running both versions

1. Consul Prepared Queries

We have now to update our Prepared Queries because we also want queries to be routed on the new service.

  1. How Prepared Queries works

    Prepared Queries allow you to find services that:

    • has all the tags you supplied: it is not possible to make a logical “OR”
    • has not the tags you prefixed with “!”

    So, to find the socat services with the tags “1.0.0” or “2.0.0”, we have to update our Prepared Query with a query that looks like: “!0.0.0”

    That’s why there are 2 inventories/demo/extra_vars_terraform_echo_green.yml files:

    • one with the new version: “_one.yml”
    • one accepting all versions: “_all.yml”
  2. Update the Prepared Query

    To execute Ansible, you will need to replace the following Ansible extra-vars parameters:

    • my_vault_secrets_admin_password: this is the password of the a-deploy-echo-secret user
    [bastion] (ansible_virtualenv) ~/ansible_playbooks/echo
    $ cd ../infrasecrets
    [bastion] (ansible_virtualenv) ~/ansible_playbooks/infrasecrets
    $ ansible-playbook BASTION_configs_consul.yml \
    -i inventories/demo/hosts_infrasecrets.lst \
    -D --force-handlers \
    -e @inventories/demo/extra_vars_terraform_echo_socat_green_all.yml \
    -e "my_vault_secrets_admin_username=a-deploy-echo-secret" \
    -e "my_vault_secrets_admin_password=CHANGE_WITH_DEPLOY_ECHO_SECRET_PASSWORD" \
    -e "my_vault_secrets_admin_consul_role_name=vault-policy-echo-prepared-query" \
    -t Project::infrasecrets::consul::login \
    -t Project::infrasecrets::consul::prepared_queries \
    -l consul_server

2. Check the service

You can now check that both versions are running.

On your workstation, just launch:

[workstation] ~/
$ nc 8181

Some more couple of times: On your workstation, just launch:

[workstation] ~/
$ nc 8181

3. Next page!

We can now run only the new version.