- args := []string{
- "agent",
- "-server",
- "-datacenter=" + cfg.SiteID,
- "-dns-port=" + fmt.Sprintf("%d", cfg.Ports.ConsulDNS),
- "-http-port=" + fmt.Sprintf("%d", cfg.Ports.ConsulHTTP),
- "-serf-lan-bind=0.0.0.0:" + fmt.Sprintf("%d", cfg.Ports.ConsulSerfLAN),
- "-serf-wan-bind=0.0.0.0:" + fmt.Sprintf("%d", cfg.Ports.ConsulSerfWAN),
- "-data-dir", dataDir,
- "-bootstrap-expect", fmt.Sprintf("%d", len(cfg.ControlHosts))}
- supervisor := newSupervisor(ctx, "consul", bin, args...)
+ args := []string{"agent"}
+ {
+ cf := path.Join(cfg.DataDir, "consul-encrypt.json")
+ if _, err := os.Stat(cf); err != nil && !os.IsNotExist(err) {
+ return err
+ } else if err != nil {
+ key, err := exec.Command(bin, "keygen").CombinedOutput()
+ if err != nil {
+ return err
+ }
+ if err = atomicWriteJSON(cf, map[string]interface{}{
+ "encrypt": strings.TrimSpace(string(key)),
+ }, 0400); err != nil {
+ return err
+ }
+ }
+ args = append(args, "-config-file="+cf)
+ }
+ {
+ cf := path.Join(cfg.DataDir, "consul-ports.json")
+ err = atomicWriteJSON(cf, map[string]interface{}{
+ "client_addr": "0.0.0.0",
+ "bootstrap_expect": len(cfg.ControlHosts),
+ "data_dir": dataDir,
+ "datacenter": cfg.SiteID,
+ "server": true,
+ "ui": true,
+ "ports": map[string]int{
+ "dns": cfg.Ports.ConsulDNS,
+ "http": cfg.Ports.ConsulHTTP,
+ "https": cfg.Ports.ConsulHTTPS,
+ "rpc": cfg.Ports.ConsulRPC,
+ "serf_lan": cfg.Ports.ConsulSerfLAN,
+ "serf_wan": cfg.Ports.ConsulSerfWAN,
+ "server": cfg.Ports.ConsulServer,
+ },
+ }, 0644)
+ if err != nil {
+ return err
+ }
+ args = append(args, "-config-file="+cf)
+ }
+ supervisor := newSupervisor(ctx, "arvados-consul", bin, args...)