Fix reload for consul, add nexus service to consul, fix cert location so update-ca-certificates can actually pick it up
This commit is contained in:
parent
70b6576e96
commit
ce0b27f5d0
11 changed files with 43 additions and 2 deletions
|
|
@ -9,7 +9,7 @@ consul_domain: masked.name
|
|||
# vault
|
||||
vault_version: 1.5.2
|
||||
vault_pki_policy: masked-dot-name
|
||||
vault_ca_cert_name: MaskedName_Root_CA.pem
|
||||
vault_ca_cert_name: MaskedName_Root_CA.crt
|
||||
vault_ca_cert_payload: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDNTCCAh2gAwIBAgIUYp8xo5t2lJFP3SiD1fJirgGUQJ0wDQYJKoZIhvcNAQEL
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@
|
|||
- htop
|
||||
- inxi
|
||||
- ncdu
|
||||
- netcat
|
||||
- ntp
|
||||
- rxvt-unicode-256color
|
||||
- screen
|
||||
|
|
|
|||
|
|
@ -10,6 +10,8 @@ Group=consul
|
|||
RestartSec=3
|
||||
StateDirectory=consul
|
||||
ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul.d/
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
KillSignal=SIGINT
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
|
|
@ -12,3 +12,8 @@
|
|||
service:
|
||||
name: consul
|
||||
state: restarted
|
||||
|
||||
- name: reload consul
|
||||
service:
|
||||
name: consul
|
||||
state: reloaded
|
||||
|
|
|
|||
|
|
@ -62,6 +62,7 @@
|
|||
group: root
|
||||
remote_src: True
|
||||
when: installed_consul_version.stdout != consul_version
|
||||
notify: reload consul
|
||||
|
||||
- name: copy consul unit file
|
||||
copy:
|
||||
|
|
@ -78,7 +79,7 @@
|
|||
dest: /etc/consul.d/consul.hcl
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
mode: 0750
|
||||
notify: restart_consul_debian
|
||||
|
||||
- name: ensure consul is started and enabled
|
||||
|
|
|
|||
|
|
@ -25,6 +25,8 @@ addresses {
|
|||
http = "0.0.0.0"
|
||||
}
|
||||
|
||||
enable_local_script_checks = true
|
||||
|
||||
acl {
|
||||
enabled = true
|
||||
default_policy = "deny"
|
||||
|
|
|
|||
|
|
@ -10,6 +10,8 @@ Group=consul
|
|||
RestartSec=3
|
||||
StateDirectory=consul
|
||||
ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul.d/
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
KillSignal=SIGINT
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
|
|
@ -26,6 +26,8 @@ data_dir = "/opt/consul"
|
|||
log_level = "INFO"
|
||||
raft_protocol = 3
|
||||
|
||||
enable_local_script_checks = true
|
||||
|
||||
addresses {
|
||||
http = "0.0.0.0"
|
||||
dns = "0.0.0.0"
|
||||
|
|
|
|||
12
ansible/roles/nexus/files/nexus.hcl
Normal file
12
ansible/roles/nexus/files/nexus.hcl
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
services {
|
||||
id = "nexus"
|
||||
name = "nexus"
|
||||
port = 8081
|
||||
checks = [
|
||||
{
|
||||
args = ["nc", "-z", "-v", "localhost", "8081"]
|
||||
interval = "5s"
|
||||
timeout = "20s"
|
||||
}
|
||||
]
|
||||
}
|
||||
5
ansible/roles/nexus/handlers/main.yml
Normal file
5
ansible/roles/nexus/handlers/main.yml
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- name: reload consul
|
||||
service:
|
||||
name: consul
|
||||
state: reloaded
|
||||
|
|
@ -116,4 +116,13 @@
|
|||
- "{{ nexus_config_dir }}/etc/ssl:/opt/sonatype/nexus/etc/ssl/"
|
||||
- /etc/nexus:/certs
|
||||
restart_policy: always
|
||||
|
||||
- name: ensure nexus consul service config exists
|
||||
copy:
|
||||
src: files/nexus.hcl
|
||||
dest: /etc/consul.d/nexus.hcl
|
||||
mode: 0750
|
||||
owner: consul
|
||||
group: consul
|
||||
notify: reload consul
|
||||
...
|
||||
|
|
|
|||
Loading…
Reference in a new issue