forked from vitabaks/autobase
-
Notifications
You must be signed in to change notification settings - Fork 0
/
consul.yml
149 lines (130 loc) · 4.93 KB
/
consul.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
---
- name: consul.yml | Configure Consul instances
hosts: consul_instances
become: true
become_method: sudo
any_errors_fatal: true
gather_facts: true
environment: "{{ proxy_env | default({}) }}"
pre_tasks:
- name: "Set variable: ansible_python_interpreter"
ansible.builtin.set_fact:
ansible_python_interpreter: "/usr/bin/env python3"
when: "'python3' not in (ansible_python_interpreter | default(''))"
tags: always
- name: Include main variables
ansible.builtin.include_vars: "vars/main.yml"
tags: always
- name: Include system variables
ansible.builtin.include_vars: "vars/system.yml"
tags: always
- name: Include OS-specific variables
ansible.builtin.include_vars: "vars/{{ ansible_os_family }}.yml"
tags: always
- name: Check if the consul role requirements (ansible.utils) are installed
ansible.builtin.command: ansible-galaxy collection list ansible.utils
changed_when: false
failed_when: false
register: ansible_utils_result
delegate_to: localhost
run_once: true # noqa run-once
- name: Consul role requirements
ansible.builtin.fail:
msg:
- "Please install consul role requirements (ansible.utils)"
- "ansible-galaxy install -r roles/consul/requirements.yml"
delegate_to: localhost
run_once: true # noqa run-once
when:
- ansible_utils_result.stderr is search("unable to find")
- name: Make sure the unzip package are present on the control host
ansible.builtin.package:
name: unzip
state: present
register: package_status
until: package_status is success
delay: 5
retries: 3
delegate_to: localhost
run_once: true # noqa run-once
- name: Make sure the python3-pip package are present on the control host
ansible.builtin.package:
name: python3-pip
state: present
register: package_status
until: package_status is success
delay: 5
retries: 3
delegate_to: localhost
run_once: true # noqa run-once
- name: Install netaddr dependency on the control host
ansible.builtin.pip:
name: netaddr
executable: pip3
become: false
environment:
PIP_BREAK_SYSTEM_PACKAGES: "1"
delegate_to: localhost
run_once: true # noqa run-once
- name: Update apt cache
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
register: apt_status
until: apt_status is success
delay: 5
retries: 3
when: ansible_os_family == "Debian" and installation_method == "repo"
- name: Make sure the gnupg and apt-transport-https packages are present
ansible.builtin.apt:
pkg:
- gnupg
- apt-transport-https
state: present
register: apt_status
until: apt_status is success
delay: 5
retries: 3
when: ansible_os_family == "Debian" and installation_method == "repo"
- name: Make sure the python3-pip package are present
ansible.builtin.package:
name: python3-pip
state: present
register: package_status
until: package_status is success
delay: 5
retries: 3
- name: Build a firewall_ports_dynamic_var
ansible.builtin.set_fact:
firewall_ports_dynamic_var: "{{ firewall_ports_dynamic_var | default([]) + (firewall_allowed_tcp_ports_for[item] | default([])) }}"
loop: "{{ hostvars[inventory_hostname].group_names }}"
when: firewall_enabled_at_boot | bool
tags: firewall
- name: Build a firewall_rules_dynamic_var
ansible.builtin.set_fact:
firewall_rules_dynamic_var: "{{ firewall_rules_dynamic_var | default([]) + (firewall_additional_rules_for[item] | default([])) }}"
loop: "{{ hostvars[inventory_hostname].group_names }}"
when: firewall_enabled_at_boot | bool
tags: firewall
- name: Add a nameserver entry poining to localhost for dnsmasq
ansible.builtin.set_fact:
nameservers: "{{ ['127.0.0.1'] + (nameservers | default([])) }}"
when: dcs_type == "consul" and consul_dnsmasq_enable | bool and ('127.0.0.1' not in (nameservers | default([])))
- name: Redefine the consul_dnsmasq_servers variable
ansible.builtin.set_fact:
consul_dnsmasq_servers: "{{ consul_dnsmasq_servers | reject('equalto', '127.0.0.1') | list }}"
when: dcs_type == "consul" and consul_dnsmasq_enable | bool and ('127.0.0.1' in (consul_dnsmasq_servers | default([])))
roles:
- role: ansible-role-firewall
vars:
firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
firewall_additional_rules: "{{ firewall_rules_dynamic_var | default([]) | unique }}"
when: firewall_enabled_at_boot|bool
tags: firewall
- role: hostname
- role: resolv_conf
- role: etc_hosts
- role: sysctl
- role: timezone
- role: ntp
- role: consul