2025-06-14 18:47:24 +10:00
5 changed files with 11 additions and 0 deletions
--- a/hieradata/roles/infra/nomad/agent.yaml
+++ b/hieradata/roles/infra/nomad/agent.yaml
@ -39,6 +39,7 @@ profiles::ceph::client::keyrings:
 profiles::packages::include:
  nomad: {}
  cni-plugins: {}
+  consul-cni: {}

 profiles::nomad::node::client: true

--- a/hieradata/roles/infra/nomad/agentv2.yaml
+++ b/hieradata/roles/infra/nomad/agentv2.yaml
@ -22,6 +22,7 @@ networking::interfaces:
 profiles::packages::include:
  nomad: {}
  cni-plugins: {}
+  consul-cni: {}

 profiles::nomad::node::client: true

@ -34,6 +35,10 @@ profiles::pki::vault::alt_names:
  - "nomad-client.service.%{facts.country}-%{facts.region}.consul"

 # configure consul service
+profiles::consul::client::ports:
+  grpc: 8502
+  dns: 8600
+  http: 8500
 profiles::consul::client::node_rules:
  - resource: service
    segment: nomad-client
--- a/hieradata/roles/infra/storage/consul.yaml
+++ b/hieradata/roles/infra/storage/consul.yaml
@ -8,6 +8,7 @@ profiles::consul::server::addresses:
  grpc: "%{::networking.ip}"
  grpc_tls: "%{::networking.ip}"
 profiles::consul::server::ports:
+  grpc: 8502
  dns: 8600
  http: 8500
  https: -1
--- a/site/profiles/manifests/consul/client.pp
+++ b/site/profiles/manifests/consul/client.pp
@ -10,6 +10,7 @@ class profiles::consul::client (
  Array                $consul_servers     = [],
  Stdlib::Absolutepath $data_dir           = '/opt/consul',
  Array[Hash]          $node_rules         = [],
+  Hash                 $ports              = {},
 ) {

  if $facts['enc_role'] != $members_role {
@ -44,6 +45,7 @@ class profiles::consul::client (
        'bind_addr'            => $::facts['networking']['ip'],
        'advertise_addr'       => $::facts['networking']['ip'],
        'enable_script_checks' => true,
+        'ports'                => $ports,
        'acl'                  => {
          tokens => {
            default => fqdn_uuid("${facts['networking']['fqdn']}-${secret_id_salt}")
--- a/site/profiles/manifests/consul/server.pp
+++ b/site/profiles/manifests/consul/server.pp
@ -119,6 +119,8 @@ class profiles::consul::server (
          'advertise_addr'       => $advertise_addr,
          'retry_join'           => $servers_array,
          'retry_join_wan'       => $remote_servers_array,
+          'connect'              => { 'enabled' => true },
+          'recursors'            => ['198.18.19.16'],
        },
      }
    }