diff --git a/ansible/group_vars/all/main.yml b/ansible/group_vars/all/main.yml index 72b0073..730edaf 100644 --- a/ansible/group_vars/all/main.yml +++ b/ansible/group_vars/all/main.yml @@ -9,7 +9,7 @@ consul_domain: masked.name # vault vault_version: 1.5.2 vault_pki_policy: masked-dot-name -vault_ca_cert_name: MaskedName_Root_CA.pem +vault_ca_cert_name: MaskedName_Root_CA.crt vault_ca_cert_payload: | -----BEGIN CERTIFICATE----- MIIDNTCCAh2gAwIBAgIUYp8xo5t2lJFP3SiD1fJirgGUQJ0wDQYJKoZIhvcNAQEL diff --git a/ansible/roles/common/tasks/Debian.yml b/ansible/roles/common/tasks/Debian.yml index 1ddd499..c5e2a3e 100644 --- a/ansible/roles/common/tasks/Debian.yml +++ b/ansible/roles/common/tasks/Debian.yml @@ -19,6 +19,7 @@ - htop - inxi - ncdu + - netcat - ntp - rxvt-unicode-256color - screen diff --git a/ansible/roles/consul/files/consul.service b/ansible/roles/consul/files/consul.service index 71b78f8..a22730d 100644 --- a/ansible/roles/consul/files/consul.service +++ b/ansible/roles/consul/files/consul.service @@ -10,6 +10,8 @@ Group=consul RestartSec=3 StateDirectory=consul ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul.d/ +ExecReload=/bin/kill -HUP $MAINPID +KillSignal=SIGINT [Install] WantedBy=multi-user.target diff --git a/ansible/roles/consul/handlers/main.yml b/ansible/roles/consul/handlers/main.yml index 0c9cfcd..9dc65e7 100644 --- a/ansible/roles/consul/handlers/main.yml +++ b/ansible/roles/consul/handlers/main.yml @@ -12,3 +12,8 @@ service: name: consul state: restarted + +- name: reload consul + service: + name: consul + state: reloaded diff --git a/ansible/roles/consul/tasks/Debian.yml b/ansible/roles/consul/tasks/Debian.yml index b4cc423..9782372 100644 --- a/ansible/roles/consul/tasks/Debian.yml +++ b/ansible/roles/consul/tasks/Debian.yml @@ -62,6 +62,7 @@ group: root remote_src: True when: installed_consul_version.stdout != consul_version + notify: reload consul - name: copy consul unit file copy: @@ -78,7 +79,7 @@ dest: /etc/consul.d/consul.hcl owner: root group: root - mode: 0755 + mode: 0750 notify: restart_consul_debian - name: ensure consul is started and enabled diff --git a/ansible/roles/consul/templates/consul.hcl.j2 b/ansible/roles/consul/templates/consul.hcl.j2 index 1ab6ad8..51385cf 100644 --- a/ansible/roles/consul/templates/consul.hcl.j2 +++ b/ansible/roles/consul/templates/consul.hcl.j2 @@ -25,6 +25,8 @@ addresses { http = "0.0.0.0" } +enable_local_script_checks = true + acl { enabled = true default_policy = "deny" diff --git a/ansible/roles/consul_server/files/consul.service b/ansible/roles/consul_server/files/consul.service index 71b78f8..a22730d 100644 --- a/ansible/roles/consul_server/files/consul.service +++ b/ansible/roles/consul_server/files/consul.service @@ -10,6 +10,8 @@ Group=consul RestartSec=3 StateDirectory=consul ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul.d/ +ExecReload=/bin/kill -HUP $MAINPID +KillSignal=SIGINT [Install] WantedBy=multi-user.target diff --git a/ansible/roles/consul_server/templates/consul.hcl.j2 b/ansible/roles/consul_server/templates/consul.hcl.j2 index 8439789..60b9e05 100644 --- a/ansible/roles/consul_server/templates/consul.hcl.j2 +++ b/ansible/roles/consul_server/templates/consul.hcl.j2 @@ -26,6 +26,8 @@ data_dir = "/opt/consul" log_level = "INFO" raft_protocol = 3 +enable_local_script_checks = true + addresses { http = "0.0.0.0" dns = "0.0.0.0" diff --git a/ansible/roles/nexus/files/nexus.hcl b/ansible/roles/nexus/files/nexus.hcl new file mode 100644 index 0000000..b4551cf --- /dev/null +++ b/ansible/roles/nexus/files/nexus.hcl @@ -0,0 +1,12 @@ +services { + id = "nexus" + name = "nexus" + port = 8081 + checks = [ + { + args = ["nc", "-z", "-v", "localhost", "8081"] + interval = "5s" + timeout = "20s" + } + ] +} diff --git a/ansible/roles/nexus/handlers/main.yml b/ansible/roles/nexus/handlers/main.yml new file mode 100644 index 0000000..475ef39 --- /dev/null +++ b/ansible/roles/nexus/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: reload consul + service: + name: consul + state: reloaded diff --git a/ansible/roles/nexus/tasks/main.yml b/ansible/roles/nexus/tasks/main.yml index 278c905..60a3e1b 100644 --- a/ansible/roles/nexus/tasks/main.yml +++ b/ansible/roles/nexus/tasks/main.yml @@ -116,4 +116,13 @@ - "{{ nexus_config_dir }}/etc/ssl:/opt/sonatype/nexus/etc/ssl/" - /etc/nexus:/certs restart_policy: always + +- name: ensure nexus consul service config exists + copy: + src: files/nexus.hcl + dest: /etc/consul.d/nexus.hcl + mode: 0750 + owner: consul + group: consul + notify: reload consul ...