unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
8745c6bcb8
puppet-prod/site/profiles/manifests/consul/client.pp
Ben Vincent 8745c6bcb8
All checks were successful
Build / precommit (pull_request) Successful in 3m31s
Details
fix: resolve warnings/errors 
- modules/libs/lib/facter/pve_nodelist.rb:11:5: W: [Correctable] Lint/RedundantCopDisableDirective: Unnecessary disabling of Metrics/BlockNesting.a
- site/profiles/manifests/puppet/puppetboard.pp - WARNING: there should be a single space before '=>' on line 158, column 14 on line 158 (check: space_before_arrow)
- site/profiles/manifests/consul/client.pp - WARNING: there should be a single space before '=>' on line 93, column 13 on line 93 (check: space_before_arrow)
- site/profiles/manifests/ntp/client.pp - WARNING: there should be a single space before '=>' on line 44, column 16 on line 44 (check: space_before_arrow)
- site/profiles/manifests/puppet/enc.pp - WARNING: there should be a single space before '=>' on line 14, column 11 on line 14 (check: space_before_arrow)
- site/profiles/manifests/puppet/enc.pp - WARNING: there should be a single space before '=>' on line 18, column 11 on line 18 (check: space_before_arrow)

- set max block nesting to 4
2025-07-08 20:06:50 +10:00

97 lines
3.5 KiB
Puppet
Raw Blame History

# profiles::consul::client
class profiles::consul::client (
String $secret_id_salt = '',
Stdlib::Fqdn $consul_hostname = 'consul.service.consul',
Enum['http','https'] $consul_protocol = 'http',
Stdlib::Port $consul_port = 8500,
String $consul_api_token = lookup('profiles::consul::server::acl_tokens_initial_management'),
Boolean $members_lookup = false,
String $members_role = undef,
Array $consul_servers = [],
Stdlib::Absolutepath $data_dir = '/opt/consul',
Array[Hash] $node_rules = [],
Hash $ports = {},
) {
if $facts['enc_role'] != $members_role {
# set a datacentre/cluster name
$consul_cluster = "${::facts['country']}-${::facts['region']}"
# if lookup is enabled, find all the hosts in the specified role and create the servers_array
if $members_lookup {
# check that the role is also set
unless !($members_role == undef) {
fail("members_role must be provided for ${title} when members_lookup is True")
}
# if it is, find hosts, sort them so they dont cause changes every run
$servers_array = sort(query_nodes("enc_role='${members_role}' and region='${::facts['region']}'", 'networking.fqdn'))
# else use provided array from params
}else{
$servers_array = $consul_servers
}
# deploy the consul agent
class { 'consul':
config_hash => {
'data_dir' => $data_dir,
'datacenter' => $consul_cluster,
'log_level' => 'INFO',
'node_name' => $facts['networking']['fqdn'],
'retry_join' => $servers_array,
'bind_addr' => $::facts['networking']['ip'],
'advertise_addr' => $::facts['networking']['ip'],
'enable_script_checks' => true,
'ports' => $ports,
'acl' => {
tokens => {
default => fqdn_uuid("${facts['networking']['fqdn']}-${secret_id_salt}")
}
}
},
}
}
# Create ACL policy that allows nodes to update themselves and read others
consul_policy { $facts['networking']['hostname']:
description => "${facts['networking']['fqdn']} puppet-generated-policy",
rules => $node_rules,
acl_api_token => $consul_api_token,
hostname => $consul_hostname,
protocol => $consul_protocol,
port => $consul_port,
}
consul_token { $facts['networking']['hostname']:
accessor_id => fqdn_uuid($facts['networking']['fqdn']),
description => "${facts['networking']['fqdn']} puppet-generated-token",
policies_by_name => [$facts['networking']['hostname']],
acl_api_token => $consul_api_token,
secret_id => fqdn_uuid("${facts['networking']['fqdn']}-${secret_id_salt}"),
hostname => $consul_hostname,
protocol => $consul_protocol,
port => $consul_port,
}
# ensure the consul token is saved for the root user
file {'/root/.config/consul_node_token':
ensure => file,
owner => 'root',
group => 'root',
mode => '0600',
content => Sensitive(fqdn_uuid("${facts['networking']['fqdn']}-${secret_id_salt}")),
require => File['/root/.config'],
}
# cleanup /usr/local/bin/consul which was created by url install method
if $facts['os']['family'] == 'RedHat' {
file {'/usr/local/bin/consul':
ensure => absent,
}
}
}
Reference in New Issue View Git Blame Copy Permalink