consul
Ansible role Consul
An Ansible role to deploy Hashicorp Consul on supported platforms, following the Datacenter deploy guide. This role is intended to provision a base image configured to provision the Consul security assets (gossip key and CA) from a secure storage in a Vault instance.
Using this role you can provision an image for a server and agent respectively, and then use those images to launch instances to bootstrap the cluster and auto join nodes.
Features
This role provisions:
- Consul itself, agent and server mode
- Other necessary tools (
consul-template
,vault
) - Consul TLS and gossip secrets read from Vault
The role is designed to use vault agent to template the consul configuration files.
There is experimental support for joining wifi networks.
Requirements
This role requires a working Vault instance with TLS secrets and gossip keys in a given path. Machines are configured to authenticate to Vault with an Approle Role ID.
This role can be applied to virtual machines, physical machines and docker containers. Support for OCI containers will come as soon as I can figure out a reliable way of detecting whether we are in an arbitrary kind of container.
Role Variables
See defaults/main.yml
for default variables.
Dependencies
No dependencies on other roles.
Example Playbook
For an example playbook see .github/build/playbook.yml
.
An example Packer template which builds the images is in .github/build/consul.pkr.hcl
.
License
MIT
Author Information
@brucellino brucellino@proton.me
ansible-galaxy install brucellino/ansible-role-consul