From da39b5c64900735cec97ac4eb3ee685b85f49bdc Mon Sep 17 00:00:00 2001 From: Per Abich Date: Tue, 18 Jul 2017 17:43:08 +0100 Subject: [PATCH 01/22] Reworked it so it became more logical and works with more current versions. --- ansible.cfg | 4 ++- bootstrap.yml | 28 +++++++++------- inventory.ini | 22 ++++++------- roles/consul/defaults/main.yml | 6 ++-- roles/consul/files/consul-wait-for-leader.sh | 2 +- roles/consul/files/consul.service | 2 +- roles/consul/handlers/main.yml | 2 ++ roles/consul/tasks/main.yml | 34 ++++++++------------ roles/consul/templates/consul.json.j2 | 1 - roles/dnsmasq/handlers/main.yml | 9 ++++-- roles/dnsmasq/tasks/main.yml | 1 + roles/nomad/defaults/main.yml | 6 ++-- roles/nomad/tasks/main.yml | 14 +++++--- roles/shell/files/bash_aliases | 3 +- roles/users/tasks/main.yml | 11 ++++--- roles/utils/tasks/main.yml | 6 +--- roles/vault/defaults/main.yml | 4 +-- roles/vault/tasks/main.yml | 9 ++++-- site.yml | 7 ++-- 19 files changed, 95 insertions(+), 76 deletions(-) diff --git a/ansible.cfg b/ansible.cfg index 9c29427..1d384df 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,3 +1,5 @@ [defaults] roles_path = roles:/etc/ansible/roles -host_key_checking = false \ No newline at end of file +host_key_checking = false +log_path=ansible.log +timeout = 30 diff --git a/bootstrap.yml b/bootstrap.yml index 44b6c8d..5c910fe 100755 --- a/bootstrap.yml +++ b/bootstrap.yml @@ -11,15 +11,21 @@ - shell tasks: - - name: stop all the default shit - command: "{{ item }}" + - name: update system + apt: + update_cache: yes + upgrade: dist + cache_valid_time: 86400 + - name: stop and disable services + service: + name: "{{item}}" + enabled: false + state: stopped with_items: - - apt-get update - - apt dist-upgrade -y - - systemctl stop avahi-daemon - - systemctl disable avahi-daemon - - systemctl disable avahi-daemon.socket - - systemctl stop bluetooth - - systemctl disable bluetooth - become: yes - become_user: root \ No newline at end of file + - avahi-daemon + - avahi-daemon.socket + - bluetooth + - name: set hostname + hostname: + name: "{{hostvars.hostname}}" + diff --git a/inventory.ini b/inventory.ini index 4a10124..c49dab5 100644 --- a/inventory.ini +++ b/inventory.ini @@ -1,19 +1,19 @@ [bramble] -192.168.10.26 -192.168.10.25 -192.168.10.27 -192.168.10.28 +192.168.0.18 hostname=odin +192.168.0.19 hostname=balder +192.168.0.20 hostname=loki +192.168.0.21 hostname=thor [consul] -192.168.10.26 -192.168.10.25 -192.168.10.27 +192.168.0.19 +192.168.0.20 +192.168.0.21 ; runs nomad leader, vault and statsd [baron] -192.168.10.26 +192.168.0.18 [followers] -192.168.10.25 -192.168.10.27 -192.168.10.28 +192.168.0.19 +192.168.0.20 +192.168.0.21 diff --git a/roles/consul/defaults/main.yml b/roles/consul/defaults/main.yml index 7502ec4..77521e8 100644 --- a/roles/consul/defaults/main.yml +++ b/roles/consul/defaults/main.yml @@ -1,8 +1,8 @@ --- -consul_version: "0.7.1" -consul_checksum: "sha256:e7b6846fb338c31e238f9b70cc42bd35f7de804cc31d2d91fe23cbe5de948aae" +consul_version: "0.8.5" +consul_checksum: "sha256:59d14c76f808a1d41647e2d772ce1fe0d4a522836af238faa4894f7e076b1b03" consul_install_path: /usr/local/consul -consul_dc: alpha +consul_dc: dc1 consul_dns_domain: bramble.local consul_bind: "{{ ansible_default_ipv4.address }}" consul_client: "{{ ansible_default_ipv4.address }}" diff --git a/roles/consul/files/consul-wait-for-leader.sh b/roles/consul/files/consul-wait-for-leader.sh index 2b058ba..f76c0d8 100755 --- a/roles/consul/files/consul-wait-for-leader.sh +++ b/roles/consul/files/consul-wait-for-leader.sh @@ -8,7 +8,7 @@ while :; do fi if [ $SECONDS -gt $max_wait ]; then - echo "No Consul leader elected in 30 seconds" + echo "No Consul leader elected in $max_wait seconds" exit 1 fi diff --git a/roles/consul/files/consul.service b/roles/consul/files/consul.service index 39a7223..a6416d4 100644 --- a/roles/consul/files/consul.service +++ b/roles/consul/files/consul.service @@ -7,7 +7,7 @@ Wants=network-online.target [Service] User=root Group=root -ExecStart=/usr/local/bin/consul agent -client 0.0.0.0 -config-dir=/etc/consul -data-dir=/var/lib/consul +ExecStart=/usr/local/bin/consul agent -client 0.0.0.0 -ui -config-dir=/etc/consul -data-dir=/var/lib/consul -syslog ExecReload=/bin/kill -HUP $MAINPID KillSignal=SIGTERM diff --git a/roles/consul/handlers/main.yml b/roles/consul/handlers/main.yml index 63054e8..5339de3 100644 --- a/roles/consul/handlers/main.yml +++ b/roles/consul/handlers/main.yml @@ -1,7 +1,9 @@ --- + - name: restart consul become: yes become_user: root service: name: consul + enabled: yes state: restarted diff --git a/roles/consul/tasks/main.yml b/roles/consul/tasks/main.yml index 704cbe7..a01a8ef 100644 --- a/roles/consul/tasks/main.yml +++ b/roles/consul/tasks/main.yml @@ -28,13 +28,15 @@ mode: 0755 with_items: - "{{ consul_install_path }}/{{ consul_version }}" - - /usr/share/consul-ui - /etc/consul tags: - consul - name: decompress archive - command: "unzip /tmp/consul.zip -d {{ consul_install_path }}/{{ consul_version }}/" + unarchive: + src: /tmp/consul.zip + dest: "{{ consul_install_path }}/{{ consul_version }}/" + copy: no tags: - consul @@ -48,29 +50,12 @@ tags: - consul - - name: get consul-ui - get_url: - url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_web_ui.zip" - dest: /tmp/consul_web_ui.zip - tags: - - consul - - - name: extract consul-ui - unarchive: - src: /tmp/consul_web_ui.zip - dest: /usr/share/consul-ui - copy: no - creates: /usr/share/consul-ui/index.html - tags: - - consul - - name: remove the temp archives file: path: "{{ item }}" state: absent with_items: - /tmp/consul.zip - - /tmp/consul_web_ui.zip tags: - consul @@ -118,8 +103,13 @@ src: consul.service dest: "{{ systemd_dir }}/consul.service" mode: 644 - notify: - - reload systemd + tags: + - consul + - name: reload systemd + systemd: + daemon_reload: yes + name: consul.service + state: restarted tags: - consul @@ -131,6 +121,8 @@ with_items: - src: consul.json.j2 dest: /etc/consul/consul.json + notify: + - restart consul tags: - consul diff --git a/roles/consul/templates/consul.json.j2 b/roles/consul/templates/consul.json.j2 index a81d58c..2ed5220 100644 --- a/roles/consul/templates/consul.json.j2 +++ b/roles/consul/templates/consul.json.j2 @@ -24,6 +24,5 @@ "verify_outgoing": true, {% endif %} "data_dir": "/var/lib/consul", - "ui_dir": "/usr/share/consul-ui", "disable_remote_exec": {{ consul_disable_remote_exec }} } diff --git a/roles/dnsmasq/handlers/main.yml b/roles/dnsmasq/handlers/main.yml index 7126cc3..b7bec43 100644 --- a/roles/dnsmasq/handlers/main.yml +++ b/roles/dnsmasq/handlers/main.yml @@ -1,6 +1,11 @@ --- - name: restart networkmanager - command: systemctl restart NetworkManager + service: + name: NetworkManager + state: restarted + - name: restart dnsmasq - command: systemctl restart dnsmasq + service: + name: dnsmasq + state: restarted diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml index 55df3f6..5578ce4 100644 --- a/roles/dnsmasq/tasks/main.yml +++ b/roles/dnsmasq/tasks/main.yml @@ -85,6 +85,7 @@ - dnsmasq - name: update hosts file + become: yes template: src: etc/hosts.j2 dest: /etc/hosts diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml index 6df3e5f..99bcec7 100644 --- a/roles/nomad/defaults/main.yml +++ b/roles/nomad/defaults/main.yml @@ -1,7 +1,7 @@ --- -nomad_version: "0.5.0" -nomad_checksum: "sha256:c85d3ddac0dbb9ed594eabada29daa2bf26619d24f304587c9d7e775c99ad6f6" -nomad_install_path: /usr/local/consul +nomad_version: "0.5.6" +nomad_checksum: "sha256:a4fe93f95e4c53b23b8feb2a714565cf97025b2df6669f1a1558fc664fcd4993" +nomad_install_path: /usr/local/nomad nomad_dc: dc1 nomad_is_server: no nomad_leader_group: baron diff --git a/roles/nomad/tasks/main.yml b/roles/nomad/tasks/main.yml index a0569fe..e122182 100644 --- a/roles/nomad/tasks/main.yml +++ b/roles/nomad/tasks/main.yml @@ -32,7 +32,9 @@ - nomad - name: decompress archive - command: "unzip /tmp/nomad.zip -d {{ nomad_install_path }}/{{ nomad_version }}/" + unarchive: + src: /tmp/nomad.zip + dest: "{{ nomad_install_path }}/{{ nomad_version }}/" tags: - nomad @@ -80,11 +82,15 @@ copy: src: nomad.service dest: "{{ systemd_dir }}/nomad.service" - notify: - - reload systemd tags: - nomad - + - name: reload systemd + systemd: + daemon_reload: yes + name: nomad.service + state: restarted + tags: + - nomad - name: enable nomad service: name: nomad diff --git a/roles/shell/files/bash_aliases b/roles/shell/files/bash_aliases index afef9cf..a4ae34d 100644 --- a/roles/shell/files/bash_aliases +++ b/roles/shell/files/bash_aliases @@ -1,3 +1,4 @@ # add convenience aliases here -alias ll="ls -lahG" +alias ll="ls -lahG --color=auto" +alias la="ls -a --color=auto" diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml index 71af05b..b175b06 100644 --- a/roles/users/tasks/main.yml +++ b/roles/users/tasks/main.yml @@ -1,5 +1,8 @@ --- -- name: install publish ssh keys - authorized_key: user=pi key={{ item }} - with_items: - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYI/SFJRu4Rg+2GABMnMaEmH+JvymSmXmd9DQ1mYwvQ9NWbmbGsBRrHKAIgiwen2Cv6UWGVjCbC3nclwgmVp+2BOSmhxyTvW2kypjcwJITH1KlywuQoPlvq3hYDa6efVofp0pFhjELWAiAqiJM4O5hh5YEPDOfCo/KeSvBeMBdXV0QN7mly0pFpIp3ZOMT6jFsRA0Aj7EAajpFMgXamgQqMnyxgWHihEqXGAbVyk0sbYENTQNYSgWph7SXB4L0i3hAKOB+rruwSXr+j9rcYbjI+Bedh1TI7qZK4x8gLXqMBjWOtj1l9NMT9S2Ldgiu0Hzyf8HiGs9CgMI3cXn3fx8R timothy" +- name: Set authorized key took from file + vars: + local_home: "{{ lookup('env','HOME') }}" + authorized_key: + user: pi + state: present + key: "{{ lookup('file', '{{local_home}}/.ssh/id_rsa.pub') }}" diff --git a/roles/utils/tasks/main.yml b/roles/utils/tasks/main.yml index bb0465f..b66f0b3 100644 --- a/roles/utils/tasks/main.yml +++ b/roles/utils/tasks/main.yml @@ -8,11 +8,7 @@ - utils - apt: - name: htop + name: htop,dnsutils,telnet,vim update_cache: yes - with_items: - - htop - - dnsutils - - telnet tags: - utils diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml index e7627b1..75e97c9 100644 --- a/roles/vault/defaults/main.yml +++ b/roles/vault/defaults/main.yml @@ -1,5 +1,5 @@ --- -vault_version: "0.6.2" -vault_checksum: "sha256:efc36dcb2044cf4c80af9e71abd9fb4716db8944e7d102f913d17f922a527189" +vault_version: "0.7.3" +vault_checksum: "sha256:d45655f5ccdab762ad37f1efcdfc859f15a09e6ff839a2ba2f2484c173e8903b" vault_install_path: /usr/local/vault/ vault_datacenter: dc1 diff --git a/roles/vault/tasks/main.yml b/roles/vault/tasks/main.yml index 6202771..9ccaadc 100644 --- a/roles/vault/tasks/main.yml +++ b/roles/vault/tasks/main.yml @@ -66,10 +66,15 @@ src: vault.service dest: "{{ systemd_dir }}/vault.service" mode: 644 - notify: reload systemd tags: - vault - + - name: reload systemd + systemd: + daemon_reload: yes + name: vault.service + state: restarted + tags: + - vault - name: configure vault copy: src: vault.config diff --git a/site.yml b/site.yml index 11e66db..6034c00 100755 --- a/site.yml +++ b/site.yml @@ -7,7 +7,7 @@ become_user: root roles: - utils - - { role: dnsmasq, consul_dns_domain: bramble.local } + - { role: dnsmasq, consul_dns_domain: bramble.local, consul_dc: alpha } tags: - bramble - bootstrap @@ -17,7 +17,7 @@ gather_facts: true remote_user: pi roles: - - { role: consul, consul_is_server: yes } + - { role: consul, consul_is_server: yes, consul_dc: alpha } tags: - consul - consul-servers @@ -27,6 +27,7 @@ gather_facts: true remote_user: pi roles: + - { role: consul, consul_dc: alpha } - { role: vault, vault_datacenter: alpha } - { role: nomad, nomad_is_server: yes, nomad_dc: alpha } # - prometheus @@ -43,7 +44,7 @@ gather_facts: true remote_user: pi roles: - - consul + - { role: consul, consul_is_server: yes, consul_dc: alpha } - { role: nomad, nomad_dc: alpha } tags: - followers From a5ec9541b6131db7ebb474e6585d50bc71ff50d0 Mon Sep 17 00:00:00 2001 From: Per Abich Date: Tue, 18 Jul 2017 17:43:48 +0100 Subject: [PATCH 02/22] Added .gitignore file --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index be6cd1e..a966695 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ .DS_Store vault.keys +*.log +*.retry From d2c54ff493e0cbaa6e60d69f244d63ecd6afbafd Mon Sep 17 00:00:00 2001 From: Per Abich Date: Tue, 18 Jul 2017 17:45:36 +0100 Subject: [PATCH 03/22] Fixed issue where it looked for temp file on wrong host --- roles/nomad/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nomad/tasks/main.yml b/roles/nomad/tasks/main.yml index e122182..3f5a544 100644 --- a/roles/nomad/tasks/main.yml +++ b/roles/nomad/tasks/main.yml @@ -35,6 +35,7 @@ unarchive: src: /tmp/nomad.zip dest: "{{ nomad_install_path }}/{{ nomad_version }}/" + copy: no tags: - nomad From da6aa31a2e3925a11b34943e3aa2ac2fc8952464 Mon Sep 17 00:00:00 2001 From: Per Abich Date: Wed, 19 Jul 2017 18:40:09 +0100 Subject: [PATCH 04/22] Added a consul server to the master --- inventory.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory.ini b/inventory.ini index c49dab5..5699620 100644 --- a/inventory.ini +++ b/inventory.ini @@ -5,9 +5,9 @@ 192.168.0.21 hostname=thor [consul] +192.168.0.18 192.168.0.19 192.168.0.20 -192.168.0.21 ; runs nomad leader, vault and statsd [baron] From e6782a72cc1041c230c18e561b17928224225456 Mon Sep 17 00:00:00 2001 From: Per Abich Date: Wed, 19 Jul 2017 20:18:57 +0100 Subject: [PATCH 05/22] Added docker role --- roles/docker/defaults/main.yml | 2 ++ roles/docker/tasks/main.yml | 25 +++++++++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 roles/docker/defaults/main.yml create mode 100644 roles/docker/tasks/main.yml diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml new file mode 100644 index 0000000..19d5fdb --- /dev/null +++ b/roles/docker/defaults/main.yml @@ -0,0 +1,2 @@ +--- +docker_user: pi diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml new file mode 100644 index 0000000..15997ac --- /dev/null +++ b/roles/docker/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- block: + - name: install docker + apt_key: + keyserver: hkp://p80.pool.sks-keyservers.net:80 + id: 58118E89F3A912897C070ADBF76221572C52609D + - name: add deb repo + apt_repository: + repo: "deb https://apt.dockerproject.org/repo raspbian-jessie main" + filename: docker.list + state: present + - name: apt update + apt: + update_cache: yes + - apt: + name: docker-engine + state: present + - name: add user mod + user: + name: "{{docker_user}}" + append: yes + groups: docker + become: yes + tags: + docker From 799842fd4d59725d347d0fada7d32cda294b29a9 Mon Sep 17 00:00:00 2001 From: Per Abich Date: Wed, 19 Jul 2017 20:19:25 +0100 Subject: [PATCH 06/22] Parametrised the consul UI --- roles/consul/defaults/main.yml | 2 ++ roles/consul/templates/consul.json.j2 | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/roles/consul/defaults/main.yml b/roles/consul/defaults/main.yml index 77521e8..0c5804c 100644 --- a/roles/consul/defaults/main.yml +++ b/roles/consul/defaults/main.yml @@ -25,3 +25,5 @@ consul_cert_file: consul.cert consul_key_file: consul.key consul_do_auth: no + +consul_ui_enabled: no diff --git a/roles/consul/templates/consul.json.j2 b/roles/consul/templates/consul.json.j2 index 2ed5220..a789971 100644 --- a/roles/consul/templates/consul.json.j2 +++ b/roles/consul/templates/consul.json.j2 @@ -6,6 +6,9 @@ "rejoin_after_leave": true, "domain": "{{ consul_dns_domain }}", "recursors" : [ "8.8.8.8" ], +{% if consul_ui_enabled %} + "ui": true, +{% endif %} {% if consul_bootstrap_expect > 1 %} "retry_join": [ {{ consul_retry_join }} ], {% endif %} @@ -23,6 +26,7 @@ "verify_incoming": true, "verify_outgoing": true, {% endif %} + "enable_syslog": true, "data_dir": "/var/lib/consul", "disable_remote_exec": {{ consul_disable_remote_exec }} } From bdea3e0d1948de77bafe7f75c9494abe57295f8b Mon Sep 17 00:00:00 2001 From: Per Abich Date: Wed, 19 Jul 2017 20:19:43 +0100 Subject: [PATCH 07/22] Added nomad syslog option --- roles/nomad/defaults/main.yml | 2 ++ roles/nomad/templates/client.conf.j2 | 3 +++ roles/nomad/templates/server.conf.j2 | 3 +++ 3 files changed, 8 insertions(+) diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml index 99bcec7..32c9928 100644 --- a/roles/nomad/defaults/main.yml +++ b/roles/nomad/defaults/main.yml @@ -7,3 +7,5 @@ nomad_is_server: no nomad_leader_group: baron nomad_bootstrap_expect: "{{ groups[nomad_leader_group] | length }}" nomad_retry_join: ' [{% for host in groups[nomad_leader_group] %}"{{ host }}"{% if not loop.last %}, {% endif %}{% endfor %}]' + +nomad_enable_syslog: yes diff --git a/roles/nomad/templates/client.conf.j2 b/roles/nomad/templates/client.conf.j2 index 11f7a48..c888d21 100644 --- a/roles/nomad/templates/client.conf.j2 +++ b/roles/nomad/templates/client.conf.j2 @@ -5,6 +5,9 @@ datacenter = "{{ nomad_dc }}" name = "{{ ansible_hostname }}.node" log_level = "DEBUG" enable_debug = true +{% if nomad_enable_syslog %} +enable_syslog = true +{% endif %} advertise { # We need to specify our host's IP because we can't diff --git a/roles/nomad/templates/server.conf.j2 b/roles/nomad/templates/server.conf.j2 index 8d434b1..09188e4 100644 --- a/roles/nomad/templates/server.conf.j2 +++ b/roles/nomad/templates/server.conf.j2 @@ -5,6 +5,9 @@ datacenter = "{{ nomad_dc }}" name = "{{ ansible_hostname }}.node" log_level = "DEBUG" enable_debug = true +{% if nomad_enable_syslog %} +enable_syslog = true +{% endif %} advertise { # We need to specify our host's IP because we can't From 3073f540eddf0e90ef340f503679a48f32e5f2b3 Mon Sep 17 00:00:00 2001 From: Per Abich Date: Wed, 19 Jul 2017 20:20:04 +0100 Subject: [PATCH 08/22] Moved to using the unarchive commad also in vault role --- roles/vault/tasks/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/vault/tasks/main.yml b/roles/vault/tasks/main.yml index 9ccaadc..4ea97a0 100644 --- a/roles/vault/tasks/main.yml +++ b/roles/vault/tasks/main.yml @@ -31,7 +31,10 @@ - vault - name: decompress archive - command: "unzip /tmp/vault.zip -d {{ vault_install_path }}/{{ vault_version }}/" + unarchive: + src: /tmp/vault.zip + dest: "{{ vault_install_path }}/{{ vault_version }}/" + copy: no tags: - vault From 7de4f3007d833c6e15881c3bf511ba6545cf1dfa Mon Sep 17 00:00:00 2001 From: Per Abich Date: Wed, 19 Jul 2017 20:20:30 +0100 Subject: [PATCH 09/22] Started using the new roles and possibilities --- inventory.ini | 4 ++-- site.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/inventory.ini b/inventory.ini index 5699620..028518b 100644 --- a/inventory.ini +++ b/inventory.ini @@ -4,15 +4,15 @@ 192.168.0.20 hostname=loki 192.168.0.21 hostname=thor +; run the consul server(s) [consul] 192.168.0.18 -192.168.0.19 -192.168.0.20 ; runs nomad leader, vault and statsd [baron] 192.168.0.18 +; run consul and nomad clients [followers] 192.168.0.19 192.168.0.20 diff --git a/site.yml b/site.yml index 6034c00..1ab9b4a 100755 --- a/site.yml +++ b/site.yml @@ -17,7 +17,7 @@ gather_facts: true remote_user: pi roles: - - { role: consul, consul_is_server: yes, consul_dc: alpha } + - { role: consul, consul_is_server: yes, consul_dc: alpha, consul_bootstrap_expect: "{{ groups['baron'] | length }}", consul_ui_enabled: yes } tags: - consul - consul-servers @@ -27,7 +27,6 @@ gather_facts: true remote_user: pi roles: - - { role: consul, consul_dc: alpha } - { role: vault, vault_datacenter: alpha } - { role: nomad, nomad_is_server: yes, nomad_dc: alpha } # - prometheus @@ -44,7 +43,8 @@ gather_facts: true remote_user: pi roles: - - { role: consul, consul_is_server: yes, consul_dc: alpha } + - { role: docker } + - { role: consul, consul_dc: alpha } - { role: nomad, nomad_dc: alpha } tags: - followers From 5ac7a22c66bcc1c1f5cbf3f09541d4615168be70 Mon Sep 17 00:00:00 2001 From: Per Abich Date: Thu, 20 Jul 2017 22:23:17 +0100 Subject: [PATCH 10/22] starting to abstract the platform --- roles/consul/defaults/main.yml | 19 +++++++++-- roles/consul/tasks/main.yml | 59 +++++++++++++++++++++++++++++++++- 2 files changed, 75 insertions(+), 3 deletions(-) diff --git a/roles/consul/defaults/main.yml b/roles/consul/defaults/main.yml index 0c5804c..d927f87 100644 --- a/roles/consul/defaults/main.yml +++ b/roles/consul/defaults/main.yml @@ -1,7 +1,20 @@ --- -consul_version: "0.8.5" -consul_checksum: "sha256:59d14c76f808a1d41647e2d772ce1fe0d4a522836af238faa4894f7e076b1b03" +consul_version: "{{ lookup('env','CONSUL_VERSION') | default('0.8.1', true) }}" +consul_architecture_map: + # this first entry seems... redundant + #(but it's required for reasons) + amd64: amd64 + x86_64: amd64 + armv7l: arm + aarch64: arm64 +consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}" +consul_os: "{{ ansible_system|lower }}" +consul_pkg: "consul_{{ consul_version }}_{{ consul_os }}_{{ consul_architecture }}.zip" +consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_{{ consul_os }}_{{ consul_architecture }}.zip" +consul_checksum_file_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version}}_SHA256SUMS" consul_install_path: /usr/local/consul +consul_owner: root +consul_group: root consul_dc: dc1 consul_dns_domain: bramble.local consul_bind: "{{ ansible_default_ipv4.address }}" @@ -27,3 +40,5 @@ consul_key_file: consul.key consul_do_auth: no consul_ui_enabled: no + +consul_arch: arm diff --git a/roles/consul/tasks/main.yml b/roles/consul/tasks/main.yml index a01a8ef..1b6d932 100644 --- a/roles/consul/tasks/main.yml +++ b/roles/consul/tasks/main.yml @@ -2,6 +2,63 @@ ############################################################################### ################################# INSTALL ##################################### ############################################################################### +- name: Read package checksum file + local_action: stat path="{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS" + become: no + run_once: true + register: consul_checksum + tags: installation + +- name: Download package checksum file + local_action: get_url url="{{ consul_checksum_file_url }}" dest="{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS" + become: no + run_once: true + tags: installation + when: not consul_checksum.stat.exists | bool + +- name: Read package checksum + local_action: shell grep "{{ consul_pkg }}" "{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS" | awk '{print $1}' + become: no + run_once: true + register: consul_sha256 + tags: installation + +- name: Check Consul package file + local_action: stat path="{{ role_path }}/files/{{ consul_pkg }}" + become: no + run_once: true + register: consul_package + tags: installation + +- name: Download Consul package + local_action: get_url url="{{ consul_zip_url }}" dest="{{ role_path }}/files/{{ consul_pkg }}" checksum="sha256:{{ consul_sha256.stdout }}" timeout="42" + become: no + run_once: true + tags: installation + when: not consul_package.stat.exists | bool + +- name: Unarchive Consul package + local_action: unarchive src="{{ role_path }}/files/{{ consul_pkg }}" dest="{{ role_path }}/files/" creates="{{ role_path }}/files/consul" + become: no + run_once: true + tags: installation + +- name: Install Consul + copy: + src: "{{ role_path }}/files/consul" + dest: "{{ consul_install_path }}/consul" + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + mode: 0755 + tags: installation + +- name: Cleanup + local_action: file path="{{ item }}" state="absent" + become: no + with_fileglob: "{{ role_path }}/files/consul" + run_once: true + tags: installation + - stat: path: "{{ consul_install_path }}/{{ consul_version }}/" register: preexisting @@ -14,7 +71,7 @@ - name: download consul get_url: - url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_arm.zip" + url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_{{consul_arch}}.zip" dest: /tmp/consul.zip mode: 0777 checksum: "{{ consul_checksum }}" From 9405f18ca2e17dc00e101dcf2456052e48821faf Mon Sep 17 00:00:00 2001 From: Per Abich Date: Thu, 20 Jul 2017 23:46:15 +0100 Subject: [PATCH 11/22] Updated .gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index a966695..d889b61 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,5 @@ vault.keys *.log *.retry +*.iml +.idea/ From e1dd6f79fd27da4d733af9a0e3eeff3cc68309d7 Mon Sep 17 00:00:00 2001 From: Per Abich Date: Fri, 21 Jul 2017 00:01:55 +0100 Subject: [PATCH 12/22] Fixing extensions encoding --- .gitattributes | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..df0f9e2 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +bash_aliases text eol=lf +*.sh test eol=lf \ No newline at end of file From 06f89b70a911ac48e9b83657d454f8a0988f7e08 Mon Sep 17 00:00:00 2001 From: Per Abich Date: Fri, 21 Jul 2017 00:02:55 +0100 Subject: [PATCH 13/22] Some more cleanup --- roles/consul/files/consul-destroy-install.sh | 1 + roles/consul/files/consul.service | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/consul/files/consul-destroy-install.sh b/roles/consul/files/consul-destroy-install.sh index f82505b..70ddf7a 100644 --- a/roles/consul/files/consul-destroy-install.sh +++ b/roles/consul/files/consul-destroy-install.sh @@ -3,6 +3,7 @@ set -e sudo systemctl stop consul.service && \ +sudo rm -rf /usr/local/bin/consul && \ sudo rm -rf /usr/local/consul && \ sudo rm -rf /var/lib/consul && \ sudo rm -rf /etc/consul diff --git a/roles/consul/files/consul.service b/roles/consul/files/consul.service index a6416d4..39a7223 100644 --- a/roles/consul/files/consul.service +++ b/roles/consul/files/consul.service @@ -7,7 +7,7 @@ Wants=network-online.target [Service] User=root Group=root -ExecStart=/usr/local/bin/consul agent -client 0.0.0.0 -ui -config-dir=/etc/consul -data-dir=/var/lib/consul -syslog +ExecStart=/usr/local/bin/consul agent -client 0.0.0.0 -config-dir=/etc/consul -data-dir=/var/lib/consul ExecReload=/bin/kill -HUP $MAINPID KillSignal=SIGTERM From 9eb032dbbd1ce7286bd1aea3b619c343b9bb44b4 Mon Sep 17 00:00:00 2001 From: Per Abich Date: Fri, 21 Jul 2017 00:03:51 +0100 Subject: [PATCH 14/22] The main changes. Untested --- roles/consul/defaults/main.yml | 4 +- roles/consul/tasks/main.yml | 103 +++++++++------------------- roles/nomad/defaults/main.yml | 19 +++++- roles/nomad/tasks/main.yml | 118 +++++++++++++++++++-------------- 4 files changed, 118 insertions(+), 126 deletions(-) diff --git a/roles/consul/defaults/main.yml b/roles/consul/defaults/main.yml index d927f87..c3e3183 100644 --- a/roles/consul/defaults/main.yml +++ b/roles/consul/defaults/main.yml @@ -1,5 +1,5 @@ --- -consul_version: "{{ lookup('env','CONSUL_VERSION') | default('0.8.1', true) }}" +consul_version: "{{ lookup('env','CONSUL_VERSION') | default('0.9.0', true) }}" consul_architecture_map: # this first entry seems... redundant #(but it's required for reasons) @@ -12,7 +12,7 @@ consul_os: "{{ ansible_system|lower }}" consul_pkg: "consul_{{ consul_version }}_{{ consul_os }}_{{ consul_architecture }}.zip" consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_{{ consul_os }}_{{ consul_architecture }}.zip" consul_checksum_file_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version}}_SHA256SUMS" -consul_install_path: /usr/local/consul +consul_install_path: /usr/local/bin consul_owner: root consul_group: root consul_dc: dc1 diff --git a/roles/consul/tasks/main.yml b/roles/consul/tasks/main.yml index 1b6d932..e83abda 100644 --- a/roles/consul/tasks/main.yml +++ b/roles/consul/tasks/main.yml @@ -7,13 +7,17 @@ become: no run_once: true register: consul_checksum - tags: installation + tags: + - installation + - consul - name: Download package checksum file local_action: get_url url="{{ consul_checksum_file_url }}" dest="{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS" become: no run_once: true - tags: installation + tags: + - installation + - consul when: not consul_checksum.stat.exists | bool - name: Read package checksum @@ -21,105 +25,57 @@ become: no run_once: true register: consul_sha256 - tags: installation + tags: + - installation + - consul - name: Check Consul package file local_action: stat path="{{ role_path }}/files/{{ consul_pkg }}" become: no run_once: true register: consul_package - tags: installation + tags: + - installation + - consul - name: Download Consul package local_action: get_url url="{{ consul_zip_url }}" dest="{{ role_path }}/files/{{ consul_pkg }}" checksum="sha256:{{ consul_sha256.stdout }}" timeout="42" become: no run_once: true - tags: installation + tags: + - installation + - consul when: not consul_package.stat.exists | bool - name: Unarchive Consul package local_action: unarchive src="{{ role_path }}/files/{{ consul_pkg }}" dest="{{ role_path }}/files/" creates="{{ role_path }}/files/consul" become: no run_once: true - tags: installation + tags: + - installation + - consul - name: Install Consul copy: src: "{{ role_path }}/files/consul" dest: "{{ consul_install_path }}/consul" - owner: "{{ consul_user }}" + owner: "{{ consul_owner }}" group: "{{ consul_group }}" mode: 0755 - tags: installation + become: yes + tags: + - installation + - consul - name: Cleanup local_action: file path="{{ item }}" state="absent" become: no with_fileglob: "{{ role_path }}/files/consul" run_once: true - tags: installation - -- stat: - path: "{{ consul_install_path }}/{{ consul_version }}/" - register: preexisting - tags: + tags: + - installation - consul -# - debug: var=preexisting - -- block: - - - name: download consul - get_url: - url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_{{consul_arch}}.zip" - dest: /tmp/consul.zip - mode: 0777 - checksum: "{{ consul_checksum }}" - tags: - - consul - - - name: create the install paths - file: - path: "{{ item }}" - state: directory - mode: 0755 - with_items: - - "{{ consul_install_path }}/{{ consul_version }}" - - /etc/consul - tags: - - consul - - - name: decompress archive - unarchive: - src: /tmp/consul.zip - dest: "{{ consul_install_path }}/{{ consul_version }}/" - copy: no - tags: - - consul - - - name: link the versioned consul to the local bin - file: - src: "{{ consul_install_path }}/{{ consul_version }}/consul" - dest: /usr/local/bin/consul - owner: root - group: root - state: link - tags: - - consul - - - name: remove the temp archives - file: - path: "{{ item }}" - state: absent - with_items: - - /tmp/consul.zip - tags: - - consul - - become: true - become_user: root - when: preexisting.stat.exists != true - ############################################################################### ################################ CONFIGURE #################################### ############################################################################### @@ -146,7 +102,7 @@ copy: src: "{{ item.src }}" dest: "{{ item.dest }}" - mode: u=rwx,g=rx,o=rx + mode: 0755 with_items: - src: consul-wait-for-leader.sh dest: /usr/local/bin @@ -170,6 +126,13 @@ tags: - consul + - name: Create config folder + file: + path: /etc/consul + state: directory + mode: 0755 + tags: + - consul - name: configure consul template: src: "{{ item.src }}" diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml index 32c9928..3461ecb 100644 --- a/roles/nomad/defaults/main.yml +++ b/roles/nomad/defaults/main.yml @@ -1,7 +1,20 @@ --- -nomad_version: "0.5.6" -nomad_checksum: "sha256:a4fe93f95e4c53b23b8feb2a714565cf97025b2df6669f1a1558fc664fcd4993" -nomad_install_path: /usr/local/nomad +nomad_version: "{{ lookup('env','CONSUL_VERSION') | default('0.5.6', true) }}" +nomad_architecture_map: + # this first entry seems... redundant + #(but it's required for reasons) + amd64: amd64 + x86_64: amd64 + armv7l: arm + aarch64: arm64 +nomad_architecture: "{{ nomad_architecture_map[ansible_architecture] }}" +nomad_os: "{{ ansible_system|lower }}" +nomad_pkg: "nomad_{{ nomad_version }}_{{ nomad_os }}_{{ nomad_architecture }}.zip" +nomad_zip_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_{{ nomad_os }}_{{ nomad_architecture }}.zip" +nomad_checksum_file_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version}}_SHA256SUMS" +nomad_install_path: /usr/local/bin +nomad_owner: root +nomad_group: root nomad_dc: dc1 nomad_is_server: no nomad_leader_group: baron diff --git a/roles/nomad/tasks/main.yml b/roles/nomad/tasks/main.yml index 3f5a544..ce579a2 100644 --- a/roles/nomad/tasks/main.yml +++ b/roles/nomad/tasks/main.yml @@ -2,66 +2,82 @@ ############################################################################### ################################# INSTALL ##################################### ############################################################################### -- stat: - path: "{{ nomad_install_path }}/{{ nomad_version }}/" - register: preexisting +- name: Read package checksum file + local_action: stat path="{{ role_path }}/files/nomad_{{ nomad_version }}_SHA256SUMS" + become: no + run_once: true + register: nomad_checksum tags: + - installation - nomad -- block: - - - name: download nomad - get_url: - url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_arm.zip" - dest: /tmp/nomad.zip - mode: 0777 - checksum: "{{ nomad_checksum }}" - tags: - - nomad +- name: Download package checksum file + local_action: get_url url="{{ nomad_checksum_file_url }}" dest="{{ role_path }}/files/nomad_{{ nomad_version }}_SHA256SUMS" + become: no + run_once: true + tags: + - installation + - nomad + when: not nomad_checksum.stat.exists | bool - - name: create the install paths - file: - path: "{{ item }}" - state: directory - mode: 0755 - with_items: - - "{{ nomad_install_path }}/{{ nomad_version }}" - - /var/lib/nomad - - /etc/nomad - tags: - - nomad +- name: Read package checksum + local_action: shell grep "{{ nomad_pkg }}" "{{ role_path }}/files/nomad_{{ nomad_version }}_SHA256SUMS" | awk '{print $1}' + become: no + run_once: true + register: nomad_sha256 + tags: + - installation + - nomad - - name: decompress archive - unarchive: - src: /tmp/nomad.zip - dest: "{{ nomad_install_path }}/{{ nomad_version }}/" - copy: no - tags: - - nomad +- name: Check Nomad package file + local_action: stat path="{{ role_path }}/files/{{ nomad_pkg }}" + become: no + run_once: true + register: nomad_package + tags: + - installation + - nomad - - name: link the versioned nomad to the local bin - file: - src: "{{ nomad_install_path }}/{{ nomad_version }}/nomad" - dest: /usr/local/bin/nomad - owner: root - group: root - state: link - tags: - - nomad +- name: Download Nomad package + local_action: get_url url="{{ nomad_zip_url }}" dest="{{ role_path }}/files/{{ nomad_pkg }}" checksum="sha256:{{ nomad_sha256.stdout }}" timeout="42" + become: no + run_once: true + tags: + - installation + - nomad + when: not nomad_package.stat.exists | bool - - name: remove the temp archives - file: - path: "{{ item }}" - state: absent - with_items: - - /tmp/nomad.zip - tags: - - nomad +- name: Unarchive Nomad package + local_action: unarchive src="{{ role_path }}/files/{{ nomad_pkg }}" dest="{{ role_path }}/files/" creates="{{ role_path }}/files/nomad" + become: no + run_once: true + tags: + - installation + - nomad - become: true - become_user: root - when: preexisting.stat.exists != true +- name: Install Nomad + copy: + src: "{{ role_path }}/files/nomad" + dest: "{{ nomad_install_path }}/nomad" + owner: "{{ nomad_user }}" + group: "{{ nomad_group }}" + mode: 0755 + become: yes + tags: + - installation + - nomad +- name: Cleanup + local_action: file path="{{ item }}" state="absent" + become: no + with_fileglob: "{{ role_path }}/files/nomad" + run_once: true + tags: + - installation + - nomad +####################################################### +############# CONFIG ############################### +####################################################### - block: - name: setup nomad server config template: From a712e3133aae6d438b3e9db749bae1790767d8d3 Mon Sep 17 00:00:00 2001 From: Per Abich Date: Fri, 21 Jul 2017 06:51:21 +0100 Subject: [PATCH 15/22] Bug fixing --- roles/consul/handlers/main.yml | 2 +- roles/nomad/defaults/main.yml | 2 +- roles/nomad/tasks/main.yml | 2 +- roles/vault/defaults/main.yml | 20 +++++- roles/vault/tasks/main.yml | 113 +++++++++++++++++++-------------- 5 files changed, 85 insertions(+), 54 deletions(-) diff --git a/roles/consul/handlers/main.yml b/roles/consul/handlers/main.yml index 5339de3..5b192d2 100644 --- a/roles/consul/handlers/main.yml +++ b/roles/consul/handlers/main.yml @@ -6,4 +6,4 @@ service: name: consul enabled: yes - state: restarted + state: reloaded diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml index 3461ecb..96ce217 100644 --- a/roles/nomad/defaults/main.yml +++ b/roles/nomad/defaults/main.yml @@ -1,5 +1,5 @@ --- -nomad_version: "{{ lookup('env','CONSUL_VERSION') | default('0.5.6', true) }}" +nomad_version: "{{ lookup('env','NOMAD_VERSION') | default('0.5.6', true) }}" nomad_architecture_map: # this first entry seems... redundant #(but it's required for reasons) diff --git a/roles/nomad/tasks/main.yml b/roles/nomad/tasks/main.yml index ce579a2..e78f6aa 100644 --- a/roles/nomad/tasks/main.yml +++ b/roles/nomad/tasks/main.yml @@ -59,7 +59,7 @@ copy: src: "{{ role_path }}/files/nomad" dest: "{{ nomad_install_path }}/nomad" - owner: "{{ nomad_user }}" + owner: "{{ nomad_owner }}" group: "{{ nomad_group }}" mode: 0755 become: yes diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml index 75e97c9..e5daaca 100644 --- a/roles/vault/defaults/main.yml +++ b/roles/vault/defaults/main.yml @@ -1,5 +1,19 @@ --- -vault_version: "0.7.3" -vault_checksum: "sha256:d45655f5ccdab762ad37f1efcdfc859f15a09e6ff839a2ba2f2484c173e8903b" -vault_install_path: /usr/local/vault/ +vault_version: "{{ lookup('env','VAULT_VERSION') | default('0.7.3', true) }}" +vault_architecture_map: + # this first entry seems... redundant + #(but it's required for reasons) + amd64: amd64 + x86_64: amd64 + armv7l: arm + aarch64: arm64 +vault_architecture: "{{ vault_architecture_map[ansible_architecture] }}" +vault_os: "{{ ansible_system|lower }}" +vault_pkg: "vault_{{ vault_version }}_{{ vault_os }}_{{ vault_architecture }}.zip" +vault_zip_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_{{ vault_os }}_{{ vault_architecture }}.zip" +vault_checksum_file_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version}}_SHA256SUMS" +vault_install_path: /usr/local/bin vault_datacenter: dc1 + +vault_owner: root +vault_group: root \ No newline at end of file diff --git a/roles/vault/tasks/main.yml b/roles/vault/tasks/main.yml index 4ea97a0..6cb065e 100644 --- a/roles/vault/tasks/main.yml +++ b/roles/vault/tasks/main.yml @@ -2,63 +2,80 @@ ############################################################################### ################################# INSTALL ##################################### ############################################################################### - -- stat: - path: "{{ vault_install_path }}/{{ vault_version }}" - register: preexisting +- name: Read package checksum file + local_action: stat path="{{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS" + become: no + run_once: true + register: vault_checksum tags: + - installation - vault -# - debug: var=preexisting - -- block: - - - name: download vault - get_url: - url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_arm.zip" - dest: /tmp/vault.zip - mode: 0777 - checksum: "{{ vault_checksum }}" - tags: - - vault +- name: Download package checksum file + local_action: get_url url="{{ vault_checksum_file_url }}" dest="{{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS" validate_certs=no + become: no + run_once: true + tags: + - installation + - vault + when: not vault_checksum.stat.exists | bool - - name: create the install path - file: - path: "{{ vault_install_path }}/{{ vault_version }}/" - state: directory - mode: 0755 - tags: - - vault +- name: Read package checksum + local_action: shell grep "{{ vault_pkg }}" "{{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS" | awk '{print $1}' + become: no + run_once: true + register: vault_sha256 + tags: + - installation + - vault - - name: decompress archive - unarchive: - src: /tmp/vault.zip - dest: "{{ vault_install_path }}/{{ vault_version }}/" - copy: no - tags: - - vault +- name: Check Vault package file + local_action: stat path="{{ role_path }}/files/{{ vault_pkg }}" + become: no + run_once: true + register: vault_package + tags: + - installation + - vault - - name: remove the tempoary install archive - file: - path: /tmp/vault.zip - state: absent - tags: - - vault +- name: Download Vault package + local_action: get_url url="{{ vault_zip_url }}" dest="{{ role_path }}/files/{{ vault_pkg }}" checksum="sha256:{{ vault_sha256.stdout }}" timeout="42" validate_certs=no + become: no + run_once: true + tags: + - installation + - vault + when: not vault_package.stat.exists | bool - - name: link the versioned binary to the local bin - file: - src: "{{ vault_install_path }}/{{ vault_version }}/vault" - dest: /usr/local/bin/vault - owner: root - group: root - state: link - tags: - - vault +- name: Unarchive Vault package + local_action: unarchive src="{{ role_path }}/files/{{ vault_pkg }}" dest="{{ role_path }}/files/" creates="{{ role_path }}/files/vault" + become: no + run_once: true + tags: + - installation + - vault - become: true - become_user: root - when: preexisting.stat.exists != true +- name: Install Vault + copy: + src: "{{ role_path }}/files/vault" + dest: "{{ vault_install_path }}/vault" + owner: "{{ vault_owner }}" + group: "{{ vault_group }}" + mode: 0755 + become: yes + tags: + - installation + - vault +- name: Cleanup + local_action: file path="{{ item }}" state="absent" + become: no + with_fileglob: "{{ role_path }}/files/vault" + run_once: true + tags: + - installation + - vault + ############################################################################### ################################ CONFIGURE #################################### ############################################################################### From c789504460cbeed65509044cfb02fd986ab48954 Mon Sep 17 00:00:00 2001 From: Per Abich Date: Fri, 21 Jul 2017 07:21:44 +0100 Subject: [PATCH 16/22] Added docker repo for normal debian distros --- roles/docker/tasks/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 15997ac..a432506 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -9,6 +9,15 @@ repo: "deb https://apt.dockerproject.org/repo raspbian-jessie main" filename: docker.list state: present + when: ansible_architecture == 'armv7l' + + - name: add deb repo + apt_repository: + repo: "deb https://apt.dockerproject.org/repo debian-jessie main" + filename: docker.list + state: present + when: ansible_architecture == 'amd64' || ansible_architecture == 'x86_64' + - name: apt update apt: update_cache: yes From 575c9d3e8a887875b732cf1ec6db07aa981528ae Mon Sep 17 00:00:00 2001 From: Per Abich Date: Fri, 21 Jul 2017 07:33:17 +0100 Subject: [PATCH 17/22] Added docker repo for normal debian distros --- roles/docker/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index a432506..afd0378 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -30,5 +30,6 @@ append: yes groups: docker become: yes + when: ansible_distribution == 'Debian' tags: docker From 7645c47aab34d08fb76dae3dabb3e16e29f80654 Mon Sep 17 00:00:00 2001 From: Per Abich Date: Fri, 21 Jul 2017 14:38:55 +0100 Subject: [PATCH 18/22] Reworking the attributes to make sure windows hosts can run this plan as well --- .gitattributes | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitattributes b/.gitattributes index df0f9e2..285fc8c 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,2 @@ -bash_aliases text eol=lf -*.sh test eol=lf \ No newline at end of file +* text eol=lf +*.zip -text From c9d9275d7b61623b918533f58f5841d63cebf54e Mon Sep 17 00:00:00 2001 From: Per Abich Date: Fri, 21 Jul 2017 15:25:08 +0100 Subject: [PATCH 19/22] Moved the config files that make the consul agent a server to their own file --- roles/consul/tasks/configure.yml | 105 ++++++++++++++++ roles/consul/tasks/install.yml | 76 +++++++++++ roles/consul/tasks/main.yml | 174 +------------------------- roles/consul/templates/consul.json.j2 | 4 - roles/consul/templates/server.json.j2 | 4 + 5 files changed, 187 insertions(+), 176 deletions(-) create mode 100644 roles/consul/tasks/configure.yml create mode 100644 roles/consul/tasks/install.yml create mode 100644 roles/consul/templates/server.json.j2 diff --git a/roles/consul/tasks/configure.yml b/roles/consul/tasks/configure.yml new file mode 100644 index 0000000..a1de318 --- /dev/null +++ b/roles/consul/tasks/configure.yml @@ -0,0 +1,105 @@ +############################################################################### +################################ CONFIGURE #################################### +############################################################################### + +- block: + # - name: deploy tls files + # copy: + # src: "{{ item.src }}" + # dest: "{{ item.dest }}" + # with_items: + # - src: etc/consul/ssl/cacert.pem + # dest: /etc/consul/ssl/{{ consul_ca_file }} + # - src: etc/consul/ssl/certs/consul.cert.pem + # dest: /etc/consul/ssl/{{ consul_cert_file }} + # - src: etc/consul/ssl/private/consul.key.pem + # dest: /etc/consul/ssl/{{ consul_key_file }} + # when: consul_do_ssl + # notify: + # - restart consul + # tags: + # - consul + + - name: install consul scripts + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0755 + with_items: + - src: consul-wait-for-leader.sh + dest: /usr/local/bin + - src: consul-destroy-install.sh + dest: /usr/local/bin + tags: + - consul + + - name: configure for systemd + copy: + src: consul.service + dest: "{{ systemd_dir }}/consul.service" + mode: 644 + tags: + - consul + - name: reload systemd + systemd: + daemon_reload: yes + name: consul.service + state: restarted + tags: + - consul + + - name: Create config folder + file: + path: /etc/consul + state: directory + mode: 0755 + tags: + - consul + - name: configure consul + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: u=rw,g=r,o=r + with_items: + - src: consul.json.j2 + dest: /etc/consul/consul.json + notify: + - restart consul + tags: + - consul + - name: Generate server config + template: + src: server.json.j2 + dest: /etc/consul/server.json + mode: 644 + when: consul_is_server == yes + notify: + - restart consul + tags: + -consul + + - name: enable consul + service: + name: consul + enabled: yes + state: started + tags: + - consul + + become: yes + become_user: root + +- pause: + seconds: 3 + +- name: join cluster of consul-dcs + command: "/usr/local/bin/consul join {{ groups['consul'] | random }}" + run_once: yes + tags: + - consul + +- name: wait for leader + command: /usr/local/bin/consul-wait-for-leader.sh + register: leader_status + tags: + - consul diff --git a/roles/consul/tasks/install.yml b/roles/consul/tasks/install.yml new file mode 100644 index 0000000..e678e15 --- /dev/null +++ b/roles/consul/tasks/install.yml @@ -0,0 +1,76 @@ +############################################################################### +################################# INSTALL ##################################### +############################################################################### +- name: Read package checksum file + local_action: stat path="{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS" + become: no + run_once: true + register: consul_checksum + tags: + - installation + - consul + +- name: Download package checksum file + local_action: get_url url="{{ consul_checksum_file_url }}" dest="{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS" + become: no + run_once: true + tags: + - installation + - consul + when: not consul_checksum.stat.exists | bool + +- name: Read package checksum + local_action: shell grep "{{ consul_pkg }}" "{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS" | awk '{print $1}' + become: no + run_once: true + register: consul_sha256 + tags: + - installation + - consul + +- name: Check Consul package file + local_action: stat path="{{ role_path }}/files/{{ consul_pkg }}" + become: no + run_once: true + register: consul_package + tags: + - installation + - consul + +- name: Download Consul package + local_action: get_url url="{{ consul_zip_url }}" dest="{{ role_path }}/files/{{ consul_pkg }}" checksum="sha256:{{ consul_sha256.stdout }}" timeout="42" + become: no + run_once: true + tags: + - installation + - consul + when: not consul_package.stat.exists | bool + +- name: Unarchive Consul package + local_action: unarchive src="{{ role_path }}/files/{{ consul_pkg }}" dest="{{ role_path }}/files/" creates="{{ role_path }}/files/consul" + become: no + run_once: true + tags: + - installation + - consul + +- name: Install Consul + copy: + src: "{{ role_path }}/files/consul" + dest: "{{ consul_install_path }}/consul" + owner: "{{ consul_owner }}" + group: "{{ consul_group }}" + mode: 0755 + become: yes + tags: + - installation + - consul + +- name: Cleanup + local_action: file path="{{ item }}" state="absent" + become: no + with_fileglob: "{{ role_path }}/files/consul" + run_once: true + tags: + - installation + - consul diff --git a/roles/consul/tasks/main.yml b/roles/consul/tasks/main.yml index e83abda..fdb17cf 100644 --- a/roles/consul/tasks/main.yml +++ b/roles/consul/tasks/main.yml @@ -1,173 +1,3 @@ --- -############################################################################### -################################# INSTALL ##################################### -############################################################################### -- name: Read package checksum file - local_action: stat path="{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS" - become: no - run_once: true - register: consul_checksum - tags: - - installation - - consul - -- name: Download package checksum file - local_action: get_url url="{{ consul_checksum_file_url }}" dest="{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS" - become: no - run_once: true - tags: - - installation - - consul - when: not consul_checksum.stat.exists | bool - -- name: Read package checksum - local_action: shell grep "{{ consul_pkg }}" "{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS" | awk '{print $1}' - become: no - run_once: true - register: consul_sha256 - tags: - - installation - - consul - -- name: Check Consul package file - local_action: stat path="{{ role_path }}/files/{{ consul_pkg }}" - become: no - run_once: true - register: consul_package - tags: - - installation - - consul - -- name: Download Consul package - local_action: get_url url="{{ consul_zip_url }}" dest="{{ role_path }}/files/{{ consul_pkg }}" checksum="sha256:{{ consul_sha256.stdout }}" timeout="42" - become: no - run_once: true - tags: - - installation - - consul - when: not consul_package.stat.exists | bool - -- name: Unarchive Consul package - local_action: unarchive src="{{ role_path }}/files/{{ consul_pkg }}" dest="{{ role_path }}/files/" creates="{{ role_path }}/files/consul" - become: no - run_once: true - tags: - - installation - - consul - -- name: Install Consul - copy: - src: "{{ role_path }}/files/consul" - dest: "{{ consul_install_path }}/consul" - owner: "{{ consul_owner }}" - group: "{{ consul_group }}" - mode: 0755 - become: yes - tags: - - installation - - consul - -- name: Cleanup - local_action: file path="{{ item }}" state="absent" - become: no - with_fileglob: "{{ role_path }}/files/consul" - run_once: true - tags: - - installation - - consul - -############################################################################### -################################ CONFIGURE #################################### -############################################################################### - -- block: - # - name: deploy tls files - # copy: - # src: "{{ item.src }}" - # dest: "{{ item.dest }}" - # with_items: - # - src: etc/consul/ssl/cacert.pem - # dest: /etc/consul/ssl/{{ consul_ca_file }} - # - src: etc/consul/ssl/certs/consul.cert.pem - # dest: /etc/consul/ssl/{{ consul_cert_file }} - # - src: etc/consul/ssl/private/consul.key.pem - # dest: /etc/consul/ssl/{{ consul_key_file }} - # when: consul_do_ssl - # notify: - # - restart consul - # tags: - # - consul - - - name: install consul scripts - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: 0755 - with_items: - - src: consul-wait-for-leader.sh - dest: /usr/local/bin - - src: consul-destroy-install.sh - dest: /usr/local/bin - tags: - - consul - - - name: configure for systemd - copy: - src: consul.service - dest: "{{ systemd_dir }}/consul.service" - mode: 644 - tags: - - consul - - name: reload systemd - systemd: - daemon_reload: yes - name: consul.service - state: restarted - tags: - - consul - - - name: Create config folder - file: - path: /etc/consul - state: directory - mode: 0755 - tags: - - consul - - name: configure consul - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: u=rw,g=r,o=r - with_items: - - src: consul.json.j2 - dest: /etc/consul/consul.json - notify: - - restart consul - tags: - - consul - - - name: enable consul - service: - name: consul - enabled: yes - state: started - tags: - - consul - - become: yes - become_user: root - -- pause: - seconds: 3 - -- name: join cluster of consul-dcs - command: "/usr/local/bin/consul join {{ groups['consul'] | random }}" - run_once: yes - tags: - - consul - -- name: wait for leader - command: /usr/local/bin/consul-wait-for-leader.sh - register: leader_status - tags: - - consul +- include: install.yml +- include: configure.yml diff --git a/roles/consul/templates/consul.json.j2 b/roles/consul/templates/consul.json.j2 index a789971..1b6540c 100644 --- a/roles/consul/templates/consul.json.j2 +++ b/roles/consul/templates/consul.json.j2 @@ -12,10 +12,6 @@ {% if consul_bootstrap_expect > 1 %} "retry_join": [ {{ consul_retry_join }} ], {% endif %} -{% if consul_is_server %} - "server": true, - "bootstrap_expect": {{ consul_bootstrap_expect }}, -{% endif %} {% if consul_gossip_key is defined %} "encrypt": "{{ consul_gossip_key }}", {% endif %} diff --git a/roles/consul/templates/server.json.j2 b/roles/consul/templates/server.json.j2 new file mode 100644 index 0000000..815e976 --- /dev/null +++ b/roles/consul/templates/server.json.j2 @@ -0,0 +1,4 @@ +{ + "server": true, + "bootstrap_expect": {{ consul_bootstrap_expect }} +} From a87e15a891694d06cd00bdc7d5e1de23f3cf735d Mon Sep 17 00:00:00 2001 From: Per Abich Date: Sun, 23 Jul 2017 10:29:41 +0100 Subject: [PATCH 20/22] Fixing vault setup --- bootstrap.yml | 2 +- inventory.ini | 2 + roles/consul/defaults/main.yml | 2 +- roles/consul/files/consul.service | 2 +- roles/consul/handlers/main.yml | 7 +- roles/consul/tasks/configure.yml | 8 +- roles/consul/tasks/install.yml | 9 +- roles/consul/tasks/restart.yml | 15 +++ roles/consul/templates/consul.json.j2 | 1 + roles/docker/tasks/main.yml | 3 +- roles/{users => ssh-key}/tasks/main.yml | 0 roles/utils/tasks/main.yml | 3 +- roles/vault/tasks/config.yml | 46 +++++++ roles/vault/tasks/install.yml | 77 +++++++++++ roles/vault/tasks/main.yml | 125 +----------------- roles/vault/{files => templates}/vault.config | 0 site.yml | 4 +- 17 files changed, 164 insertions(+), 142 deletions(-) create mode 100644 roles/consul/tasks/restart.yml rename roles/{users => ssh-key}/tasks/main.yml (100%) create mode 100644 roles/vault/tasks/config.yml create mode 100644 roles/vault/tasks/install.yml rename roles/vault/{files => templates}/vault.config (100%) diff --git a/bootstrap.yml b/bootstrap.yml index 5c910fe..7f3d2a2 100755 --- a/bootstrap.yml +++ b/bootstrap.yml @@ -7,7 +7,7 @@ hosts: - bramble roles: - - users + - ssh-key - shell tasks: diff --git a/inventory.ini b/inventory.ini index 028518b..d5cb303 100644 --- a/inventory.ini +++ b/inventory.ini @@ -7,6 +7,8 @@ ; run the consul server(s) [consul] 192.168.0.18 +192.168.0.19 +192.168.0.20 ; runs nomad leader, vault and statsd [baron] diff --git a/roles/consul/defaults/main.yml b/roles/consul/defaults/main.yml index c3e3183..683983e 100644 --- a/roles/consul/defaults/main.yml +++ b/roles/consul/defaults/main.yml @@ -23,7 +23,7 @@ consul_advertise: "{{ ansible_default_ipv4.address }}" consul_is_server: no consul_retry_join: "{% for host in groups['consul'] %}\"{{ host }}\"{% if not loop.last %}, {% endif %}{% endfor %}" consul_bootstrap_expect: 3 -consul_disable_remote_exec: "true" +consul_disable_remote_exec: "false" consul_do_acl: no consul_acl_master_token: "42baab74-b9e1-11e6-8370-c7a88ede55d0" diff --git a/roles/consul/files/consul.service b/roles/consul/files/consul.service index 39a7223..c2d3efe 100644 --- a/roles/consul/files/consul.service +++ b/roles/consul/files/consul.service @@ -7,7 +7,7 @@ Wants=network-online.target [Service] User=root Group=root -ExecStart=/usr/local/bin/consul agent -client 0.0.0.0 -config-dir=/etc/consul -data-dir=/var/lib/consul +ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul ExecReload=/bin/kill -HUP $MAINPID KillSignal=SIGTERM diff --git a/roles/consul/handlers/main.yml b/roles/consul/handlers/main.yml index 5b192d2..4472cd2 100644 --- a/roles/consul/handlers/main.yml +++ b/roles/consul/handlers/main.yml @@ -1,9 +1,4 @@ --- - name: restart consul - become: yes - become_user: root - service: - name: consul - enabled: yes - state: reloaded + include: restart.yml diff --git a/roles/consul/tasks/configure.yml b/roles/consul/tasks/configure.yml index a1de318..f3e675c 100644 --- a/roles/consul/tasks/configure.yml +++ b/roles/consul/tasks/configure.yml @@ -55,6 +55,7 @@ mode: 0755 tags: - consul + - name: configure consul template: src: "{{ item.src }}" @@ -67,16 +68,17 @@ - restart consul tags: - consul + - name: Generate server config template: src: server.json.j2 dest: /etc/consul/server.json - mode: 644 - when: consul_is_server == yes + mode: u=rw,g=r,o=r + when: consul_is_server notify: - restart consul tags: - -consul + - consul - name: enable consul service: diff --git a/roles/consul/tasks/install.yml b/roles/consul/tasks/install.yml index e678e15..03826ad 100644 --- a/roles/consul/tasks/install.yml +++ b/roles/consul/tasks/install.yml @@ -55,12 +55,13 @@ - consul - name: Install Consul - copy: - src: "{{ role_path }}/files/consul" - dest: "{{ consul_install_path }}/consul" + unarchive: +# src: "{{ role_path }}/files/consul" + src: "{{ consul_pkg }}" + dest: "{{ consul_install_path }}" owner: "{{ consul_owner }}" group: "{{ consul_group }}" - mode: 0755 +# mode: 0755 become: yes tags: - installation diff --git a/roles/consul/tasks/restart.yml b/roles/consul/tasks/restart.yml new file mode 100644 index 0000000..29ed2e0 --- /dev/null +++ b/roles/consul/tasks/restart.yml @@ -0,0 +1,15 @@ +--- +#- name: stop vault +# become: yes +# become_user: root +# service: +# name: vault +# state: stopped +# +- name: reload consul + become: yes + become_user: root + service: + name: consul + enabled: yes + state: reloaded \ No newline at end of file diff --git a/roles/consul/templates/consul.json.j2 b/roles/consul/templates/consul.json.j2 index 1b6540c..56c06f9 100644 --- a/roles/consul/templates/consul.json.j2 +++ b/roles/consul/templates/consul.json.j2 @@ -5,6 +5,7 @@ "node_name": "{{ ansible_hostname }}", "rejoin_after_leave": true, "domain": "{{ consul_dns_domain }}", + "client_addr": "0.0.0.0", "recursors" : [ "8.8.8.8" ], {% if consul_ui_enabled %} "ui": true, diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index afd0378..56386d6 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -4,6 +4,7 @@ apt_key: keyserver: hkp://p80.pool.sks-keyservers.net:80 id: 58118E89F3A912897C070ADBF76221572C52609D + - name: add deb repo apt_repository: repo: "deb https://apt.dockerproject.org/repo raspbian-jessie main" @@ -16,7 +17,7 @@ repo: "deb https://apt.dockerproject.org/repo debian-jessie main" filename: docker.list state: present - when: ansible_architecture == 'amd64' || ansible_architecture == 'x86_64' + when: ansible_architecture == 'amd64' or ansible_architecture == 'x86_64' - name: apt update apt: diff --git a/roles/users/tasks/main.yml b/roles/ssh-key/tasks/main.yml similarity index 100% rename from roles/users/tasks/main.yml rename to roles/ssh-key/tasks/main.yml diff --git a/roles/utils/tasks/main.yml b/roles/utils/tasks/main.yml index b66f0b3..8d7c2e2 100644 --- a/roles/utils/tasks/main.yml +++ b/roles/utils/tasks/main.yml @@ -7,7 +7,8 @@ tags: - utils -- apt: +- name: Install tools + apt: name: htop,dnsutils,telnet,vim update_cache: yes tags: diff --git a/roles/vault/tasks/config.yml b/roles/vault/tasks/config.yml new file mode 100644 index 0000000..ff385da --- /dev/null +++ b/roles/vault/tasks/config.yml @@ -0,0 +1,46 @@ +############################################################################### +################################ CONFIGURE #################################### +############################################################################### + +- block: + - name: configure vault for systemd + copy: + src: vault.service + dest: "{{ systemd_dir }}/vault.service" + mode: 644 + tags: + - vault + - name: reload systemd + systemd: + daemon_reload: yes + name: vault.service + state: restarted + tags: + - vault + - name: configure vault + template: + src: vault.config + dest: /etc/vault.config + mode: 600 + notify: restart vault + tags: + - vault + +# - name: register vault with consul +# template: +# src: vault-consul.json.j2 +# dest: /etc/consul/vault-consul.json +# mode: 0644 +# tags: +# - vault + + - name: enable vault + service: + name: vault + enabled: yes + state: started + tags: + - vault + + become: yes + become_user: root diff --git a/roles/vault/tasks/install.yml b/roles/vault/tasks/install.yml new file mode 100644 index 0000000..e4b17a5 --- /dev/null +++ b/roles/vault/tasks/install.yml @@ -0,0 +1,77 @@ +############################################################################### +################################# INSTALL ##################################### +############################################################################### +- name: Read package checksum file + local_action: stat path="{{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS" + become: no + run_once: true + register: vault_checksum + tags: + - installation + - vault + +- name: Download package checksum file + local_action: get_url url="{{ vault_checksum_file_url }}" dest="{{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS" validate_certs=no + become: no + run_once: true + tags: + - installation + - vault + when: not vault_checksum.stat.exists | bool + +- name: Read package checksum + local_action: shell grep "{{ vault_pkg }}" "{{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS" | awk '{print $1}' + become: no + run_once: true + register: vault_sha256 + tags: + - installation + - vault + +- name: Check Vault package file + local_action: stat path="{{ role_path }}/files/{{ vault_pkg }}" + become: no + run_once: true + register: vault_package + tags: + - installation + - vault + +- name: Download Vault package + local_action: get_url url="{{ vault_zip_url }}" dest="{{ role_path }}/files/{{ vault_pkg }}" checksum="sha256:{{ vault_sha256.stdout }}" timeout="42" validate_certs=no + become: no + run_once: true + tags: + - installation + - vault + when: not vault_package.stat.exists | bool + +- name: Unarchive Vault package + local_action: unarchive src="{{ role_path }}/files/{{ vault_pkg }}" dest="{{ role_path }}/files/" creates="{{ role_path }}/files/vault" + become: no + run_once: true + tags: + - installation + - vault + +- name: Install Vault + copy: + src: "{{ role_path }}/files/vault" + dest: "{{ vault_install_path }}/vault" + owner: "{{ vault_owner }}" + group: "{{ vault_group }}" + mode: 0755 + become: yes + tags: + - installation + - vault + +- name: Cleanup + local_action: file path="{{ item }}" state="absent" + become: no + with_fileglob: "{{ role_path }}/files/vault" + run_once: true + tags: + - installation + - vault + diff --git a/roles/vault/tasks/main.yml b/roles/vault/tasks/main.yml index 6cb065e..8570db6 100644 --- a/roles/vault/tasks/main.yml +++ b/roles/vault/tasks/main.yml @@ -1,124 +1,3 @@ --- -############################################################################### -################################# INSTALL ##################################### -############################################################################### -- name: Read package checksum file - local_action: stat path="{{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS" - become: no - run_once: true - register: vault_checksum - tags: - - installation - - vault - -- name: Download package checksum file - local_action: get_url url="{{ vault_checksum_file_url }}" dest="{{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS" validate_certs=no - become: no - run_once: true - tags: - - installation - - vault - when: not vault_checksum.stat.exists | bool - -- name: Read package checksum - local_action: shell grep "{{ vault_pkg }}" "{{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS" | awk '{print $1}' - become: no - run_once: true - register: vault_sha256 - tags: - - installation - - vault - -- name: Check Vault package file - local_action: stat path="{{ role_path }}/files/{{ vault_pkg }}" - become: no - run_once: true - register: vault_package - tags: - - installation - - vault - -- name: Download Vault package - local_action: get_url url="{{ vault_zip_url }}" dest="{{ role_path }}/files/{{ vault_pkg }}" checksum="sha256:{{ vault_sha256.stdout }}" timeout="42" validate_certs=no - become: no - run_once: true - tags: - - installation - - vault - when: not vault_package.stat.exists | bool - -- name: Unarchive Vault package - local_action: unarchive src="{{ role_path }}/files/{{ vault_pkg }}" dest="{{ role_path }}/files/" creates="{{ role_path }}/files/vault" - become: no - run_once: true - tags: - - installation - - vault - -- name: Install Vault - copy: - src: "{{ role_path }}/files/vault" - dest: "{{ vault_install_path }}/vault" - owner: "{{ vault_owner }}" - group: "{{ vault_group }}" - mode: 0755 - become: yes - tags: - - installation - - vault - -- name: Cleanup - local_action: file path="{{ item }}" state="absent" - become: no - with_fileglob: "{{ role_path }}/files/vault" - run_once: true - tags: - - installation - - vault - -############################################################################### -################################ CONFIGURE #################################### -############################################################################### - -- block: - - name: configure vault for systemd - copy: - src: vault.service - dest: "{{ systemd_dir }}/vault.service" - mode: 644 - tags: - - vault - - name: reload systemd - systemd: - daemon_reload: yes - name: vault.service - state: restarted - tags: - - vault - - name: configure vault - copy: - src: vault.config - dest: /etc/vault.config - mode: 600 - notify: restart vault - tags: - - vault - - - name: register vault with consul - template: - src: vault-consul.json.j2 - dest: /etc/consul/vault-consul.json - mode: 0644 - tags: - - vault - - - name: enable vault - service: - name: vault - enabled: yes - state: started - tags: - - vault - - become: yes - become_user: root +- include: install.yml +- include: config.yml diff --git a/roles/vault/files/vault.config b/roles/vault/templates/vault.config similarity index 100% rename from roles/vault/files/vault.config rename to roles/vault/templates/vault.config diff --git a/site.yml b/site.yml index 1ab9b4a..c7c5b12 100755 --- a/site.yml +++ b/site.yml @@ -7,6 +7,8 @@ become_user: root roles: - utils + - shell + - ssh-key - { role: dnsmasq, consul_dns_domain: bramble.local, consul_dc: alpha } tags: - bramble @@ -17,7 +19,7 @@ gather_facts: true remote_user: pi roles: - - { role: consul, consul_is_server: yes, consul_dc: alpha, consul_bootstrap_expect: "{{ groups['baron'] | length }}", consul_ui_enabled: yes } + - { role: consul, consul_is_server: yes, consul_dc: alpha, consul_bootstrap_expect: "{{ groups['consul'] | length }}", consul_ui_enabled: yes } tags: - consul - consul-servers From 38f04f747a8751b7ad62346f23970544862e52bc Mon Sep 17 00:00:00 2001 From: Per Abich Date: Mon, 24 Jul 2017 06:25:50 +0100 Subject: [PATCH 21/22] Unarchived better --- roles/nomad/tasks/main.yml | 23 +++-------------------- roles/vault/tasks/install.yml | 25 +++---------------------- 2 files changed, 6 insertions(+), 42 deletions(-) diff --git a/roles/nomad/tasks/main.yml b/roles/nomad/tasks/main.yml index e78f6aa..46c7d13 100644 --- a/roles/nomad/tasks/main.yml +++ b/roles/nomad/tasks/main.yml @@ -48,33 +48,16 @@ when: not nomad_package.stat.exists | bool - name: Unarchive Nomad package - local_action: unarchive src="{{ role_path }}/files/{{ nomad_pkg }}" dest="{{ role_path }}/files/" creates="{{ role_path }}/files/nomad" - become: no - run_once: true - tags: - - installation - - nomad - -- name: Install Nomad - copy: - src: "{{ role_path }}/files/nomad" - dest: "{{ nomad_install_path }}/nomad" + unarchive: + src: "{{ nomad_pkg }}" + dest: "{{ nomad_install_path }}" owner: "{{ nomad_owner }}" group: "{{ nomad_group }}" - mode: 0755 become: yes tags: - installation - nomad -- name: Cleanup - local_action: file path="{{ item }}" state="absent" - become: no - with_fileglob: "{{ role_path }}/files/nomad" - run_once: true - tags: - - installation - - nomad ####################################################### ############# CONFIG ############################### ####################################################### diff --git a/roles/vault/tasks/install.yml b/roles/vault/tasks/install.yml index e4b17a5..e7317c3 100644 --- a/roles/vault/tasks/install.yml +++ b/roles/vault/tasks/install.yml @@ -47,31 +47,12 @@ when: not vault_package.stat.exists | bool - name: Unarchive Vault package - local_action: unarchive src="{{ role_path }}/files/{{ vault_pkg }}" dest="{{ role_path }}/files/" creates="{{ role_path }}/files/vault" - become: no - run_once: true - tags: - - installation - - vault - -- name: Install Vault - copy: - src: "{{ role_path }}/files/vault" - dest: "{{ vault_install_path }}/vault" + unarchive: + src: "{{ vault_pkg }}" + dest: "{{ vault_install_path }}" owner: "{{ vault_owner }}" group: "{{ vault_group }}" - mode: 0755 become: yes tags: - installation - vault - -- name: Cleanup - local_action: file path="{{ item }}" state="absent" - become: no - with_fileglob: "{{ role_path }}/files/vault" - run_once: true - tags: - - installation - - vault - From 434b12b026d2a7ed4628cdd94b6193fb07ea5dee Mon Sep 17 00:00:00 2001 From: Per Abich Date: Mon, 24 Jul 2017 06:27:33 +0100 Subject: [PATCH 22/22] Even more improvements --- roles/consul/files/consul-destroy-install.sh | 7 +++++-- roles/consul/tasks/install.yml | 10 ---------- site.yml | 2 +- 3 files changed, 6 insertions(+), 13 deletions(-) diff --git a/roles/consul/files/consul-destroy-install.sh b/roles/consul/files/consul-destroy-install.sh index 70ddf7a..98b02ad 100644 --- a/roles/consul/files/consul-destroy-install.sh +++ b/roles/consul/files/consul-destroy-install.sh @@ -1,10 +1,13 @@ #!/bin/bash -set -e +#set -e +sudo systemctl stop vault.service sudo systemctl stop consul.service && \ sudo rm -rf /usr/local/bin/consul && \ sudo rm -rf /usr/local/consul && \ sudo rm -rf /var/lib/consul && \ -sudo rm -rf /etc/consul +sudo rm -rf /etc/consul && +exit 0 +exit 1 diff --git a/roles/consul/tasks/install.yml b/roles/consul/tasks/install.yml index 03826ad..7be64a7 100644 --- a/roles/consul/tasks/install.yml +++ b/roles/consul/tasks/install.yml @@ -46,22 +46,12 @@ - consul when: not consul_package.stat.exists | bool -- name: Unarchive Consul package - local_action: unarchive src="{{ role_path }}/files/{{ consul_pkg }}" dest="{{ role_path }}/files/" creates="{{ role_path }}/files/consul" - become: no - run_once: true - tags: - - installation - - consul - - name: Install Consul unarchive: -# src: "{{ role_path }}/files/consul" src: "{{ consul_pkg }}" dest: "{{ consul_install_path }}" owner: "{{ consul_owner }}" group: "{{ consul_group }}" -# mode: 0755 become: yes tags: - installation diff --git a/site.yml b/site.yml index c7c5b12..1d17bb8 100755 --- a/site.yml +++ b/site.yml @@ -1,4 +1,4 @@ -#!/usr/bin/env ansible-playbook -i inventory.ini --skip-tags=consul-servers,bootstrap,vault +#!/usr/bin/env ansible-playbook -i inventory.ini --skip-tags=bootstrap,vault --- - hosts: bramble gather_facts: true