linting

defaults/main.yml

@@ -1,25 +1,25 @@
 ---
 # defaults file for ansible-consul
 consul_bin_path: "/usr/local/bin"
-consul_server: True
+consul_server: true
-consul_ui: True
+consul_ui: true
 consul_config_path: "/etc/consul.d"
 consul_bootstrap_state: "{{ consul_config_path }}/.consul_bootstrapped"
 consul_iface: "{{ ansible_default_ipv4.interface }}"
-consul_bind_address: "{{ hostvars[inventory_hostname]['ansible_'+ consul_iface | replace('-', '_')]['ipv4']['address']}}"
+consul_bind_address: "{{ hostvars[inventory_hostname]['ansible_' + consul_iface | replace('-', '_')]['ipv4']['address'] }}"
 consul_client_addr: "127.0.0.1"
-consul_bootstrap: False
+consul_bootstrap: false
 consul_domain: "consul"
 consul_data_dir: "/opt/consul"
 consul_datacenter: "dc1"
-consul_encrypt_enable: True
+consul_encrypt_enable: true
 consul_ansible_group: "consul"
 consul_servers_list: "\
   {% set _consul_servers_list = [] %}\
   {% for host in groups[consul_ansible_group] %}\
-  {% set _consul_server = hostvars[host]['consul_server']|default(true,true) %}\
+  {% set _consul_server = hostvars[host]['consul_server'] | default(true, true) %}\
-  {% if ( _consul_server == True) %}\
+  {% if (_consul_server == True) %}\
-  {% if _consul_servers_list.append(host) %}{% endif %}\
+  {% if _consul_servers_list.append(host) %} {% endif %}\
   {% endif %}\
   {% endfor %}\
   {{ _consul_servers_list }}"
@@ -31,5 +31,5 @@ consul_snapshot: false
 consul_backup_location: ""
 consul_cron_hour: 1
 consul_retry_join_force:
-consul_dnsmasq_enable: False
+consul_dnsmasq_enable: false
-consul_systemd_resolved_enable: False
+consul_systemd_resolved_enable: false

tasks/dnsmasq.yml

@@ -1,42 +1,42 @@
 ---
 - name: Install Dnsmasq package
-  package:
+  ansible.builtin.package:
     name: "{{ dnsmasq_package }}"
     state: present
 
 - name: Create Dnsmasq configuration directory
-  file:
+  ansible.builtin.file:
     path: /etc/dnsmasq.d
     state: directory
     owner: root
     group: root
-    mode: 0700
+    mode: "0700"
 
 - name: Create Dnsmasq configuration
-  template:
+  ansible.builtin.template:
     src: dnsmasq-10-consul.j2
     dest: /etc/dnsmasq.d/10-consul.conf
     owner: root
     group: root
-    mode: 0644
+    mode: "0644"
   notify: restart dnsmasq
 
 - name: Disable systemd-resolved
   when: ansible_service_mgr == "systemd"
   block:
     - name: Disable systemd-resolved service
-      service:
+      ansible.builtin.service:
         name: systemd-resolved
         enabled: false
         state: stopped
 
     - name: Check if resolv.conf is pointing to systemd-resolved
-      stat:
+      ansible.builtin.stat:
         path: /etc/resolv.conf
       register: resolv_dot_conf
 
     - name: Remove resolv.conf association with systemd-resolved
-      file:
+      ansible.builtin.file:
         src: /run/resolvconf/resolv.conf
         path: /etc/resolv.conf
         state: link
@@ -44,8 +44,8 @@
         - resolv_dot_conf.stat.islnk
         - 'resolv_dot_conf.stat.link_source == "/run/systemd/resolve/stub-resolv.conf"'
 
-- name: ensure DNSmasq is started
+- name: Ensure DNSmasq is started
-  service:
+  ansible.builtin.service:
     name: dnsmasq
     state: started
     enabled: true

tasks/main.yml

@@ -1,81 +1,86 @@
 ---
 - name: Read bootstrapped state
-  stat:
+  ansible.builtin.stat:
     path: "{{ consul_bootstrap_state }}"
   register: bootstrap_state
   ignore_errors: true
 
 
 - name: Include OS-specific variables
-  include_vars: "{{ item }}"
+  ansible.builtin.include_vars: "{{ item }}"
   with_first_found:
     - files:
         - "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
         - "{{ ansible_os_family }}.yml"
-- name: add hashicorp repo
+- name: Add hashicorp repo
-  get_url:
+  ansible.builtin.get_url:
     url: "https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo"
     dest: '/etc/yum.repos.d/hashicorp.repo'
     owner: root
     group: root
-    mode: 0644
+    mode: "0644"
   when: ansible_os_family == "RedHat"
 - name: Add an Apt signing key, uses whichever key is at the URL
-  apt_key:
+  ansible.builtin.apt_key:
     url: "{{ consul_repo_url }}/gpg"
     state: present
   when: "ansible_os_family|lower == 'debian'"
 
 - name: Add Debian/Ubuntu Linux repository
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "deb {{ consul_repo_url }} {{ ansible_distribution_release }} main"
     state: present
     update_cache: true
   when: "ansible_os_family|lower == 'debian'"
 
-- name: install package
+- name: Install package
-  package:
+  ansible.builtin.package:
     name: "{{ consul_os_package }}"
     state: present
   when: ansible_architecture is not search('aarch*')
 
-- name: encure data dir exist
+- name: Encure data dir exist
-  file:
+  ansible.builtin.file:
     state: directory
     owner: consul
     path: "{{ consul_data_dir }}"
-    mode: 0755
+    mode: "0755"
-
-- block:
-    - block:
-        - name: Check for gossip encryption key on previously boostrapped server
-          slurp:
-            src: "{{ consul_config_path }}/config.json"
-          register: consul_config_b64
-          ignore_errors: true
-        - debug:
-            msg: "{{consul_config_b64}}"
-        - name: Deserialize existing configuration
-          set_fact:
-            consul_config: "{{ consul_config_b64.content | b64decode | from_json }}"
-          when: consul_config_b64.content is defined and consul_config_b64.content != ""
-
-        - name: Save gossip encryption key from existing configuration
-          set_fact:
-            consul_raw_key: "{{ consul_config.encrypt }}"
-          when: consul_config is defined
 
+- name: Manage encrypt key
+  when:
+    - consul_encrypt_enable | bool
+  block:
+    - name: Check encrypt key in config file
       when:
         - consul_raw_key is not defined
         - bootstrap_state.stat.exists | bool
         - inventory_hostname in consul_servers_list
+      block:
+        - name: Check for gossip encryption key on previously boostrapped server
+          ansible.builtin.slurp:
+            src: "{{ consul_config_path }}/config.json"
+          register: consul_config_b64
+          ignore_errors: true
+        - name: Print config
+          ansible.builtin.debug:
+            msg: "{{ consul_config_b64 }}"
+        - name: Deserialize existing configuration
+          ansible.builtin.set_fact:
+            consul_config: "{{ consul_config_b64.content | b64decode | from_json }}"
+          when: consul_config_b64.content is defined and consul_config_b64.content != ""
+
+        - name: Save gossip encryption key from existing configuration
+          ansible.builtin.set_fact:
+            consul_raw_key: "{{ consul_config.encrypt }}"
+          when: consul_config is defined
+
 
     # Key provided by extra vars or the above block
     - name: Write gossip encryption key locally for use with new servers
-      copy:
+      ansible.builtin.copy:
         content: "{{ consul_raw_key }}"
         dest: '/tmp/consul_raw.key'
-        mode: 0600
+        mode: "0600"
       become: false
       vars:
         ansible_become: false
@@ -84,37 +89,37 @@
       changed_when: false
       when: consul_raw_key is defined
 
-    # Generate new key if none was found
+    - name: Generate new key if none was found
-    - block:
-        - name: Generate gossip encryption key
-          shell: "PATH={{ consul_bin_path }}:$PATH consul keygen"
-          register: consul_keygen
-
-        - name: Write key locally to share with other nodes
-          copy:
-            content: "{{ consul_keygen.stdout }}"
-            dest: '/tmp/consul_raw.key'
-          become: false
-          vars:
-            ansible_become: false
-          delegate_to: localhost
-
       no_log: true
       run_once: true
       when:
         # if files '/tmp/consul_raw.key' exist
         - lookup('first_found', dict(files=['/tmp/consul_raw.key'], skip=true)) | ternary(false, true)
         - not bootstrap_state.stat.exists | bool
+      block:
+        - name: Generate gossip encryption key
+          ansible.builtin.shell: "PATH={{ consul_bin_path }}:$PATH consul keygen"
+          register: consul_keygen
+          changed_when: false
 
+        - name: Write key locally to share with other nodes
+          ansible.builtin.copy:
+            content: "{{ consul_keygen.stdout }}"
+            dest: '/tmp/consul_raw.key'
+            mode: "0600"
+          become: false
+          vars:
+            ansible_become: false
+          delegate_to: localhost
     - name: Read gossip encryption key for servers that require it
-      set_fact:
+      ansible.builtin.set_fact:
         consul_raw_key: "{{ lookup('file', '/tmp/consul_raw.key') }}"
       no_log: true
       when:
         - consul_raw_key is not defined
 
     - name: Delete gossip encryption key file
-      file:
+      ansible.builtin.file:
         path: '/tmp/consul_raw.key'
         state: absent
       become: false
@@ -123,62 +128,58 @@
       run_once: true
       delegate_to: localhost
       changed_when: false
-  #no_log: true
-  when:
-    - consul_encrypt_enable | bool
 
-- name: delete hcl config file
+- name: Delete hcl config file
-  file:
+  ansible.builtin.template:
-    path: "{{consul_config_path}}/consul.hcl"
+    src: consul.hcl.j2
-    state: absent
+    dest: "{{ consul_config_path }}/consul.hcl"
-  become : true
+    owner: consul
-- name: Creating a file with content
+    mode: "0644"
-  copy:
+  become: true
-    dest:  "{{consul_config_path}}/consul.hcl"
+- name: Apply config template
-    content: "{}"
-- name: apply config template
-  block:
-    - name: server template
-      template:
-        src: config.json.j2
-        dest: "{{ consul_config_path}}/config.json"
-        owner: consul
-        mode: 0644
   notify: reload consul configuration
-
-- name: configure backup
   block:
-    - name: copy backup script
+    - name: Server template
-      copy:
+      ansible.builtin.template:
+        src: config.json.j2
+        dest: "{{ consul_config_path }}/config.json"
+        owner: consul
+        mode: "0644"
+
+- name: Configure backup
+  when: consul_snapshot
+  block:
+    - name: Copy backup script
+      ansible.builtin.copy:
         dest: "{{ consul_data_dir }}/cs-backup.sh"
-        mode: 0744
+        mode: "0744"
         owner: consul
         src: cs-backup.sh
-    - name: consul snaphot cron.d
+    - name: Consul snaphot cron.d
-      cron:
+      ansible.builtin.cron:
         name: consul backup
         user: consul
         state: present
         job: "{{ consul_data_dir }}/cs-backup.sh {{ consul_backup_location }}"
-        hour: "{{consul_cron_hour}}"
+        hour: "{{ consul_cron_hour }}"
-  when: consul_snapshot
 
-- name: ensure service is started
+- name: Ensure service is started
-  systemd:
+  ansible.builtin.systemd:
     name: "{{  consul_service_name }}"
     state: started
-    enabled: True
+    enabled: true
 
 - name: Create bootstrapped state file
-  file:
+  ansible.builtin.file:
     dest: "{{ consul_bootstrap_state }}"
     state: touch
-    mode: 0600
+    mode: "0600"
   when: not bootstrap_state.stat.exists
 
-- include_tasks: dnsmasq.yml
+- name: Include dnsmasq
+  ansible.builtin.include_tasks: dnsmasq.yml
   when: consul_dnsmasq_enable | bool
 
-- name: include systemd-resolved
+- name: Include systemd-resolved
   ansible.builtin.include_tasks: systemd-resolved.yml
   when: consul_systemd_resolved_enable

templates/consul.hcl.j2

@@ -0,0 +1 @@
+{}