Update Consul to v1.0.1

2017-12-06 18:18:03 -07:00 · 2017-12-06 18:18:03 -07:00 · 2aef6c198b
commit 2aef6c198b
parent a9d6566be5
4 changed files with 166 additions and 1 deletions
--- a/templates/consul/2/README.md
+++ b/templates/consul/2/README.md
@ -0,0 +1,32 @@
+# Consul Cluster
+
+
+### Info:
+
+ This template creates 3 Consul nodes that uses RPC encryption with TLS and gossip encryption to secure connection between consul cluster nodes, configuration is generated with confd from Rancher metadata.
+
+ TLS is used to verify the authenticity of the servers and the clients using the verify_incoming and verify_outgoing options.
+
+ The variables used in this template include:
+
+- Certificates and keys for Consul nodes.
+- CA certificate.
+- 16-bytes, Base64 encoded gossip encryption key.
+- Web UI option.
+- ACL options.
+
+
+The templates uses two Docker images one as the main image and the other one is the sidekick:
+
+- consul.
+- [consul-config](https://github.com/galal-hussein/consul-config).
+
+### Usage:
+
+ Select Consul from catalog.
+
+ Enter the certificates and keys for consul nodes, ca certificates, and the encryption key.
+
+ Click deploy.
+
+ The consul nodes will be bound to the Rancher managed network IPs.
--- a/templates/consul/2/docker-compose.yml.tpl
+++ b/templates/consul/2/docker-compose.yml.tpl
@ -0,0 +1,41 @@
+consul-base:
+  image: consul:1.0.1
+  entrypoint:
+    - /opt/rancher/bin/start_consul.sh
+  net: "container:consul"
+  labels:
+    io.rancher.container.hostname_override: container_name
+  volumes_from:
+    - consul-data
+consul-data:
+  image: alpine:latest
+  entrypoint:
+    - /bin/true
+  labels:
+    io.rancher.container.hostname_override: container_name
+    io.rancher.container.start_once: true
+  volumes:
+    - /var/consul
+    - /opt/rancher/bin
+    - /opt/rancher/ssl
+    - /opt/rancher/config
+  net: none
+consul:
+  image: husseingalal/consul-config:0.1.2
+  labels:
+    io.rancher.container.hostname_override: container_name
+    io.rancher.sidekicks: consul-base,consul-data
+  volumes_from:
+    - consul-data
+{{- if eq .Values.ui "true"}}
+consul-lb:
+  ports:
+  - 8500:8500/tcp
+  expose:
+  - 8500:8500/tcp
+  tty: true
+  image: rancher/load-balancer-service
+  links:
+  - consul:consul-base
+  stdin_open: true
+{{- end }}
--- a/templates/consul/2/rancher-compose.yml
+++ b/templates/consul/2/rancher-compose.yml
@ -0,0 +1,92 @@
+.catalog:
+  name: "Consul"
+  description: "Secure Consul cluster"
+  version: "1.0.1-rancher1"
+  uuid: consul-0
+  questions:
+    - variable: ca_crt
+      label: "CA certificate"
+      type: "multiline"
+      required: true
+    - variable: consul1_key
+      label: "First consul key"
+      type: "multiline"
+      required: true
+    - variable: consul1_crt
+      label: "First consul certificate"
+      type: "multiline"
+      required: true
+    - variable: consul2_key
+      label: "Second consul key"
+      type: "multiline"
+      required: true
+    - variable: consul2_crt
+      label: "Second consul certificate"
+      type: "multiline"
+      required: true
+    - variable: consul3_key
+      label: "Third consul key"
+      type: "multiline"
+      required: true
+    - variable: consul3_crt
+      label: "Third consul certificate"
+      type: "multiline"
+      required: true
+    - variable: gossip_key
+      label: "Communication gossip key"
+      type: "multiline"
+      required: true
+    - variable: enable_acl
+      label: "ACL Access"
+      type: "boolean"
+      required: true
+      default: false
+    - variable: acl_default_policy
+      label: "ACL Default Policy"
+      type: "enum"
+      options:
+        - "allow"
+        - "deny"
+      default: "allow"
+      required: true
+    - variable: acl_down_policy
+      label: "ACL Down Policy"
+      type: "enum"
+      options:
+        - "allow"
+        - "deny"
+      default: "allow"
+      required: true
+    - variable: acl_master_token
+      label: "ACL Master Token"
+      type: "string"
+      default: ""
+      required: false
+    - variable: ui
+      label: "Enable UI"
+      type: "boolean"
+      default: false
+      required: true
+consul:
+  scale: 3
+  metadata:
+    ca.crt: |
+            ${ca_crt}
+    consul1.crt: |
+            ${consul1_crt}
+    consul1.key: |
+            ${consul1_key}
+    consul2.crt: |
+            ${consul2_crt}
+    consul2.key: |
+            ${consul2_key}
+    consul3.crt: |
+            ${consul3_crt}
+    consul3.key: |
+            ${consul3_key}
+    enc.key: "${gossip_key}"
+    acl.enabled: "${enable_acl}"
+    acl.default_policy: "${acl_default_policy}"
+    acl.down_policy: "${acl_down_policy}"
+    acl.master_token: "${acl_master_token}"
+    ui.enabled: ${ui}
--- a/templates/consul/config.yml
+++ b/templates/consul/config.yml
@ -1,5 +1,5 @@
 name: Consul Cluster
 description: |
  Consul cluster
-version: 0.8-rancher1
+version: 1.0.1-rancher1
 category: Clustering