From 1efd0d406e7e62eed3fb1cf8ef9dcdd2e2368ff2 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 31 Oct 2023 20:08:20 +0100 Subject: [PATCH] linting --- defaults/main.yml | 20 ++--- tasks/dnsmasq.yml | 20 ++--- tasks/main.yml | 173 ++++++++++++++++++++-------------------- templates/consul.hcl.j2 | 1 + 4 files changed, 108 insertions(+), 106 deletions(-) create mode 100644 templates/consul.hcl.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 24ed798..9e4da65 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,25 +1,25 @@ --- # defaults file for ansible-consul consul_bin_path: "/usr/local/bin" -consul_server: True -consul_ui: True +consul_server: true +consul_ui: true consul_config_path: "/etc/consul.d" consul_bootstrap_state: "{{ consul_config_path }}/.consul_bootstrapped" consul_iface: "{{ ansible_default_ipv4.interface }}" -consul_bind_address: "{{ hostvars[inventory_hostname]['ansible_'+ consul_iface | replace('-', '_')]['ipv4']['address']}}" +consul_bind_address: "{{ hostvars[inventory_hostname]['ansible_' + consul_iface | replace('-', '_')]['ipv4']['address'] }}" consul_client_addr: "127.0.0.1" -consul_bootstrap: False +consul_bootstrap: false consul_domain: "consul" consul_data_dir: "/opt/consul" consul_datacenter: "dc1" -consul_encrypt_enable: True +consul_encrypt_enable: true consul_ansible_group: "consul" consul_servers_list: "\ {% set _consul_servers_list = [] %}\ {% for host in groups[consul_ansible_group] %}\ - {% set _consul_server = hostvars[host]['consul_server']|default(true,true) %}\ - {% if ( _consul_server == True) %}\ - {% if _consul_servers_list.append(host) %}{% endif %}\ + {% set _consul_server = hostvars[host]['consul_server'] | default(true, true) %}\ + {% if (_consul_server == True) %}\ + {% if _consul_servers_list.append(host) %} {% endif %}\ {% endif %}\ {% endfor %}\ {{ _consul_servers_list }}" @@ -31,5 +31,5 @@ consul_snapshot: false consul_backup_location: "" consul_cron_hour: 1 consul_retry_join_force: -consul_dnsmasq_enable: False -consul_systemd_resolved_enable: False +consul_dnsmasq_enable: false +consul_systemd_resolved_enable: false diff --git a/tasks/dnsmasq.yml b/tasks/dnsmasq.yml index f961e49..a17fbf8 100644 --- a/tasks/dnsmasq.yml +++ b/tasks/dnsmasq.yml @@ -1,42 +1,42 @@ --- - name: Install Dnsmasq package - package: + ansible.builtin.package: name: "{{ dnsmasq_package }}" state: present - name: Create Dnsmasq configuration directory - file: + ansible.builtin.file: path: /etc/dnsmasq.d state: directory owner: root group: root - mode: 0700 + mode: "0700" - name: Create Dnsmasq configuration - template: + ansible.builtin.template: src: dnsmasq-10-consul.j2 dest: /etc/dnsmasq.d/10-consul.conf owner: root group: root - mode: 0644 + mode: "0644" notify: restart dnsmasq - name: Disable systemd-resolved when: ansible_service_mgr == "systemd" block: - name: Disable systemd-resolved service - service: + ansible.builtin.service: name: systemd-resolved enabled: false state: stopped - name: Check if resolv.conf is pointing to systemd-resolved - stat: + ansible.builtin.stat: path: /etc/resolv.conf register: resolv_dot_conf - name: Remove resolv.conf association with systemd-resolved - file: + ansible.builtin.file: src: /run/resolvconf/resolv.conf path: /etc/resolv.conf state: link @@ -44,8 +44,8 @@ - resolv_dot_conf.stat.islnk - 'resolv_dot_conf.stat.link_source == "/run/systemd/resolve/stub-resolv.conf"' -- name: ensure DNSmasq is started - service: +- name: Ensure DNSmasq is started + ansible.builtin.service: name: dnsmasq state: started enabled: true diff --git a/tasks/main.yml b/tasks/main.yml index 97d6e75..b8b646a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,81 +1,86 @@ --- - name: Read bootstrapped state - stat: + ansible.builtin.stat: path: "{{ consul_bootstrap_state }}" register: bootstrap_state ignore_errors: true - name: Include OS-specific variables - include_vars: "{{ item }}" + ansible.builtin.include_vars: "{{ item }}" with_first_found: - files: - "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml" - "{{ ansible_os_family }}.yml" -- name: add hashicorp repo - get_url: +- name: Add hashicorp repo + ansible.builtin.get_url: url: "https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo" dest: '/etc/yum.repos.d/hashicorp.repo' owner: root group: root - mode: 0644 + mode: "0644" when: ansible_os_family == "RedHat" - name: Add an Apt signing key, uses whichever key is at the URL - apt_key: + ansible.builtin.apt_key: url: "{{ consul_repo_url }}/gpg" state: present when: "ansible_os_family|lower == 'debian'" - name: Add Debian/Ubuntu Linux repository - apt_repository: + ansible.builtin.apt_repository: repo: "deb {{ consul_repo_url }} {{ ansible_distribution_release }} main" state: present update_cache: true when: "ansible_os_family|lower == 'debian'" -- name: install package - package: +- name: Install package + ansible.builtin.package: name: "{{ consul_os_package }}" state: present when: ansible_architecture is not search('aarch*') -- name: encure data dir exist - file: +- name: Encure data dir exist + ansible.builtin.file: state: directory owner: consul path: "{{ consul_data_dir }}" - mode: 0755 - -- block: - - block: - - name: Check for gossip encryption key on previously boostrapped server - slurp: - src: "{{ consul_config_path }}/config.json" - register: consul_config_b64 - ignore_errors: true - - debug: - msg: "{{consul_config_b64}}" - - name: Deserialize existing configuration - set_fact: - consul_config: "{{ consul_config_b64.content | b64decode | from_json }}" - when: consul_config_b64.content is defined and consul_config_b64.content != "" - - - name: Save gossip encryption key from existing configuration - set_fact: - consul_raw_key: "{{ consul_config.encrypt }}" - when: consul_config is defined + mode: "0755" +- name: Manage encrypt key + when: + - consul_encrypt_enable | bool + block: + - name: Check encrypt key in config file when: - consul_raw_key is not defined - bootstrap_state.stat.exists | bool - inventory_hostname in consul_servers_list + block: + - name: Check for gossip encryption key on previously boostrapped server + ansible.builtin.slurp: + src: "{{ consul_config_path }}/config.json" + register: consul_config_b64 + ignore_errors: true + - name: Print config + ansible.builtin.debug: + msg: "{{ consul_config_b64 }}" + - name: Deserialize existing configuration + ansible.builtin.set_fact: + consul_config: "{{ consul_config_b64.content | b64decode | from_json }}" + when: consul_config_b64.content is defined and consul_config_b64.content != "" + + - name: Save gossip encryption key from existing configuration + ansible.builtin.set_fact: + consul_raw_key: "{{ consul_config.encrypt }}" + when: consul_config is defined + # Key provided by extra vars or the above block - name: Write gossip encryption key locally for use with new servers - copy: + ansible.builtin.copy: content: "{{ consul_raw_key }}" dest: '/tmp/consul_raw.key' - mode: 0600 + mode: "0600" become: false vars: ansible_become: false @@ -84,37 +89,37 @@ changed_when: false when: consul_raw_key is defined - # Generate new key if none was found - - block: - - name: Generate gossip encryption key - shell: "PATH={{ consul_bin_path }}:$PATH consul keygen" - register: consul_keygen - - - name: Write key locally to share with other nodes - copy: - content: "{{ consul_keygen.stdout }}" - dest: '/tmp/consul_raw.key' - become: false - vars: - ansible_become: false - delegate_to: localhost - + - name: Generate new key if none was found no_log: true run_once: true when: # if files '/tmp/consul_raw.key' exist - lookup('first_found', dict(files=['/tmp/consul_raw.key'], skip=true)) | ternary(false, true) - not bootstrap_state.stat.exists | bool + block: + - name: Generate gossip encryption key + ansible.builtin.shell: "PATH={{ consul_bin_path }}:$PATH consul keygen" + register: consul_keygen + changed_when: false + - name: Write key locally to share with other nodes + ansible.builtin.copy: + content: "{{ consul_keygen.stdout }}" + dest: '/tmp/consul_raw.key' + mode: "0600" + become: false + vars: + ansible_become: false + delegate_to: localhost - name: Read gossip encryption key for servers that require it - set_fact: + ansible.builtin.set_fact: consul_raw_key: "{{ lookup('file', '/tmp/consul_raw.key') }}" no_log: true when: - consul_raw_key is not defined - name: Delete gossip encryption key file - file: + ansible.builtin.file: path: '/tmp/consul_raw.key' state: absent become: false @@ -123,62 +128,58 @@ run_once: true delegate_to: localhost changed_when: false - #no_log: true - when: - - consul_encrypt_enable | bool -- name: delete hcl config file - file: - path: "{{consul_config_path}}/consul.hcl" - state: absent - become : true -- name: Creating a file with content - copy: - dest: "{{consul_config_path}}/consul.hcl" - content: "{}" -- name: apply config template - block: - - name: server template - template: - src: config.json.j2 - dest: "{{ consul_config_path}}/config.json" - owner: consul - mode: 0644 +- name: Delete hcl config file + ansible.builtin.template: + src: consul.hcl.j2 + dest: "{{ consul_config_path }}/consul.hcl" + owner: consul + mode: "0644" + become: true +- name: Apply config template notify: reload consul configuration - -- name: configure backup block: - - name: copy backup script - copy: + - name: Server template + ansible.builtin.template: + src: config.json.j2 + dest: "{{ consul_config_path }}/config.json" + owner: consul + mode: "0644" + +- name: Configure backup + when: consul_snapshot + block: + - name: Copy backup script + ansible.builtin.copy: dest: "{{ consul_data_dir }}/cs-backup.sh" - mode: 0744 + mode: "0744" owner: consul src: cs-backup.sh - - name: consul snaphot cron.d - cron: + - name: Consul snaphot cron.d + ansible.builtin.cron: name: consul backup user: consul state: present job: "{{ consul_data_dir }}/cs-backup.sh {{ consul_backup_location }}" - hour: "{{consul_cron_hour}}" - when: consul_snapshot + hour: "{{ consul_cron_hour }}" -- name: ensure service is started - systemd: +- name: Ensure service is started + ansible.builtin.systemd: name: "{{ consul_service_name }}" state: started - enabled: True + enabled: true - name: Create bootstrapped state file - file: + ansible.builtin.file: dest: "{{ consul_bootstrap_state }}" state: touch - mode: 0600 + mode: "0600" when: not bootstrap_state.stat.exists -- include_tasks: dnsmasq.yml +- name: Include dnsmasq + ansible.builtin.include_tasks: dnsmasq.yml when: consul_dnsmasq_enable | bool -- name: include systemd-resolved +- name: Include systemd-resolved ansible.builtin.include_tasks: systemd-resolved.yml when: consul_systemd_resolved_enable diff --git a/templates/consul.hcl.j2 b/templates/consul.hcl.j2 new file mode 100644 index 0000000..0967ef4 --- /dev/null +++ b/templates/consul.hcl.j2 @@ -0,0 +1 @@ +{}