Add consul and name the agent

2023-12-05 21:16:40 +11:00
parent e710b74a12
commit 472b198618
8 changed files with 102 additions and 25 deletions
--- a/1-coreos/1-prepare-ignition-files/etc/consul.d/consul.hcl
+++ b/1-coreos/1-prepare-ignition-files/etc/consul.d/consul.hcl
@@ -0,0 +1,5 @@
+datacenter = "jaglan-beta"
+data_dir = "/opt/consul"
+encrypt = "5L5cOnGhQ63EUMqPtn4tYDb1XafmmbQx2n6WqPkqeFs=" # This is a secret that should be generated with `consul keygen`
+retry_join = ["jaglan-beta-m01", "jaglan-beta-m42"]
+server = true
--- a/1-coreos/1-prepare-ignition-files/etc/yum.repos.d/hashicorp.repo
+++ b/1-coreos/1-prepare-ignition-files/etc/yum.repos.d/hashicorp.repo
--- a/1-coreos/1-prepare-ignition-files/example.bu
+++ b/1-coreos/1-prepare-ignition-files/example.bu
@@ -1,18 +0,0 @@
-variant: fcos
-version: 1.5.0
-passwd:
-  users:
-    - name: core
-      ssh_authorized_keys:
-        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com
-systemd:
-  units:
-    - name: rpm-ostree-install-hashistack.service
-      enabled: true
-      contents_local: rpm-ostree-install-hashistack.service
-storage:
-  files:
-    - path: /etc/yum.repos.d/hashicorp.repo
-      contents:
-        local: hashicorp.repo
-      mode: 0311
--- a/1-coreos/1-prepare-ignition-files/jaglan-beta-m42.bu
+++ b/1-coreos/1-prepare-ignition-files/jaglan-beta-m42.bu
@@ -0,0 +1,40 @@
+variant: fcos
+version: 1.5.0
+passwd:
+  users:
+    - name: core
+      ssh_authorized_keys:
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com
+    # We need to make users for consul and nomad as we need them before their installed
+    - name: consul
+      no_create_home: true
+systemd:
+  units:
+    - name: rpm-ostree-install-hashistack.service
+      enabled: true
+      contents_local: /units/rpm-ostree-install-hashistack.service
+storage:
+  files:
+    - path: /etc/hostname
+      mode: 0644
+      contents:
+        inline: jaglan-beta-m42
+    - path: /etc/yum.repos.d/hashicorp.repo
+      contents:
+        local: /etc/yum.repos.d/hashicorp.repo
+      mode: 0644
+    - path: /etc/consul.d/consul.hcl
+      contents:
+        local: /etc/consul.d/consul.hcl
+      mode: 0600
+      group:
+        name: consul
+      user:
+        name: consul
+  directories:
+    - path: /opt/consul
+      mode: 0700
+      user:
+        name: consul
+      group:
+        name: consul
--- a/1-coreos/1-prepare-ignition-files/jaglan-beta-m42.ign
+++ b/1-coreos/1-prepare-ignition-files/jaglan-beta-m42.ign
@@ -9,25 +9,63 @@
        "sshAuthorizedKeys": [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwojmm5GUDQTt/ic1w3yf5c0fyiPqhy8D9Y4qMVljEA othrayte@gmail.com"
        ]
+      },
+      {
+        "name": "consul",
+        "noCreateHome": true
      }
    ]
  },
  "storage": {
+    "directories": [
+      {
+        "group": {
+          "name": "consul"
+        },
+        "path": "/opt/consul",
+        "user": {
+          "name": "consul"
+        },
+        "mode": 448
+      }
+    ],
    "files": [
+      {
+        "path": "/etc/hostname",
+        "contents": {
+          "compression": "",
+          "source": "data:,jaglan-beta-m42"
+        },
+        "mode": 420
+      },
      {
        "path": "/etc/yum.repos.d/hashicorp.repo",
        "contents": {
          "compression": "gzip",
          "source": "data:;base64,H4sIAAAAAAAC/7SPPcvCQBCE+/sVKdIm+76tkN5eO7HYXMY7ydexuwr+e4kfZ2EjgtXOMvAMzy6yxqOfJe3dxCOa9fMvNsbtgKIqypYVLD66JZxkaKJZ0hWRpLEWDGCF1plU+3mkA7pZmMpHfYZQ5pDe0A7Tcrrm34UUfITv77HH5ZOJkIJzL4HKoPZmsYXaTxyWtWzw97XBNQAA//9Dsu7agQEAAA=="
        },
-        "mode": 201
+        "mode": 420
+      },
+      {
+        "group": {
+          "name": "consul"
+        },
+        "path": "/etc/consul.d/consul.hcl",
+        "user": {
+          "name": "consul"
+        },
+        "contents": {
+          "compression": "gzip",
+          "source": "data:;base64,H4sIAAAAAAAC/1SPPU/DMBRFd/+KK7NSlZa2WzY+FhCtBAKEUPviPGK3yXNjvwD596hhgfWc4d5TkZJjUU4oYPdUNySTkpWsOaltFUYxjUeduii5b6xhcWk46okv75buQW79ZnV5/XTfrVUW+npVzl7oo23LzfdcVs/d+tDxTS4szvDoQ0bIIGR2iRXqSZF97JsKJaNm4UTKFb6Ceux+J3HgoWbZmcSahu0+BkGBt793J+3FzJ7jP1rM7bvJnD7HOk09m58AAAD//+J027nwAAAA"
+        },
+        "mode": 384
      }
    ]
  },
  "systemd": {
    "units": [
      {
-        "contents": "[Unit]\nDescription=Layer nomad \u0026 consul with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\n# We run before `zincati.service` to avoid conflicting rpm-ostree\n# transactions.\nBefore=zincati.service\nConditionPathExists=!/var/lib/%N.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\n# `--allow-inactive` ensures that rpm-ostree does not return an error\n# if the package is already installed. This is useful if the package is\n# added to the root image in a future Fedora CoreOS release as it will\n# prevent the service from failing.\nExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive nomad consul\nExecStart=/bin/touch /var/lib/%N.stamp\n\n[Install]\nWantedBy=multi-user.target",
+        "contents": "[Unit]\nDescription=Layer nomad \u0026 consul with rpm-ostree\nWants=network-online.target\nAfter=network-online.target\n# We run before `zincati.service` to avoid conflicting rpm-ostree\n# transactions.\nBefore=zincati.service\nConditionPathExists=!/var/lib/%N.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\n# `--allow-inactive` ensures that rpm-ostree does not return an error\n# if the package is already installed. This is useful if the package is\n# added to the root image in a future Fedora CoreOS release as it will\n# prevent the service from failing.\nExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive consul nomad\nExecStart=systemctl enable consul nomad\nExecStart=/bin/touch /var/lib/%N.stamp\nExecStart=systemctl reboot\n\n[Install]\nWantedBy=multi-user.target",
        "enabled": true,
        "name": "rpm-ostree-install-hashistack.service"
      }
--- a/1-coreos/1-prepare-ignition-files/readme.md
+++ b/1-coreos/1-prepare-ignition-files/readme.md
@@ -1,3 +1,3 @@
 1. Ensure butane is installed `dnf install butane`
 2. Compile butane files into ignition files
-    `butane --pretty --strict example.bu --output example.ign`
+    `butane --pretty --strict jaglan-beta-m42.bu --files-dir . --output jaglan-beta-m42.ign`
--- a/1-coreos/1-prepare-ignition-files/units/rpm-ostree-install-hashistack.service
+++ b/1-coreos/1-prepare-ignition-files/units/rpm-ostree-install-hashistack.service
@@ -14,8 +14,10 @@ RemainAfterExit=yes
 # if the package is already installed. This is useful if the package is
 # added to the root image in a future Fedora CoreOS release as it will
 # prevent the service from failing.
-ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive nomad consul
+ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive consul
+ExecStart=systemctl enable consul
 ExecStart=/bin/touch /var/lib/%N.stamp
+ExecStart=systemctl reboot

 [Install]
 WantedBy=multi-user.target