puppet-seed_stack/manifests/consul_dns.pp at develop · praekeltfoundation/puppet-seed_stack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
# == Class: seed_stack::consul_dns
#
# Simplifies the installation of Consul with Dnsmasq. Makes it possible to look
# up Consul services via standard DNS - i.e. `dig marathon.service.consul.`
# on the host should work. Also the easiest way to add a node to the Consul
# cluster.
#
# === Parameters
#
# [*consul_version*]
#   The version of Consul to install.
#
# [*server*]
#   Whether or not this node is a Consul server.
#
# [*join*]
#   A list of nodes in the Consul cluster that Consul should attempt to join
#   when starting up.
#
# [*advertise_addr*]
#   The address for Consul to use when advertising services on this node. Also
#   used for the Dnsmasq host alias.
#
# [*client_addr*]
#   The address Consul should use to expose the client. i.e. Consul's listen
#   address.
#
# [*domain*]
#   The domain of addresses that Consul should provide and should be used for
#   for DNS lookups.
#
# [*encrypt*]
#   The encryption key for the Consul cluster.
#
# [*bootstrap_expect*]
#   The number of expected server nodes in the Consul cluster. Consul will wait
#   for this number of servers to be present before bootstrapping the cluster.
#   This parameter is not valid for non-server nodes.
#
# [*ui*]
#   Whether or not to enable the Consul web UI. FIXME: Setting this false
#   doesn't seem to disable the UI. Consul 0.6.1 bug? See #7.
#
# [*recursors*]
#   List of upstream DNS servers to ask about names that Consul isn't
#   authoritative for. By default, this only contains localhost so Consul can
#   resolve the targets of CNAME records and include them in its answer.
#   (Without this, the client would have to make extra queries, and way too
#   many clients give up instead.)
#
# [*resources*]
#   A hash of hashes that define Consul resources that can be configured
#   statically. Valid keys are 'services', 'watches', 'checks', and 'acls'.
#   These will be created as consul::service, consul::watch, consul::check, and
#   consul_acl resources, respectively.
#
# [*dnsmasq_ensure*]
#   The ensure value for the Dnsmasq package.
#
# [*dnsmasq_host_alias*]
#   An alias for the host (advertise) address that Dnsmasq will serve. This
#   should match the domain for the Nginx service router if one is being used.
#
# [*dnsmasq_opts*]
#   A hash of extra options to configure Dnsmasq with. e.g.
#   { 'listen-address' => $::ipaddress_lo, }.
class seed_stack::consul_dns (
  $advertise_addr,
  $join,
  $consul_version     = $seed_stack::params::consul_version,
  $server             = false,
  $client_addr        = $seed_stack::params::consul_client_addr,
  $domain             = $seed_stack::params::consul_domain,
  $encrypt            = undef,
  $bootstrap_expect   = undef,
  $ui                 = true,
  $recursors          = [$::ipaddress_lo],
  $resources          = {},

  $dnsmasq_ensure     = $seed_stack::params::dnsmasq_ensure,
  $dnsmasq_host_alias = $seed_stack::params::router_domain,
  $dnsmasq_opts       = {},
) inherits seed_stack::params {
  validate_bool($server)
  validate_array($join)
  validate_ip_address($advertise_addr)
  validate_ip_address($client_addr)
  validate_bool($ui)
  validate_array($recursors)
  validate_hash($resources)
  validate_hash($dnsmasq_opts)

  if $bootstrap_expect != undef {
    if $server {
      validate_integer($bootstrap_expect, undef, 1) # Ensure >= 1
    } else {
      fail('"bootstrap_expect" is an invalid parameter for client Consul nodes.')
    }
  }

  # Consul
  # ------

  $base_config_hash = {
    'server'         => $server,
    'data_dir'       => '/var/lib/consul',
    'log_level'      => 'INFO',
    'advertise_addr' => $advertise_addr,
    'client_addr'    => $client_addr,
    'retry_join'     => $join,
    'domain'         => $domain,
    'encrypt'        => $encrypt,
    'ui'             => $ui,
    'recursors'      => $recursors,
  }

  if $server {
    $extra_config_hash = { 'bootstrap_expect' => $bootstrap_expect }
  } else {
    $extra_config_hash = {}
  }

  $config_hash = merge($base_config_hash, $extra_config_hash)

  class { 'consul':
    version     => $consul_version,
    config_hash => $config_hash,
    services    => $resources['services'],
    watches     => $resources['watches'],
    checks      => $resources['checks'],
    acls        => $resources['acls'],
    require     => Package['unzip'],
  }

  if ! defined(Package['unzip']) {
    package { 'unzip':
      ensure => installed,
    }
  }

  $dnsmasq_client_addr = $client_addr ? {
    '0.0.0.0' => $::ipaddress_lo,
    default   => $client_addr,
  }

  # Dnsmasq
  # -------
  $dnsmasq_base_opts = {
    'cache-size'  => '0',
    'server'      => "/${domain}/${dnsmasq_client_addr}#8600",
    'host-record' => "${dnsmasq_host_alias},${advertise_addr}",
  }
  $dnsmasq_final_opts = merge($dnsmasq_base_opts, $dnsmasq_opts)
  $dnsmasq_config = join(join_keys_to_values($dnsmasq_final_opts, '='), "\n")

  package { 'dnsmasq':
    ensure => $dnsmasq_ensure,
  }
  ->
  file { '/etc/dnsmasq.d/consul':
    content => $dnsmasq_config,
  }
  ~>
  service { 'dnsmasq': }
}