From 944be27ce0c9475113be7e95138e5c3f0203f167 Mon Sep 17 00:00:00 2001 From: distrobyte Date: Fri, 4 Aug 2023 13:43:59 +0100 Subject: [PATCH] Multiple fixes - Update apt default packages to include dnsutils - Update the consul task to set up dns resolution through consul and systemd-resolved - Update the consul server config file to auto join hostnames instead of IP addresses, this makes the configuration for the playbook much easier - Add a docker task to install docker (works on arm devices also) - Updates the hashicorp apt role to allow arm devices to pull from the correct upstream repo --- ansible/roles/apt/defaults/main.yml | 4 +- ansible/roles/configure-consul/tasks/main.yml | 41 ++++++++++++---- ansible/roles/docker/tasks/main.yml | 47 +++++++++++++++++++ ansible/roles/hashicorp-apt/tasks/main.yml | 19 ++++++-- ansible/templates/consul-server.hcl.j2 | 8 +--- 5 files changed, 99 insertions(+), 20 deletions(-) create mode 100644 ansible/roles/docker/tasks/main.yml diff --git a/ansible/roles/apt/defaults/main.yml b/ansible/roles/apt/defaults/main.yml index 8be0410..c31dbbd 100644 --- a/ansible/roles/apt/defaults/main.yml +++ b/ansible/roles/apt/defaults/main.yml @@ -11,8 +11,6 @@ apt_packages: - software-properties-common - psmisc - sudo - - mosh - - logstash - + - dnsutils apt_install_packages: true apt_update_packages: true diff --git a/ansible/roles/configure-consul/tasks/main.yml b/ansible/roles/configure-consul/tasks/main.yml index 0b1d5fb..dfca8cd 100644 --- a/ansible/roles/configure-consul/tasks/main.yml +++ b/ansible/roles/configure-consul/tasks/main.yml @@ -35,14 +35,39 @@ state: started when: ansible_check_mode == false -- name: Check if consul is running with `consul members` +- name: Ensure systemd-resolved config directory exists become: true - shell: consul members - register: consul_members + file: + path: /etc/systemd/resolved.conf.d + state: directory + +- name: Configure Consul DNS + become: true + copy: + dest: /etc/systemd/resolved.conf.d/consul.conf + content: | + [Resolve] + DNS=127.0.0.1:8600 + DNSSEC=false + Domains=~consul node.consul service.consul + +- name: Restart systemd-resolved + become: true + systemd: + name: systemd-resolved + enabled: yes + state: restarted when: ansible_check_mode == false -- name: Print consul members - debug: - msg: "{{ consul_members.stdout_lines }}" - when: ansible_check_mode == false -# TODO: CONFIGURE CONSUL DNS +- name: Remove resolv.conf symlink + become: true + file: + path: /etc/resolv.conf + state: absent + +- name: Create resolv.conf symlink + become: true + file: + src: /run/systemd/resolve/stub-resolv.conf + dest: /etc/resolv.conf + state: link diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml new file mode 100644 index 0000000..135d60e --- /dev/null +++ b/ansible/roles/docker/tasks/main.yml @@ -0,0 +1,47 @@ +--- +# ansible role to install docker-ce onto various operating systems +- name: Ensure required packages are installed + become: true + apt: + name: "{{ item }}" + with_items: ["ca-certificates", "curl", "gnupg"] + when: ansible_os_family == "Debian" + +# Add docker's key +# sudo +# curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg +# sudo chmod a+r /etc/apt/keyrings/docker.gpg +- name: Install the keyring + become: true + shell: + cmd: "install -m 0755 -d /etc/apt/keyrings" + +- name: Get the key + become: true + shell: + cmd: "curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --batch --yes --dearmor -o /etc/apt/keyrings/docker.gpg" + +- name: Set permissions + become: true + shell: + cmd: "chmod a+r /etc/apt/keyrings/docker.gpg" + +# Set up the stable repository +# echo \ +# "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ +# "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ +# sudo tee /etc/apt/sources.list.d/docker.list > /dev/null +- name: Set up the stable repository + become: true + shell: + cmd: 'echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null' + +- name: Install Docker + become: true + apt: + name: "{{ item }}" + state: present + update_cache: yes + force_apt_get: yes + with_items: ["docker-ce", "docker-ce-cli", "containerd.io", "docker-compose"] + when: ansible_os_family == "Debian" diff --git a/ansible/roles/hashicorp-apt/tasks/main.yml b/ansible/roles/hashicorp-apt/tasks/main.yml index 62da5bf..bbf8677 100644 --- a/ansible/roles/hashicorp-apt/tasks/main.yml +++ b/ansible/roles/hashicorp-apt/tasks/main.yml @@ -1,5 +1,4 @@ --- - - name: Ensure required packages are installed become: true apt: @@ -17,12 +16,26 @@ debug: msg: "{{ result.stdout }}" -- name: Add Hashicorp repository +- name: Add Hashicorp repository (pis only) become: true shell: - cmd: 'sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"' + cmd: 'sudo apt-add-repository -y "deb [arch=arm64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"' register: result + when: "'pis' in group_names" - name: Print out results debug: msg: "{{ result.stdout }}" + when: "'pis' in group_names" + +- name: Add Hashicorp repository (amd64) + become: true + shell: + cmd: 'sudo apt-add-repository -y "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"' + register: result + when: "'homelab' in group_names" + +- name: Print out results + debug: + msg: "{{ result.stdout }}" + when: "'homelab' in group_names" diff --git a/ansible/templates/consul-server.hcl.j2 b/ansible/templates/consul-server.hcl.j2 index af9e9b4..dd86178 100644 --- a/ansible/templates/consul-server.hcl.j2 +++ b/ansible/templates/consul-server.hcl.j2 @@ -10,9 +10,5 @@ addresses { } ports { - grpc_tls = 8502 -} - -ui_config { - enabled = true -} \ No newline at end of file + grpc_tls = 8503 +} \ No newline at end of file