From 472b198618ec02849aadcac0540ba4f723cd203b Mon Sep 17 00:00:00 2001 From: Adrian Cowan Date: Tue, 5 Dec 2023 21:16:40 +1100 Subject: [PATCH] Add consul and name the agent --- .../etc/consul.d/consul.hcl | 5 +++ .../{ => etc/yum.repos.d}/hashicorp.repo | 0 1-coreos/1-prepare-ignition-files/example.bu | 18 -------- .../jaglan-beta-m42.bu | 40 ++++++++++++++++++ .../{example.ign => jaglan-beta-m42.ign} | 42 ++++++++++++++++++- 1-coreos/1-prepare-ignition-files/readme.md | 2 +- .../rpm-ostree-install-hashistack.service | 4 +- 1-coreos/2-install-coreos/readme.md | 16 +++++-- 8 files changed, 102 insertions(+), 25 deletions(-) create mode 100644 1-coreos/1-prepare-ignition-files/etc/consul.d/consul.hcl rename 1-coreos/1-prepare-ignition-files/{ => etc/yum.repos.d}/hashicorp.repo (100%) delete mode 100644 1-coreos/1-prepare-ignition-files/example.bu create mode 100644 1-coreos/1-prepare-ignition-files/jaglan-beta-m42.bu rename 1-coreos/1-prepare-ignition-files/{example.ign => jaglan-beta-m42.ign} (54%) rename 1-coreos/1-prepare-ignition-files/{ => units}/rpm-ostree-install-hashistack.service (90%) diff --git a/1-coreos/1-prepare-ignition-files/etc/consul.d/consul.hcl b/1-coreos/1-prepare-ignition-files/etc/consul.d/consul.hcl new file mode 100644 index 0000000..a9c98b1 --- /dev/null +++ b/1-coreos/1-prepare-ignition-files/etc/consul.d/consul.hcl @@ -0,0 +1,5 @@ +datacenter = "jaglan-beta" +data_dir = "/opt/consul" +encrypt = "5L5cOnGhQ63EUMqPtn4tYDb1XafmmbQx2n6WqPkqeFs=" # This is a secret that should be generated with `consul keygen` +retry_join = ["jaglan-beta-m01", "jaglan-beta-m42"] +server = true diff --git a/1-coreos/1-prepare-ignition-files/hashicorp.repo b/1-coreos/1-prepare-ignition-files/etc/yum.repos.d/hashicorp.repo similarity index 100% rename from 1-coreos/1-prepare-ignition-files/hashicorp.repo rename to 1-coreos/1-prepare-ignition-files/etc/yum.repos.d/hashicorp.repo diff --git a/1-coreos/1-prepare-ignition-files/example.bu b/1-coreos/1-prepare-ignition-files/example.bu deleted file mode 100644 index b82a72d..0000000 --- a/1-coreos/1-prepare-ignition-files/example.bu +++ /dev/null @@ -1,18 +0,0 @@ -variant: fcos -version: 1.5.0 -passwd: - users: - - name: core - ssh_authorized_keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com -systemd: - units: - - name: rpm-ostree-install-hashistack.service - enabled: true - contents_local: rpm-ostree-install-hashistack.service -storage: - files: - - path: /etc/yum.repos.d/hashicorp.repo - contents: - local: hashicorp.repo - mode: 0311 \ No newline at end of file diff --git a/1-coreos/1-prepare-ignition-files/jaglan-beta-m42.bu b/1-coreos/1-prepare-ignition-files/jaglan-beta-m42.bu new file mode 100644 index 0000000..6c8313f --- /dev/null +++ b/1-coreos/1-prepare-ignition-files/jaglan-beta-m42.bu @@ -0,0 +1,40 @@ +variant: fcos +version: 1.5.0 +passwd: + users: + - name: core + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com + # We need to make users for consul and nomad as we need them before their installed + - name: consul + no_create_home: true +systemd: + units: + - name: rpm-ostree-install-hashistack.service + enabled: true + contents_local: /units/rpm-ostree-install-hashistack.service +storage: + files: + - path: /etc/hostname + mode: 0644 + contents: + inline: jaglan-beta-m42 + - path: /etc/yum.repos.d/hashicorp.repo + contents: + local: /etc/yum.repos.d/hashicorp.repo + mode: 0644 + - path: /etc/consul.d/consul.hcl + contents: + local: /etc/consul.d/consul.hcl + mode: 0600 + group: + name: consul + user: + name: consul + directories: + - path: /opt/consul + mode: 0700 + user: + name: consul + group: + name: consul \ No newline at end of file diff --git a/1-coreos/1-prepare-ignition-files/example.ign b/1-coreos/1-prepare-ignition-files/jaglan-beta-m42.ign similarity index 54% rename from 1-coreos/1-prepare-ignition-files/example.ign rename to 1-coreos/1-prepare-ignition-files/jaglan-beta-m42.ign index eb3a02b..fe1f899 100644 --- a/1-coreos/1-prepare-ignition-files/example.ign +++ b/1-coreos/1-prepare-ignition-files/jaglan-beta-m42.ign @@ -9,25 +9,63 @@ "sshAuthorizedKeys": [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com" ] + }, + { + "name": "consul", + "noCreateHome": true } ] }, "storage": { + "directories": [ + { + "group": { + "name": "consul" + }, + "path": "/opt/consul", + "user": { + "name": "consul" + }, + "mode": 448 + } + ], "files": [ + { + "path": "/etc/hostname", + "contents": { + "compression": "", + "source": "data:,jaglan-beta-m42" + }, + "mode": 420 + }, { "path": "/etc/yum.repos.d/hashicorp.repo", "contents": { "compression": "gzip", "source": "data:;base64,H4sIAAAAAAAC/7SPPcvCQBCE+/sVKdIm+76tkN5eO7HYXMY7ydexuwr+e4kfZ2EjgtXOMvAMzy6yxqOfJe3dxCOa9fMvNsbtgKIqypYVLD66JZxkaKJZ0hWRpLEWDGCF1plU+3mkA7pZmMpHfYZQ5pDe0A7Tcrrm34UUfITv77HH5ZOJkIJzL4HKoPZmsYXaTxyWtWzw97XBNQAA//9Dsu7agQEAAA==" }, - "mode": 201 + "mode": 420 + }, + { + "group": { + "name": "consul" + }, + "path": "/etc/consul.d/consul.hcl", + "user": { + "name": "consul" + }, + "contents": { + "compression": "gzip", + "source": "data:;base64,H4sIAAAAAAAC/1SPPU/DMBRFd/+KK7NSlZa2WzY+FhCtBAKEUPviPGK3yXNjvwD596hhgfWc4d5TkZJjUU4oYPdUNySTkpWsOaltFUYxjUeduii5b6xhcWk46okv75buQW79ZnV5/XTfrVUW+npVzl7oo23LzfdcVs/d+tDxTS4szvDoQ0bIIGR2iRXqSZF97JsKJaNm4UTKFb6Ceux+J3HgoWbZmcSahu0+BkGBt793J+3FzJ7jP1rM7bvJnD7HOk09m58AAAD//+J027nwAAAA" + }, + "mode": 384 } ] }, "systemd": { "units": [ { - "contents": "[Unit]\nDescription=Layer nomad \u0026 consul with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\n# We run before `zincati.service` to avoid conflicting rpm-ostree\n# transactions.\nBefore=zincati.service\nConditionPathExists=!/var/lib/%N.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\n# `--allow-inactive` ensures that rpm-ostree does not return an error\n# if the package is already installed. This is useful if the package is\n# added to the root image in a future Fedora CoreOS release as it will\n# prevent the service from failing.\nExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive nomad consul\nExecStart=/bin/touch /var/lib/%N.stamp\n\n[Install]\nWantedBy=multi-user.target", + "contents": "[Unit]\nDescription=Layer nomad \u0026 consul with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\n# We run before `zincati.service` to avoid conflicting rpm-ostree\n# transactions.\nBefore=zincati.service\nConditionPathExists=!/var/lib/%N.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\n# `--allow-inactive` ensures that rpm-ostree does not return an error\n# if the package is already installed. This is useful if the package is\n# added to the root image in a future Fedora CoreOS release as it will\n# prevent the service from failing.\nExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive consul nomad\nExecStart=systemctl enable consul nomad\nExecStart=/bin/touch /var/lib/%N.stamp\nExecStart=systemctl reboot\n\n[Install]\nWantedBy=multi-user.target", "enabled": true, "name": "rpm-ostree-install-hashistack.service" } diff --git a/1-coreos/1-prepare-ignition-files/readme.md b/1-coreos/1-prepare-ignition-files/readme.md index 1cfd621..7ae7e81 100644 --- a/1-coreos/1-prepare-ignition-files/readme.md +++ b/1-coreos/1-prepare-ignition-files/readme.md @@ -1,3 +1,3 @@ 1. Ensure butane is installed `dnf install butane` 2. Compile butane files into ignition files - `butane --pretty --strict example.bu --output example.ign` + `butane --pretty --strict jaglan-beta-m42.bu --files-dir . --output jaglan-beta-m42.ign` diff --git a/1-coreos/1-prepare-ignition-files/rpm-ostree-install-hashistack.service b/1-coreos/1-prepare-ignition-files/units/rpm-ostree-install-hashistack.service similarity index 90% rename from 1-coreos/1-prepare-ignition-files/rpm-ostree-install-hashistack.service rename to 1-coreos/1-prepare-ignition-files/units/rpm-ostree-install-hashistack.service index 423bf66..1760e32 100644 --- a/1-coreos/1-prepare-ignition-files/rpm-ostree-install-hashistack.service +++ b/1-coreos/1-prepare-ignition-files/units/rpm-ostree-install-hashistack.service @@ -14,8 +14,10 @@ RemainAfterExit=yes # if the package is already installed. This is useful if the package is # added to the root image in a future Fedora CoreOS release as it will # prevent the service from failing. -ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive nomad consul +ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive consul +ExecStart=systemctl enable consul ExecStart=/bin/touch /var/lib/%N.stamp +ExecStart=systemctl reboot [Install] WantedBy=multi-user.target \ No newline at end of file diff --git a/1-coreos/2-install-coreos/readme.md b/1-coreos/2-install-coreos/readme.md index a494b2c..adad497 100644 --- a/1-coreos/2-install-coreos/readme.md +++ b/1-coreos/2-install-coreos/readme.md @@ -12,8 +12,18 @@ 5. Host the ignition file for the installer to see Run `python3 -m http.server 8080` (from the folder with the ignition files) 6. Install CoreOS - 1. Get the OS on disk for the first time - `sudo coreos-installer install /dev/vda --insecure-ignition --ignition-url http://192.168.1.115:8080/example.ign` + 1. Get the OS on disk for tshe first time + `sudo coreos-installer install /dev/vda --insecure-ignition --ignition-url http://192.168.1.115:8080/jaglan-beta-m42.ign` 2. Reboot to injest ignition file and provision `sudo reboot` - ssh should now work with the user's ssh keys from ignition file \ No newline at end of file + ssh should now work with the user's ssh keys from ignition file + 3. Wait, the initial service will install the hashistack and reboot again + +7. Boostrapping the consul cluster + 1. Run `consul agent -boostrap-expect 1 -bind 192.168.1.115 -ui -config-file ./etc/consul.d/consul.hcl` locally + 2. Check the ui at http://localhost:8500/ui to ensure that the expected nodes are shown + +# Useful Debugging Commands +`sudo systemctl start consul` +Read consul startup logs: `sudo journalctl -xeu consul.service` +Start the consul UI locally: `consul agent -bind 192.168.1.115 -ui -config-file ./etc/consul.d/consul.hcl`