timperrett · flyhard · Jul 18, 2017 · Jul 18, 2017 · Jul 18, 2017 · Jul 19, 2017
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,2 @@
+* text eol=lf
+*.zip -text
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,6 @@
 .DS_Store
 vault.keys
+*.log
+*.retry
+*.iml
+.idea/
diff --git a/ansible.cfg b/ansible.cfg
@@ -1,3 +1,5 @@
 [defaults]
 roles_path = roles:/etc/ansible/roles
-host_key_checking = false
+host_key_checking = false
+log_path=ansible.log
+timeout = 30
diff --git a/bootstrap.yml b/bootstrap.yml
@@ -7,19 +7,25 @@
   hosts:
     - bramble
   roles:
-    - users
+    - ssh-key
     - shell
 
   tasks:
-    - name: stop all the default shit
-      command: "{{ item }}"
+    - name: update system
+      apt:
+        update_cache: yes
+        upgrade: dist
+        cache_valid_time: 86400
+    - name: stop and disable services
+      service:
+        name: "{{item}}"
+        enabled: false
+        state: stopped
       with_items:
-        - apt-get update
-        - apt dist-upgrade -y
-        - systemctl stop avahi-daemon
-        - systemctl disable avahi-daemon
-        - systemctl disable avahi-daemon.socket
-        - systemctl stop bluetooth
-        - systemctl disable bluetooth
-      become: yes
-      become_user: root
+        - avahi-daemon
+        - avahi-daemon.socket
+        - bluetooth
+    - name: set hostname
+      hostname:
+        name: "{{hostvars.hostname}}"
+
diff --git a/inventory.ini b/inventory.ini
@@ -1,19 +1,21 @@
 [bramble]
-192.168.10.26
-192.168.10.25
-192.168.10.27
-192.168.10.28
+192.168.0.18 hostname=odin
+192.168.0.19 hostname=balder
+192.168.0.20 hostname=loki
+192.168.0.21 hostname=thor
 
+; run the consul server(s)
 [consul]
-192.168.10.26
-192.168.10.25
-192.168.10.27
+192.168.0.18
+192.168.0.19
+192.168.0.20
 
 ; runs nomad leader, vault and statsd
 [baron]
-192.168.10.26
+192.168.0.18
 
+; run consul and nomad clients
 [followers]
-192.168.10.25
-192.168.10.27
-192.168.10.28
+192.168.0.19
+192.168.0.20
+192.168.0.21
diff --git a/roles/consul/defaults/main.yml b/roles/consul/defaults/main.yml
@@ -1,16 +1,29 @@
 ---
-consul_version: "0.7.1"
-consul_checksum: "sha256:e7b6846fb338c31e238f9b70cc42bd35f7de804cc31d2d91fe23cbe5de948aae"
-consul_install_path: /usr/local/consul
-consul_dc: alpha
+consul_version: "{{ lookup('env','CONSUL_VERSION') | default('0.9.0', true) }}"
+consul_architecture_map:
+  # this first entry seems... redundant
+  #(but it's required for reasons)
+  amd64: amd64
+  x86_64: amd64
+  armv7l: arm
+  aarch64: arm64
+consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}"
+consul_os: "{{ ansible_system|lower }}"
+consul_pkg: "consul_{{ consul_version }}_{{ consul_os }}_{{ consul_architecture }}.zip"
+consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_{{ consul_os }}_{{ consul_architecture }}.zip"
+consul_checksum_file_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version}}_SHA256SUMS"
+consul_install_path: /usr/local/bin
+consul_owner: root
+consul_group: root
+consul_dc: dc1
 consul_dns_domain: bramble.local
 consul_bind: "{{ ansible_default_ipv4.address }}"
 consul_client: "{{ ansible_default_ipv4.address }}"
 consul_advertise: "{{ ansible_default_ipv4.address }}"
 consul_is_server: no
 consul_retry_join: "{% for host in groups['consul'] %}\"{{ host }}\"{% if not loop.last %}, {% endif %}{% endfor %}"
 consul_bootstrap_expect: 3
-consul_disable_remote_exec: "true"
+consul_disable_remote_exec: "false"
 
 consul_do_acl: no
 consul_acl_master_token: "42baab74-b9e1-11e6-8370-c7a88ede55d0"
@@ -25,3 +38,7 @@ consul_cert_file: consul.cert
 consul_key_file: consul.key
 
 consul_do_auth: no
+
+consul_ui_enabled: no
+
+consul_arch: arm
diff --git a/roles/consul/files/consul-destroy-install.sh b/roles/consul/files/consul-destroy-install.sh
@@ -1,9 +1,13 @@
 #!/bin/bash
 
-set -e
+#set -e
 
+sudo systemctl stop vault.service
 sudo systemctl stop consul.service && \
+sudo rm -rf /usr/local/bin/consul && \
 sudo rm -rf /usr/local/consul && \
 sudo rm -rf /var/lib/consul && \
-sudo rm -rf /etc/consul
+sudo rm -rf /etc/consul &&
+exit 0
+exit 1
 
diff --git a/roles/consul/files/consul-wait-for-leader.sh b/roles/consul/files/consul-wait-for-leader.sh
@@ -8,7 +8,7 @@ while :; do
   fi
 
   if [ $SECONDS -gt $max_wait ]; then
-    echo "No Consul leader elected in 30 seconds"
+    echo "No Consul leader elected in $max_wait seconds"
     exit 1
   fi
 

diff --git a/roles/consul/files/consul.service b/roles/consul/files/consul.service
@@ -7,7 +7,7 @@ Wants=network-online.target
 [Service]
 User=root
 Group=root
-ExecStart=/usr/local/bin/consul agent -client 0.0.0.0 -config-dir=/etc/consul -data-dir=/var/lib/consul
+ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul
 ExecReload=/bin/kill -HUP $MAINPID
 KillSignal=SIGTERM
 

diff --git a/roles/consul/handlers/main.yml b/roles/consul/handlers/main.yml
@@ -1,7 +1,4 @@
 ---
+
 - name: restart consul
-  become: yes
-  become_user: root
-  service:
-    name: consul
-    state: restarted
+  include: restart.yml
diff --git a/roles/consul/tasks/configure.yml b/roles/consul/tasks/configure.yml
@@ -0,0 +1,107 @@
+###############################################################################
+################################ CONFIGURE ####################################
+###############################################################################
+
+- block:
+  # - name: deploy tls files
+  #   copy:
+  #     src: "{{ item.src }}"
+  #     dest: "{{ item.dest }}"
+  #   with_items:
+  #     - src: etc/consul/ssl/cacert.pem
+  #       dest: /etc/consul/ssl/{{ consul_ca_file }}
+  #     - src: etc/consul/ssl/certs/consul.cert.pem
+  #       dest: /etc/consul/ssl/{{ consul_cert_file }}
+  #     - src: etc/consul/ssl/private/consul.key.pem
+  #       dest: /etc/consul/ssl/{{ consul_key_file }}
+  #   when: consul_do_ssl
+  #   notify:
+  #     - restart consul
+  #   tags:
+  #     - consul
+
+  - name: install consul scripts
+    copy:
+      src: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: 0755
+    with_items:
+      - src: consul-wait-for-leader.sh
+        dest: /usr/local/bin
+      - src: consul-destroy-install.sh
+        dest: /usr/local/bin
+    tags:
+      - consul
+
+  - name: configure for systemd
+    copy:
+      src: consul.service
+      dest: "{{ systemd_dir }}/consul.service"
+      mode: 644
+    tags:
+      - consul
+  - name: reload systemd
+    systemd:
+      daemon_reload: yes
+      name: consul.service
+      state: restarted
+    tags:
+      - consul
+
+  - name: Create config folder
+    file:
+      path: /etc/consul
+      state: directory
+      mode: 0755
+    tags:
+    - consul
+
+  - name: configure consul
+    template:
+      src: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: u=rw,g=r,o=r
+    with_items:
+      - src: consul.json.j2
+        dest: /etc/consul/consul.json
+    notify:
+      - restart consul
+    tags:
+      - consul
+
+  - name: Generate server config
+    template:
+      src: server.json.j2
+      dest: /etc/consul/server.json
+      mode: u=rw,g=r,o=r
+    when: consul_is_server
+    notify:
+      - restart consul
+    tags:
+      - consul
+
+  - name: enable consul
+    service:
+      name: consul
+      enabled: yes
+      state: started
+    tags:
+      - consul
+
+  become: yes
+  become_user: root
+
+- pause:
+    seconds: 3
+
+- name: join cluster of consul-dcs
+  command: "/usr/local/bin/consul join {{ groups['consul'] | random }}"
+  run_once: yes
+  tags:
+    - consul
+
+- name: wait for leader
+  command: /usr/local/bin/consul-wait-for-leader.sh
+  register: leader_status
+  tags:
+    - consul
diff --git a/roles/consul/tasks/install.yml b/roles/consul/tasks/install.yml
@@ -0,0 +1,67 @@
+###############################################################################
+################################# INSTALL #####################################
+###############################################################################
+- name: Read package checksum file
+  local_action: stat path="{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS"
+  become: no
+  run_once: true
+  register: consul_checksum
+  tags:
+    - installation
+    - consul
+
+- name: Download package checksum file
+  local_action: get_url url="{{ consul_checksum_file_url }}" dest="{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS"
+  become: no
+  run_once: true
+  tags:
+    - installation
+    - consul
+  when: not consul_checksum.stat.exists | bool
+
+- name: Read package checksum
+  local_action: shell grep "{{ consul_pkg }}" "{{ role_path }}/files/consul_{{ consul_version }}_SHA256SUMS" | awk '{print $1}'
+  become: no
+  run_once: true
+  register: consul_sha256
+  tags:
+    - installation
+    - consul
+
+- name: Check Consul package file
+  local_action: stat path="{{ role_path }}/files/{{ consul_pkg }}"
+  become: no
+  run_once: true
+  register: consul_package
+  tags:
+    - installation
+    - consul
+
+- name: Download Consul package
+  local_action: get_url url="{{ consul_zip_url }}" dest="{{ role_path }}/files/{{ consul_pkg }}" checksum="sha256:{{ consul_sha256.stdout }}" timeout="42"
+  become: no
+  run_once: true
+  tags:
+    - installation
+    - consul
+  when: not consul_package.stat.exists | bool
+
+- name: Install Consul
+  unarchive:
+    src: "{{ consul_pkg }}"
+    dest: "{{ consul_install_path }}"
+    owner: "{{ consul_owner }}"
+    group: "{{ consul_group }}"
+  become: yes
+  tags:
+    - installation
+    - consul
+
+- name: Cleanup
+  local_action: file path="{{ item }}" state="absent"
+  become: no
+  with_fileglob: "{{ role_path }}/files/consul"
+  run_once: true
+  tags:
+    - installation
+    - consul
-Original file line number
+Diff line change
@@ Expand Up / @@ -8,7 +8,7 @@ while :; do @@
       fi
       if [ $SECONDS -gt $max_wait ]; then
-        echo "No Consul leader elected in 30 seconds"
+        echo "No Consul leader elected in $max_wait seconds"
         exit 1
       fi
@@ Expand Down @@