ansible-consul/tasks/main.yml

---
- name: Read bootstrapped state
  stat:
    path: "{{ consul_bootstrap_state }}"
  register: bootstrap_state
  ignore_errors: true


- name: Include OS-specific variables
  include_vars: "{{ item }}"
  with_first_found:
    - files:
        - "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
        - "{{ ansible_os_family }}.yml"

- name: install package
  package:
    name: "{{ consul_os_package }}"
    state: present
  when: ansible_architecture is not search('arm*')

- name: encure data dir exist
  file:
    state: directory
    owner: consul
    path: "{{ consul_data_dir }}"
    mode: 0755

- block:
    - block:
        - name: Check for gossip encryption key on previously boostrapped server
          slurp:
            src: "{{ consul_config_path }}/config.json"
          register: consul_config_b64
          ignore_errors: true
        - debug:
            msg: "{{consul_config_b64}}"
        - name: Deserialize existing configuration
          set_fact:
            consul_config: "{{ consul_config_b64.content | b64decode | from_json }}"
          when: consul_config_b64.content is defined and consul_config_b64.content != ""

        - name: Save gossip encryption key from existing configuration
          set_fact:
            consul_raw_key: "{{ consul_config.encrypt }}"
          when: consul_config is defined

      when:
        - consul_raw_key is not defined
        - bootstrap_state.stat.exists | bool
        - inventory_hostname in consul_servers_list

    # Key provided by extra vars or the above block
    - name: Write gossip encryption key locally for use with new servers
      copy:
        content: "{{ consul_raw_key }}"
        dest: '/tmp/consul_raw.key'
        mode: 0600
      become: false
      vars:
        ansible_become: false
      no_log: true
      delegate_to: localhost
      changed_when: false
      when: consul_raw_key is defined

    # Generate new key if none was found
    - block:
        - name: Generate gossip encryption key
          shell: "PATH={{ consul_bin_path }}:$PATH consul keygen"
          register: consul_keygen

        - name: Write key locally to share with other nodes
          copy:
            content: "{{ consul_keygen.stdout }}"
            dest: '/tmp/consul_raw.key'
          become: false
          vars:
            ansible_become: false
          delegate_to: localhost

      no_log: true
      run_once: true
      when:
        # if files '/tmp/consul_raw.key' exist
        - lookup('first_found', dict(files=['/tmp/consul_raw.key'], skip=true)) | ternary(false, true)
        - not bootstrap_state.stat.exists | bool

    - name: Read gossip encryption key for servers that require it
      set_fact:
        consul_raw_key: "{{ lookup('file', '/tmp/consul_raw.key') }}"
      no_log: true
      when:
        - consul_raw_key is not defined

    - name: Delete gossip encryption key file
      file:
        path: '/tmp/consul_raw.key'
        state: absent
      become: false
      vars:
        ansible_become: false
      run_once: true
      delegate_to: localhost
      changed_when: false
  #no_log: true
  when:
    - consul_encrypt_enable | bool

- name: apply config template
  block:
    - name: server template
      template:
        src: config.json.j2
        dest: "{{ consul_config_path}}/config.json"
        owner: consul
        mode: 0644
  notify: reload consul configuration

- name: configure backup
  block:
    - name: copy backup script
      copy:
        dest: "{{ consul_data_dir }}/cs-backup.sh"
        mode: 0744
        owner: consul
        src: cs-backup.sh
    - name: consul snaphot cron.d
      cron:
        name: consul backup
        user: consul
        state: present
        job: "{{ consul_data_dir }}/cs-backup.sh {{ consul_backup_location }}"
        hour: "{{consul_cron_hour}}"
  when: consul_snapshot

- name: ensure service is started
  systemd:
    name: "{{  consul_service_name }}"
    state: started
    enabled: True

- name: Create bootstrapped state file
  file:
    dest: "{{ consul_bootstrap_state }}"
    state: touch
    mode: 0600
  when: not bootstrap_state.stat.exists

- include_tasks: dnsmasq.yml
  when: consul_dnsmasq_enable | bool
first commit 2022-03-07 20:22:15 +00:00			`---`
manage gossip encryption key in role 2022-06-06 14:04:47 +00:00			`- name: Read bootstrapped state`
			`stat:`
			`path: "{{ consul_bootstrap_state }}"`
			`register: bootstrap_state`
			`ignore_errors: true`


build role 2022-03-08 20:07:38 +00:00			`- name: Include OS-specific variables`
			`include_vars: "{{ item }}"`
			`with_first_found:`
			`- files:`
			`- "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"`
			`- "{{ ansible_os_family }}.yml"`

			`- name: install package`
			`package:`
			`name: "{{ consul_os_package }}"`
			`state: present`
add dnsmasq 2022-04-03 18:39:52 +00:00			`when: ansible_architecture is not search('arm*')`
build role 2022-03-08 20:07:38 +00:00
add data-dir creation 2022-03-10 10:33:53 +00:00			`- name: encure data dir exist`
			`file:`
			`state: directory`
			`owner: consul`
			`path: "{{ consul_data_dir }}"`
change right 2022-03-11 09:56:14 +00:00			`mode: 0755`
add data-dir creation 2022-03-10 10:33:53 +00:00
manage gossip encryption key in role 2022-06-06 14:04:47 +00:00			`- block:`
			`- block:`
			`- name: Check for gossip encryption key on previously boostrapped server`
			`slurp:`
			`src: "{{ consul_config_path }}/config.json"`
			`register: consul_config_b64`
			`ignore_errors: true`
			`- debug:`
			`msg: "{{consul_config_b64}}"`
			`- name: Deserialize existing configuration`
			`set_fact:`
			`consul_config: "{{ consul_config_b64.content \| b64decode \| from_json }}"`
			`when: consul_config_b64.content is defined and consul_config_b64.content != ""`

			`- name: Save gossip encryption key from existing configuration`
			`set_fact:`
			`consul_raw_key: "{{ consul_config.encrypt }}"`
			`when: consul_config is defined`

			`when:`
			`- consul_raw_key is not defined`
			`- bootstrap_state.stat.exists \| bool`
			`- inventory_hostname in consul_servers_list`

			`# Key provided by extra vars or the above block`
			`- name: Write gossip encryption key locally for use with new servers`
			`copy:`
			`content: "{{ consul_raw_key }}"`
			`dest: '/tmp/consul_raw.key'`
			`mode: 0600`
			`become: false`
			`vars:`
			`ansible_become: false`
			`no_log: true`
			`delegate_to: localhost`
			`changed_when: false`
			`when: consul_raw_key is defined`

			`# Generate new key if none was found`
			`- block:`
			`- name: Generate gossip encryption key`
			`shell: "PATH={{ consul_bin_path }}:$PATH consul keygen"`
			`register: consul_keygen`

			`- name: Write key locally to share with other nodes`
			`copy:`
			`content: "{{ consul_keygen.stdout }}"`
			`dest: '/tmp/consul_raw.key'`
			`become: false`
			`vars:`
			`ansible_become: false`
			`delegate_to: localhost`

			`no_log: true`
			`run_once: true`
			`when:`
			`# if files '/tmp/consul_raw.key' exist`
			`- lookup('first_found', dict(files=['/tmp/consul_raw.key'], skip=true)) \| ternary(false, true)`
			`- not bootstrap_state.stat.exists \| bool`

			`- name: Read gossip encryption key for servers that require it`
			`set_fact:`
			`consul_raw_key: "{{ lookup('file', '/tmp/consul_raw.key') }}"`
			`no_log: true`
			`when:`
			`- consul_raw_key is not defined`

			`- name: Delete gossip encryption key file`
			`file:`
			`path: '/tmp/consul_raw.key'`
			`state: absent`
			`become: false`
			`vars:`
			`ansible_become: false`
			`run_once: true`
			`delegate_to: localhost`
			`changed_when: false`
			`#no_log: true`
			`when:`
			`- consul_encrypt_enable \| bool`

build role 2022-03-08 20:07:38 +00:00			`- name: apply config template`
			`block:`
			`- name: server template`
			`template:`
manage gossip encryption key in role 2022-06-06 14:04:47 +00:00			`src: config.json.j2`
			`dest: "{{ consul_config_path}}/config.json"`
build role 2022-03-08 20:07:38 +00:00			`owner: consul`
change right 2022-03-11 09:56:14 +00:00			`mode: 0644`
add reload 2022-03-12 10:17:02 +00:00			`notify: reload consul configuration`
add backup task 2022-03-12 14:44:06 +00:00
			`- name: configure backup`
			`block:`
			`- name: copy backup script`
			`copy:`
			`dest: "{{ consul_data_dir }}/cs-backup.sh"`
			`mode: 0744`
			`owner: consul`
			`src: cs-backup.sh`
			`- name: consul snaphot cron.d`
			`cron:`
			`name: consul backup`
			`user: consul`
			`state: present`
			`job: "{{ consul_data_dir }}/cs-backup.sh {{ consul_backup_location }}"`
			`hour: "{{consul_cron_hour}}"`
			`when: consul_snapshot`
manage gossip encryption key in role 2022-06-06 14:04:47 +00:00
build role 2022-03-08 20:07:38 +00:00			`- name: ensure service is started`
			`systemd:`
			`name: "{{ consul_service_name }}"`
			`state: started`
			`enabled: True`
add dnsmasq 2022-04-03 18:39:52 +00:00
manage gossip encryption key in role 2022-06-06 14:04:47 +00:00			`- name: Create bootstrapped state file`
			`file:`
			`dest: "{{ consul_bootstrap_state }}"`
			`state: touch`
			`mode: 0600`
			`when: not bootstrap_state.stat.exists`

add dnsmasq 2022-04-03 18:39:52 +00:00			`- include_tasks: dnsmasq.yml`
			`when: consul_dnsmasq_enable \| bool`