Ben Vincent
60834ced00
- add consul-cni package - enable grpc for consul servers - enable consul connect for consul servers - set recursors for consul - add ports to consul agent (grpc, dns, http for nomad) Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/314
164 lines
5.6 KiB
Puppet
164 lines
5.6 KiB
Puppet
# profiles::consul::server
|
|
class profiles::consul::server (
|
|
Variant[
|
|
Undef,
|
|
String
|
|
] $gossip_key = undef,
|
|
Variant[
|
|
Undef,
|
|
String
|
|
] $primary_datacenter = undef,
|
|
Hash $acl = {},
|
|
Hash $ports = {},
|
|
Hash $addresses = {},
|
|
Boolean $members_lookup = false,
|
|
String $members_role = undef,
|
|
Array $consul_servers = [],
|
|
Boolean $enable_ui = true,
|
|
Boolean $enable_ui_config = true,
|
|
Boolean $manage_repo = false,
|
|
String $package_ensure = 'latest',
|
|
String $package_name = 'consul',
|
|
Integer $bootstrap_count = 1,
|
|
String $domain = 'consul',
|
|
Integer $raft_multiplier = 1,
|
|
Enum[
|
|
'allow',
|
|
'deny',
|
|
'extend-cache',
|
|
'async-cache'
|
|
] $acl_down_policy = 'extend-cache',
|
|
Enum[
|
|
'allow',
|
|
'deny'
|
|
] $acl_default_policy = 'deny',
|
|
Enum[
|
|
'url',
|
|
'package',
|
|
'docker',
|
|
'none'
|
|
] $install_method = 'package',
|
|
Stdlib::IP::Address $client_addr = '0.0.0.0',
|
|
Stdlib::Absolutepath $data_dir = '/opt/consul',
|
|
Stdlib::Absolutepath $bin_dir = '/usr/bin',
|
|
Boolean $disable_remote_exec = true,
|
|
Boolean $disable_update_check = true,
|
|
Boolean $join_remote_regions = false,
|
|
Array[String] $remote_regions = [],
|
|
Stdlib::IP::Address $bind_addr = $facts['networking']['ip'],
|
|
Stdlib::IP::Address $advertise_addr = $facts['networking']['ip'],
|
|
Optional[Stdlib::IP::Address] $anycast_ip = undef,
|
|
) {
|
|
|
|
# wait for all attributes to be ready
|
|
if $facts['enc_role'] == $members_role {
|
|
|
|
# set a datacentre/cluster name
|
|
$consul_cluster = "${::facts['country']}-${::facts['region']}"
|
|
|
|
# if lookup is enabled, find all the hosts in the specified role and create the servers_array
|
|
if $members_lookup {
|
|
|
|
# check that the role is also set
|
|
unless !($members_role == undef) {
|
|
fail("members_role must be provided for ${title} when members_lookup is True")
|
|
}
|
|
|
|
# if it is, find hosts, sort them so they dont cause changes every run
|
|
$servers_array = sort(query_nodes("enc_role='${members_role}' and region='${::facts['region']}'", 'networking.fqdn'))
|
|
|
|
if $join_remote_regions {
|
|
# get all nodes in the members_role for each other region
|
|
$region_to_servers = $remote_regions.reduce({}) |$memo, $region| {
|
|
$servers = sort(query_nodes("enc_role='${members_role}' and region='${region}'", 'networking.fqdn'))
|
|
$memo + { $region => $servers }
|
|
}
|
|
|
|
# sort and flatten the regions into a single array of fqdns
|
|
$remote_servers_array = sort(flatten($region_to_servers.values))
|
|
|
|
} else {
|
|
# else just send an empty array
|
|
$remote_servers_array = []
|
|
}
|
|
|
|
# else use provided array from params
|
|
}else{
|
|
$servers_array = $consul_servers
|
|
}
|
|
|
|
# if $data_dir starts with /data, ensure the data mount exists
|
|
if ($data_dir.stdlib::start_with('/data') and $::facts['mountpoints']['/data']) or ! $data_dir.stdlib::start_with('/data') {
|
|
|
|
# install consul
|
|
class { 'consul':
|
|
install_method => $install_method,
|
|
manage_repo => $manage_repo,
|
|
package_name => $package_name,
|
|
package_ensure => $package_ensure,
|
|
bin_dir => $bin_dir,
|
|
config_hash => {
|
|
'primary_datacenter' => $primary_datacenter,
|
|
'acl' => $acl,
|
|
'ports' => $ports,
|
|
'addresses' => $addresses,
|
|
'disable_remote_exec' => $disable_remote_exec,
|
|
'disable_update_check' => $disable_update_check,
|
|
'domain' => $domain,
|
|
'bootstrap_expect' => $bootstrap_count,
|
|
'client_addr' => '0.0.0.0',
|
|
'data_dir' => $data_dir,
|
|
'datacenter' => $consul_cluster,
|
|
'log_level' => 'INFO',
|
|
'node_name' => $::facts['networking']['fqdn'],
|
|
'server' => true,
|
|
'ui' => $enable_ui,
|
|
'ui_config' => { 'enabled' => $enable_ui_config },
|
|
'performance' => { 'raft_multiplier' => $raft_multiplier },
|
|
'bind_addr' => $bind_addr,
|
|
'advertise_addr' => $advertise_addr,
|
|
'retry_join' => $servers_array,
|
|
'retry_join_wan' => $remote_servers_array,
|
|
'connect' => { 'enabled' => true },
|
|
'recursors' => ['198.18.19.16'],
|
|
},
|
|
}
|
|
}
|
|
}
|
|
# consul before extra services
|
|
if defined(Class['consul']) {
|
|
|
|
# include nginx, policies and tokens
|
|
include profiles::nginx::simpleproxy
|
|
include profiles::consul::policies
|
|
include profiles::consul::tokens
|
|
include profiles::consul::prepared_query
|
|
|
|
# get the dns port from the $ports hash, otherwise use the default
|
|
$dns_port = pick($ports['dns'], 8600)
|
|
|
|
# install dnsmasq
|
|
package { 'dnsmasq':
|
|
ensure => installed,
|
|
}
|
|
|
|
# create the 10-consul.conf file
|
|
file { '/etc/dnsmasq.d/10-consul.conf':
|
|
ensure => file,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
content => template('profiles/consul/dnsmasq.conf.erb'),
|
|
require => Package['dnsmasq'],
|
|
notify => Service['dnsmasq'],
|
|
}
|
|
|
|
# ensure dnsmasq service is running and enabled at boot
|
|
service { 'dnsmasq':
|
|
ensure => running,
|
|
enable => true,
|
|
subscribe => File['/etc/dnsmasq.d/10-consul.conf'], # Restart dnsmasq if the consul config changes
|
|
}
|
|
}
|
|
}
|