An Ansible role to deploy Hashicorp Consul on supported platforms, following the Datacenter deploy guide. This role is intended to provision a base image configured to provision the Consul security assets (gossip key and CA) from a secure storage in a Vault instance.
Using this role you can provision an image for a server and agent respectively, and then use those images to launch instances to bootstrap the cluster and auto join nodes.
This role provisions:
- Consul itself, agent and server mode
- Other necessary tools (
consul-template,vault) - Consul TLS and gossip secrets read from Vault
The role is designed to use vault agent to template the consul configuration files.
There is experimental support for joining wifi networks.
This role requires a working Vault instance with TLS secrets and gossip keys in a given path. Machines are configured to authenticate to Vault with an Approle Role ID.
This role can be applied to virtual machines, physical machines and docker containers. Support for OCI containers will come as soon as I can figure out a reliable way of detecting whether we are in an arbitrary kind of container.
See defaults/main.yml for default variables.
No dependencies on other roles.
For an example playbook see .github/build/playbook.yml.
An example Packer template which builds the images is in .github/build/consul.pkr.hcl.
MIT
@brucellino brucellino@proton.me