum Ansible Version
2.10
#### Platforms
- **Ubuntu**: ['focal', 'jammy', 'noble']
- **Debian**: ['bullseye', 'bookworm']
<!-- DOCSIBLE END -->