New features and fixes

- Initial ACL support - Initial Atlas support - Streamline main tasks - Update documentation - Update variables
ansible-collections · Oct 26, 2016 · 9fbc184 · 9fbc184
1 parent 62a78b3
commit 9fbc184
Show file tree

Hide file tree

Showing 12 changed files with 116 additions and 80 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -192,3 +192,11 @@
 - Clean up variables (thanks @jessedefer)
 - Update documentation (thanks @jessedefer)
 - Update CONTRIBUTORS
+
+## v1.3.0
+
+- Initial ACL support
+- Initial Atlas support
+- Streamline main tasks
+- Update documentation
+- Update variables
diff --git a/README.md b/README.md
@@ -21,14 +21,15 @@ software and versions:
 * Ansible: 2.1.2.0
 * Consul: 0.7.0
 * Debian: 8
+* CentOS: 7
 
 ## Role Variables
 
 The role specifies variables in `defaults/main.yml` and `vars/*.yml`.
 
 | Name           | Default Value | Description                        |
 | -------------- | ------------- | -----------------------------------|
-| `consul_version` | `0.7.0` | Version to install |
+| `consul_version` | *0.7.0* | Version to install |
 | `consul_zip_url` | `https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip` | Download URL |
 | `consul_zip_sha256` | SHA256 SUM | Archive SHA256 summary |
 | `consul_bin_path` | `/usr/local/bin` | Binary installation path |
@@ -37,21 +38,30 @@ The role specifies variables in `defaults/main.yml` and `vars/*.yml`.
 | `consul_log_path` | `/var/log/consul` | Log path |
 | `consul_user` | `consul` | OS user |
 | `consul_group` | `bin` | OS group |
-| `consul_group_name` | `cluster_nodes` | Inventory group name |
-| `consul_datacenter` | `dc1` | Datacenter label |
+| `consul_group_name` | *cluster_nodes* | Inventory group name |
+| `consul_datacenter` | *dc1* | Datacenter label |
 | `consul_domain` | `consul` | Consul domain name |
 | `consul_log_level` | `INFO` | Log level |
-| `consul_syslog_enable` | `true` | Log to syslog |
+| `consul_syslog_enable` | *true* | Log to syslog |
 | `consul_iface` | `eth1` | Consul network interface |
-| `consul_bind_address` | `127.0.0.1` | Bind address |
+| `consul_bind_address` | *127.0.0.1* | Bind address |
 | `consul_bootstrap_address` | `{{ hostvars[groups[consul_group_name][0]]['ansible_'+consul_iface]['ipv4']['address'] }}` | The server interface that additional server nodes will join to for bootstrapping |
-| `consul_dns_bind_address` | `127.0.0.1` | DNS API bind address |
-| `consul_http_bind_address` | `0.0.0.0` | HTTP API bind address |
-| `consul_https_bind_address` | `0.0.0.0` | HTTPS API bind address |
-| `consul_rpc_bind_address` | `0.0.0.0` | RPC bind address |
+| `consul_dns_bind_address` | *127.0.0.1* | DNS API bind address |
+| `consul_http_bind_address` | *0.0.0.0* | HTTP API bind address |
+| `consul_https_bind_address` | *0.0.0.0* | HTTPS API bind address |
+| `consul_rpc_bind_address` | *0.0.0.0* | RPC bind address |
 | `consul_node_name` | `{{ inventory_hostname_short }}` | Node name (should not include dots) |
 | `consul_bind_address` | dynamic from hosts inventory | The interface address to bind to
-| `consul_dnsmasq` | `false` | Whether to install and configure DNS API forwarding on port 53 using dnsmasq |
+| `consul_dnsmasq_enable` | *false* | Whether to install and configure DNS API forwarding on port 53 using dnsmasq |
+| `consul_acl_enable` | *false* | Enable ACLs |
+| `consul_acl_datacenter` | *dc1* | ACL authoritative datacenter name |
+| `consul_acl_default_policy` | *allow* | Default ACL policy |
+| `consul_acl_down_policy` | *allow* | Default ACL down policy |
+| `consul_acl_master_token` | UUID | ACL master token |
+| `consul_acl_replication_token` | UUID | ACL replication token |
+| `consul_atlas_enable` | *false* | Enable Atlas support |
+| `consul_atlas_infrastructure` | Environment variable | Atlas infrastructure name |
+| `consul_atlas_token` | environment variable | Atlas token |
 
 ### OS Distribution Variables
 
@@ -106,14 +116,14 @@ Be aware that for clustering, the included `site.yml` does the following:
 2. Reconfigures bootstrap node to run without bootstrap-expect setting
 3. Restarts bootstrap node
 
-### DNSMasq Support
+### DNSMasq Forwarding Support
 
-The role now includes support for DNS forwarding with dnsmasq.
+The role now includes support for [DNS forwarding](https://www.consul.io/docs/guides/forwarding.html) with [Dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html).
 
 Enable like this:
 
 ```
-ansible-playbook -i hosts site.yml --extra-vars "consul_dnsmasq=true"
+ansible-playbook -i hosts site.yml --extra-vars "consul_dnsmasq_enable=true"
 ```
 
 Then, you can query any of the agents via DNS directly via port 53,

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,6 +1,7 @@
 ---
-# File: defaults/main.yml - Main default variables for Consul
+# File: defaults/main.yml - Default variables for Consul
 
+## Core
 consul_version: "0.7.0"
 consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip"
 consul_zip_sha256: "b350591af10d7d23514ebaa0565638539900cdb3aaa048f077217c4c46653dd8"
@@ -15,9 +16,6 @@ consul_datacenter: "dc1"
 consul_domain: "consul"
 consul_log_level: "INFO"
 consul_syslog_enable: "true"
-consul_ui_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_web_ui.zip"
-consul_ui_pkg: "{{ consul_version }}_web_ui.zip"
-consul_ui_sha256: "5f8841b51e0e3e2eb1f1dc66a47310ae42b0448e77df14c83bb49e0e0d5fa4b7"
 consul_iface: "eth1"
 consul_bind_address: "{{ hostvars[inventory_hostname]['ansible_'+consul_iface]['ipv4']['address'] }}"
 consul_dns_bind_address: "127.0.0.1"
@@ -26,13 +24,24 @@ consul_https_bind_address: "0.0.0.0"
 consul_rpc_bind_address: "0.0.0.0"
 consul_bootstrap_address: "{{ hostvars[groups[consul_group_name][0]]['ansible_'+consul_iface]['ipv4']['address'] }}"
 consul_node_name: "{{ inventory_hostname_short }}"
+
+## ACL
 consul_acl_enable: "false"
 consul_acl_datacenter: "{{ consul_datacenter }}"
 consul_acl_default_policy: "allow"
-consul_acl_replication_token: ""
-consul_dnsmasq: "false"
+consul_acl_down_policy: "allow"
+consul_acl_master_token: "{{ ansible_date_time.iso8601_micro | to_uuid }}"
+consul_acl_replication_token: "{{ ansible_date_time.iso8601_micro | to_uuid }}"
+
+# Options
+consul_dnsmasq_enable: "false"
+consul_atlas_enable: "false"
+consul_atlas_infrastructure: "{{ lookup('env','ATLAS_INFRA') }}"
+consul_atlas_token: "{{ lookup('env','ATLAS_TOKEN') }}"
 
-# CentOS vars
+## Distribution
+
+### CentOS
 consul_centos_pkg: "consul_{{ consul_version }}_linux_amd64.zip"
 consul_centos_url: "{{ consul_zip_url }}"
 consul_centos_sha256: "{{ consul_zip_sha256 }}"
@@ -42,7 +51,7 @@ consul_centos_os_packages:
   - git
   - unzip
 
-# Debian vars
+### Debian
 consul_debian_pkg: "consul_{{ consul_version }}_linux_amd64.zip"
 consul_debian_url: "{{ consul_zip_url }}"
 consul_debian_sha256: "{{ consul_zip_sha256 }}"
@@ -51,7 +60,7 @@ consul_debian_os_packages:
   - git
   - unzip
 
-# Red Hat vars
+### Red Hat
 consul_redhat_pkg: "consul_{{ consul_version }}_linux_amd64.zip"
 consul_redhat_url: "{{ consul_zip_url }}"
 consul_redhat_sha256: "{{ consul_zip_sha256 }}"
@@ -61,11 +70,16 @@ consul_redhat_os_packages:
   - git
   - unzip
 
-# Ubuntu vars
+### Ubuntu
 consul_ubuntu_pkg: "consul_{{ consul_version }}_linux_amd64.zip"
 consul_ubuntu_url: "{{ consul_zip_url }}"
 consul_ubuntu_sha256: "{{ consul_zip_sha256 }}"
 
 consul_ubuntu_os_packages:
   - git
   - unzip
+
+## Deprecated
+consul_ui_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_web_ui.zip"
+consul_ui_pkg: "{{ consul_version }}_web_ui.zip"
+consul_ui_sha256: "5f8841b51e0e3e2eb1f1dc66a47310ae42b0448e77df14c83bb49e0e0d5fa4b7"
diff --git a/examples/README_VAGRANT.md b/examples/README_VAGRANT.md
@@ -108,9 +108,9 @@ BOX_NAME="chef/centos-7.0" vagrant up
 4. If you notice an error like *vm: The '' provisioner could not be found.*
    make sure you have vagrant-hosts plugin installed
 
-### DNSMasq Forwarding
+### Dnsmasq Forwarding
 
-The role includes support for DNS forwarding with dnsmasq.
+The role includes support for DNS forwarding with Dnsmasq.
 
 Install like this:
 

diff --git a/examples/Vagrantfile b/examples/Vagrantfile
@@ -77,7 +77,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
       ansible.inventory_path = CLUSTER_HOSTS
       # Extra Ansible variables can be defined here
       ansible.extra_vars = {
-        consul_dnsmasq: DNSMASQ,
+        consul_dnsmasq_enable: DNSMASQ,
         consul_log_level: LOGLEVEL
       }
       ansible.playbook = ANSIBLE_PLAYBOOK

diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml
@@ -6,11 +6,6 @@
   with_items: "{{ consul_redhat_os_packages }}"
   tags: installation
 
-- name: dnsmasq package
-  yum: name=dnsmasq state=present
-  when: "consul_dnsmasq == true"
-  tags: installation
-
 - name: Download Consul
   become: no
   connection: local

diff --git a/tasks/Ubuntu.yml b/tasks/Ubuntu.yml
@@ -6,11 +6,6 @@
   with_items: "{{ consul_ubuntu_os_packages }}"
   tags: installation
 
-- name: dnsmasq package
-  apt: name=dnsmasq state=present
-  when: "consul_dnsmasq == true"
-  tags: installation
-
 - name: Download Consul
   become: no
   connection: local

diff --git a/tasks/dnsmasq.yml b/tasks/dnsmasq.yml
@@ -1,19 +1,19 @@
 ---
 # File: tasks/main.yml - dnsmasq tasks for Consul
 
-- name: dnsmasq package
+- name: Dnsmasq package
   yum: name=dnsmasq state=present
   when: ansible_distribution  == "CentOS" or ansible_distribution  == "RedHat"
   tags: dnsmasq,installation
 
-- name: dnsmasq package
+- name: Dnsmasq package
   apt: name=dnsmasq state=present
   when: ansible_distribution  == "Debian" or ansible_distribution  == "Ubuntu"
   tags: dnsmasq,installation
 
-- name: Stop dnsmasq
+- name: Stop Dnsmasq
   service: name=dnsmasq state=stopped
 
-- name: "dnsmasq setup"
+- name: "Dnsmasq setup"
   copy: src=../files/dnsmasq-10-consul dest=/etc/dnsmasq.d/10-consul owner=root group=root mode=0644
   tags: dnsmasq
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -12,12 +12,12 @@
   when: ansible_lsb.id|lower == "debian" and ansible_distribution_version|version_compare(8.5, '<')
 
 - name: Create cluster groupings
-  group_by: key={{ consul_node_role }}
+  group_by: "key={{ consul_node_role }}"
 
-- group_by: key=os_{{ ansible_os_family }}
+- group_by: "key=os_{{ ansible_os_family }}"
 
 - name: "Add Consul user"
-  user: name=consul comment="Consul user" uid=1042 group=bin
+  user: "name=consul comment='Consul user' uid=1042 group=bin"
 
 - name: "CentOS tasks"
   include: CentOS.yml
@@ -35,43 +35,46 @@
   include: Ubuntu.yml
   when: ansible_distribution  == "Ubuntu"
 
-- name: Generate Consul key
-  shell: PATH=/usr/local/bin:$PATH consul keygen
+- name: Generate gossip encryption key
+  shell: "PATH=/usr/local/bin:$PATH consul keygen"
   register: consul_raw_key
   run_once: true
 
-- name: Consul directory
-  file: "dest=/opt/consul state=directory owner={{ consul_user }} group={{ consul_group}}"
-
-- name: Consul data directory
-  file: "dest=/var/consul state=directory owner={{ consul_user }} group={{ consul_group}}"
-
-- name: Consul log directory
-  file: "dest=/var/log/consul state=directory owner={{ consul_user }} group={{ consul_group}}"
-
-- name: Consul PID directory
-  file: "dest=/var/run/consul state=directory owner={{ consul_user }} group={{ consul_group}}"
-
-- name: Consul dot d directory
-  file: "dest=/etc/consul.d state=directory owner={{ consul_user }} group={{ consul_group}}"
-
-- name: Consul bootstrap directory
-  file: "dest=/etc/consul.d/bootstrap state=directory owner={{ consul_user }} group={{ consul_group}}"
-
-- name: Consul server directory
-  file: "dest=/etc/consul.d/server state=directory owner={{ consul_user }} group={{ consul_group}}"
-
-- name: Consul client directory
-  file: "dest=/etc/consul.d/client state=directory owner={{ consul_user }} group={{ consul_group}}"
-
-- name: Consul bootstrap configuration
-  template: src=server_bootstrap_config.json.j2 dest={{ consul_config_path }}/bootstrap/config.json
+- name: Directories
+  file: "dest={{ item }} state=directory owner={{ consul_user }} group={{ consul_group}}"
+  with_items:
+    - /opt/consul
+    - /var/consul
+    - /var/log/consul
+    - /var/run/consul
+    - /etc/consul.d
+    - /etc/consul.d/bootstrap   
+    - /etc/consul.d/client
+    - /etc/consul.d/server
+
+- name: Bootstrap configuration
+  template: "src=server_bootstrap_config.json.j2 dest={{ consul_config_path }}/bootstrap/config.json"
+
+- name: Client configuration
+  template: src=client_config.json.j2 dest={{ consul_config_path }}/client/config.json
 
-- name: Consul server configuration
+- name: Server configuration
   template: src=server_config.json.j2 dest={{ consul_config_path }}/server/config.json
 
-- name: Consul client configuration
-  template: src=client_config.json.j2 dest={{ consul_config_path }}/client/config.json
+- name: ACL bootstrap configuration
+  template: src=config_acl.json.j2 dest={{ consul_config_path }}/{{ item }}/config_acl.json
+  with_items:
+    - bootstrap
+    - client
+    - server
+  when: consul_acl_enable == "true"
+
+- name: Atlas configuration
+  template: src=config_atlas.json.j2 dest={{ consul_config_path }}/{{ item }}/config_atlas.json
+  with_items:
+    - bootstrap
+    - server
+  when: consul_atlas_enable == "true"
 
 - name: SYSV init script
   template: src=consul_sysvinit.j2 dest=/etc/init.d/consul owner=root group=root mode=755
@@ -88,7 +91,7 @@
 - name: Start Consul
   service: name=consul state=started enabled=yes
 
-- name: Consul running?
+- name: Consul up?
   wait_for: delay=5 path=/var/run/consul/consul.pid state=present
 
 - name: Stop Consul
@@ -110,10 +113,10 @@
 - name: Start Consul
   service: name=consul state=started
 
-- name: "Enable dnsmasq"
+- name: "Enable Dnsmasq"
   include: ../tasks/dnsmasq.yml
-  when: consul_dnsmasq == "true"
+  when: consul_dnsmasq_enable == "true"
 
-- name: "Restart dnsmasq"
+- name: "Restart Dnsmasq"
   service: name=dnsmasq state=restarted
-  when: consul_dnsmasq == "true"
+  when: consul_dnsmasq_enable == "true"
diff --git a/templates/config_acl.json.j2 b/templates/config_acl.json.j2
@@ -0,0 +1,7 @@
+{
+  "acl_datacenter": "{{ consul_acl_datacenter }}",
+  "acl_default_policy": "{{ consul_acl_default_policy }}",
+  "acl_down_policy": "{{ consul_acl_down_policy }}",
+  "acl_master_token": "{{ consul_acl_master_token }}",
+  "acl_replication_token": "{{ consul_acl_replication_token }}"
+}
diff --git a/templates/config_atlas.json b/templates/config_atlas.json
@@ -0,0 +1,4 @@
+{
+  "atlas_token": "{{ consul_atlas_token }}",
+  "atlas_infratstructure": "{{ consul_atlas_infrastructure }}"
+}
diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-v1.2.16
+v1.3.0