ansible-galaxy/consul
1
0
Fork 0
mirror of https://gitea.0xace.cc/ansible-galaxy/consul.git synced 2025-04-05 21:51:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

add hack when multiple interfaces or multiple default gw exists

Browse Source
This commit is contained in:
ace 2023-09-26 16:50:58 +03:00
parent 4faf693b09
commit b78385ad12
Signed by: ace
GPG Key ID: 2C08973DD37A76FD
2 changed files with 31 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
defaults/main.yaml
View File

@ -11,7 +11,7 @@ consul_agent_group: "consul_agent"
consul_config: {} consul_config: {}
consul_default_config: consul_default_config:
bind_addr: "{{ ansible_default_ipv4.address }}" bind_addr: "{{ hostvars[inventory_hostname].ansible_host | default(ansible_default_ipv4.address) }}"
server: "{{ true if inventory_hostname in groups[consul_server_group] else false }}" server: "{{ true if inventory_hostname in groups[consul_server_group] else false }}"
ui_config: ui_config:
enabled: "{{ true if inventory_hostname in groups[consul_server_group] else false }}" enabled: "{{ true if inventory_hostname in groups[consul_server_group] else false }}"
@ -32,6 +32,9 @@ consul_ssl: true
consul_ssl_path: "/etc/consul.d/ssl" consul_ssl_path: "/etc/consul.d/ssl"
consul_self_signed_cert: false consul_self_signed_cert: false
consul_self_signed_cert_name: "consul-tls" consul_self_signed_cert_name: "consul-tls"
consul_cacert_multiple_default_gw_workaround: false
consul_cacert_force_append_ips: []
consul_cacert_force_append_names: []
consul_server_ssl_config: {} consul_server_ssl_config: {}
consul_server_ssl_default_config: consul_server_ssl_default_config:
ports: ports:

30
tasks/cacert.yaml
View File

@ -75,12 +75,19 @@
- name: Generate consul server subject_alt_ips from default ipv4 address - name: Generate consul server subject_alt_ips from default ipv4 address
set_fact: set_fact:
consul_server_subject_alt_ips: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | map('regex_replace', '^', 'IP:') | list }}" consul_server_subject_alt_ips: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | map('regex_replace', '^', 'IP:') | list }}"
when: hostvars[inventory_hostname]['ansible_default_ipv4']['address'] is defined when:
- hostvars[inventory_hostname]['ansible_default_ipv4']['address'] is defined
- not consul_cacert_multiple_default_gw_workaround
- name: Generate consul server subject_alt_names - name: Generate consul server subject_alt_names
set_fact: set_fact:
consul_server_subject_alt_names: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['inventory_hostname']) | map('regex_replace', '^', 'DNS:') | list }}" consul_server_subject_alt_names: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['inventory_hostname']) | map('regex_replace', '^', 'DNS:') | list }}"
- name: Generate consul server subject_alt_ips from ansible_all_ipv4_addresses
set_fact:
consul_server_subject_alt_ips_all_ipv4: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['ansible_all_ipv4_addresses']) | flatten | map('regex_replace', '^', 'IP:') | list }}"
when: hostvars[inventory_hostname]['ansible_all_ipv4_addresses'] is defined
- name: Generate consul agent subject_alt_ips from ansible_host - name: Generate consul agent subject_alt_ips from ansible_host
set_fact: set_fact:
consul_agent_subject_alt_ips_from_ansible_host: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_host']) | map('regex_replace', '^', 'IP:') | list }}" consul_agent_subject_alt_ips_from_ansible_host: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_host']) | map('regex_replace', '^', 'IP:') | list }}"
@ -89,7 +96,24 @@
- name: Generate consul agent subject_alt_ips from default ipv4 address - name: Generate consul agent subject_alt_ips from default ipv4 address
set_fact: set_fact:
consul_agent_subject_alt_ips: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | map('regex_replace', '^', 'IP:') | list }}" consul_agent_subject_alt_ips: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | map('regex_replace', '^', 'IP:') | list }}"
when: hostvars[inventory_hostname]['ansible_default_ipv4']['address'] is defined when:
- hostvars[inventory_hostname]['ansible_default_ipv4']['address'] is defined
- not consul_cacert_multiple_default_gw_workaround
- name: Generate consul agent subject_alt_ips from ansible_all_ipv4_addresses
set_fact:
consul_agent_subject_alt_ips_all_ipv4: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_all_ipv4_addresses']) | flatten | map('regex_replace', '^', 'IP:') | list }}"
when: hostvars[inventory_hostname]['ansible_all_ipv4_addresses'] is defined
- name: Generate consul agent subject_alt_ips from cacert_force_append_ips
set_fact:
consul_agent_subject_alt_ips_force_append: "{{ cacert_force_append_ips | map('regex_replace', '^', 'IP:') | list }}"
when: cacert_force_append_ips is defined
- name: Generate consul agent subject_alt_names from cacert_force_append_names
set_fact:
consul_agent_subject_alt_names_force_append: "{{ cacert_force_append_names | map('regex_replace', '^', 'DNS:') | list }}"
when: cacert_force_append_names is defined
- name: Generate consul agent subject_alt_names - name: Generate consul agent subject_alt_names
set_fact: set_fact:
@ -100,7 +124,7 @@
path: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.csr" path: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.csr"
privatekey_path: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key" privatekey_path: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key"
common_name: "{{ consul_self_signed_cert_name }}" common_name: "{{ consul_self_signed_cert_name }}"
subject_alt_name: "{{ consul_server_subject_alt_ips | default([]) + consul_server_subject_alt_names | default([]) + consul_agent_subject_alt_ips | default([]) + consul_agent_subject_alt_names | default([]) + consul_server_subject_alt_ips_from_ansible_host | default([]) + consul_agent_subject_alt_ips_from_ansible_host | default([]) }}" subject_alt_name: "{{ consul_server_subject_alt_ips | default([]) + consul_server_subject_alt_names | default([]) + consul_agent_subject_alt_ips | default([]) + consul_agent_subject_alt_names | default([]) + consul_server_subject_alt_ips_from_ansible_host | default([]) + consul_server_subject_alt_ips_all_ipv4 | default([]) + consul_agent_subject_alt_ips_from_ansible_host | default([]) + consul_agent_subject_alt_ips_all_ipv4 | default([]) + consul_agent_subject_alt_ips_force_append | default([]) + consul_agent_subject_alt_names_force_append | default([])}}"
owner: consul owner: consul
group: consul group: consul
register: consul_csr register: consul_csr