152 lines
4.1 KiB
YAML
152 lines
4.1 KiB
YAML
---
|
|
- name: Read bootstrapped state
|
|
stat:
|
|
path: "{{ consul_bootstrap_state }}"
|
|
register: bootstrap_state
|
|
ignore_errors: true
|
|
|
|
|
|
- name: Include OS-specific variables
|
|
include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- files:
|
|
- "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
|
|
- "{{ ansible_os_family }}.yml"
|
|
|
|
- name: install package
|
|
package:
|
|
name: "{{ consul_os_package }}"
|
|
state: present
|
|
when: ansible_architecture is not search('arm*')
|
|
|
|
- name: encure data dir exist
|
|
file:
|
|
state: directory
|
|
owner: consul
|
|
path: "{{ consul_data_dir }}"
|
|
mode: 0755
|
|
|
|
- block:
|
|
- block:
|
|
- name: Check for gossip encryption key on previously boostrapped server
|
|
slurp:
|
|
src: "{{ consul_config_path }}/config.json"
|
|
register: consul_config_b64
|
|
ignore_errors: true
|
|
- debug:
|
|
msg: "{{consul_config_b64}}"
|
|
- name: Deserialize existing configuration
|
|
set_fact:
|
|
consul_config: "{{ consul_config_b64.content | b64decode | from_json }}"
|
|
when: consul_config_b64.content is defined and consul_config_b64.content != ""
|
|
|
|
- name: Save gossip encryption key from existing configuration
|
|
set_fact:
|
|
consul_raw_key: "{{ consul_config.encrypt }}"
|
|
when: consul_config is defined
|
|
|
|
when:
|
|
- consul_raw_key is not defined
|
|
- bootstrap_state.stat.exists | bool
|
|
- inventory_hostname in consul_servers_list
|
|
|
|
# Key provided by extra vars or the above block
|
|
- name: Write gossip encryption key locally for use with new servers
|
|
copy:
|
|
content: "{{ consul_raw_key }}"
|
|
dest: '/tmp/consul_raw.key'
|
|
mode: 0600
|
|
become: false
|
|
vars:
|
|
ansible_become: false
|
|
no_log: true
|
|
delegate_to: localhost
|
|
changed_when: false
|
|
when: consul_raw_key is defined
|
|
|
|
# Generate new key if none was found
|
|
- block:
|
|
- name: Generate gossip encryption key
|
|
shell: "PATH={{ consul_bin_path }}:$PATH consul keygen"
|
|
register: consul_keygen
|
|
|
|
- name: Write key locally to share with other nodes
|
|
copy:
|
|
content: "{{ consul_keygen.stdout }}"
|
|
dest: '/tmp/consul_raw.key'
|
|
become: false
|
|
vars:
|
|
ansible_become: false
|
|
delegate_to: localhost
|
|
|
|
no_log: true
|
|
run_once: true
|
|
when:
|
|
# if files '/tmp/consul_raw.key' exist
|
|
- lookup('first_found', dict(files=['/tmp/consul_raw.key'], skip=true)) | ternary(false, true)
|
|
- not bootstrap_state.stat.exists | bool
|
|
|
|
- name: Read gossip encryption key for servers that require it
|
|
set_fact:
|
|
consul_raw_key: "{{ lookup('file', '/tmp/consul_raw.key') }}"
|
|
no_log: true
|
|
when:
|
|
- consul_raw_key is not defined
|
|
|
|
- name: Delete gossip encryption key file
|
|
file:
|
|
path: '/tmp/consul_raw.key'
|
|
state: absent
|
|
become: false
|
|
vars:
|
|
ansible_become: false
|
|
run_once: true
|
|
delegate_to: localhost
|
|
changed_when: false
|
|
#no_log: true
|
|
when:
|
|
- consul_encrypt_enable | bool
|
|
|
|
- name: apply config template
|
|
block:
|
|
- name: server template
|
|
template:
|
|
src: config.json.j2
|
|
dest: "{{ consul_config_path}}/config.json"
|
|
owner: consul
|
|
mode: 0644
|
|
notify: reload consul configuration
|
|
|
|
- name: configure backup
|
|
block:
|
|
- name: copy backup script
|
|
copy:
|
|
dest: "{{ consul_data_dir }}/cs-backup.sh"
|
|
mode: 0744
|
|
owner: consul
|
|
src: cs-backup.sh
|
|
- name: consul snaphot cron.d
|
|
cron:
|
|
name: consul backup
|
|
user: consul
|
|
state: present
|
|
job: "{{ consul_data_dir }}/cs-backup.sh {{ consul_backup_location }}"
|
|
hour: "{{consul_cron_hour}}"
|
|
when: consul_snapshot
|
|
|
|
- name: ensure service is started
|
|
systemd:
|
|
name: "{{ consul_service_name }}"
|
|
state: started
|
|
enabled: True
|
|
|
|
- name: Create bootstrapped state file
|
|
file:
|
|
dest: "{{ consul_bootstrap_state }}"
|
|
state: touch
|
|
mode: 0600
|
|
when: not bootstrap_state.stat.exists
|
|
|
|
- include_tasks: dnsmasq.yml
|
|
when: consul_dnsmasq_enable | bool
|