Revert previous commits/versions

- Revert changes from v1.21.2 and v1.21.1
ansible-collections · May 31, 2017 · 3d9b2f8 · 3d9b2f8
1 parent 31b4729
commit 3d9b2f8
Show file tree

Hide file tree

Showing 17 changed files with 94 additions and 36 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -632,20 +632,17 @@
 - Update supported versions
 - Update documentation
 
-## v1.21.0
-
-- Move all configuration into `consul_config_path`
-- Remove `consul_configd_path`
-- Rename `configd_50custom.json.j2` to `user_custom.json.j2`
-- Rename `50custom.json` to `user_custom.json`
-
 ## v1.21.1
 
-- Update ACL tasks
-- Rename `configd_50custom.json.j2` template tp `user_custom.json.j2`
-- Rename `configd_50acl_policy.hcl` template to `user_acl_policy.hcl.j2`
-- Do not enable a default set of ACL policies
+Update ACL tasks
+Rename configd_50custom.json.j2 template tp user_custom.json.j2
+Rename configd_50acl_policy.hcl template to user_acl_policy.hcl.j2
+Do not enable a default set of ACL policies
 
 ## v1.21.2
 
-- Actually add new template files :facepalm:
+Actually add new template files :facepalm:
+
+## v1.22.0
+
+- Revert changes from v1.21.2 and v1.21.1
diff --git a/README.md b/README.md
@@ -90,10 +90,16 @@ the variables are named and described below:
 
 ### `consul_config_path`
 
-- Configuration file path
+- Base configuration file path
 - Default Linux value: `/etc/consul`
 - Default Windows value: `C:\ProgramData\consul\config`
 
+### `consul_configd_path`
+
+- Additional configuration directory
+- Default Linux value: `/etc/consul.d`
+- Default Windows value: `C:\ProgramData\consul\config.d`
+
 ### `consul_data_path`
 
 - Data path

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -32,6 +32,7 @@ consul_install_remotely: false
 ### Paths
 consul_bin_path: "/usr/local/bin"
 consul_config_path: "/etc/consul"
+consul_configd_path: "/etc/consul.d"
 consul_bootstrap_state: "/etc/consul/.consul_bootstrapped"
 consul_data_path: "/var/consul"
 consul_log_path: "/var/log/consul"
@@ -104,6 +105,7 @@ consul_acl_master_token: "{{ lookup('env','CONSUL_ACL_MASTER_TOKEN') | default('
 consul_acl_master_token_display: "{{ lookup('env','CONSUL_ACL_MASTER_TOKEN_DISPLAY') | default(false, true) }}"
 consul_acl_replication_token: "{{ lookup('env','CONSUL_ACL_REPLICATION_TOKEN') | default('SN4K3OILSN4K3OILSN4K3OILSN4K3OIL', true) }}"
 consul_acl_replication_token_display: "{{ lookup('env','CONSUL_ACL_REPLICATION_TOKEN_DISPLAY') | default(false, true) }}"
+consul_acl_policy: false
 
 ## TLS
 consul_tls_enable: "{{ lookup('env','CONSUL_TLS_ENABLE') | default(false, true) }}"

diff --git a/tasks/acl.yml b/tasks/acl.yml
@@ -36,13 +36,13 @@
   run_once: True
   when: consul_acl_replication_token_display | bool
 
-# XXX: Revisit this as it can cause interesting head scratching vs. stock
-#
-#- name: Create ACL policy configuration
-#  template:
-#    src: user_acl_policy.hcl.j2
-#    dest: "{{ consul_config_path }}/50acl_policy.hcl"
-#    owner: "{{ consul_user }}"
-#    group: "{{ consul_group}}"
-#  notify:
-#    - restart consul
+- name: Create ACL policy configuration
+  template:
+    src: configd_50acl_policy.hcl.j2
+    dest: "{{ consul_configd_path }}/50acl_policy.hcl"
+    owner: "{{ consul_user }}"
+    group: "{{ consul_group}}"
+  notify:
+    - restart consul
+  when: consul_acl_policy | bool
+
diff --git a/tasks/config.yml b/tasks/config.yml
@@ -51,8 +51,8 @@
 
 - name: Create custom configuration
   template:
-    src: user_custom.json.j2
-    dest: "{{ consul_config_path }}/user_custom.json"
+    src: configd_50custom.json.j2
+    dest: "{{ consul_configd_path }}/50custom.json"
     owner: "{{ consul_user }}"
     group: "{{ consul_group}}"
   when:

diff --git a/tasks/config_windows.yml b/tasks/config_windows.yml
@@ -45,8 +45,8 @@
 
 - name: Create custom configuration
   win_template:
-    src: user_custom.json.j2
-    dest: "{{ consul_config_path }}/user_custom.json"
+    src: configd_50custom.json.j2
+    dest: "{{ consul_configd_path }}/50custom.json"
   when:
     - consul_config_custom is defined
   notify:

diff --git a/tasks/dirs.yml b/tasks/dirs.yml
@@ -10,9 +10,11 @@
     recurse: yes
   with_items:
     - "{{ consul_config_path }}"
+    - "{{ consul_configd_path }}"
     - "{{ consul_data_path }}"
     - "{{ consul_log_path }}"
     - "{{ consul_run_path }}"
+    - /etc/consul.d
   when: ansible_os_family != 'Windows'
 
 # XXX: This could be a stat instead
@@ -30,6 +32,7 @@
     state: directory
   with_items:
     - "{{ consul_config_path }}"
+    - "{{ consul_configd_path }}"
     - "{{ consul_data_path }}"
     - "{{ consul_log_path }}"
     - "{{ consul_bin_path }}"

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -397,7 +397,7 @@
           name: consul
           state: started
           application: "{{ consul_binary }}"
-          app_parameters_free_form: "agent -config-file='{{ consul_config_path }}/config.json' -config-dir='{{ consul_config_path }}'"
+          app_parameters_free_form: "agent -config-file='{{ consul_config_path }}/config.json' -config-dir='{{ consul_configd_path }}'"
           stdout_file: "{{ consul_log_path }}/consul-nssm-output.log"
           stderr_file: "{{ consul_log_path }}/consul-nssm-error.log"
 

diff --git a/templates/configd_50acl_policy.hcl.j2 b/templates/configd_50acl_policy.hcl.j2
@@ -0,0 +1,44 @@
+# Default all keys to read-only
+key "" {
+  policy = "read"
+}
+key "foo/" {
+  policy = "write"
+}
+key "foo/private/" {
+  # Deny access to the dir "foo/private"
+  policy = "deny"
+}
+
+# Default all services to allow registration. Also permits all
+# services to be discovered.
+service "" {
+    policy = "write"
+}
+
+# Deny registration access to services prefixed "secure-".
+# Discovery of the service is still allowed in read mode.
+service "secure-" {
+    policy = "read"
+}
+
+# Allow firing any user event by default.
+event "" {
+    policy = "write"
+}
+
+# Deny firing events prefixed with "destroy-".
+event "destroy-" {
+    policy = "deny"
+}
+
+# Default prepared queries to read-only.
+query "" {
+    policy = "read"
+}
+
+# Read-only mode for the encryption keyring by default (list only)
+keyring = "read"
+
+# Read-only mode for Consul operator interfaces (list only)
+operator = "read"
diff --git a/templates/configd_50custom.json.j2 b/templates/configd_50custom.json.j2
@@ -0,0 +1,6 @@
+{# consul_config_custom variables are free-style, passed through a hash -#}
+{% if consul_config_custom -%}
+{{ consul_config_custom | to_nice_json }}
+{% else %}
+{}
+{% endif %}
diff --git a/templates/consul_bsdinit.j2 b/templates/consul_bsdinit.j2
@@ -30,7 +30,7 @@ consul_start() {
     for user in ${consul_users}; do
         mkdir /var/run/consul
         chown -R "{{ consul_user }}:{{ consul_group }}" /var/run/consul/
-        su -m "${user}" -c "{{ consul_bin_path }}/consul agent -config-file={{ consul_config_path }}/config.json -config-dir={{ consul_config_path }} -pid-file=/var/run/consul/consul.pid&"
+        su -m "${user}" -c "{{ consul_bin_path }}/consul agent -config-file={{ consul_config_path }}/config.json -config-dir={{ consul_configd_path }} -pid-file=/var/run/consul/consul.pid&"
     done
 }
 

diff --git a/templates/consul_debianinit.j2 b/templates/consul_debianinit.j2
@@ -18,7 +18,7 @@ DESC="Consul service discovery framework"
 NAME="consul"
 DAEMON="{{ consul_bin_path }}/${NAME}"
 PIDFILE="/var/run/${NAME}/${NAME}.pid"
-DAEMON_ARGS="agent -config-file={{ consul_config_path }}/config.json -config-dir={{ consul_config_path }}"
+DAEMON_ARGS="agent -config-file={{ consul_config_path }}/config.json -config-dir={{ consul_configd_path }}"
 USER={{ consul_user }}
 SCRIPTNAME=/etc/init.d/"${NAME}"
 

diff --git a/templates/consul_smf_manifest.j2 b/templates/consul_smf_manifest.j2
@@ -23,7 +23,7 @@
             <method_credential user="{{ consul_user }}" group="{{ consul_group }}"/>
         </method_context>
 
-        <exec_method type="method" name="start" exec="{{ consul_bin_path }}/consul agent -config-file={{ consul_config_path}}/config.json -config-dir={{ consul_config_path }} -pid-file=/var/run/consul/consul.pid" timeout_seconds="60"/>
+        <exec_method type="method" name="start" exec="{{ consul_bin_path }}/consul agent -config-file={{ consul_config_path}}/config.json -config-dir={{ consul_configd_path }} -pid-file=/var/run/consul/consul.pid" timeout_seconds="60"/>
 
         <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>
 
@@ -35,7 +35,7 @@
         </property_group>
 
         <property_group name="application" type="application">
-            <propval name="config_dir" type="astring" value="{{ consul_config_path }}"/>
+            <propval name="config_dir" type="astring" value="{{ consul_configd_path }}"/>
         </property_group>
 
         <stability value="Evolving"/>

diff --git a/templates/consul_systemd.service.j2 b/templates/consul_systemd.service.j2
@@ -22,7 +22,7 @@ ExecStartPre=-/bin/mkdir {{ consul_run_path }}
 ExecStartPre=/bin/chown -R {{ consul_user }}:{{ consul_group }} /var/run/consul/
 ExecStart={{ consul_bin_path }}/consul agent \
     -config-file={{ consul_config_path }}/config.json \
-    -config-dir={{ consul_config_path}} \
+    -config-dir={{ consul_configd_path}} \
     -pid-file=/var/run/consul/consul.pid
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process

diff --git a/templates/consul_sysvinit.j2 b/templates/consul_sysvinit.j2
@@ -13,7 +13,7 @@
 
 CONSUL={{ consul_bin_path }}/consul
 CONFIG={{ consul_config_path }}/config.json
-CONFIGD={{ consul_config_path }}
+CONFIGD={{ consul_configd_path }}
 PID_FILE=/var/run/consul/consul.pid
 
 [ -e /etc/sysconfig/consul ] && . /etc/sysconfig/consul

diff --git a/vars/Windows.yml b/vars/Windows.yml
@@ -5,7 +5,7 @@
 consul_windows_path: /ProgramData/consul
 consul_bin_path: "{{consul_windows_path}}/bin"
 consul_config_path: "{{consul_windows_path}}/config"
-consul_config_path: "{{consul_config_path}}.d/"
+consul_configd_path: "{{consul_config_path}}.d/"
 consul_bootstrap_state: "{{consul_windows_path}}/.consul_bootstrapped"
 consul_data_path: "{{consul_windows_path}}/data"
 consul_log_path: "{{consul_windows_path}}/log"

diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-v1.21.2
+v1.22.0