Update to 2022-07-21 01:00

roles/consul/tasks/archive_post.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ consul_root_dir }}/archives/{{ consul_current_version }}.tar.zst --use-compress-program=zstd ./
+  args:
+    chdir: "{{ consul_root_dir }}/archives/{{ consul_current_version }}"
+    warn: False
+  environment:
+    ZSTD_CLEVEL: 10
+  tags: consul
+
+- name: Remove archive dir
+  file: path={{ consul_root_dir }}/archives/{{ consul_current_version }} state=absent
+  tags: consul
+

roles/consul/tasks/archive_pre.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Create the archive dir
+  file: path={{ consul_root_dir }}/archives/{{ consul_current_version }} state=directory
+  tags: consul
+
+- name: Backup previous version
+  copy: src={{ consul_root_dir }}/bin/consul dest={{ consul_root_dir }}/archives/{{ consul_current_version }}/ remote_src=True
+  tags: consul
+

roles/consul/tasks/cleanup.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Remove tmp and obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ consul_root_dir }}/tmp/consul_{{ consul_version }}_linux_amd64.zip"
+    - "{{ consul_root_dir }}/tmp/consul"
+  tags: consul

roles/consul/tasks/conf.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Deploy consul configuration
+  template: src=consul.json.j2 dest={{ consul_root_dir }}/etc/consul.json owner=root group={{ consul_user }} mode=640
+  notify: reload consul
+  tags: consul

roles/consul/tasks/directories.yml

@@ -0,0 +1,31 @@
+---
+
+- name: Create needed directories
+  file: path={{ consul_root_dir }}/{{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: archives
+      owner: root
+      group: root
+      mode: 700
+    - dir: backup
+      owner: root
+      group: root
+      mode: 700
+    - dir: meta
+      owner: root
+      group: root
+      mode: 700
+    - dir: bin
+    - dir: tmp
+      owner: "{{ consul_user }}"
+      group: "{{ consul_user }}"
+      mode: 700
+    - dir: data
+      owner: "{{ consul_user }}"
+      group: "{{ consul_user }}"
+      mode: 700
+    - dir: etc
+      owner: root
+      group: "{{ consul_user }}"
+      mode: 750
+  tags: consul

roles/consul/tasks/facts.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Detect installed version
+  block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ consul_root_dir }}"
+        - version: "{{ consul_version }}"
+    - set_fact: consul_install_mode={{ install_mode | default('none') }}
+    - set_fact: consul_current_version={{ current_version | default('') }}
+  tags: consul
+

roles/consul/tasks/install.yml

@@ -0,0 +1,55 @@
+---
+
+- name: Install needed tools
+  package:
+    name:
+      - tar
+      - zstd
+      - unzip
+  tags: consul
+
+- when: consul_install_mode != 'none'
+  block:
+    - name: Download consul
+      get_url:
+        url: "{{ consul_archive_url }}"
+        dest: "{{ consul_root_dir }}/tmp"
+        checksum: sha256:{{ consul_archive_sha256 }}
+
+    - name: Extract the archive
+      unarchive:
+        src: "{{ consul_root_dir }}/tmp/consul_{{ consul_version }}_linux_amd64.zip"
+        dest: "{{ consul_root_dir }}/tmp"
+        remote_src: True
+
+    - name: Install consul binary
+      copy:
+        src: "{{ consul_root_dir }}/tmp/consul"
+        dest: "{{ consul_root_dir }}/bin/consul"
+        remote_src: True
+        mode: 755
+
+    - name: Link in /usr/local/bin
+      file: src={{ consul_root_dir }}/bin/consul dest=/usr/local/bin/consul state=link force=True
+
+  tags: consul
+
+- name: Install bash completion support
+  copy:
+    content: |
+      complete -C {{ consul_root_dir }}/bin/consul consul
+    dest: /etc/bash_completion.d/consul
+    mode: 755
+  tags: consul
+
+- name: Deploy systemd service unit
+  template: src=consul.service.j2 dest=/etc/systemd/system/consul.service
+  register: consul_unit
+  notify: restart consul
+  tags: consul
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: consul_unit.changed
+  tags: consul
+

roles/consul/tasks/iptables.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Handle consul ports in the firewall
+  iptables_raw:
+    name: consul_port_{{ item }}
+    state: "{{ (('tcp' in consul_services[item].proto or 'udp' in consul_services[item].proto) and consul_services[item].src_ip | length > 0) | ternary('present', 'absent') }}"
+    rules: |
+      {% if 'tcp' in consul_services[item].proto %}
+      -A INPUT -m state --state NEW -p tcp --dport {{ consul_services[item].port }} -j ACCEPT
+      {% endif %}
+      {% if 'udp' in consul_services[item].proto %}
+      -A INPUT -m state --state NEW -p udp --dport {{ consul_services[item].port }} -j ACCEPT
+      {% endif %}
+  loop: "{{ consul_services.keys() | list }}"
+  tags: firewall,consul

roles/consul/tasks/main.yml

@@ -0,0 +1,38 @@
+---
+
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: consul_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  when: iptables_manage | default(True)
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: consul_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always
+

roles/consul/tasks/services.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Start and enable consul service
+  service: name=consul state=started enabled=True
+  register: consul_service_started
+  tags: consul

roles/consul/tasks/user.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Create consul user
+  user:
+    name: "{{ consul_user }}"
+    home: "{{ consul_root_dir }}"
+    system: True
+    shell: /sbin/nologin
+  tags: consul

roles/consul/tasks/write_version.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Write installed version
+  copy: content={{ consul_version }} dest={{ consul_root_dir }}/meta/ansible_version
+  tags: consul