ansible-galaxy/consul
1
0
Fork 0
mirror of https://gitea.0xace.cc/ansible-galaxy/consul.git synced 2024-11-25 06:37:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

update debian support

Browse Source
This commit is contained in:
ace 2023-02-07 23:11:11 +03:00
parent 6381f2f644
commit 66881ec676
Signed by: ace
GPG Key ID: 2C08973DD37A76FD
7 changed files with 34 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md Normal file
View File

@ -0,0 +1,4 @@
Consul role
Tested with OS:
- AlmaLinux 8
- Debian 11

4
tasks/Debian/main.yaml
View File

@ -29,9 +29,9 @@
masked: yes masked: yes
when: is_consul.rc != 0 when: is_consul.rc != 0
- name: "Install {{ consul_package_name }}-{{ consul_version }}" - name: "Install {{ consul_package_name }}-{{ consul_version }}-{{ consul_version_build }}"
apt: apt:
name: "{{ consul_package }}" name: "{{ consul_package }}-{{ consul_version_build }}"
update_cache: yes update_cache: yes
register: consul_setup register: consul_setup
when: is_consul.rc != 0 when: is_consul.rc != 0

2
tasks/bootstrap.yaml
View File

@ -26,7 +26,7 @@
when: when:
- consul_config.encrypt is not defined or consul_config.encrypt | length == 0 - consul_config.encrypt is not defined or consul_config.encrypt | length == 0
- cluster_node_list != 0 - cluster_node_list != 0
- hostvars[inventory_hostname]['ansible_host'] in cluster_node_list - (hostvars[inventory_hostname]['ansible_host'] is defined and hostvars[inventory_hostname]['ansible_host'] in cluster_node_list) or hostvars[inventory_hostname]['ansible_default_ipv4']['address'] in cluster_node_list
- name: Generate new key if none was found - name: Generate new key if none was found
block: block:

30
tasks/cacert.yaml
View File

@ -61,17 +61,29 @@
when: consul_cert is not defined when: consul_cert is not defined
register: consul_key_gen register: consul_key_gen
- name: Generate consul server subject_alt_ips - name: Generate consul server subject_alt_ips from ansible_host
set_fact: set_fact:
consul_server_subject_alt_ips: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['ansible_host']) | map('regex_replace', '^', 'IP:') | list }}" consul_server_subject_alt_ips_from_ansible_host: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['ansible_host']) | map('regex_replace', '^', 'IP:') | list }}"
when: hostvars[inventory_hostname]['ansible_host'] is defined
- name: Generate consul server subject_alt_ips from default ipv4 address
set_fact:
consul_server_subject_alt_ips: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | map('regex_replace', '^', 'IP:') | list }}"
when: hostvars[inventory_hostname]['ansible_default_ipv4']['address'] is defined
- name: Generate consul server subject_alt_names - name: Generate consul server subject_alt_names
set_fact: set_fact:
consul_server_subject_alt_names: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['inventory_hostname']) | map('regex_replace', '^', 'DNS:') | list }}" consul_server_subject_alt_names: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['inventory_hostname']) | map('regex_replace', '^', 'DNS:') | list }}"
- name: Generate consul agent subject_alt_ips - name: Generate consul agent subject_alt_ips from ansible_host
set_fact: set_fact:
consul_agent_subject_alt_ips: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_host']) | map('regex_replace', '^', 'IP:') | list }}" consul_agent_subject_alt_ips_from_ansible_host: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_host']) | map('regex_replace', '^', 'IP:') | list }}"
when: hostvars[inventory_hostname]['ansible_host'] is defined
- name: Generate consul agent subject_alt_ips from default ipv4 address
set_fact:
consul_agent_subject_alt_ips: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | map('regex_replace', '^', 'IP:') | list }}"
when: hostvars[inventory_hostname]['ansible_default_ipv4']['address'] is defined
- name: Generate consul agent subject_alt_names - name: Generate consul agent subject_alt_names
set_fact: set_fact:
@ -82,7 +94,7 @@
path: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.csr" path: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.csr"
privatekey_path: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key" privatekey_path: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key"
common_name: "{{ consul_self_signed_cert_name }}" common_name: "{{ consul_self_signed_cert_name }}"
subject_alt_name: "{{ consul_server_subject_alt_ips + consul_server_subject_alt_names + consul_agent_subject_alt_ips + consul_agent_subject_alt_names }}" subject_alt_name: "{{ consul_server_subject_alt_ips | default([]) + consul_server_subject_alt_names | default([]) + consul_agent_subject_alt_ips | default([]) + consul_agent_subject_alt_names | default([]) + consul_server_subject_alt_ips_from_ansible_host | default([]) + consul_agent_subject_alt_ips_from_ansible_host | default([]) }}"
owner: consul owner: consul
group: consul group: consul
register: consul_csr register: consul_csr
@ -151,13 +163,13 @@
- name: Put Consul CA OpenSSL cert to PKI - name: Put Consul CA OpenSSL cert to PKI
copy: copy:
content: "{{ consul_ca_cert }}" content: "{{ consul_ca_cert }}"
dest: "/etc/pki/ca-trust/source/anchors/CA-{{ consul_self_signed_cert_name }}.crt" dest: "{{ consul_ssl_ca_trust_dir }}/CA-{{ consul_self_signed_cert_name }}.crt"
register: consul_ca_trust_anchors register: consul_ca_trust
notify: Restart consul notify: Restart consul
- name: Update CA trust - name: Update CA trust
shell: update-ca-trust extract shell: "{{ consul_ssl_update_ca_command }}"
when: consul_ca_trust_anchors.changed when: consul_ca_trust.changed
- name: Put Consul OpenSSL key - name: Put Consul OpenSSL key
copy: copy:

2
tasks/main.yaml
View File

@ -42,6 +42,6 @@
- name: Join new server node to cluster - name: Join new server node to cluster
import_tasks: join.yaml import_tasks: join.yaml
when: when:
- hostvars[inventory_hostname]['ansible_host'] not in cluster_node_list - (hostvars[inventory_hostname]['ansible_host'] is defined and hostvars[inventory_hostname]['ansible_host'] not in cluster_node_list) or hostvars[inventory_hostname]['ansible_default_ipv4']['address'] not in cluster_node_list
- cluster_node_list | length != 0 - cluster_node_list | length != 0
- inventory_hostname in groups[consul_server_group] - inventory_hostname in groups[consul_server_group]

3
vars/Debian.yaml
View File

@ -6,3 +6,6 @@ consul_apt_key:
consul_apt_repository: consul_apt_repository:
- repo: deb [arch=amd64] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main - repo: deb [arch=amd64] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main
filename: hashicorp filename: hashicorp
consul_version_build: "1"
consul_ssl_update_ca_command: "update-ca-certificates --fresh"
consul_ssl_ca_trust_dir: "/usr/local/share/ca-certificates"

2
vars/RedHat.yaml
View File

@ -1 +1,3 @@
consul_package: "{{ consul_package_name }}-{{ consul_version }}" consul_package: "{{ consul_package_name }}-{{ consul_version }}"
consul_ssl_update_ca_command: "update-ca-trust extract"
consul_ssl_ca_trust_dir: "/etc/pki/ca-trust/source/anchors"