26 lines
963 B
Text
26 lines
963 B
Text
|
#!/usr/bin/env bash
|
||
|
|
||
|
SCRIPT "${JOBFILE_DIR}/common.sh";
|
||
|
|
||
|
COPY "../consul/server.hcl" "/tmp/server.hcl"
|
||
|
|
||
|
RUN "sudo mv /tmp/server.hcl /etc/consul/server.hcl";
|
||
|
RUN "sudo chown root:root /etc/consul/server.hcl";
|
||
|
RUN "sudo apt-get update";
|
||
|
RUN "sudo apt-get install --yes hashicorp-consul-systemd-server";
|
||
|
|
||
|
# TODO: Restrict these to the wesher subnet, and add 8500/tcp (the HTTP API)
|
||
|
# TODO: Do that for Nomad too
|
||
|
# RUN "sudo ufw allow 8301 comment consul-serf-lan";
|
||
|
# RUN "sudo ufw allow 8300/tcp comment consul-rpc";
|
||
|
# RUN "sudo ufw allow 8600 comment consul-dns";
|
||
|
|
||
|
# Commented out since we're now running over wgoverlay & allowing all traffic on that interface because dynamic ports
|
||
|
# Delete old ufw rules
|
||
|
RUN "sudo ufw delete allow 8301 comment consul-serf-lan";
|
||
|
RUN "sudo ufw delete allow 8300/tcp comment consul-rpc";
|
||
|
RUN "sudo ufw delete allow 8600 comment consul-dns";
|
||
|
|
||
|
RUN "sudo systemctl enable consul.service";
|
||
|
RUN "sudo systemctl restart consul.service";
|