From 6a784efd0fb0948901151f8f6b6252ea1cb123e7 Mon Sep 17 00:00:00 2001 From: kaushikanurag Date: Thu, 18 Feb 2016 13:58:54 -0800 Subject: [PATCH 1/5] adding consul on t2 micro instance --- ansible/epsilon-hosts/hosts | 5 +-- .../roles/container_kill_start/meta/main.yml | 2 +- ansible/roles/docker/files/docker-engine | 3 ++ ansible/roles/docker/tasks/main.yml | 39 +++++++++++++------ ssh/config | 3 ++ 5 files changed, 37 insertions(+), 15 deletions(-) create mode 100644 ansible/roles/docker/files/docker-engine diff --git a/ansible/epsilon-hosts/hosts b/ansible/epsilon-hosts/hosts index ddffcfdc..cfdc466f 100644 --- a/ansible/epsilon-hosts/hosts +++ b/ansible/epsilon-hosts/hosts @@ -20,9 +20,7 @@ socket-server epsilon-api [consul] -epsilon-services -epsilon-api -epsilon-web +epsilon-consul [vault] epsilon-services @@ -93,6 +91,7 @@ epsilon-services [epsilon:children] bastion +consul hipache mongodb api diff --git a/ansible/roles/container_kill_start/meta/main.yml b/ansible/roles/container_kill_start/meta/main.yml index 669a982d..d24b245d 100644 --- a/ansible/roles/container_kill_start/meta/main.yml +++ b/ansible/roles/container_kill_start/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - { role: docker } + - { role: docker, tags: docker } - { role: loggly } diff --git a/ansible/roles/docker/files/docker-engine b/ansible/roles/docker/files/docker-engine new file mode 100644 index 00000000..c2f63a90 --- /dev/null +++ b/ansible/roles/docker/files/docker-engine @@ -0,0 +1,3 @@ +Package: docker-engine +Pin: version 1.9.1* +Pin-Priority: 1001 diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index 28c160ad..26af2910 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -1,13 +1,13 @@ --- - name: create docker cert directory - sudo: yes + become: true when: dock is defined file: path=/etc/ssl/docker state=directory - name: copy docker certs - sudo: yes + become: true when: dock is defined copy: src=certs/ @@ -17,26 +17,26 @@ group=root - name: change core dump path - sudo: yes + become: true when: docker_config == "runnable" tags: coreDump sysctl: name=kernel.core_pattern - reload=yes + reload=true state=present value="/var/log/core.%h.%e.%t" - name: install aufs with linux-image-extra-{{ ansible_kernel }} - sudo: yes + become: true tags: aufs apt: pkg="linux-image-extra-{{ ansible_kernel }}" state=present - update_cache=yes + update_cache=true cache_valid_time=604800 - name: install apt-transport-https - sudo: yes + become: true apt: pkg="apt-transport-https" state=present @@ -44,37 +44,54 @@ cache_valid_time=604800 - name: add docker repository key - sudo: yes + become: true apt_key: id: 2C52609D url: https://apt.dockerproject.org/gpg state: present - name: add docker repository - sudo: yes + become: true apt_repository: repo: "deb https://apt.dockerproject.org/repo ubuntu-{{ ansible_distribution_release }} main" state: present update_cache: yes - name: copy docker config file - sudo: yes + become: true template: src={{ docker_config }} dest=/etc/default/docker register: copied_config tags: genDockerConfig +- name: force docker version + become: true + copy: + src=docker-engine + dest=/etc/apt/preferences.d/docker-engine + owner=root + group=root + mode=0600 + +- name: apt-get update + become: true + apt: + update_cache=yes + + - name: install docker - sudo: yes + become: true when: restart is defined or dock is defined apt: pkg="{{ docker_package_name }}" state=present force=yes + dpkg_options='force-confold,force-confdef' update_cache=yes cache_valid_time=604800 + - name: restart docker when: (copied_config.changed and restart is defined) or dock is defined command: sudo service docker restart diff --git a/ssh/config b/ssh/config index 8ad6858e..7a761139 100644 --- a/ssh/config +++ b/ssh/config @@ -256,6 +256,9 @@ Host epsilon-userland Host epsilon-web ProxyCommand ssh -q ubuntu@epsilon-bastion nc 10.12.14.33 22 +Host epsilon-consul + ProxyCommand ssh -q ubuntu@epsilon-bastion nc 10.12.14.16 22 + ################################################################################ # other ################################################################################ From 0e6729486b26232c31dee6dff45a79dea02c5be1 Mon Sep 17 00:00:00 2001 From: kaushikanurag Date: Wed, 24 Feb 2016 13:32:00 -0800 Subject: [PATCH 2/5] Modified roles for new machine --- ansible/consul-services.yml | 3 ++- ansible/epsilon-hosts/hosts | 4 +++- ansible/roles/consul_value/tasks/main.yml | 5 +++++ ssh/config | 10 ++++++++-- 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/ansible/consul-services.yml b/ansible/consul-services.yml index 37f268ed..13fc3114 100644 --- a/ansible/consul-services.yml +++ b/ansible/consul-services.yml @@ -1,7 +1,8 @@ --- - hosts: rabbitmq - hosts: redis - - hosts: vault + +- hosts: consul roles: - { role: consul-services } diff --git a/ansible/epsilon-hosts/hosts b/ansible/epsilon-hosts/hosts index cfdc466f..7d387db2 100644 --- a/ansible/epsilon-hosts/hosts +++ b/ansible/epsilon-hosts/hosts @@ -20,7 +20,9 @@ socket-server epsilon-api [consul] -epsilon-consul +epsilon-consul-a +epsilon-consul-b +epsilon-consul-c [vault] epsilon-services diff --git a/ansible/roles/consul_value/tasks/main.yml b/ansible/roles/consul_value/tasks/main.yml index 12e34a12..a0b78f8a 100644 --- a/ansible/roles/consul_value/tasks/main.yml +++ b/ansible/roles/consul_value/tasks/main.yml @@ -1,4 +1,9 @@ --- +- name: Debug role + when: debug_info is defined + debug: + msg="Consul Server {{ consul_host_address }}:{{ consul_api_port }}" + - name: make sure httplib2 is installed run_once: true sudo: yes diff --git a/ssh/config b/ssh/config index 7a761139..7a0e80aa 100644 --- a/ssh/config +++ b/ssh/config @@ -256,8 +256,14 @@ Host epsilon-userland Host epsilon-web ProxyCommand ssh -q ubuntu@epsilon-bastion nc 10.12.14.33 22 -Host epsilon-consul - ProxyCommand ssh -q ubuntu@epsilon-bastion nc 10.12.14.16 22 +Host epsilon-consul-a + ProxyCommand ssh -q ubuntu@epsilon-bastion nc 10.12.7.67 22 + +Host epsilon-consul-b + ProxyCommand ssh -q ubuntu@epsilon-bastion nc 10.12.10.240 22 + +Host epsilon-consul-c + ProxyCommand ssh -q ubuntu@epsilon-bastion nc 10.12.12.209 22 ################################################################################ # other From 04171a6d46b95c6864d3a527ba1febc8272cfb75 Mon Sep 17 00:00:00 2001 From: "Christopher M. Neill" Date: Wed, 24 Feb 2016 13:48:22 -0800 Subject: [PATCH 3/5] Had to wipe an re-init epsilon vault service. --- ansible/epsilon-hosts/variables | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/epsilon-hosts/variables b/ansible/epsilon-hosts/variables index 9d0bac7d..185d1e4d 100644 --- a/ansible/epsilon-hosts/variables +++ b/ansible/epsilon-hosts/variables @@ -78,10 +78,10 @@ registry_host=10.12.12.99 swarm_token=d363b783f03a845a2c82b081bfe8443e user_content_domain=runnablecloud.com api_hello_runnable_github_token=88ddc423c2312d02a8bbcaad76dd4c374a30e4af -vault_auth_token=bc768f31-62ef-ceda-3de6-c86bd0c7ffc6 -vault_token_01=c21de228e17c9b489b2f5a2de316b97e589ef4ee83cb18ad85f6ce4a0479e30503 -vault_token_02=4ad609187fd19ee2e084068ba53e9ec116b11fc05b84c36e4a7b8a9da391be1204 -vault_token_03=e59939b5785df0c886c2159937603dce5d45e58e147301781c3cb0bcee6507a105 +vault_auth_token=6f5dddd1-dea2-472d-03b0-51e7fe8ea8de +vault_token_01=5b58b93e4cbb550d2bebe3324018c978bc89b11ba0a8a4a1430319ab8938dd1802 +vault_token_02=e334c5c53dc979476e1fb27c91dd8f7b0b5f708b876d829ee0ec54d0cba3de9e03 +vault_token_03=8e8918bee9fe08f5558450bceeab71326da91b60a24aed41f6ae7eebb35fe2e204 [ec2:vars] env=epsilon From bca02d91b749691a96dcfc202f003b01a715110d Mon Sep 17 00:00:00 2001 From: "Christopher M. Neill" Date: Thu, 3 Mar 2016 12:48:19 -0800 Subject: [PATCH 4/5] use vault server --- ansible/consul-services.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/consul-services.yml b/ansible/consul-services.yml index 13fc3114..d0b72909 100644 --- a/ansible/consul-services.yml +++ b/ansible/consul-services.yml @@ -3,6 +3,6 @@ - hosts: redis - hosts: vault -- hosts: consul +- hosts: vault roles: - { role: consul-services } From 2fcd284bf278a653a60e34037de87f61e3b02b32 Mon Sep 17 00:00:00 2001 From: Bryan Kendall Date: Thu, 3 Mar 2016 12:57:00 -0800 Subject: [PATCH 5/5] put consul services on only one consul client --- ansible/consul-services.yml | 3 +-- ansible/roles/consul-services/tasks/main.yml | 9 +++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ansible/consul-services.yml b/ansible/consul-services.yml index d0b72909..3c43c909 100644 --- a/ansible/consul-services.yml +++ b/ansible/consul-services.yml @@ -1,8 +1,7 @@ --- - hosts: rabbitmq - hosts: redis -- hosts: vault -- hosts: vault +- hosts: consul roles: - { role: consul-services } diff --git a/ansible/roles/consul-services/tasks/main.yml b/ansible/roles/consul-services/tasks/main.yml index e1c31d56..26458199 100644 --- a/ansible/roles/consul-services/tasks/main.yml +++ b/ansible/roles/consul-services/tasks/main.yml @@ -1,16 +1,17 @@ --- - name: make /etc/consul.d folder - sudo: yes + become: true file: path=/etc/consul.d state=directory - name: remove all current configs - sudo: yes + become: true shell: rm -f /etc/consul.d/*.json - name: put service files in place - sudo: yes + become: true + run_once: true template: dest=/etc/consul.d/{{ item.name }}.json src=service.json @@ -33,5 +34,5 @@ port: '{{ registry_port }}' - name: send consul SIGUP to reload services - sudo: yes + become: true shell: pkill --signal SIGHUP consul