feat: deploy consul agent

- install the consul agent on all nodes, except consul servers
2024-04-28 01:03:57 +10:00 · 2024-04-28 01:03:57 +10:00 · 0f0d392fb4
commit 0f0d392fb4
parent 6fc5829fce
2 changed files with 41 additions and 0 deletions
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -85,6 +85,8 @@ profiles::dns::base::ns_role: 'roles::infra::dns::resolver'
 profiles::dns::base::use_ns: 'region'
 profiles::consul::server::members_role: roles::infra::storage::consul
 profiles::consul::token::node_editor::accessor_id: '024e27bd-c5bb-41e7-a578-b766509e11bc'
+profiles::consul::client::members_lookup: true
+profiles::consul::client::members_role: roles::infra::storage::consul

 profiles::packages::install:
  - bash-completion
--- a/site/profiles/manifests/consul/client.pp
+++ b/site/profiles/manifests/consul/client.pp
@ -5,8 +5,47 @@ class profiles::consul::client (
  Enum['http','https'] $consul_protocol  = 'http',
  Stdlib::Port         $consul_port      = 8500,
  String               $consul_api_token = lookup('profiles::consul::server::acl_tokens_initial_management'),
+  Boolean              $members_lookup     = false,
+  String               $members_role       = undef,
+  Array                $consul_servers     = [],
+  Stdlib::Absolutepath $data_dir           = '/opt/consul',
 ) {

+  if $facts['enc_role'] != $members_role {
+
+    # set a datacentre/cluster name
+    $consul_cluster = "${::facts['country']}-${::facts['region']}"
+
+    # if lookup is enabled, find all the hosts in the specified role and create the servers_array
+    if $members_lookup {
+
+      # check that the role is also set
+      unless !($members_role == undef) {
+        fail("members_role must be provided for ${title} when members_lookup is True")
+      }
+
+      # if it is, find hosts, sort them so they dont cause changes every run
+      $servers_array = sort(query_nodes("enc_role='${members_role}' and region='${::facts['region']}'", 'networking.fqdn'))
+
+    # else use provided array from params
+    }else{
+      $servers_array = $consul_servers
+    }
+
+    # deploy the consul agent
+    class { 'consul':
+      config_hash => {
+        'data_dir'       => $data_dir,
+        'datacenter'     => $consul_cluster,
+        'log_level'      => 'INFO',
+        'node_name'      => $facts['networking']['fqdn'],
+        'retry_join'     => $servers_array,
+        'bind_addr'      => $::facts['networking']['ip'],
+        'advertise_addr' => $::facts['networking']['ip'],
+      },
+    }
+  }
+
  # Create ACL policy that allows nodes to update themselves and read others
  consul_policy { $facts['networking']['hostname']:
    description   => "${facts['networking']['fqdn']} puppet-generated-policy",