diff --git a/ansible/HAL_deploy.yml b/ansible/HAL_deploy.yml index 87bd434f..0d005cd3 100644 --- a/ansible/HAL_deploy.yml +++ b/ansible/HAL_deploy.yml @@ -28,6 +28,7 @@ - {role: wannat_wangw, tags: wannat_wangw} - {role: wannat_common, tags: wannat_common} - {role: wire_graft, tags: wire_graft} + - {role: consul, tags: consul} - {role: hasp, tags: hasp} - hosts: 7400-MCN123-P01R01 @@ -81,6 +82,7 @@ - {role: wire_graft, tags: wire_graft} - {role: nz-talon, tags: nz-talon} - {role: tsg-os-provision-condition, tags: tsg-os-provision-condition} + - {role: consul, tags: consul} - {role: hasp, tags: hasp} - hosts: TSG-X-NXR620G40-R01-P1403 @@ -104,6 +106,7 @@ - {role: system-init-TSG-X-P1403, tags: system-init-TSG-X-P1403} - {role: system-init, tags: system-init} - {role: tsg-os-provision-condition, tags: tsg-os-provision-condition} + - {role: consul, tags: consul} - {role: hasp, tags: hasp} - {role: OFED, tags: OFED} @@ -138,6 +141,7 @@ - {role: wannat_common, tags: wannat_common} - {role: wire_graft, tags: wire_graft} - {role: tsg-os-provision-condition, tags: tsg-os-provision-condition} + - {role: consul, tags: consul} - {role: hasp, tags: hasp} - {role: OFED, tags: OFED} @@ -158,6 +162,7 @@ - {role: tsg-diagnose, tags: tsg-diagnose} - {role: system-init-TSG-X-P1403, tags: system-init-TSG-X-P1403} - {role: system-init, tags: system-init} + - {role: consul, tags: consul} - {role: hasp, tags: hasp} - {role: OFED, tags: OFED} diff --git a/ansible/roles/consul/files/consul-1.0.2.tgz b/ansible/roles/consul/files/consul-1.0.2.tgz new file mode 100644 index 00000000..52c19202 Binary files /dev/null and b/ansible/roles/consul/files/consul-1.0.2.tgz differ diff --git a/ansible/roles/consul/files/consul-1.14.3-1.x86_64.rpm b/ansible/roles/consul/files/consul-1.14.3-1.x86_64.rpm new file mode 100644 index 00000000..f7de672c Binary files /dev/null and b/ansible/roles/consul/files/consul-1.14.3-1.x86_64.rpm differ diff --git a/ansible/roles/consul/files/consul-crd.yaml b/ansible/roles/consul/files/consul-crd.yaml new file mode 100644 index 00000000..87d6197d --- /dev/null +++ b/ansible/roles/consul/files/consul-crd.yaml @@ -0,0 +1,34 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: consul + namespace: kube-system +spec: + chart: https://%{KUBERNETES_API}%/static/charts/consul-1.0.2.tgz + targetNamespace: consul + valuesContent: |- + server: + extraConfig: | + { + "encrypt": "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo=", + "verify_incoming": false, + "verify_outgoing": false, + "verify_server_hostname": false, + "acl": { + "enabled": true, + "default_policy": "allow", + "enable_token_persistence": true + }, + "performance": { + "raft_multiplier": 1 + }, + "disable_update_check": true + } + bootstrapExpect: 3 + ui: + service: + type: NodePort + nodePort: + http: 30085 + global: + name: consul diff --git a/ansible/roles/consul/files/consul.service b/ansible/roles/consul/files/consul.service new file mode 100644 index 00000000..09eb052a --- /dev/null +++ b/ansible/roles/consul/files/consul.service @@ -0,0 +1,23 @@ +[Unit] +Description="HashiCorp Consul - A service mesh solution" +Documentation=https://www.consul.io/ +Requires=network-online.target +After=network-online.target +ConditionFileNotEmpty=/etc/consul.d/consul.hcl + +[Service] +EnvironmentFile=-/etc/consul.d/consul.env +User=consul +Group=consul +ExecStartPre=/opt/tsg/consul/bin/set_advertise.sh +ExecStart=/usr/bin/consul agent -config-dir=/etc/consul.d/ +ExecReload=/bin/kill --signal HUP $MAINPID +KillMode=process +KillSignal=SIGTERM +Restart=on-failure +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target +RequiredBy=sapp.service + diff --git a/ansible/roles/consul/files/ns-consul.yaml b/ansible/roles/consul/files/ns-consul.yaml new file mode 100644 index 00000000..bd30f1fb --- /dev/null +++ b/ansible/roles/consul/files/ns-consul.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: consul diff --git a/ansible/roles/consul/files/server.hcl b/ansible/roles/consul/files/server.hcl new file mode 100644 index 00000000..e7e13354 --- /dev/null +++ b/ansible/roles/consul/files/server.hcl @@ -0,0 +1,7 @@ +bind_addr = "127.0.0.1" +client_addr = "0.0.0.0" +server = true +bootstrap_expect = 1 +ui_config { + enabled = true +} diff --git a/ansible/roles/consul/tasks/main.yml b/ansible/roles/consul/tasks/main.yml new file mode 100644 index 00000000..54dd07ce --- /dev/null +++ b/ansible/roles/consul/tasks/main.yml @@ -0,0 +1,82 @@ +- name: "consul rpm install:copy file to device" + copy: + src: '{{ role_path }}/files/' + dest: /tmp/ansible_deploy/ + when: runtime_env != 'TSG-X-P0906' + +- name: "consul rpm install:install consul" + yum: + name: + - "/tmp/ansible_deploy/consul-1.14.3-1.x86_64.rpm" + state: present + disable_gpg_check: yes + when: runtime_env != 'TSG-X-P0906' + +- name: "mkdir -p /etc/consul.d/" + file: + path: /etc/consul.d/ + state: directory + when: runtime_env != 'TSG-X-P0906' + +- name: "mkdir -p /opt/tsg/consul/bin" + file: + path: /opt/tsg/consul/bin + state: directory + when: runtime_env != 'TSG-X-P0906' + +- name: "copy consul config file to dest" + template: + src: "{{ role_path }}/templates/consul.hcl.j2" + dest: /opt/tsg/tsg-os-provision/templates/consul.hcl.j2 + when: runtime_env != 'TSG-X-P0906' + +- name: "copy consul config file to dest" + copy: + src: '{{ role_path }}/files/consul.service' + dest: /usr/lib/systemd/system/consul.service + when: runtime_env != 'TSG-X-P0906' + +- name: "copy consul config file to dest" + template: + src: "{{ role_path }}/templates/set_advertise.sh.j2" + dest: /opt/tsg/consul/bin/set_advertise.sh + mode: 0755 + when: runtime_env != 'TSG-X-P0906' + +#- name: "copy consul config file to dest" +# copy: +# src: '{{ role_path }}/files/server.hcl' +# dest: /etc/consul.d/server.hcl +# when: runtime_env != 'TSG-X-P0906' + +- name: "start consul" + systemd: + name: consul.service + enabled: yes + when: runtime_env != 'TSG-X-P0906' + +- name: "get consul chart images to dest" + get_url: + url: https://repo.geedge.net/filerepo/install/release/tsg-container-images/consul.tar + dest: /var/lib/rancher/k3s/agent/images/consul.tar + url_username: "{{ lookup('env', 'PULP_REPO_USERNAME') }}" + url_password: "{{ lookup('env', 'PULP_REPO_PASSWORD') }}" + when: runtime_env == 'TSG-X-P0906' + +#- name: "copy consul crd file to dest" +# copy: +# src: "{{ role_path }}/files/consul-crd.yaml" +# dest: /var/lib/rancher/k3s/server/manifests/ +# when: runtime_env == 'TSG-X-P0906' + +- name: "copy consul chart to dest" + copy: + src: "{{ role_path }}/files/consul-1.0.2.tgz" + dest: /var/lib/rancher/k3s/server/static/charts/ + when: runtime_env == 'TSG-X-P0906' + +- name: "copy ns-consul to dest" + copy: + src: "{{ role_path }}/files/ns-consul.yaml" + dest: /var/lib/rancher/k3s/server/manifests/ + when: runtime_env == 'TSG-X-P0906' diff --git a/ansible/roles/consul/templates/consul.hcl.j2 b/ansible/roles/consul/templates/consul.hcl.j2 new file mode 100644 index 00000000..bef23481 --- /dev/null +++ b/ansible/roles/consul/templates/consul.hcl.j2 @@ -0,0 +1,41 @@ +data_dir = "/tmp/consul" +verify_incoming = false +verify_outgoing = false +verify_server_hostname = false +acl { + enabled = true + default_policy = "allow" + enable_token_persistence = true +} +performance { + raft_multiplier = 1 +} +ui_config { + enabled = true +} + +disable_update_check = true +bind_addr = "0.0.0.0" +client_addr = "0.0.0.0" +advertise_addr="127.0.0.1" + +{% raw %}{% if consul_agent.mode == 'server' %}server = true +bootstrap_expect = {{ consul_agent.bootstrapExpect }} +{% endif %} + +{% if consul_agent.mode == 'client' %}server = false +{% endif %} + +{% if consul_agent.node_name %}node_name = "{{ consul_agent.node_name }}" +{% endif %} + +datacenter = "{{ consul_agent.datacenter }}" +encrypt = "{{ consul_agent.encrypt }}" + +{% set join_list = [] %} +{% for join_info in consul_agent.join %} +{% set join_merge = "\"" ~ join_info.address ~ ":" ~ join_info.port ~ "\"" %} +{{join_list.append(join_merge)}}{% endfor %} +retry_join= [{{ join_list | join(",") }}] +{% endraw %} + diff --git a/ansible/roles/consul/templates/set_advertise.sh.j2 b/ansible/roles/consul/templates/set_advertise.sh.j2 new file mode 100644 index 00000000..f9636018 --- /dev/null +++ b/ansible/roles/consul/templates/set_advertise.sh.j2 @@ -0,0 +1,4 @@ +#!/bin/sh -ex +HOST_IP=$(ip a show {{ control_and_policy.nic_name }} | grep inet | grep -v inet6 | awk '{print $2}' | awk -F '/' '{print $1}') +echo "Log and policy nic ipv4 address:$HOST_IP" +sed -i "s/^advertise_addr.*$/advertise_addr=\"$HOST_IP\"/g" /etc/consul.d/consul.hcl diff --git a/ansible/roles/container-tools-install/tasks/main.yml b/ansible/roles/container-tools-install/tasks/main.yml index 6f2d4e33..46cf991f 100644 --- a/ansible/roles/container-tools-install/tasks/main.yml +++ b/ansible/roles/container-tools-install/tasks/main.yml @@ -93,4 +93,10 @@ state: present releasever: 8.6 +- name: "install libnsl" + yum: + name: jq + conf_file: "{{ rpm_repo_config_path }}" + state: present + diff --git a/ansible/roles/k3s-install/files/10-bridge.conf b/ansible/roles/k3s-install/files/10-bridge.conf index db096be7..845543da 100644 --- a/ansible/roles/k3s-install/files/10-bridge.conf +++ b/ansible/roles/k3s-install/files/10-bridge.conf @@ -1,14 +1,23 @@ { - "cniVersion": "0.3.1", - "name": "cnibr", - "type": "bridge", - "bridge": "cnibr0", - "isDefaultGateway": true, - "forceAddress": false, - "ipMasq": true, - "hairpinMode": true, - "ipam": { - "type": "host-local", - "subnet": "10.42.0.0/16" + "cniVersion": "0.3.1", + "name": "cnibr", + "plugins": [ + { + "type": "bridge", + "bridge": "cnibr0", + "isDefaultGateway": true, + "forceAddress": false, + "ipMasq": true, + "hairpinMode": true, + "ipam": { + "type": "host-local", + "subnet": "10.42.0.0/16" + } + }, + { + "type": "portmap", + "capabilities": {"portMappings": true}, + "snat": true } + ] } diff --git a/ansible/roles/sapp/files/start.sh b/ansible/roles/sapp/files/start.sh index 6ce35806..2681a6e1 100644 --- a/ansible/roles/sapp/files/start.sh +++ b/ansible/roles/sapp/files/start.sh @@ -29,6 +29,21 @@ start(){ /opt/tsg/sapp/sapp } +getServiceNodeport(){ + export APISERVER=https://kubernetes.default.svc + export SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount + export NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace) + export TOKEN=$(cat ${SERVICEACCOUNT}/token) + export CACERT=${SERVICEACCOUNT}/ca.crt + curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/${NAMESPACE}/services/${SERVICENAME} -o /tmp/service.txt + export CLUSTERANNOUNCEPORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="cluster-announce-port") | .nodePort') + export HEALTHCHECKANNOUNCEPORT=$(cat /tmp/service.txt | jq '.spec.ports[] | select(.name=="healthcheck-announce-port") | .nodePort') + echo "export CLUSTERANNOUNCEPORT=${CLUSTERANNOUNCEPORT}" > /etc/profile.d/announceinfo.sh + echo "export HEALTHCHECKANNOUNCEPORT=${HEALTHCHECKANNOUNCEPORT}" >> /etc/profile.d/announceinfo.sh + chmod 0755 /etc/profile.d/announceinfo.sh +} + copyConfigmap2Dest +getServiceNodeport prestart start diff --git a/ansible/roles/traffic-engine/files/helm/templates/service.yaml b/ansible/roles/traffic-engine/files/helm/templates/service.yaml new file mode 100644 index 00000000..d6940246 --- /dev/null +++ b/ansible/roles/traffic-engine/files/helm/templates/service.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: traffic-engine-announce-vsys-{{ .Values.vsys_id }} + name: traffic-engine-announce-vsys-{{ .Values.vsys_id }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} + +spec: + ports: + - name: cluster-announce-port + {{- if .Values.service.type }}{{ if (and (eq .Values.service.type "NodePort") .Values.service.nodePort.clusterAnnounce) }} + nodePort: {{ .Values.service.nodePort.clusterAnnounce }} + {{- end }}{{ end }} + port: {{ .Values.service.port.clusterAnnounce }} + targetPort: cluster + - name: healthcheck-announce-port + {{- if .Values.service.type }}{{ if (and (eq .Values.service.type "NodePort") .Values.service.nodePort.healthcheckAnnounce) }} + nodePort: {{ .Values.service.nodePort.healthcheckAnnounce }} + {{- end }}{{ end }} + port: {{ .Values.service.port.healthcheckAnnounce }} + targetPort: healthcheck + selector: + app: traffic-engine-vsys-{{ .Values.vsys_id }} + {{- if .Values.service.type }} + type: {{ .Values.service.type }} + {{- end }} diff --git a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml b/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml index 2eaae474..2ab69f4c 100644 --- a/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml +++ b/ansible/roles/traffic-engine/files/helm/templates/traffic-engine.yaml @@ -9,13 +9,13 @@ spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - app: traffic-engine + app: traffic-engine-vsys-{{ .Values.vsys_id }} strategy: type: Recreate template: metadata: labels: - app: traffic-engine + app: traffic-engine-vsys-{{ .Values.vsys_id }} vsysId: vsys-{{ .Values.vsys_id }} serviceFunction: {{ .Values.nic_raw_name }} annotations: @@ -40,6 +40,10 @@ spec: command: ["/opt/tsg/scripts/start.sh"] ports: - containerPort: 9273 + - name: cluster + containerPort: 8551 + - name: healthcheck + containerPort: 8552 env: - name: MRZCPD_CTRLMSG_LISTEN_ADDR valueFrom: @@ -49,6 +53,8 @@ spec: valueFrom: fieldRef: fieldPath: status.hostIP + - name: SERVICENAME + value: traffic-engine-announce-vsys-{{ .Values.vsys_id }} securityContext: privileged: true livenessProbe: diff --git a/ansible/roles/traffic-engine/files/helm/values.yaml b/ansible/roles/traffic-engine/files/helm/values.yaml index 5d1ba77c..c5d5f0d2 100644 --- a/ansible/roles/traffic-engine/files/helm/values.yaml +++ b/ansible/roles/traffic-engine/files/helm/values.yaml @@ -201,6 +201,12 @@ deployment: annotations: prometheus.io/scrape: "true" prometheus.io/port: "9004" - - - \ No newline at end of file + +service: + type: "NodePort" + port: + clusterAnnounce: 8551 + healthcheckAnnounce: 8552 + nodePort: + clusterAnnounce: null + healthcheckAnnounce: null \ No newline at end of file diff --git a/ansible/roles/traffic-engine/files/service-read-role.yaml b/ansible/roles/traffic-engine/files/service-read-role.yaml new file mode 100644 index 00000000..255cd861 --- /dev/null +++ b/ansible/roles/traffic-engine/files/service-read-role.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + namespace: default + name: service-reader +rules: +- apiGroups: [""] + resources: ["services"] + verbs: ["get", "watch", "list"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: service-reader-pod +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: service-reader +subjects: +- kind: ServiceAccount + name: default + namespace: default diff --git a/ansible/roles/traffic-engine/tasks/main.yml b/ansible/roles/traffic-engine/tasks/main.yml index 7a06db07..57a84b36 100644 --- a/ansible/roles/traffic-engine/tasks/main.yml +++ b/ansible/roles/traffic-engine/tasks/main.yml @@ -65,3 +65,10 @@ - /etc/traffic-engine/hotfix/firewall/scripts/ - /etc/traffic-engine/hotfix/proxy/scripts/ - /etc/traffic-engine/hotfix/certstore/scripts/ + +- name: "copy clusterrole file to dest" + copy: + src: "{{ role_path }}/files/service-read-role.yaml" + dest: /var/lib/rancher/k3s/server/manifests/ + when: runtime_env == 'TSG-X-P0906' + diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01 index a5e1c980..dac7a033 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.7400MCN0P01R01 @@ -81,4 +81,10 @@ olap: hos_server: token: "c21f969b5f03d33d43e04f8f136e7682" -vsys_id: 1 \ No newline at end of file +vsys_id: 1 + +consul_agent: + mode: "server" + encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo=" + datacenter: "dc1" + node_name: "" diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01 index 30513dc6..b58db298 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.9000NPBP01R01 @@ -80,4 +80,10 @@ olap: hos_server: token: "c21f969b5f03d33d43e04f8f136e7682" -vsys_id: 1 \ No newline at end of file +vsys_id: 1 + +consul_agent: + mode: "server" + encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo=" + datacenter: "dc1" + node_name: "" \ No newline at end of file diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.SERVER b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.SERVER index 8faa2516..b156bfa5 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.SERVER +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.SERVER @@ -77,3 +77,9 @@ session_distribution_policy: hash_key: inner-most-sip-dip vsys_id: 1 + +consul_agent: + mode: "server" + encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo=" + datacenter: "dc1" + node_name: "" diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804 b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804 index 05824ab9..3751cb2f 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P0804 @@ -90,3 +90,9 @@ olap: token: "c21f969b5f03d33d43e04f8f136e7682" vsys_id: 1 + +consul_agent: + mode: "server" + encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo=" + datacenter: "dc1" + node_name: "" diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403 b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403 index c137684b..a00f6169 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.default.yml.TSGXNXR620G40R01P1403 @@ -89,3 +89,9 @@ olap: token: "c21f969b5f03d33d43e04f8f136e7682" vsys_id: 1 + +consul_agent: + mode: "server" + encrypt: "XN0I7fHIY1+yLWm2PjegZ7U93nI/tmzNvtmBtZLuIfo=" + datacenter: "dc1" + node_name: "" \ No newline at end of file diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 index 3d22a094..9b48264c 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 @@ -103,3 +103,15 @@ coredump: sentry_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595 vsys_id: 1 + +consul_agent: + mode: client/server + #encrypt: "" + bootstrapExpect: 1 + #node_name: "" + #datacenter: "dc1" + join: + - address: 111.111.111.111 + port: 8301 + - address: 222.222.222.222 + port: 8301 diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 index c2c73c8b..39e4172c 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 @@ -67,3 +67,15 @@ coredump: sentry_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595 vsys_id: 1 + +consul_agent: + mode: client/server + #encrypt: "" + bootstrapExpect: 1 + #node_name: "" + #datacenter: "dc1" + join: + - address: 111.111.111.111 + port: 8301 + - address: 222.222.222.222 + port: 8301 diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.SERVER b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.SERVER index 4c95a1af..a7fb178e 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.SERVER +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.SERVER @@ -73,3 +73,15 @@ coredump: sentry_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595 vsys_id: 1 + +consul_agent: + mode: client/server + #encrypt: "" + bootstrapExpect: 1 + #node_name: "" + #datacenter: "dc1" + join: + - address: 111.111.111.111 + port: 8301 + - address: 222.222.222.222 + port: 8301 diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804 index 3edf66dc..9148f895 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P0804 @@ -82,3 +82,15 @@ coredump: sentry_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595 vsys_id: 1 + +consul_agent: + mode: client/server + #encrypt: "" + bootstrapExpect: 1 + #node_name: "" + #datacenter: "dc1" + join: + - address: 111.111.111.111 + port: 8301 + - address: 222.222.222.222 + port: 8301 diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403 index 1373722b..6dac6932 100644 --- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403 +++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.TSGXNXR620G40R01P1403 @@ -73,3 +73,15 @@ coredump: sentry_url: http://127.0.0.1:9000/api/2/minidump/?sentry_key=3203b43fd5384a7dbe6a48ecb1f3c595 vsys_id: 1 + +consul_agent: + mode: client/server + #encrypt: "" + bootstrapExpect: 1 + #node_name: "" + #datacenter: "dc1" + join: + - address: 111.111.111.111 + port: 8301 + - address: 222.222.222.222 + port: 8301 diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01 index 419923bd..dd1e6d71 100644 --- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01 +++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.7400MCN0P01R01 @@ -183,6 +183,12 @@ dest: /opt/tsg/sapp/etc/wire_graft/wire_graft.conf tags: wire_graft + - name: "tsg-os-provision: template consul" + template: + src: "../templates/consul.hcl.j2" + dest: /etc/consul.d/consul.hcl + tags: consul + - name: "mkdir /opt/tsg/etc/" file: path: /opt/tsg/etc @@ -251,6 +257,12 @@ - feature.enable_policy_local_cache == 1 - enable_config_apply == '1' + - name: "tsg-os-provision: restart consul" + systemd: + name: consul + state: restarted + when: enable_config_apply == '1' + - name: "tsg-os-provision: restart mrenv" systemd: name: mrenv diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01 index 4592597f..c5bd72be 100644 --- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01 +++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.9000NPBP01R01 @@ -133,6 +133,12 @@ dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf tags: tfe + - name: "tsg-os-provision: template consul" + template: + src: "../templates/consul.hcl.j2" + dest: /etc/consul.d/consul.hcl + tags: consul + - name: "mkdir /opt/tsg/etc/" file: path: /opt/tsg/etc @@ -222,6 +228,12 @@ path: /data/tsg-os-provision/.provision_succeeded state: touch + - name: "tsg-os-provision: restart consul" + systemd: + name: consul + state: restarted + when: enable_config_apply == '1' + - name: "tsg-os-provision: start mrenv" systemd: name: mrenv diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0804 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0804 index 8f85b6cc..4ea742b0 100644 --- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0804 +++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P0804 @@ -207,6 +207,12 @@ dest: /opt/tsg/tfe/conf/pangu/pangu_pxy.conf tags: tfe + - name: "tsg-os-provision: template consul" + template: + src: "../templates/consul.hcl.j2" + dest: /etc/consul.d/consul.hcl + tags: consul + - name: "mkdir /opt/tsg/etc/" file: path: /opt/tsg/etc @@ -292,6 +298,12 @@ path: /data/tsg-os-provision/.provision_succeeded state: touch + - name: "tsg-os-provision: restart consul" + systemd: + name: consul + state: restarted + when: enable_config_apply == '1' + - name: "tsg-os-provision: restart mrenv" systemd: name: mrenv diff --git a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P1403 b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P1403 index 8593f615..2d912d1c 100644 --- a/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P1403 +++ b/ansible/roles/tsg-os-provision/files/tasks/provision.yml.TSGXNXR620G40R01P1403 @@ -96,6 +96,12 @@ dest: /etc/telegraf/telegraf_statistic.conf tags: telegraf_statistic + - name: "tsg-os-provision: template consul" + template: + src: "../templates/consul.hcl.j2" + dest: /etc/consul.d/consul.hcl + tags: consul + - name: "mkdir /opt/tsg/etc/" file: path: /opt/tsg/etc @@ -143,6 +149,12 @@ path: /data/tsg-os-provision/.provision_succeeded state: touch + - name: "tsg-os-provision: restart consul" + systemd: + name: consul + state: restarted + when: enable_config_apply == '1' + - name: "tsg-os-provision: restart mrenv" systemd: name: mrenv