hcp-ansible/roles/consul/README.md
Bertrand Lanson 54a86d7af3
All checks were successful
development / Check commit compliance (push) Successful in 25s
feat: new tls_multi_node test for molecule with some adjustment to tags
2024-08-26 23:10:04 +02:00

14 KiB

📃 Role overview

consul

Description: Install and configure hashicorp consul for debian-based distros.

Field Value
Readme update 26/08/2024

Defaults

These are static variables with lower priority

File: defaults/main.yml

Var Type Value Required Title
consul_version str latest n/a n/a
consul_start_service bool True n/a n/a
consul_config_dir str /etc/consul.d n/a n/a
consul_data_dir str /opt/consul n/a n/a
consul_certs_dir str {{ consul_config_dir }}/tls n/a n/a
consul_logs_dir str /var/log/consul n/a n/a
consul_envoy_install bool False n/a n/a
consul_envoy_version str latest n/a n/a
consul_extra_files bool False n/a n/a
consul_extra_files_list list [] n/a n/a
consul_env_variables dict {} n/a n/a
consul_extra_configuration dict {} n/a n/a
consul_domain str consul n/a n/a
consul_datacenter str dc1 n/a n/a
consul_primary_datacenter str {{ consul_datacenter }} n/a n/a
consul_gossip_encryption_key str {{ 'mysupersecretgossipencryptionkey'|b64encode }} n/a n/a
consul_enable_script_checks bool False n/a n/a
consul_leave_on_terminate bool True n/a n/a
consul_rejoin_after_leave bool True n/a n/a
consul_join_configuration dict {'retry_join': ['{{ ansible_default_ipv4.address }}'], 'retry_interval': '30s', 'retry_max': 0} n/a n/a
consul_enable_server bool True n/a n/a
consul_bootstrap_expect int 1 n/a n/a
consul_ui_configuration dict {'enabled': '{{ consul_enable_server }}'} n/a n/a
consul_bind_addr str 0.0.0.0 n/a n/a
consul_advertise_addr str {{ ansible_default_ipv4.address }} n/a n/a
consul_address_configuration dict {'client_addr': '{{ consul_bind_addr }}', 'bind_addr': '{{ consul_advertise_addr }}', 'advertise_addr': '{{ consul_advertise_addr }}'} n/a n/a
consul_acl_configuration dict {'enabled': False, 'default_policy': 'deny', 'enable_token_persistence': True} n/a n/a
consul_mesh_configuration dict {'enabled': False} n/a n/a
consul_dns_configuration dict {'allow_stale': True, 'enable_truncate': True, 'only_passing': True} n/a n/a
consul_enable_tls bool False n/a n/a
consul_tls_configuration dict {'defaults': {'ca_file': '/etc/ssl/certs/ca-certificates.crt', 'cert_file': '{{ consul_certs_dir }}/cert.pem', 'key_file': '{{ consul_certs_dir }}/key.pem', 'verify_incoming': False, 'verify_outgoing': True}, 'internal_rpc': {'verify_server_hostname': True}} n/a n/a
consul_certificates_extra_files_dir list [] n/a n/a
consul_enable_prometheus_metrics bool False n/a n/a
consul_prometheus_retention_time str 60s n/a n/a
consul_telemetry_configuration dict {} n/a n/a
consul_log_level str info n/a n/a
consul_enable_log_to_file bool False n/a n/a
consul_log_to_file_configuration dict {'log_file': '{{ consul_logs_dir }}/consul.log', 'log_rotate_duration': '24h', 'log_rotate_max_files': 30} n/a n/a

Vars

These are variables with higher priority

File: vars/main.yml

Var Type Value Required Title
consul_user str consul n/a n/a
consul_group str consul n/a n/a
consul_binary_path str /usr/local/bin/consul n/a n/a
consul_envoy_binary_path str /usr/local/bin/envoy n/a n/a
consul_deb_architecture_map dict {'x86_64': 'amd64', 'aarch64': 'arm64', 'armv7l': 'arm', 'armv6l': 'arm'} n/a n/a
consul_envoy_architecture_map dict {'x86_64': 'x86_64', 'aarch64': 'aarch64'} n/a n/a
consul_architecture str {{ consul_deb_architecture_map[ansible_architecture] | default(ansible_architecture) }} n/a n/a
consul_envoy_architecture str {{ consul_envoy_architecture_map[ansible_architecture] | default(ansible_architecture) }} n/a n/a
consul_service_name str consul n/a n/a
consul_github_api str https://api.github.com/repos n/a n/a
consul_envoy_github_project str envoyproxy/envoy n/a n/a
consul_github_project str hashicorp/consul n/a n/a
consul_github_url str https://github.com n/a n/a
consul_repository_url str https://releases.hashicorp.com/consul n/a n/a
consul_configuration dict {'domain': '{{ consul_domain }}', 'datacenter': '{{ consul_datacenter }}', 'primary_datacenter': '{{ consul_primary_datacenter }}', 'data_dir': '{{ consul_data_dir }}', 'encrypt': '{{ consul_gossip_encryption_key }}', 'server': '{{ consul_enable_server }}', 'ui_config': '{{ consul_ui_configuration }}', 'connect': '{{ consul_mesh_configuration }}', 'leave_on_terminate': '{{ consul_leave_on_terminate }}', 'rejoin_after_leave': '{{ consul_rejoin_after_leave }}', 'enable_script_checks': '{{ consul_enable_script_checks }}', 'enable_syslog': True, 'acl': '{{ consul_acl_configuration }}', 'dns_config': '{{ consul_dns_configuration }}', 'log_level': '{{ consul_log_level }}', 'ports': {'dns': 8600, 'server': 8300, 'serf_lan': 8301, 'serf_wan': 8302, 'sidecar_min_port': 21000, 'sidecar_max_port': 21255, 'expose_min_port': 21500, 'expose_max_port': 21755}} n/a n/a
consul_configuration_string str <multiline value> n/a n/a
consul_server_configuration_string str <multiline value> n/a n/a

Tasks

File: tasks/recursive_copy_extra_dirs.yml

Name Module Has Conditions
Consul | Ensure destination directory exists ansible.builtin.file False
Consul | Create extra directory sources ansible.builtin.file True
Consul | Template extra directory sources ansible.builtin.template True

File: tasks/merge_variables.yml

Name Module Has Conditions
Consul | Merge stringified configuration vars False
Consul | Merge server specific stringified configuration vars True
Consul | Merge join configuration vars False
Consul | Merge addresses configuration vars False
Consul | Merge TLS configuration block True
Consul | Merge TLS configuration vars False
Consul | Add certificates directory to extra_files_dir ansible.builtin.set_fact False
Consul | Merge extra configuration settings vars False
Consul | Merge log to file configuration vars True
Consul | Merge telemetry configuration block False
Consul | Merge prometheus metrics configuration vars True
Consul | Merge telemtry configuration vars False

File: tasks/main.yml

Name Module Has Conditions
Consul | Set reload-check & restart-check variable ansible.builtin.set_fact False
Consul | Import merge_variables.yml ansible.builtin.include_tasks False
Consul | Import prerequisites.yml ansible.builtin.include_tasks False
Consul | Import install_envoy.yml ansible.builtin.include_tasks True
Consul | Import install.yml ansible.builtin.include_tasks False
Consul | Import configure.yml ansible.builtin.include_tasks False
Consul | Populate service facts ansible.builtin.service_facts False
Consul | Set restart-check variable ansible.builtin.set_fact True
Consul | Enable service: {{ consul_service_name }} ansible.builtin.service False
Consul | Reload systemd daemon ansible.builtin.systemd True
Consul | Start service: {{ consul_service_name }} ansible.builtin.service True

File: tasks/install.yml

Name Module Has Conditions
Consul | Get latest release of consul block True
Consul | Get latest consul release from github api ansible.builtin.uri False
Consul | Set wanted consul version to latest tag ansible.builtin.set_fact False
Consul | Set wanted consul version to {{ consul_version }} ansible.builtin.set_fact True
Consul | Get current consul version block False
Consul | Stat consul version file ansible.builtin.stat False
Consul | Get current consul version ansible.builtin.slurp True
Consul | Download and install consul binary block True
Consul | Set consul package name to download ansible.builtin.set_fact False
Consul | Download checksum file for consul archive ansible.builtin.get_url False
Consul | Extract correct checksum from checksum file ansible.builtin.command False
Consul | Parse the expected checksum ansible.builtin.set_fact False
Consul | Download consul binary archive ansible.builtin.get_url False
Consul | Create temporary directory for archive decompression ansible.builtin.file False
Consul | Unpack consul archive ansible.builtin.unarchive False
Consul | Copy consul binary to {{ consul_binary_path }} ansible.builtin.copy False
Consul | Update consul version file ansible.builtin.copy False
Consul | Set restart-check variable ansible.builtin.set_fact False
Consul | Cleanup temporary directory ansible.builtin.file False
Consul | Copy systemd service file for consul ansible.builtin.template False
Consul | Set reload-check & restart-check variable ansible.builtin.set_fact True

File: tasks/install_envoy.yml

Name Module Has Conditions
Consul | Get release for envoy:{{ consul_envoy_version }} vars False
Consul | Check if envoy is already installed ansible.builtin.stat False
Consul | Check current envoy version ansible.builtin.command True
Consul | Set facts for wanted envoy release ansible.builtin.set_fact True
Consul | Set facts for current envoy release ansible.builtin.set_fact True
Consul | Create envoy directory ansible.builtin.file False
Consul | Install envoy block True
Consul | Remove old compose binary if different ansible.builtin.file False
Consul | Download and install envoy version:{{ consul_envoy_version }} ansible.builtin.get_url False
Consul | Update version file ansible.builtin.copy False

File: tasks/prerequisites.yml

Name Module Has Conditions
Consul | Create group {{ consul_group }} ansible.builtin.group False
Consul | Create user {{ consul_user }} ansible.builtin.user False
Consul | Create directory {{ consul_config_dir }} ansible.builtin.file False
Consul | Create directory {{ consul_data_dir}} ansible.builtin.file False
Consul | Create directory {{ consul_certs_dir }} ansible.builtin.file False
Consul | Create directory {{ consul_logs_dir }} ansible.builtin.file True

File: tasks/configure.yml

Name Module Has Conditions
Consul | Create consul.env ansible.builtin.template False
Consul | Copy consul.json template ansible.builtin.template False
Consul | Set restart-check variable ansible.builtin.set_fact True
Consul | Copy extra configuration files block True
Consul | Get extra file types ansible.builtin.stat False
Consul | Set list for file sources vars True
Consul | Set list for directory sources vars True
Consul | Template extra file sources ansible.builtin.template True
Consul | Template extra directory sources ansible.builtin.include_tasks True

Author Information

Bertrand Lanson

License

license (BSD, MIT)

Minimum Ansible Version

2.10

Platforms

  • Ubuntu: ['focal', 'jammy', 'noble']
  • Debian: ['bullseye', 'bookworm']