ansible-galaxy/consul
1
0
Fork 0
mirror of https://gitea.0xace.cc/ansible-galaxy/consul.git synced 2024-11-24 22:36:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

update debian support

Browse Source
This commit is contained in:
ace 2023-02-07 23:11:11 +03:00
parent 6381f2f644
commit 66881ec676
Signed by: ace
GPG Key ID: 2C08973DD37A76FD
7 changed files with 34 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md Normal file
View File

@ -0,0 +1,4 @@
Consul role
Tested with OS:
- AlmaLinux 8
- Debian 11

4
tasks/Debian/main.yaml
View File

@ -29,9 +29,9 @@
masked: yes
when: is_consul.rc != 0
- name: "Install {{ consul_package_name }}-{{ consul_version }}"
- name: "Install {{ consul_package_name }}-{{ consul_version }}-{{ consul_version_build }}"
apt:
name: "{{ consul_package }}"
name: "{{ consul_package }}-{{ consul_version_build }}"
update_cache: yes
register: consul_setup
when: is_consul.rc != 0

2
tasks/bootstrap.yaml
View File

@ -26,7 +26,7 @@
when:
- consul_config.encrypt is not defined or consul_config.encrypt | length == 0
- cluster_node_list != 0
- hostvars[inventory_hostname]['ansible_host'] in cluster_node_list
- (hostvars[inventory_hostname]['ansible_host'] is defined and hostvars[inventory_hostname]['ansible_host'] in cluster_node_list) or hostvars[inventory_hostname]['ansible_default_ipv4']['address'] in cluster_node_list
- name: Generate new key if none was found
block:

30
tasks/cacert.yaml
View File

@ -61,17 +61,29 @@
when: consul_cert is not defined
register: consul_key_gen
- name: Generate consul server subject_alt_ips
- name: Generate consul server subject_alt_ips from ansible_host
set_fact:
consul_server_subject_alt_ips: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['ansible_host']) | map('regex_replace', '^', 'IP:') | list }}"
consul_server_subject_alt_ips_from_ansible_host: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['ansible_host']) | map('regex_replace', '^', 'IP:') | list }}"
when: hostvars[inventory_hostname]['ansible_host'] is defined
- name: Generate consul server subject_alt_ips from default ipv4 address
set_fact:
consul_server_subject_alt_ips: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | map('regex_replace', '^', 'IP:') | list }}"
when: hostvars[inventory_hostname]['ansible_default_ipv4']['address'] is defined
- name: Generate consul server subject_alt_names
set_fact:
consul_server_subject_alt_names: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['inventory_hostname']) | map('regex_replace', '^', 'DNS:') | list }}"
- name: Generate consul agent subject_alt_ips
- name: Generate consul agent subject_alt_ips from ansible_host
set_fact:
consul_agent_subject_alt_ips: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_host']) | map('regex_replace', '^', 'IP:') | list }}"
consul_agent_subject_alt_ips_from_ansible_host: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_host']) | map('regex_replace', '^', 'IP:') | list }}"
when: hostvars[inventory_hostname]['ansible_host'] is defined
- name: Generate consul agent subject_alt_ips from default ipv4 address
set_fact:
consul_agent_subject_alt_ips: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | map('regex_replace', '^', 'IP:') | list }}"
when: hostvars[inventory_hostname]['ansible_default_ipv4']['address'] is defined
- name: Generate consul agent subject_alt_names
set_fact:
@ -82,7 +94,7 @@
path: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.csr"
privatekey_path: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key"
common_name: "{{ consul_self_signed_cert_name }}"
subject_alt_name: "{{ consul_server_subject_alt_ips + consul_server_subject_alt_names + consul_agent_subject_alt_ips + consul_agent_subject_alt_names }}"
subject_alt_name: "{{ consul_server_subject_alt_ips | default([]) + consul_server_subject_alt_names | default([]) + consul_agent_subject_alt_ips | default([]) + consul_agent_subject_alt_names | default([]) + consul_server_subject_alt_ips_from_ansible_host | default([]) + consul_agent_subject_alt_ips_from_ansible_host | default([]) }}"
owner: consul
group: consul
register: consul_csr
@ -151,13 +163,13 @@
- name: Put Consul CA OpenSSL cert to PKI
copy:
content: "{{ consul_ca_cert }}"
dest: "/etc/pki/ca-trust/source/anchors/CA-{{ consul_self_signed_cert_name }}.crt"
register: consul_ca_trust_anchors
dest: "{{ consul_ssl_ca_trust_dir }}/CA-{{ consul_self_signed_cert_name }}.crt"
register: consul_ca_trust
notify: Restart consul
- name: Update CA trust
shell: update-ca-trust extract
when: consul_ca_trust_anchors.changed
shell: "{{ consul_ssl_update_ca_command }}"
when: consul_ca_trust.changed
- name: Put Consul OpenSSL key
copy:

2
tasks/main.yaml
View File

@ -42,6 +42,6 @@
- name: Join new server node to cluster
import_tasks: join.yaml
when:
- hostvars[inventory_hostname]['ansible_host'] not in cluster_node_list
- (hostvars[inventory_hostname]['ansible_host'] is defined and hostvars[inventory_hostname]['ansible_host'] not in cluster_node_list) or hostvars[inventory_hostname]['ansible_default_ipv4']['address'] not in cluster_node_list
- cluster_node_list | length != 0
- inventory_hostname in groups[consul_server_group]

3
vars/Debian.yaml
View File

@ -6,3 +6,6 @@ consul_apt_key:
consul_apt_repository:
- repo: deb [arch=amd64] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main
filename: hashicorp
consul_version_build: "1"
consul_ssl_update_ca_command: "update-ca-certificates --fresh"
consul_ssl_ca_trust_dir: "/usr/local/share/ca-certificates"

2
vars/RedHat.yaml
View File

@ -1 +1,3 @@
consul_package: "{{ consul_package_name }}-{{ consul_version }}"
consul_ssl_update_ca_command: "update-ca-trust extract"
consul_ssl_ca_trust_dir: "/etc/pki/ca-trust/source/anchors"