mirror of
https://gitea.0xace.cc/ansible-galaxy/consul.git
synced 2025-04-05 13:41:56 +00:00
add tls basic support
This commit is contained in:
parent
0acba68443
commit
e2a378bd4b
@ -1,4 +1,4 @@
|
||||
consul_version: 1.12.2
|
||||
consul_version: 1.12.4
|
||||
consul_config_path: "/etc/consul.d"
|
||||
consul_data_path: "/opt/consul"
|
||||
consul_user: consul
|
||||
@ -9,7 +9,7 @@ consul_cluster_group: consul
|
||||
consul_server_group: consul_server
|
||||
consul_agent_group: consul_agent
|
||||
|
||||
consul_config: []
|
||||
consul_config: {}
|
||||
consul_default_config:
|
||||
server: "{{ true if inventory_hostname in groups[consul_server_group] else false }}"
|
||||
ui_config:
|
||||
@ -27,4 +27,32 @@ consul_default_config:
|
||||
down_policy: extend-cache
|
||||
enable_token_persistence: true
|
||||
|
||||
consul_ssl: no
|
||||
consul_ssl_path: "/etc/consul.d/ssl"
|
||||
consul_self_signed_cert: no
|
||||
consul_self_signed_cert_name: "consul-tls"
|
||||
consul_server_ssl_config: {}
|
||||
consul_server_ssl_default_config:
|
||||
ports:
|
||||
https: 8501
|
||||
verify_incoming: true
|
||||
verify_outgoing: true
|
||||
verify_server_hostname: false
|
||||
ca_file: "{{ consul_ssl_path }}/CA-{{ consul_self_signed_cert_name }}.crt"
|
||||
cert_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.crt"
|
||||
key_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key"
|
||||
auto_encrypt:
|
||||
allow_tls: true
|
||||
|
||||
consul_agent_ssl_config: {}
|
||||
consul_agent_ssl_default_config:
|
||||
ports:
|
||||
https: 8501
|
||||
verify_incoming: true
|
||||
verify_outgoing: true
|
||||
verify_server_hostname: false
|
||||
ca_file: "{{ consul_ssl_path }}/CA-{{ consul_self_signed_cert_name }}.crt"
|
||||
cert_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.crt"
|
||||
key_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key"
|
||||
|
||||
is_virtualenv: "{{ lookup('env','VIRTUAL_ENV') | default('') }}"
|
||||
|
@ -5,4 +5,4 @@
|
||||
state: restarted
|
||||
name: consul
|
||||
daemon_reload: yes
|
||||
when: not consul_setup.changed
|
||||
when: "not consul_setup.changed or not consul_enable_and_start.changed"
|
||||
|
@ -4,7 +4,7 @@
|
||||
description: Hashicorp Stable - $basearch
|
||||
file: hashicorp
|
||||
baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/stable
|
||||
enabled: no
|
||||
enabled: yes
|
||||
gpgcheck: yes
|
||||
gpgkey: https://rpm.releases.hashicorp.com/gpg
|
||||
when: consul_install_repo
|
||||
@ -16,6 +16,7 @@
|
||||
disable_gpg_check: yes
|
||||
enablerepo: hashicorp
|
||||
update_cache: yes
|
||||
disablerepo: '*'
|
||||
register: consul_setup
|
||||
when: consul_install_repo
|
||||
|
||||
|
@ -5,12 +5,42 @@
|
||||
vars:
|
||||
consul_config_encrypt:
|
||||
encrypt: "{{ consul_raw_key }}"
|
||||
when:
|
||||
when:
|
||||
- consul_config.encrypt is not defined
|
||||
|
||||
- name: Merge config for Consul
|
||||
set_fact:
|
||||
consul_config_combined: "{{ consul_default_config | combine(consul_config, recursive=true) }}"
|
||||
- name: Merge config for Consul server
|
||||
when: inventory_hostname in groups[consul_server_group]
|
||||
block:
|
||||
- name: Merge config for Consul server
|
||||
set_fact:
|
||||
consul_config_combined: "{{ consul_default_config | combine(consul_config, recursive=true) }}"
|
||||
|
||||
- name: Merge SSL options for Consul server
|
||||
set_fact:
|
||||
consul_server_ssl_config_combined: "{{ consul_server_ssl_default_config | combine(consul_server_ssl_config, recursive=true) }}"
|
||||
when: consul_ssl
|
||||
|
||||
- name: Merge SSL options with config for Consul server
|
||||
set_fact:
|
||||
consul_config_combined: "{{ consul_config_combined | combine(consul_server_ssl_config_combined, recursive=true) }}"
|
||||
when: consul_ssl
|
||||
|
||||
- name: Merge config for Consul agent
|
||||
when: inventory_hostname in groups[consul_agent_group]
|
||||
block:
|
||||
- name: Merge config for Consul agent
|
||||
set_fact:
|
||||
consul_config_combined: "{{ consul_default_config | combine(consul_config, recursive=true) }}"
|
||||
|
||||
- name: Merge SSL options for Consul agent
|
||||
set_fact:
|
||||
consul_agent_ssl_config_combined: "{{ consul_agent_ssl_default_config | combine(consul_agent_ssl_config, recursive=true) }}"
|
||||
when: consul_ssl
|
||||
|
||||
- name: Merge SSL options with config for Consul agent
|
||||
set_fact:
|
||||
consul_config_combined: "{{ consul_config_combined | combine(consul_agent_ssl_config_combined, recursive=true) }}"
|
||||
when: consul_ssl
|
||||
|
||||
- name: Propagate consul config
|
||||
copy:
|
||||
|
@ -18,6 +18,10 @@
|
||||
- name: "Install Consul for {{ ansible_facts['os_family'] }}"
|
||||
include_tasks: "{{ ansible_facts['os_family'] }}/main.yaml"
|
||||
|
||||
- name: SSL certificates generation
|
||||
import_tasks: cacert.yaml
|
||||
when: consul_ssl
|
||||
|
||||
- name: Bootstrap Consul
|
||||
include_tasks: bootstrap.yaml
|
||||
when: inventory_hostname in groups[consul_server_group]
|
||||
@ -32,6 +36,7 @@
|
||||
enabled: true
|
||||
state: started
|
||||
masked: no
|
||||
register: consul_enable_and_start
|
||||
tags: consul, consul_start
|
||||
|
||||
- name: Join new server node to cluster
|
||||
|
Loading…
x
Reference in New Issue
Block a user