Merge pull request 'neoloc/consul_services' (#190) from neoloc/consul_services into develop
Reviewed-on: unkinben/puppet-prod#190
This commit is contained in:
commit
a141de8b74
@ -63,6 +63,18 @@ lookup_options:
|
||||
profiles::dns::master::keys:
|
||||
merge:
|
||||
strategy: deep
|
||||
consul::services:
|
||||
merge:
|
||||
strategy: deep
|
||||
consul::watch:
|
||||
merge:
|
||||
strategy: deep
|
||||
consul::check:
|
||||
merge:
|
||||
strategy: deep
|
||||
profiles::consul::client::node_rules:
|
||||
merge:
|
||||
strategy: deep
|
||||
|
||||
facts_path: '/opt/puppetlabs/facter/facts.d'
|
||||
|
||||
@ -87,6 +99,16 @@ profiles::consul::server::members_role: roles::infra::storage::consul
|
||||
profiles::consul::token::node_editor::accessor_id: '024e27bd-c5bb-41e7-a578-b766509e11bc'
|
||||
profiles::consul::client::members_lookup: true
|
||||
profiles::consul::client::members_role: roles::infra::storage::consul
|
||||
profiles::consul::client::node_rules:
|
||||
- resource: node
|
||||
segment: "%{facts.networking.hostname}"
|
||||
disposition: write
|
||||
- resource: node
|
||||
segment: "%{facts.networking.fqdn}"
|
||||
disposition: write
|
||||
- resource: node
|
||||
segment: ''
|
||||
disposition: read
|
||||
|
||||
profiles::packages::install:
|
||||
- bash-completion
|
||||
|
||||
@ -1,2 +1,22 @@
|
||||
---
|
||||
profiles::vault::server::primary_datacenter: 'au-syd1'
|
||||
consul::services:
|
||||
vault:
|
||||
service_name: 'vault'
|
||||
tags:
|
||||
- 'https'
|
||||
- 'secure'
|
||||
address: "%{facts.networking.ip}"
|
||||
port: 443
|
||||
checks:
|
||||
- id: 'vault_https_check'
|
||||
name: 'Vault HTTPS Check'
|
||||
http: "https://%{facts.networking.fqdn}:443/v1/sys/health"
|
||||
method: 'GET'
|
||||
tls_skip_verify: true
|
||||
interval: '10s'
|
||||
timeout: '1s'
|
||||
profiles::consul::client::node_rules:
|
||||
- resource: service
|
||||
segment: vault
|
||||
disposition: write
|
||||
|
||||
@ -9,6 +9,7 @@ class profiles::consul::client (
|
||||
String $members_role = undef,
|
||||
Array $consul_servers = [],
|
||||
Stdlib::Absolutepath $data_dir = '/opt/consul',
|
||||
Array[Hash] $node_rules = [],
|
||||
) {
|
||||
|
||||
if $facts['enc_role'] != $members_role {
|
||||
@ -42,6 +43,11 @@ class profiles::consul::client (
|
||||
'retry_join' => $servers_array,
|
||||
'bind_addr' => $::facts['networking']['ip'],
|
||||
'advertise_addr' => $::facts['networking']['ip'],
|
||||
'acl' => {
|
||||
tokens => {
|
||||
default => fqdn_uuid("${facts['networking']['fqdn']}-${secret_id_salt}")
|
||||
}
|
||||
}
|
||||
},
|
||||
}
|
||||
}
|
||||
@ -49,18 +55,7 @@ class profiles::consul::client (
|
||||
# Create ACL policy that allows nodes to update themselves and read others
|
||||
consul_policy { $facts['networking']['hostname']:
|
||||
description => "${facts['networking']['fqdn']} puppet-generated-policy",
|
||||
rules => [
|
||||
{
|
||||
'resource' => 'node',
|
||||
'segment' => $facts['networking']['hostname'],
|
||||
'disposition' => 'write'
|
||||
},
|
||||
{
|
||||
'resource' => 'node',
|
||||
'segment' => '',
|
||||
'disposition' => 'read'
|
||||
}
|
||||
],
|
||||
rules => $node_rules,
|
||||
acl_api_token => $consul_api_token,
|
||||
hostname => $consul_hostname,
|
||||
protocol => $consul_protocol,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user