feat(consul): add container playbook (#35)

feat(consul): add container playbook style(consul): ensure fqcn in docker playbook ci: let jobs continue in other matrix axes style(consul): ignore changes on setup tasks Signed-off-by: Bruce Becker <[email protected]> --------- Signed-off-by: Bruce Becker <[email protected]>
brucellino · Mar 22, 2023 · fef0593 · fef0593
1 parent 90c1699
commit fef0593
Show file tree

Hide file tree

Showing 4 changed files with 196 additions and 3 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -9,6 +9,7 @@ on:
 jobs:
   validate:
     strategy:
+      fail-fast: false
       matrix:
         template:
           - ubuntu-server

diff --git a/consul/consul-do.pkr.hcl b/consul/consul-do.pkr.hcl
@@ -4,9 +4,17 @@ packer {
       version = ">= v1.1.0"
       source  = "github.com/digitalocean/digitalocean"
     }
+    docker = {
+      version = ">= v1.0.8"
+      source  = "github.com/hashicorp/docker"
+    }
   }
 }
-
+variable "consul_version" {
+  description = "Version of Consul to install"
+  default     = "1.15.0"
+  type        = string
+}
 variable "region" {
   type      = string
   default   = "ams3"
@@ -29,13 +37,28 @@ local "do_token" {
   sensitive  = true
 }
 
+local "docker_registry_pass" {
+  expression = vault("kv/data/github", "ghcr_token")
+  sensitive  = true
+}
+
+local "docker_registry_username" {
+  expression = "brucellino"
+  sensitive  = false
+}
 
 variable "vpc_uuid" {
   type      = string
   sensitive = false
   default   = "08a4d3ad-a229-40dd-8dd4-042bda3e09bc" # this is only available in AMS3 - a map is needed.
 }
 
+variable "docker_base_image" {
+  type      = string
+  sensitive = false
+  default   = "public.ecr.aws/lts/ubuntu:focal"
+}
+
 data "digitalocean-image" "base-ubuntu" {
   api_token = vault("digitalocean/data/tokens", "packer")
   name      = var.base_image_name
@@ -60,10 +83,53 @@ source "digitalocean" "server" {
   vpc_uuid           = var.vpc_uuid
 }
 
+source "docker" "server" {
+  image  = var.docker_base_image
+  commit = true
+  changes = [
+    "USER consul",
+    "WORKDIR /home/consul",
+    "EXPOSE 8500 8501",
+    "LABEL consul_version=${var.consul_version}",
+    "LABEL org.opencontainers.image.source=https://github.com/brucellino/packer-templates",
+    "LABEL org.opencontainers.image.description=\"Consul ${var.consul_version} image\"",
+    "ENTRYPOINT [\"/tini\", \"--\"]",
+    "VOLUME /opt/consul",
+    "CMD [\"/bin/consul\", \"agent\", \"-config-dir=/etc/consul.d/\"]"
+  ]
+  author = "[email protected]"
+  volumes = {
+    consul_data = "/opt/consul"
+  }
+  run_command = ["-d", "-i", "-t", "--entrypoint=/bin/bash", "--name=consul", "--", "{{.Image}}"]
+}
+
 build {
-  name    = "server"
+  name    = "server-consul"
   sources = ["source.digitalocean.server"]
   provisioner "ansible" {
-    playbook_file = "playbook.yml"
+    playbook_file   = "playbook.yml"
+    extra_arguments = ["--extra-vars", "consul_version=${var.consul_version}"]
+  }
+}
+
+build {
+  name    = "server-docker"
+  sources = ["source.docker.server"]
+  provisioner "ansible" {
+    playbook_file   = "playbook-docker.yml"
+    extra_arguments = ["--extra-vars", "consul_version=${var.consul_version}"]
+  }
+  post-processors {
+    post-processor "docker-tag" {
+      repository = "ghcr.io/brucellino/consul"
+      tags       = ["latest"]
+    }
+    post-processor "docker-push" {
+      login          = true
+      login_password = local.docker_registry_pass
+      login_username = local.docker_registry_username
+      login_server   = "https://ghcr.io/${local.docker_registry_username}"
+    }
   }
 }
diff --git a/consul/consul.hcl.j2 b/consul/consul.hcl.j2
@@ -4,3 +4,49 @@ encrypt = "[[ server_encrypt_key ]]"
 verify_incoming = true
 verify_outgoing = true
 verify_server_hostname = true
+dns_port =
+
+# Logging
+## Logging is defined at directory level
+log_file = "/home/consul/"
+log_rotate_duration = "24h"
+log_rotate_bytes = 10485760
+log_rotate_max_files = 30
+
+auto_encrypt {
+  tls = true
+}
+
+verify_incoming = false
+verify_outgoing = false
+verify_server_hostname = false
+
+recursors = ["8.8.8.8"]
+# Advertise on tailscale if it is available
+
+# Enable Consul ACLs
+acl = {
+  enabled = true
+  default_policy = "allow"
+  enable_token_persistence = true
+}
+
+telemetry {
+  prometheus_retention_time = "60s"
+}
+
+# Allow bind on all interfaces
+bind_addr = "0.0.0.0"
+
+# Allow client to respond to requests on all interfaces
+client_addr = "0.0.0.0"
+# Name of the datacenter
+datacenter = "dc1"
+# Path to where Consul will store its data
+data_dir = "[[ consul_data_dir ]]"
+disable_remote_exec = false
+discovery_max_stale = "10m"
+
+dns_config {
+  allow_stale = true
+}
diff --git a/consul/playbook-docker.yml b/consul/playbook-docker.yml
@@ -0,0 +1,80 @@
+---
+- hosts: all
+  name: Prepare
+  gather_facts: false
+  remote_user: root
+  tasks:
+    - name: Ensure python
+      ansible.builtin.raw: apt-get update
+      changed_when: false
+    - name: Ensure python
+      ansible.builtin.raw: DEBIAN_FRONTEND=noninteractive apt-get install -y python3.9
+      changed_when: false
+- hosts: all
+  name: Deploy
+  remote_user: root
+  vars:
+    prerequisites:
+      - tar
+      - unzip
+      - curl
+    consul_version: 1.15.0
+    consul_arch:
+      x86_64: amd64
+      aarch64: arm64
+    consul_data_dir: "/opt/consul"
+    server_encrypt_key: "."
+    tini_version: v0.19.0
+    tini_arch:
+      x86_64: amd64
+      aarch64: arm64
+      armv6l: armel
+  tasks:
+    - name: Ensure Prerequisites
+      ansible.builtin.package:
+        name: "{{ prerequisites }}"
+        state: present
+    - name: Get Consul
+      ansible.builtin.unarchive:
+        src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_{{ consul_arch[ansible_architecture] }}.zip"
+        dest: /bin/
+        remote_src: true
+        mode: 0777
+        owner: root
+        group: root
+    - name: Add Consul group
+      ansible.builtin.group:
+        name: consul
+        state: present
+    - name: Add Consul user
+      ansible.builtin.user:
+        name: consul
+        group: consul
+        groups: consul
+        append: true
+        state: present
+    - name: Add configuration directory
+      ansible.builtin.file:
+        path: /etc/consul.d
+        state: directory
+        recurse: true
+        mode: 0644
+        owner: consul
+        group: consul
+    - name: Create Consul configuration
+      ansible.builtin.template:
+        src: consul.hcl.j2
+        dest: /etc/consul.d/consul.hcl
+        backup: true
+        mode: 0644
+        owner: consul
+        group: consul
+        variable_start_string: "[["
+        variable_end_string: "]]"
+    - name: Get Tini
+      ansible.builtin.get_url:
+        url: "https://github.com/krallin/tini/releases/download/{{ tini_version }}/tini-{{ tini_arch[ansible_architecture] }}"
+        dest: "/tini"
+        mode: 0777
+        owner: root
+        group: root