Fix reload for consul, add nexus service to consul, fix cert location so update-ca-certificates can actually pick it up

This commit is contained in:
Amarpreet Minhas 2020-09-20 21:42:35 -04:00
parent 70b6576e96
commit ce0b27f5d0
11 changed files with 43 additions and 2 deletions

View file

@ -9,7 +9,7 @@ consul_domain: masked.name
# vault # vault
vault_version: 1.5.2 vault_version: 1.5.2
vault_pki_policy: masked-dot-name vault_pki_policy: masked-dot-name
vault_ca_cert_name: MaskedName_Root_CA.pem vault_ca_cert_name: MaskedName_Root_CA.crt
vault_ca_cert_payload: | vault_ca_cert_payload: |
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDNTCCAh2gAwIBAgIUYp8xo5t2lJFP3SiD1fJirgGUQJ0wDQYJKoZIhvcNAQEL MIIDNTCCAh2gAwIBAgIUYp8xo5t2lJFP3SiD1fJirgGUQJ0wDQYJKoZIhvcNAQEL

View file

@ -19,6 +19,7 @@
- htop - htop
- inxi - inxi
- ncdu - ncdu
- netcat
- ntp - ntp
- rxvt-unicode-256color - rxvt-unicode-256color
- screen - screen

View file

@ -10,6 +10,8 @@ Group=consul
RestartSec=3 RestartSec=3
StateDirectory=consul StateDirectory=consul
ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul.d/ ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul.d/
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -12,3 +12,8 @@
service: service:
name: consul name: consul
state: restarted state: restarted
- name: reload consul
service:
name: consul
state: reloaded

View file

@ -62,6 +62,7 @@
group: root group: root
remote_src: True remote_src: True
when: installed_consul_version.stdout != consul_version when: installed_consul_version.stdout != consul_version
notify: reload consul
- name: copy consul unit file - name: copy consul unit file
copy: copy:
@ -78,7 +79,7 @@
dest: /etc/consul.d/consul.hcl dest: /etc/consul.d/consul.hcl
owner: root owner: root
group: root group: root
mode: 0755 mode: 0750
notify: restart_consul_debian notify: restart_consul_debian
- name: ensure consul is started and enabled - name: ensure consul is started and enabled

View file

@ -25,6 +25,8 @@ addresses {
http = "0.0.0.0" http = "0.0.0.0"
} }
enable_local_script_checks = true
acl { acl {
enabled = true enabled = true
default_policy = "deny" default_policy = "deny"

View file

@ -10,6 +10,8 @@ Group=consul
RestartSec=3 RestartSec=3
StateDirectory=consul StateDirectory=consul
ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul.d/ ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul.d/
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -26,6 +26,8 @@ data_dir = "/opt/consul"
log_level = "INFO" log_level = "INFO"
raft_protocol = 3 raft_protocol = 3
enable_local_script_checks = true
addresses { addresses {
http = "0.0.0.0" http = "0.0.0.0"
dns = "0.0.0.0" dns = "0.0.0.0"

View file

@ -0,0 +1,12 @@
services {
id = "nexus"
name = "nexus"
port = 8081
checks = [
{
args = ["nc", "-z", "-v", "localhost", "8081"]
interval = "5s"
timeout = "20s"
}
]
}

View file

@ -0,0 +1,5 @@
---
- name: reload consul
service:
name: consul
state: reloaded

View file

@ -116,4 +116,13 @@
- "{{ nexus_config_dir }}/etc/ssl:/opt/sonatype/nexus/etc/ssl/" - "{{ nexus_config_dir }}/etc/ssl:/opt/sonatype/nexus/etc/ssl/"
- /etc/nexus:/certs - /etc/nexus:/certs
restart_policy: always restart_policy: always
- name: ensure nexus consul service config exists
copy:
src: files/nexus.hcl
dest: /etc/consul.d/nexus.hcl
mode: 0750
owner: consul
group: consul
notify: reload consul
... ...