diff --git a/cookbooks/consul/attributes.rb b/cookbooks/consul/attributes.rb index f964ce6..01056a0 100644 --- a/cookbooks/consul/attributes.rb +++ b/cookbooks/consul/attributes.rb @@ -18,10 +18,7 @@ dns = run_command(cmd).stdout.chomp node.reverse_merge!({ 'consul' => { - 'base_binary_url' => 'https://releases.hashicorp.com/consul/', - 'arch' => node['kernel']['machine'] =~ /x86_64/ ? 'amd64' : '386', - 'tmp_path' => '/tmp/itamae_tmp/consul.zip', - 'manager' => true, + 'manager' => false, 'manager_hosts' => '["192.168.10.110", "192.168.10.101", "192.168.10.111", "192.168.10.115"]', 'ipaddr' => ipaddr, 'dns' => dns diff --git a/cookbooks/consul/install.rb b/cookbooks/consul/install.rb index 099e904..2c834e4 100644 --- a/cookbooks/consul/install.rb +++ b/cookbooks/consul/install.rb @@ -3,7 +3,7 @@ KEYSRV = "https://apt.releases.hashicorp.com/gpg" ID = "A3219F7B" execute "apt-key adv --keyserver #{KEYSRV} --recv-keys #{ID}" do - not_if "apt-key list | grep #{ID}" + not_if 'apt-key list | grep HashiCorp' end # Retrieve the Ubuntu code: diff --git a/cookbooks/consul/setup.rb b/cookbooks/consul/setup.rb index 37d8037..b80cbed 100644 --- a/cookbooks/consul/setup.rb +++ b/cookbooks/consul/setup.rb @@ -1,4 +1,10 @@ -template '/etc/consul.d/config.json' do +if node['consul']['manager'] + SRC = 'consul-server.hcl.erb' +else + SRC = 'consul-agent.hcl.erb' +end + +template '/etc/consul.d/consul.hcl' do owner 'consul' group 'consul' mode '644' @@ -8,7 +14,7 @@ template '/etc/consul.d/config.json' do ipaddr: node['consul']['ipaddr'], ) - notifies :restart, 'service[supervisor]' + source "templates/etc/consul.d/#{SRC}" end remote_file '/etc/consul.d/service-consul.json' do diff --git a/cookbooks/consul/templates/etc/consul.d/config.json.erb b/cookbooks/consul/templates/etc/consul.d/config.json.erb deleted file mode 100644 index f0baf2a..0000000 --- a/cookbooks/consul/templates/etc/consul.d/config.json.erb +++ /dev/null @@ -1,23 +0,0 @@ -{ - "datacenter": "aws", - <% if @manager then%> - "bootstrap_expect": 3, - "addresses": { - "http": "0.0.0.0" - }, - "ui": true, - <% end %> - "bind_addr": "<%= @ipaddr %>", - "disable_remote_exec": false, - "disable_update_check": true, - "leave_on_terminate": true, - "retry_interval": "30s", - "data_dir": "/var/opt/consul", - "log_level": "INFO", - "enable_syslog": false, - "enable_script_checks": true, - "rejoin_after_leave": true, - "retry_join": <%= @manager_hosts %>, - "encrypt": "LPKrNBQZnJIc8tJpViI4ug==", - "server": <%= @manager %> -} diff --git a/cookbooks/consul/templates/etc/consul.d/consul-agent.hcl.erb b/cookbooks/consul/templates/etc/consul.d/consul-agent.hcl.erb new file mode 100644 index 0000000..ab8e22f --- /dev/null +++ b/cookbooks/consul/templates/etc/consul.d/consul-agent.hcl.erb @@ -0,0 +1,85 @@ +# Full configuration options can be found at https://www.consul.io/docs/agent/options.html + +# datacenter +# This flag controls the datacenter in which the agent is running. If not provided, +# it defaults to "dc1". Consul has first-class support for multiple datacenters, but +# it relies on proper configuration. Nodes in the same datacenter should be on a +# single LAN. +#datacenter = "aws" + +# data_dir +# This flag provides a data directory for the agent to store state. This is required +# for all agents. The directory should be durable across reboots. This is especially +# critical for agents that are running in server mode as they must be able to persist +# cluster state. Additionally, the directory must support the use of filesystem +# locking, meaning some types of mounted folders (e.g. VirtualBox shared folders) may +# not be suitable. +data_dir = "/opt/consul" + +# client_addr +# The address to which Consul will bind client interfaces, including the HTTP and DNS +# servers. By default, this is "127.0.0.1", allowing only loopback connections. In +# Consul 1.0 and later this can be set to a space-separated list of addresses to bind +# to, or a go-sockaddr template that can potentially resolve to multiple addresses. +client_addr = "0.0.0.0" + +# ui +# Enables the built-in web UI server and the required HTTP routes. This eliminates +# the need to maintain the Consul web UI files separately from the binary. +ui = false + +# server +# This flag is used to control if an agent is in server or client mode. When provided, +# an agent will act as a Consul server. Each Consul cluster must have at least one +# server and ideally no more than 5 per datacenter. All servers participate in the Raft +# consensus algorithm to ensure that transactions occur in a consistent, linearizable +# manner. Transactions modify cluster state, which is maintained on all server nodes to +# ensure availability in the case of node failure. Server nodes also participate in a +# WAN gossip pool with server nodes in other datacenters. Servers act as gateways to +# other datacenters and forward traffic as appropriate. +#server = true + +# bootstrap_expect +# This flag provides the number of expected servers in the datacenter. Either this value +# should not be provided or the value must agree with other servers in the cluster. When +# provided, Consul waits until the specified number of servers are available and then +# bootstraps the cluster. This allows an initial leader to be elected automatically. +# This cannot be used in conjunction with the legacy -bootstrap flag. This flag requires +# -server mode. +#bootstrap_expect=3 + +# encrypt +# Specifies the secret key to use for encryption of Consul network traffic. This key must +# be 32-bytes that are Base64-encoded. The easiest way to create an encryption key is to +# use consul keygen. All nodes within a cluster must share the same encryption key to +# communicate. The provided key is automatically persisted to the data directory and loaded +# automatically whenever the agent is restarted. This means that to encrypt Consul's gossip +# protocol, this option only needs to be provided once on each agent's initial startup +# sequence. If it is provided after Consul has been initialized with an encryption key, +# then the provided key is ignored and a warning will be displayed. +encrypt = "LPKrNBQZnJIc8tJpViI4ug==" + +# retry_join +# Similar to -join but allows retrying a join until it is successful. Once it joins +# successfully to a member in a list of members it will never attempt to join again. +# Agents will then solely maintain their membership via gossip. This is useful for +# cases where you know the address will eventually be available. This option can be +# specified multiple times to specify multiple agents to join. The value can contain +# IPv4, IPv6, or DNS addresses. In Consul 1.1.0 and later this can be set to a go-sockaddr +# template. If Consul is running on the non-default Serf LAN port, this must be specified +# as well. IPv6 must use the "bracketed" syntax. If multiple values are given, they are +# tried and retried in the order listed until the first succeeds. Here are some examples: +retry_join = <%= @manager_hosts %> + +bind_addr = "<%= @ipaddr %>" +disable_remote_exec = false +disable_update_check = false +enable_local_script_checks = true + +log_file = "/var/log/consul/" +log_rotate_max_files = -1 +log_level = "INFO" +log_json = false +log_rotate_bytes = 1000000 + +rejoin_after_leave = true diff --git a/cookbooks/consul/templates/etc/consul.d/consul-server.hcl.erb b/cookbooks/consul/templates/etc/consul.d/consul-server.hcl.erb new file mode 100644 index 0000000..c0e3b73 --- /dev/null +++ b/cookbooks/consul/templates/etc/consul.d/consul-server.hcl.erb @@ -0,0 +1,85 @@ +# Full configuration options can be found at https://www.consul.io/docs/agent/options.html + +# datacenter +# This flag controls the datacenter in which the agent is running. If not provided, +# it defaults to "dc1". Consul has first-class support for multiple datacenters, but +# it relies on proper configuration. Nodes in the same datacenter should be on a +# single LAN. +#datacenter = "aws" + +# data_dir +# This flag provides a data directory for the agent to store state. This is required +# for all agents. The directory should be durable across reboots. This is especially +# critical for agents that are running in server mode as they must be able to persist +# cluster state. Additionally, the directory must support the use of filesystem +# locking, meaning some types of mounted folders (e.g. VirtualBox shared folders) may +# not be suitable. +data_dir = "/opt/consul" + +# client_addr +# The address to which Consul will bind client interfaces, including the HTTP and DNS +# servers. By default, this is "127.0.0.1", allowing only loopback connections. In +# Consul 1.0 and later this can be set to a space-separated list of addresses to bind +# to, or a go-sockaddr template that can potentially resolve to multiple addresses. +client_addr = "0.0.0.0" + +# ui +# Enables the built-in web UI server and the required HTTP routes. This eliminates +# the need to maintain the Consul web UI files separately from the binary. +ui = true + +# server +# This flag is used to control if an agent is in server or client mode. When provided, +# an agent will act as a Consul server. Each Consul cluster must have at least one +# server and ideally no more than 5 per datacenter. All servers participate in the Raft +# consensus algorithm to ensure that transactions occur in a consistent, linearizable +# manner. Transactions modify cluster state, which is maintained on all server nodes to +# ensure availability in the case of node failure. Server nodes also participate in a +# WAN gossip pool with server nodes in other datacenters. Servers act as gateways to +# other datacenters and forward traffic as appropriate. +server = true + +# bootstrap_expect +# This flag provides the number of expected servers in the datacenter. Either this value +# should not be provided or the value must agree with other servers in the cluster. When +# provided, Consul waits until the specified number of servers are available and then +# bootstraps the cluster. This allows an initial leader to be elected automatically. +# This cannot be used in conjunction with the legacy -bootstrap flag. This flag requires +# -server mode. +bootstrap_expect=3 + +# encrypt +# Specifies the secret key to use for encryption of Consul network traffic. This key must +# be 32-bytes that are Base64-encoded. The easiest way to create an encryption key is to +# use consul keygen. All nodes within a cluster must share the same encryption key to +# communicate. The provided key is automatically persisted to the data directory and loaded +# automatically whenever the agent is restarted. This means that to encrypt Consul's gossip +# protocol, this option only needs to be provided once on each agent's initial startup +# sequence. If it is provided after Consul has been initialized with an encryption key, +# then the provided key is ignored and a warning will be displayed. +encrypt = "LPKrNBQZnJIc8tJpViI4ug==" + +# retry_join +# Similar to -join but allows retrying a join until it is successful. Once it joins +# successfully to a member in a list of members it will never attempt to join again. +# Agents will then solely maintain their membership via gossip. This is useful for +# cases where you know the address will eventually be available. This option can be +# specified multiple times to specify multiple agents to join. The value can contain +# IPv4, IPv6, or DNS addresses. In Consul 1.1.0 and later this can be set to a go-sockaddr +# template. If Consul is running on the non-default Serf LAN port, this must be specified +# as well. IPv6 must use the "bracketed" syntax. If multiple values are given, they are +# tried and retried in the order listed until the first succeeds. Here are some examples: +retry_join = <%= @manager_hosts %> + +bind_addr = "<%= @ipaddr %>" +disable_remote_exec = false +disable_update_check = false +enable_local_script_checks = true + +log_file = "/var/log/consul/" +log_rotate_max_files = -1 +log_level = "INFO" +log_json = false +log_rotate_bytes = 1000000 + +rejoin_after_leave = true