Add consul and name the agent

1-coreos/1-prepare-ignition-files/etc/consul.d/consul.hcl

@@ -0,0 +1,5 @@
+datacenter = "jaglan-beta"
+data_dir = "/opt/consul"
+encrypt = "5L5cOnGhQ63EUMqPtn4tYDb1XafmmbQx2n6WqPkqeFs=" # This is a secret that should be generated with `consul keygen`
+retry_join = ["jaglan-beta-m01", "jaglan-beta-m42"]
+server = true

1-coreos/1-prepare-ignition-files/example.bu

@@ -1,18 +0,0 @@
-variant: fcos
-version: 1.5.0
-passwd:
-  users:
-    - name: core
-      ssh_authorized_keys:
-        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com
-systemd:
-  units:
-    - name: rpm-ostree-install-hashistack.service
-      enabled: true
-      contents_local: rpm-ostree-install-hashistack.service
-storage:
-  files:
-    - path: /etc/yum.repos.d/hashicorp.repo
-      contents:
-        local: hashicorp.repo
-      mode: 0311

1-coreos/1-prepare-ignition-files/jaglan-beta-m42.bu

@@ -0,0 +1,40 @@
+variant: fcos
+version: 1.5.0
+passwd:
+  users:
+    - name: core
+      ssh_authorized_keys:
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com
+    # We need to make users for consul and nomad as we need them before their installed
+    - name: consul
+      no_create_home: true
+systemd:
+  units:
+    - name: rpm-ostree-install-hashistack.service
+      enabled: true
+      contents_local: /units/rpm-ostree-install-hashistack.service
+storage:
+  files:
+    - path: /etc/hostname
+      mode: 0644
+      contents:
+        inline: jaglan-beta-m42
+    - path: /etc/yum.repos.d/hashicorp.repo
+      contents:
+        local: /etc/yum.repos.d/hashicorp.repo
+      mode: 0644
+    - path: /etc/consul.d/consul.hcl
+      contents:
+        local: /etc/consul.d/consul.hcl
+      mode: 0600
+      group:
+        name: consul
+      user:
+        name: consul
+  directories:
+    - path: /opt/consul
+      mode: 0700
+      user:
+        name: consul
+      group:
+        name: consul

1-coreos/1-prepare-ignition-files/jaglan-beta-m42.ign

@@ -9,25 +9,63 @@
         "sshAuthorizedKeys": [
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com"
         ]
+      },
+      {
+        "name": "consul",
+        "noCreateHome": true
       }
     ]
   },
   "storage": {
+    "directories": [
+      {
+        "group": {
+          "name": "consul"
+        },
+        "path": "/opt/consul",
+        "user": {
+          "name": "consul"
+        },
+        "mode": 448
+      }
+    ],
     "files": [
+      {
+        "path": "/etc/hostname",
+        "contents": {
+          "compression": "",
+          "source": "data:,jaglan-beta-m42"
+        },
+        "mode": 420
+      },
       {
         "path": "/etc/yum.repos.d/hashicorp.repo",
         "contents": {
           "compression": "gzip",
           "source": "data:;base64,H4sIAAAAAAAC/7SPPcvCQBCE+/sVKdIm+76tkN5eO7HYXMY7ydexuwr+e4kfZ2EjgtXOMvAMzy6yxqOfJe3dxCOa9fMvNsbtgKIqypYVLD66JZxkaKJZ0hWRpLEWDGCF1plU+3mkA7pZmMpHfYZQ5pDe0A7Tcrrm34UUfITv77HH5ZOJkIJzL4HKoPZmsYXaTxyWtWzw97XBNQAA//9Dsu7agQEAAA=="
         },
-        "mode": 201
+        "mode": 420
+      },
+      {
+        "group": {
+          "name": "consul"
+        },
+        "path": "/etc/consul.d/consul.hcl",
+        "user": {
+          "name": "consul"
+        },
+        "contents": {
+          "compression": "gzip",
+          "source": "data:;base64,H4sIAAAAAAAC/1SPPU/DMBRFd/+KK7NSlZa2WzY+FhCtBAKEUPviPGK3yXNjvwD596hhgfWc4d5TkZJjUU4oYPdUNySTkpWsOaltFUYxjUeduii5b6xhcWk46okv75buQW79ZnV5/XTfrVUW+npVzl7oo23LzfdcVs/d+tDxTS4szvDoQ0bIIGR2iRXqSZF97JsKJaNm4UTKFb6Ceux+J3HgoWbZmcSahu0+BkGBt793J+3FzJ7jP1rM7bvJnD7HOk09m58AAAD//+J027nwAAAA"
+        },
+        "mode": 384
       }
     ]
   },
   "systemd": {
     "units": [
       {
-        "contents": "[Unit]\nDescription=Layer nomad \u0026 consul with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\n# We run before `zincati.service` to avoid conflicting rpm-ostree\n# transactions.\nBefore=zincati.service\nConditionPathExists=!/var/lib/%N.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\n# `--allow-inactive` ensures that rpm-ostree does not return an error\n# if the package is already installed. This is useful if the package is\n# added to the root image in a future Fedora CoreOS release as it will\n# prevent the service from failing.\nExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive nomad consul\nExecStart=/bin/touch /var/lib/%N.stamp\n\n[Install]\nWantedBy=multi-user.target",
+        "contents": "[Unit]\nDescription=Layer nomad \u0026 consul with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\n# We run before `zincati.service` to avoid conflicting rpm-ostree\n# transactions.\nBefore=zincati.service\nConditionPathExists=!/var/lib/%N.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\n# `--allow-inactive` ensures that rpm-ostree does not return an error\n# if the package is already installed. This is useful if the package is\n# added to the root image in a future Fedora CoreOS release as it will\n# prevent the service from failing.\nExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive consul nomad\nExecStart=systemctl enable consul nomad\nExecStart=/bin/touch /var/lib/%N.stamp\nExecStart=systemctl reboot\n\n[Install]\nWantedBy=multi-user.target",
         "enabled": true,
         "name": "rpm-ostree-install-hashistack.service"
       }

1-coreos/1-prepare-ignition-files/readme.md

@@ -1,3 +1,3 @@
 1. Ensure butane is installed `dnf install butane`
 2. Compile butane files into ignition files
-    `butane --pretty --strict example.bu --output example.ign`
+    `butane --pretty --strict jaglan-beta-m42.bu --files-dir . --output jaglan-beta-m42.ign`

1-coreos/1-prepare-ignition-files/units/rpm-ostree-install-hashistack.service

@@ -14,8 +14,10 @@ RemainAfterExit=yes
 # if the package is already installed. This is useful if the package is
 # added to the root image in a future Fedora CoreOS release as it will
 # prevent the service from failing.
-ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive nomad consul
+ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive consul
+ExecStart=systemctl enable consul
 ExecStart=/bin/touch /var/lib/%N.stamp
+ExecStart=systemctl reboot
 
 [Install]
 WantedBy=multi-user.target

1-coreos/2-install-coreos/readme.md

@@ -12,8 +12,18 @@
 5. Host the ignition file for the installer to see
     Run `python3 -m http.server 8080` (from the folder with the ignition files)
 6. Install CoreOS
-    1. Get the OS on disk for the first time
-        `sudo coreos-installer install /dev/vda --insecure-ignition --ignition-url http://192.168.1.115:8080/example.ign`
+    1. Get the OS on disk for tshe first time
+        `sudo coreos-installer install /dev/vda --insecure-ignition --ignition-url http://192.168.1.115:8080/jaglan-beta-m42.ign`
     2. Reboot to injest ignition file and provision
         `sudo reboot`
-        ssh should now work with the user's ssh keys from ignition file
+        ssh should now work with the user's ssh keys from ignition file
+    3. Wait, the initial service will install the hashistack and reboot again
+
+7. Boostrapping the consul cluster
+    1. Run `consul agent -boostrap-expect 1 -bind 192.168.1.115 -ui -config-file ./etc/consul.d/consul.hcl` locally
+    2. Check the ui at http://localhost:8500/ui to ensure that the expected nodes are shown
+
+# Useful Debugging Commands
+`sudo systemctl start consul`
+Read consul startup logs: `sudo journalctl -xeu consul.service`
+Start the consul UI locally: `consul agent -bind 192.168.1.115 -ui -config-file ./etc/consul.d/consul.hcl`