diff --git a/ansible/charon.yml b/ansible/charon.yml index 8369f8bd..8a134900 100644 --- a/ansible/charon.yml +++ b/ansible/charon.yml @@ -2,11 +2,12 @@ - hosts: redis - hosts: consul -- hosts: docks +- hosts: "{{ dock | default('docks') }}" vars_files: - group_vars/alpha-charon.yml roles: - { role: notify, tags: [notify] } - - { role: git_node_service, tags: [deploy] } + - { role: git_repo, tags: [deploy] } + - { role: node_service, tags: [deploy] } - { role: loggly-rotate } - { role: consul_value, tags: [deploy, consul_value] } diff --git a/ansible/delta-hosts/hosts b/ansible/delta-hosts/hosts index ad270272..ce55b801 100644 --- a/ansible/delta-hosts/hosts +++ b/ansible/delta-hosts/hosts @@ -33,6 +33,8 @@ delta-api-worker [docks] +[dock] + [eru] delta-services @@ -113,6 +115,7 @@ sauron shiva metis swarm-manager +dock [local] 127.0.0.1 diff --git a/ansible/delta-hosts/variables b/ansible/delta-hosts/variables index bd0c1894..e91df896 100644 --- a/ansible/delta-hosts/variables +++ b/ansible/delta-hosts/variables @@ -15,6 +15,10 @@ api_s3_context_bucket=runnable.context.resources.production [docks:vars] docker_config=docks +docks_rollbar_key=d1af6567ed0f464fb1d676f38fd31751 + +[dock:vars] +docks_rollbar_key=d1af6567ed0f464fb1d676f38fd31751 [eru:vars] eru_github_id=46a23f5f99f0aa9460f8 @@ -48,10 +52,6 @@ aws_secret_access_key=GrOO85hfoc7+bwT2GjoWbLyzyNbOKb2/XOJbCJsv shiva_rollbar_key=0526a90faec845d796e1ef5361a00526 [vault:vars] -vault_auth_token=578c9767-5af8-8490-0954-5d330f27b088 -vault_token_01=0d324dc7d4cbd94790fd08809d06fb1e28e21e185910081c7646e3e49924f6ed01 -vault_token_02=42dc8a69df174e77eb47a63b6ef4709bec57101cb1bff11a71c91b73b8bc046102 -vault_token_03=47f3cb74f5374fa3c51c90fd25e3d4cc851034de97584995fce5fc5382342f1f03 vault_hello_runnable_github_token=88ddc423c2312d02a8bbcaad76dd4c374a30e4af vault_aws_access_key_id=AKIAJ7R4UIM45KH2WGWQ vault_aws_secret_key=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 @@ -74,6 +74,10 @@ rabbit_password=wKK7g7NWKpQXEeSzyWB7mIpxZIL8H2mDSf3Q6czR3Vk rabbit_username=o2mdLh9N9Ke2GzhoK8xsruYPhIQFN7iEL44dQJoq7OM registry_host=10.8.4.126 user_content_domain=runnableapp.com +vault_auth_token=578c9767-5af8-8490-0954-5d330f27b088 +vault_token_01=0d324dc7d4cbd94790fd08809d06fb1e28e21e185910081c7646e3e49924f6ed01 +vault_token_02=42dc8a69df174e77eb47a63b6ef4709bec57101cb1bff11a71c91b73b8bc046102 +vault_token_03=47f3cb74f5374fa3c51c90fd25e3d4cc851034de97584995fce5fc5382342f1f03 [ec2:vars] aws_custid=437258487404 diff --git a/ansible/dock-init.yml b/ansible/dock-init.yml index 3b707b13..d1b29e9a 100644 --- a/ansible/dock-init.yml +++ b/ansible/dock-init.yml @@ -1,7 +1,15 @@ --- - hosts: consul + +- hosts: "{{ dock }}" vars_files: - group_vars/alpha-dock-init.yml roles: - { role: notify, tags: [notify] } + - { role: package-dock, tags: [dock, package] } + - { role: package-aws, tags: [dock, package] } + - { role: docker, tags: [docker] } + - { role: datadog, tags: [deploy, datadog] } + - { role: git_repo, tags: [deploy] } + - { role: dock-init, tags: [deploy] } - { role: consul_value, tags: [deploy, consul_value] } diff --git a/ansible/dock.yml b/ansible/dock.yml new file mode 100644 index 00000000..0c531913 --- /dev/null +++ b/ansible/dock.yml @@ -0,0 +1,16 @@ +--- +- hosts: localhost + connection: local + tasks: + - fail: msg="`dock` (target dock) needs to be defined to run this role" + when: dock is not defined + - add_host: + name={{ dock }} + groups=dock + +- include: dock-init.yml git_branch=v6.0.0 +- include: krain.yml git_branch=v0.1.1 +- include: filibuster.yml git_branch=v0.1.7 +- include: charon.yml git_branch=v3.2.0 +- include: image-builder.yml git_branch=v4.0.1 +- include: docker-listener.yml git_branch=v4.3.0 diff --git a/ansible/docker-listener.yml b/ansible/docker-listener.yml index cba27b86..913edb63 100644 --- a/ansible/docker-listener.yml +++ b/ansible/docker-listener.yml @@ -3,13 +3,14 @@ - hosts: redis - hosts: consul -- hosts: docks +- hosts: "{{ dock | default('docks') }}" vars_files: - group_vars/alpha-docker-listener.yml roles: - { role: notify, tags: [notify] } - { role: build_essential } - { role: docker_client } - - { role: git_node_service, tags: [deploy] } + - { role: git_repo, tags: [deploy] } + - { role: node_service, tags: [deploy] } - { role: loggly-rotate } - { role: consul_value, tags: [deploy, consul_value] } diff --git a/ansible/docks.yml b/ansible/docks.yml deleted file mode 100644 index b0e790db..00000000 --- a/ansible/docks.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- hosts: redis -- hosts: redis-slave -- hosts: neo4j -- hosts: mongodb - -- hosts: docks - vars_files: - - "group_vars/alpha-docks.yml" - roles: - - { role: docker, tags: "docker" } - - { role: iptables, tags: "iptables, security" } - - { role: datadog, tags: "datadog" } - -- include: krain.yml -- include: filibuster.yml -- include: sauron.yml -- include: image-builder.yml -- include: charon.yml diff --git a/ansible/filibuster.yml b/ansible/filibuster.yml index adbf9320..60a9aaad 100644 --- a/ansible/filibuster.yml +++ b/ansible/filibuster.yml @@ -1,11 +1,12 @@ --- - hosts: consul -- hosts: docks +- hosts: "{{ dock | default('docks') }}" vars_files: - group_vars/alpha-filibuster.yml roles: - { role: notify, tags: [notify] } - - { role: git_node_service, tags: [deploy] } + - { role: git_repo, tags: [deploy] } + - { role: node_service, tags: [deploy] } - { role: loggly-rotate } - { role: consul_value, tags: [deploy, consul_value] } diff --git a/ansible/gamma-hosts/hosts b/ansible/gamma-hosts/hosts index bf88ffb0..e3de8d0a 100644 --- a/ansible/gamma-hosts/hosts +++ b/ansible/gamma-hosts/hosts @@ -90,28 +90,33 @@ gamma-services [docks] +[dock] + [gamma:children] +api bastion +charon +dock +docks +eru hipache +khronos +mavis mongodb +navi +neo4j +optimus +rabbitmq api worker web redis redis-slave -docks registry -neo4j -navi -charon -khronos -mavis -optimus -rabbitmq -eru sauron shiva swarm-manager +web metis [ec2] diff --git a/ansible/gamma-hosts/variables b/ansible/gamma-hosts/variables index f2059188..ab9540ac 100644 --- a/ansible/gamma-hosts/variables +++ b/ansible/gamma-hosts/variables @@ -15,6 +15,7 @@ api_s3_context_bucket=runnable.context.resources.production-beta [docks:vars] docker_config=docks +docks_rollbar_key=d1af6567ed0f464fb1d676f38fd31751 [eru:vars] eru_github_id=8abb08f83f6d1c52bd1a @@ -48,10 +49,6 @@ aws_secret_access_key=GrOO85hfoc7+bwT2GjoWbLyzyNbOKb2/XOJbCJsv shiva_rollbar_key=0526a90faec845d796e1ef5361a00526 [vault:vars] -vault_auth_token=e22c3ebc-11cf-653b-7df0-79d78a499458 -vault_token_01=71d7b4754686013c8b9cfb22bafae79c661849dcd67c483c89efba12c0466aa201 -vault_token_02=794d6f7a3459c332a1fd2bbcc9230a7f84f1639806039ee8be547828cd7ab03a02 -vault_token_03=2e67faeffe4343c038d0f3210bdb83f3d3a5bc468975cf13e977ce9b5922aefe03 vault_hello_runnable_github_token=88ddc423c2312d02a8bbcaad76dd4c374a30e4af vault_aws_access_key_id=AKIAJ7R4UIM45KH2WGWQ vault_aws_secret_key=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 @@ -74,6 +71,11 @@ registry_host=10.4.4.82 swarm_token=d363b783f03a845a2c82b081bfe8443e user_content_domain=runnable.ninja api_hello_runnable_github_token=88ddc423c2312d02a8bbcaad76dd4c374a30e4af +no_dd_monitoring=false +vault_auth_token=e22c3ebc-11cf-653b-7df0-79d78a499458 +vault_token_01=71d7b4754686013c8b9cfb22bafae79c661849dcd67c483c89efba12c0466aa201 +vault_token_02=794d6f7a3459c332a1fd2bbcc9230a7f84f1639806039ee8be547828cd7ab03a02 +vault_token_03=2e67faeffe4343c038d0f3210bdb83f3d3a5bc468975cf13e977ce9b5922aefe03 [ec2:vars] env=gamma diff --git a/ansible/group_vars/alpha-dock-init.yml b/ansible/group_vars/alpha-dock-init.yml index 1dabff3f..35153872 100644 --- a/ansible/group_vars/alpha-dock-init.yml +++ b/ansible/group_vars/alpha-dock-init.yml @@ -1,5 +1,9 @@ name: dock-init app_name: "{{ name }}" +app_repo: git@github.com:CodeNow/{{ name }}.git + +# for docker role +docker_config: dock # consul values consul_values: diff --git a/ansible/group_vars/alpha-docker-listener.yml b/ansible/group_vars/alpha-docker-listener.yml index 5b2542cf..38c6521c 100644 --- a/ansible/group_vars/alpha-docker-listener.yml +++ b/ansible/group_vars/alpha-docker-listener.yml @@ -10,8 +10,6 @@ enviroment_vars: RABBITMQ_PASSWORD: "{{ rabbit_password }}" RABBITMQ_PORT: "{{ rabbit_port }}" RABBITMQ_USERNAME: "{{ rabbit_username }}" - REDIS_IPADDRESS: "{{ redis_host_address }}" - REDIS_PORT: "{{ redis_port }}" # consul values consul_values: diff --git a/ansible/group_vars/alpha-vault.yml b/ansible/group_vars/alpha-vault.yml index aa34cdb3..f6d16897 100644 --- a/ansible/group_vars/alpha-vault.yml +++ b/ansible/group_vars/alpha-vault.yml @@ -6,6 +6,8 @@ db_path: /opt/runnable/vault container_image: runnable/vault container_tag: v0.3.1 +log_driver: json-file + container_run_opts: > -d -h {{ inventory_hostname }} @@ -19,7 +21,6 @@ container_run_args: > vault server -log-level=warn -config=/vault.hcl - > /var/log/vault.log 2>&1 # vault seed data # pulled 2015/16/12 - Bryan diff --git a/ansible/image-builder.yml b/ansible/image-builder.yml index d91addf0..5763257d 100644 --- a/ansible/image-builder.yml +++ b/ansible/image-builder.yml @@ -1,7 +1,7 @@ --- - hosts: consul -- hosts: docks +- hosts: "{{ dock | default('docks') }}" vars_files: - group_vars/alpha-image-builder.yml roles: diff --git a/ansible/krain.yml b/ansible/krain.yml index d111740e..41975a44 100644 --- a/ansible/krain.yml +++ b/ansible/krain.yml @@ -1,12 +1,13 @@ --- - hosts: consul -- hosts: docks +- hosts: "{{ dock | default('docks') }}" vars_files: - group_vars/alpha-krain.yml roles: - { role: notify, tags: [notify] } - { role: build_essential } - - { role: git_node_service, tags: [deploy] } + - { role: git_repo, tags: [deploy] } + - { role: node_service, tags: [deploy] } - { role: loggly-rotate } - { role: consul_value, tags: [deploy, consul_value] } diff --git a/ansible/roles/base_ubuntu/tasks/main.yml b/ansible/roles/base_ubuntu/tasks/main.yml index c410b9da..278b2ed6 100644 --- a/ansible/roles/base_ubuntu/tasks/main.yml +++ b/ansible/roles/base_ubuntu/tasks/main.yml @@ -1,6 +1,7 @@ --- - name: ensure registry.runnable in /etc/hosts sudo: yes + when: dock is not defined lineinfile: dest=/etc/hosts line="{{ registry_host }} registry.runnable.com" diff --git a/ansible/roles/dock-init/tasks/main.yml b/ansible/roles/dock-init/tasks/main.yml new file mode 100644 index 00000000..18a4b755 --- /dev/null +++ b/ansible/roles/dock-init/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- fail: msg="value tokens need to be defined for this role" + when: vault_auth_token is not defined or vault_token_01 is not defined or vault_token_02 is not defined or vault_token_03 is not defined + +- name: copy vault auth files + tags: vault_files + lineinfile: + dest="/opt/runnable/dock-init/consul-resources/vault/{{ node_env }}/{{ item.file_name }}" + line="{{ item.value }}" + create=yes + with_items: + - { file_name: 'auth-token', value: "{{ vault_auth_token }}" } + - { file_name: 'token-01', value: "{{ vault_token_01 }}" } + - { file_name: 'token-02', value: "{{ vault_token_02 }}" } + - { file_name: 'token-03', value: "{{ vault_token_03 }}" } + +- fail: msg="value tokens need to be defined for this role" + when: docks_rollbar_key is not defined + +- name: copy rollbar token + tags: rollbar + lineinfile: + dest="/opt/runnable/dock-init/key/rollbar.token" + line="{{ docks_rollbar_key }}" + create=yes diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml index 72e41355..5735c856 100644 --- a/ansible/roles/docker/defaults/main.yml +++ b/ansible/roles/docker/defaults/main.yml @@ -1,2 +1,2 @@ --- -docker_package_name: lxc-docker-1.6.2 +docker_package_name: docker-engine=1.9.1-0~trusty diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index 7c063f02..4c271466 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -1,4 +1,19 @@ --- +- name: create docker cert directory + sudo: yes + file: + path=/etc/ssl/docker + state=directory + +- name: copy docker certs + sudo: yes + copy: + src=certs/ + dest=/etc/ssl/docker + mode=0440 + owner=root + group=root + - name: change core dump path sudo: yes when: docker_config == "runnable" @@ -36,13 +51,12 @@ - name: add docker repository sudo: yes apt_repository: - repo: "deb https://get.docker.com/ubuntu docker main" + repo: "deb https://apt.dockerproject.org/repo ubuntu-{{ ansible_distribution_release }} main" state: present update_cache: yes - name: copy docker config file sudo: yes - when: docker_config == "runnable" template: src={{ docker_config }} dest=/etc/default/docker @@ -51,7 +65,7 @@ - name: install docker sudo: yes - when: restart is defined + when: restart is defined or dock is defined apt: pkg="{{ docker_package_name }}" state=present @@ -60,5 +74,5 @@ cache_valid_time=604800 - name: restart docker - when: copied_config.changed and restart is defined + when: (copied_config.changed and restart is defined) or dock is defined command: sudo service docker restart diff --git a/ansible/roles/docker/templates/dock b/ansible/roles/docker/templates/dock new file mode 100644 index 00000000..edeaeb8a --- /dev/null +++ b/ansible/roles/docker/templates/dock @@ -0,0 +1,6 @@ +DOCKER_OPTS="-H=unix:///var/run/docker.sock -H=0.0.0.0:4242" +DOCKER_OPTS="$DOCKER_OPTS --tlsverify --tlscacert=/etc/ssl/docker/ca.pem" +DOCKER_OPTS="$DOCKER_OPTS --tlscert=/etc/ssl/docker/cert.pem --tlskey=/etc/ssl/docker/key.pem" +DOCKER_OPTS="$DOCKER_OPTS -g /docker --insecure-registry registry.runnable.com --icc=false" +DOCKER_OPTS="$DOCKER_OPTS --bip 172.17.42.1/16" +DOCKER_OPTS="$DOCKER_OPTS --dns=172.17.42.1 --dns=8.8.8.8" diff --git a/ansible/roles/git_node_service/tasks/main.yml b/ansible/roles/git_node_service/tasks/main.yml deleted file mode 100644 index 96a04d49..00000000 --- a/ansible/roles/git_node_service/tasks/main.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- name: create {{ app_name }} repository dir - sudo: yes - file: - path=/opt/runnable/{{ app_name }} - state=directory - owner={{ ansible_env.USER }} - -- name: pull the git repository - sudo: yes - git: - repo={{ app_repo }} - dest=/opt/runnable/{{ app_name }} - version={{ git_branch }} - update=yes - accept_hostkey=True - force=yes - key_file=/opt/runnable/dock-init/key/id_rsa_runnabledock - -- name: remove node_modules - sudo: yes - when: remove_node_modules is defined - file: - path=/opt/runnable/{{ app_name }}/node_modules - state=absent - -- name: npm install {{ app_name }} - sudo: yes - npm: - path=/opt/runnable/{{ app_name }} - state=latest - production=yes - -- name: add env to configs - tags: 'update_configs' - sudo: yes - when: enviroment_vars is defined - with_dict: "{{ enviroment_vars }}" - lineinfile: - dest=/etc/init/{{ app_name }}.conf - regexp="env {{ item.key }}" - insertafter="env NPM_BIN" - line="env {{ item.key }}={{ item.value }}" - state=present - -- name: restart service {{ app_name }} - sudo: yes - service: - name={{ app_name }} - state=restarted - enabled=yes diff --git a/ansible/roles/git_repo/tasks/main.yml b/ansible/roles/git_repo/tasks/main.yml new file mode 100644 index 00000000..7282ecd2 --- /dev/null +++ b/ansible/roles/git_repo/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Display Git Repo Name + debug: + msg: "application Installed: {{ app_name }}, branch : {{ git_branch }} " + +- name: create repository dir + sudo: yes + file: + path=/opt/runnable/{{ app_name }} + state=directory + owner={{ ansible_env.USER }} + +- name: pull the git repository + git: + repo={{ app_repo }} + dest=/opt/runnable/{{ app_name }} + version={{ git_branch }} + update=yes + accept_hostkey=True + force=yes diff --git a/ansible/roles/image-builder/tasks/main.yml b/ansible/roles/image-builder/tasks/main.yml index d0016ab8..3829860d 100644 --- a/ansible/roles/image-builder/tasks/main.yml +++ b/ansible/roles/image-builder/tasks/main.yml @@ -25,3 +25,4 @@ - name: push image-builder run_once: true command: sudo docker push "registry.runnable.com/{{ image_builder_docker_namespace }}:{{ git_branch }}" + when: dock is not defined diff --git a/ansible/roles/git_node_service/meta/main.yml b/ansible/roles/node_service/meta/main.yml similarity index 100% rename from ansible/roles/git_node_service/meta/main.yml rename to ansible/roles/node_service/meta/main.yml diff --git a/ansible/roles/node_service/tasks/main.yml b/ansible/roles/node_service/tasks/main.yml new file mode 100644 index 00000000..6a70387c --- /dev/null +++ b/ansible/roles/node_service/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- name: remove node_modules + tags: deploy + when: remove_node_modules is defined + file: + path=/opt/runnable/{{ app_name }}/node_modules + state=absent + +- name: npm install {{ app_name }} + tags: deploy + npm: + path=/opt/runnable/{{ app_name }} + state=latest + production=yes + +- name: make override file + tags: deploy + sudo: yes + lineinfile: + dest="/etc/init/{{ app_name }}.override" + line="manual" + create=yes + +- name: create new config file + sudo: yes + template: + src=upstart.conf + dest=/etc/init/{{ app_name }}.conf + backup=yes + +- name: restart service {{ app_name }} + tags: deploy + sudo: yes + when: dock is not defined + service: + name={{ app_name }} + state=restarted + enabled=yes diff --git a/ansible/roles/node_service/templates/upstart.conf b/ansible/roles/node_service/templates/upstart.conf new file mode 100644 index 00000000..78615c6b --- /dev/null +++ b/ansible/roles/node_service/templates/upstart.conf @@ -0,0 +1,41 @@ +#!upstart +description "{{ app_name }}" +author "Anandkumar Patel" + +env NPM_BIN=/usr/local/bin/npm +env APP_DIR=/opt/runnable/{{ app_name }} +env LOG_FILE=/var/log/{{ app_name }}.log +env NODE_ENV={{ node_env }} + +{% if enviroment_vars is defined %} +{% for name, value in enviroment_vars.iteritems() %} +env {{ name }}={{ value }} +{% endfor %} +{% endif %} + +start on (local-filesystems and net-device-up IFACE=eth0) +stop on shutdown + +script + touch $LOG_FILE + chdir $APP_DIR + echo $$ > /var/run/{{ app_name }}.pid + exec $NPM_BIN start >> $LOG_FILE 2>&1 +end script + +pre-start script + # Date format same as (new Date()).toISOString() for consistency + echo "[`date -u +%Y-%m-%dT%T.%3NZ`] (sys) Starting" >> $LOG_FILE +end script + +pre-stop script + rm /var/run/{{ app_name }}.pid + echo "[`date -u +%Y-%m-%dT%T.%3NZ`] (sys) Stopping" >> $LOG_FILE +end script + +post-start script + echo "===== App restarted =====" >> $LOG_FILE +end script + +respawn +respawn limit 5 1 # give up restart after 5 respawns in 1 seconds \ No newline at end of file diff --git a/ansible/roles/package-aws/tasks/main.yml b/ansible/roles/package-aws/tasks/main.yml new file mode 100644 index 00000000..e2340415 --- /dev/null +++ b/ansible/roles/package-aws/tasks/main.yml @@ -0,0 +1,35 @@ +--- +- name: Install ec2-metadata in /usr/local/bin + become: true + get_url: + url=http://s3.amazonaws.com/ec2metadata/ec2-metadata + dest=/usr/local/bin + mode=0755 + +- name: Download the zip file for ec2-api-tools + become: true + get_url: + url=http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip + dest=/usr/local + mode=0755 + +#- name: Create Directory for ec2 api tool +# become: true +# file: +# path=/usr/local/ec2 +# owner=root +# group=root +# mode=0555 +# state=directory + +- name: Unzip the ec2-api-tool + become: true + unarchive: + src=/usr/local/ec2-api-tools.zip + dest=/usr/local + copy=no + mode=0755 + +- name: Move ec2-api-tool to ec2 + become: true + command: mv -f /usr/local/ec2-api-tools-1.7.5.1 /usr/local/ec2 diff --git a/ansible/roles/package-dock/tasks/main.yml b/ansible/roles/package-dock/tasks/main.yml new file mode 100644 index 00000000..1c63cab2 --- /dev/null +++ b/ansible/roles/package-dock/tasks/main.yml @@ -0,0 +1,62 @@ +--- +- name: Install unzip + become: yes + apt: + pkg=unzip + state=latest + update_cache=yes + cache_valid_time=604800 + +- name: Install openjdk-7-jdk + become: yes + apt: + pkg=openjdk-7-jdk + state=latest + update_cache=yes + cache_valid_time=604800 + +- name: Install jq + become: true + tags: "Install jq" + apt: + pkg=jq + state=latest + update_cache=yes + cache_valid_time=604800 + + +- name: Download Vault 041 + become: true + get_url: + url=https://releases.hashicorp.com/vault/0.4.1/vault_0.4.1_linux_amd64.zip + dest=/usr/local/bin + +- name: unzip vault_0.4.1_linux_amd64.zip + become: yes + unarchive: + src=/usr/local/bin/vault_0.4.1_linux_amd64.zip + dest=/usr/local/bin + copy=no + mode=0755 + +- name: Download Consul-Template + become: true + get_url: + url=https://releases.hashicorp.com/consul-template/0.11.1/consul-template_0.11.1_linux_amd64.zip + dest=/usr/local/bin + +- name: unzip + become: true + unarchive: + src=/usr/local/bin/consul-template_0.11.1_linux_amd64.zip + dest=/usr/local/bin + copy=no + mode=0755 + +- name: Download weave 141 + become: true + get_url: + url=https://github.com/weaveworks/weave/releases/download/v1.4.1/weave + dest=/usr/local/bin + mode=0755 + diff --git a/ansible/roles/vault/templates/vault.hcl b/ansible/roles/vault/templates/vault.hcl index 52032a41..25e1da24 100644 --- a/ansible/roles/vault/templates/vault.hcl +++ b/ansible/roles/vault/templates/vault.hcl @@ -1,5 +1,5 @@ backend "consul" { - address = "{{ ansible_default_ipv4.address }}:8500" + address = "{{ consul_host_address }}:{{ consul_api_port }}" path = "vault" advertise_addr = "http://{{ ansible_default_ipv4.address }}:8200" } diff --git a/ansible/stage-hosts/hosts b/ansible/stage-hosts/hosts index d33f27a3..ee065fd7 100644 --- a/ansible/stage-hosts/hosts +++ b/ansible/stage-hosts/hosts @@ -1,25 +1,26 @@ +[dock] + +[docks] + [hipache] alpha-stage-userland-hipache domain=runnable2.net httpsCheckForBackend80=true prependIncomingPort=true subDomainDepth=3 [targets] localhost ansible_connection=local bastion_name=alpha-bastion -[redis] -delta-staging-data - [rabbitmq] delta-staging-data -[consul] +[redis] delta-staging-data [vault] delta-staging-data -[docks] - [stage:children] +dock docks hipache rabbitmq redis +vault diff --git a/ansible/swarm-deamon.yml b/ansible/swarm-deamon.yml index 3203dc49..a8a50d00 100644 --- a/ansible/swarm-deamon.yml +++ b/ansible/swarm-deamon.yml @@ -1,7 +1,7 @@ --- - hosts: consul -- hosts: docks +- hosts: "{{ dock | default('docks') }}" vars_files: - "group_vars/alpha-swarm-deamon.yml" roles: diff --git a/ansible/vault.yml b/ansible/vault.yml index 4cfcb4fc..b119197c 100644 --- a/ansible/vault.yml +++ b/ansible/vault.yml @@ -1,4 +1,6 @@ --- +- hosts: consul + - hosts: vault vars_files: - group_vars/alpha-vault.yml