initial upload

tasks/consul.yml

@@ -0,0 +1,82 @@
+---
+
+- hosts: consul
+  vars:
+    consul_config_dir: /etc/consul.d
+    consul_data_dir: /opt/consul
+    consul_install_dir: /usr/local/bin
+  become: true
+  tasks:
+
+  - name: install required UNZIP
+    package:
+      name: unzip
+
+  - name: add the CONSUL group
+    group:
+      name: consul
+      state: present
+      gid: 199
+
+  - name: add the CONSUL user
+    user:
+      name: consul
+      comment: CONSUL user
+      state: present
+      uid: 199
+
+  - name: install CONSUL from HashiCorp
+    unarchive:
+      src: https://releases.hashicorp.com/consul/1.8.5/consul_1.8.5_linux_amd64.zip
+      dest: /usr/local/bin
+      remote_src: yes
+      mode: 0755
+      owner: consul
+      group: consul
+
+  - name: create CONSUL required data folders
+    file:
+      path: /opt/consul
+      state: directory
+      mode: '0755'
+      recurse: yes
+      owner: consul
+      group: consul
+
+  - name: create CONSUL required config folders
+    file:
+      path: /etc/consul.d
+      state: directory
+      mode: '0755'
+      recurse: yes
+      owner: consul
+      group: consul
+
+  - name: copy CONSUL systemd script
+    copy:
+      src: "{{ item }}"
+      dest: /etc/consul.d
+      owner: consul
+      group: consul
+    with_items:
+      - consul/configs/consul.hcl
+      - consul/configs/service-ssh.hcl
+
+  - name: send consul configuration file
+    template: 
+      dest: "{{ consul_config_dir }}/config.json"
+      src: consul.config.j2
+       
+  - name: ensure consul service file exists
+    template:
+      dest: /etc/systemd/system/consul.service
+      src: consul.service.j2
+      force: yes
+      mode: 0644
+
+  - name: enable CONSUL systemd script
+    service:
+      name: consul
+      enabled: yes
+      daemon_reload: yes
+      state: restarted

tasks/consul/configs/consul.hcl

@@ -0,0 +1,7 @@
+datacenter = "MSI-DC"
+data_dir = "/opt/consul"
+encrypt = "eRhnp22+c0bkV0wPolk6Mw=="
+retry_join = ["consul-admin"]
+performance {
+  raft_multiplier = 1
+}

tasks/consul/configs/consul.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=Consul Service Discovery Agent
+Documentation=https://www.consul.io/
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=consul
+Group=consul
+ExecStart=/usr/local/bin/consul agent -server -ui \
+        -data-dir=/opt/consul \
+        -node=consul-%H \
+        -config-dir=/etc/consul.d
+
+ExecReload=/bin/kill -HUP $MAINPID
+KillSignal=SIGINT
+TimeoutStopSec=5
+Restart=on-failure
+SyslogIdentifier=consul
+
+[Install]
+WantedBy=multi-user.target

tasks/consul/configs/server.hcl

@@ -0,0 +1,4 @@
+server = true
+bootstrap_expect = 2
+bind_addr = "10.11.10.101"
+ui = true

tasks/consul/configs/service-apache.hcl

@@ -0,0 +1,10 @@
+service {
+        name = "apache"
+        port = 443
+        tags = [ "srv1", "pedimedic", "webmail", "git" ]
+        check {
+                http = "https://srv1.maruntiel.com"
+                interval = "5s"
+                tlsSkipVerify = true
+        }
+}

tasks/consul/configs/service-mysql.hcl

@@ -0,0 +1,9 @@
+service {
+        name = "mariadb"
+        port = 3306
+        tags = [ "db" ]
+        check {
+                tcp = "localhost:3306"
+                interval = "5s"
+        }
+}

tasks/consul/configs/service-ssh.hcl

@@ -0,0 +1,8 @@
+service {
+        name = "SSHD"
+        port = 22
+        check {
+                tcp = "localhost:22"
+                interval = "5s"
+        }
+}

tasks/consul/consul-tag

@@ -0,0 +1,70 @@
+#!/usr/bin/python3
+
+import os
+import sys
+import requests
+
+CONSUL_API = 'http://localhost:8500'
+
+
+def get_service(sess, service_id):
+ r = sess.get(CONSUL_API + '/v1/agent/services', timeout=2)
+ r.raise_for_status()
+ services = r.json()
+
+ for svc in services.values():
+  if svc['ID'] == service_id:
+   return svc
+
+ return None
+
+
+def change_service_tags(service, tags_to_add, tags_to_remove):
+ with requests.Session() as sess:
+  sess.headers = {'X-Consul-Token': os.getenv('CONSUL_HTTP_TOKEN')}
+
+  svc = get_service(sess, service)
+  if svc:
+   new_tags = (set(svc.get('Tags', [])) | tags_to_add) - tags_to_remove
+   new_svc = {
+      'ID': svc['ID'],
+      'Name': svc['Service'],
+      'Address': svc.get('Address', ''),
+      'Port': svc.get('Port', 0),
+      'Meta': svc.get('Meta', {}),
+      'Tags': sorted(list(new_tags)),
+      'EnableTagOverride': svc.get('EnableTagOverride', False),
+   }
+   for k, v in new_svc.items():
+      print('{} = {}'.format(k, v))
+   r = sess.put(CONSUL_API + '/v1/agent/service/register', json=new_svc, timeout=2)
+   r.raise_for_status()
+
+
+def main(argv):
+ if len(argv) < 3:
+  print("Usage: consul-tag service +tag -tag...")
+  return 1
+
+ service = argv[1]
+ tags_to_add = set()
+ tags_to_remove = set()
+ for tag in argv[2:]:
+  if tag.startswith('-'):
+   tags_to_remove.add(tag[1:])
+  elif tag.startswith('+'):
+   tags_to_add.add(tag[1:])
+  else:
+   tags_to_add.add(tag)
+
+ try:
+  change_service_tags(service, tags_to_add, tags_to_remove)
+ except Exception as exc:
+  print("Error: {}".format(exc))
+  return 2
+
+ return 0
+
+
+if __name__ == '__main__':
+ sys.exit(main(sys.argv))

tasks/handlers/consul.yml

@@ -0,0 +1,8 @@
+---
+# handlers file for consul-server
+- name: restart consul
+  systemd:
+    name: consul.service
+    daemon_reload: yes
+    state: restarted
+  become: yes

tasks/templates/consul.config.j2

@@ -0,0 +1,13 @@
+{
+    "addresses": {
+        "http": "{{ ansible_facts['all_ipv4_addresses'] | last}} 127.0.0.1"
+    },
+    "server": true,
+    "advertise_addr": "{{ ansible_facts['all_ipv4_addresses'] | last}}",
+    "client_addr": "127.0.0.1 {{ ansible_facts['all_ipv4_addresses'] | last }}",
+    "connect": {
+        "enabled": true
+    },
+    "data_dir": "{{ consul_data_dir }}",
+    "bootstrap": true
+}

tasks/templates/consul.service.j2

@@ -0,0 +1,10 @@
+[Unit]
+Description==Consul Service Discovery Agent
+
+[Service]
+WorkingDirectory={{ consul_config_dir }}
+User=root
+ExecStart={{ consul_install_dir }}/consul agent -config-dir={{ consul_config_dir }} -node=consul-%H
+
+[Install]
+WantedBy=multi-user.target

tasks/vars/consul.yml

@@ -0,0 +1,7 @@
+---
+# vars file for consul-server
+consul_version: 1.8.5
+consul_zip_file: consul_{{ consul_version }}_linux_amd64.zip
+consul_install_dir: /usr/local/bin
+consul_config_dir: /etc/consul.
+consul_data_dir: /opt/consul