--- - name: Read bootstrapped state stat: path: "{{ consul_bootstrap_state }}" register: bootstrap_state ignore_errors: true - name: Include OS-specific variables include_vars: "{{ item }}" with_first_found: - files: - "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml" - "{{ ansible_os_family }}.yml" - name: add hashicorp repo get_url: url: "https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo" dest: '/etc/yum.repos.d/hashicorp.repo' owner: root group: root mode: 0644 when: ansible_os_family == "RedHat" - name: install package package: name: "{{ consul_os_package }}" state: present when: ansible_architecture is not search('arm*') - name: encure data dir exist file: state: directory owner: consul path: "{{ consul_data_dir }}" mode: 0755 - block: - block: - name: Check for gossip encryption key on previously boostrapped server slurp: src: "{{ consul_config_path }}/config.json" register: consul_config_b64 ignore_errors: true - debug: msg: "{{consul_config_b64}}" - name: Deserialize existing configuration set_fact: consul_config: "{{ consul_config_b64.content | b64decode | from_json }}" when: consul_config_b64.content is defined and consul_config_b64.content != "" - name: Save gossip encryption key from existing configuration set_fact: consul_raw_key: "{{ consul_config.encrypt }}" when: consul_config is defined when: - consul_raw_key is not defined - bootstrap_state.stat.exists | bool - inventory_hostname in consul_servers_list # Key provided by extra vars or the above block - name: Write gossip encryption key locally for use with new servers copy: content: "{{ consul_raw_key }}" dest: '/tmp/consul_raw.key' mode: 0600 become: false vars: ansible_become: false no_log: true delegate_to: localhost changed_when: false when: consul_raw_key is defined # Generate new key if none was found - block: - name: Generate gossip encryption key shell: "PATH={{ consul_bin_path }}:$PATH consul keygen" register: consul_keygen - name: Write key locally to share with other nodes copy: content: "{{ consul_keygen.stdout }}" dest: '/tmp/consul_raw.key' become: false vars: ansible_become: false delegate_to: localhost no_log: true run_once: true when: # if files '/tmp/consul_raw.key' exist - lookup('first_found', dict(files=['/tmp/consul_raw.key'], skip=true)) | ternary(false, true) - not bootstrap_state.stat.exists | bool - name: Read gossip encryption key for servers that require it set_fact: consul_raw_key: "{{ lookup('file', '/tmp/consul_raw.key') }}" no_log: true when: - consul_raw_key is not defined - name: Delete gossip encryption key file file: path: '/tmp/consul_raw.key' state: absent become: false vars: ansible_become: false run_once: true delegate_to: localhost changed_when: false #no_log: true when: - consul_encrypt_enable | bool - name: apply config template block: - name: server template template: src: config.json.j2 dest: "{{ consul_config_path}}/config.json" owner: consul mode: 0644 notify: reload consul configuration - name: configure backup block: - name: copy backup script copy: dest: "{{ consul_data_dir }}/cs-backup.sh" mode: 0744 owner: consul src: cs-backup.sh - name: consul snaphot cron.d cron: name: consul backup user: consul state: present job: "{{ consul_data_dir }}/cs-backup.sh {{ consul_backup_location }}" hour: "{{consul_cron_hour}}" when: consul_snapshot - name: ensure service is started systemd: name: "{{ consul_service_name }}" state: started enabled: True - name: Create bootstrapped state file file: dest: "{{ consul_bootstrap_state }}" state: touch mode: 0600 when: not bootstrap_state.stat.exists - include_tasks: dnsmasq.yml when: consul_dnsmasq_enable | bool