2022-07-28 14:14:26 +00:00
- name : Bootstrap encrypt
block :
2023-07-31 20:45:12 +00:00
- name : Get gossip encryption key on previously bootstrapped server
2022-07-28 14:14:26 +00:00
block :
2023-07-31 20:45:12 +00:00
- name : Check for gossip encryption key on previously bootstrapped server
2022-07-28 14:14:26 +00:00
slurp :
src : "{{ consul_config_path }}/consul.json"
register : consul_config_b64
ignore_errors : true
- name : Deserialize existing configuration
set_fact :
consul_config_local : "{{ consul_config_b64.content | b64decode | from_json }}"
when : consul_config_b64.content is defined
- name : Save gossip encryption key from existing configuration
set_fact :
consul_raw_key : "{{ consul_config_local.encrypt }}"
delegate_to : "{{ item }}"
delegate_facts : true
run_once : true
loop : "{{ ansible_play_hosts_all }}"
when : consul_config_local.encrypt is defined and consul_config_local.encrypt | length != 0
no_log : false
when :
- consul_config.encrypt is not defined or consul_config.encrypt | length == 0
- cluster_node_list != 0
2023-02-07 20:11:11 +00:00
- (hostvars[inventory_hostname]['ansible_host'] is defined and hostvars[inventory_hostname]['ansible_host'] in cluster_node_list) or hostvars[inventory_hostname]['ansible_default_ipv4']['address'] in cluster_node_list
2022-07-28 14:14:26 +00:00
- name : Generate new key if none was found
block :
- name : Generate gossip encryption key
shell : "consul keygen"
register : consul_keygen
when :
- consul_raw_key is not defined
- name : Save gossip encryption key as fact
set_fact :
consul_raw_key : "{{ consul_keygen.stdout }}"
delegate_to : "{{ item }}"
delegate_facts : true
loop : "{{ ansible_play_hosts_all }}"
when :
- hostvars[inventory_hostname]['consul_raw_key'] is not defined
no_log : false
run_once : true
when :
- consul_config.encrypt is not defined or consul_config.encrypt | length == 0
no_log : false
