add tls basic support

tasks/RedHat/main.yaml

@@ -4,7 +4,7 @@
     description: Hashicorp Stable - $basearch
     file: hashicorp
     baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/stable
-    enabled: no
+    enabled: yes
     gpgcheck: yes
     gpgkey: https://rpm.releases.hashicorp.com/gpg
   when: consul_install_repo
@@ -16,6 +16,7 @@
     disable_gpg_check: yes
     enablerepo: hashicorp
     update_cache: yes
+    disablerepo: '*'
   register: consul_setup
   when: consul_install_repo
 

tasks/config.yaml

@@ -5,12 +5,42 @@
   vars:
      consul_config_encrypt:
        encrypt: "{{ consul_raw_key }}"
-  when: 
+  when:
     - consul_config.encrypt is not defined
 
-- name: Merge config for Consul
-  set_fact:
-    consul_config_combined: "{{ consul_default_config | combine(consul_config, recursive=true) }}"
+- name: Merge config for Consul server
+  when: inventory_hostname in groups[consul_server_group]
+  block:
+    - name: Merge config for Consul server
+      set_fact:
+        consul_config_combined: "{{ consul_default_config | combine(consul_config, recursive=true) }}"
+
+    - name: Merge SSL options for Consul server
+      set_fact:
+        consul_server_ssl_config_combined: "{{ consul_server_ssl_default_config | combine(consul_server_ssl_config, recursive=true) }}"
+      when: consul_ssl
+
+    - name: Merge SSL options with config for Consul server
+      set_fact:
+        consul_config_combined: "{{ consul_config_combined | combine(consul_server_ssl_config_combined, recursive=true) }}"
+      when: consul_ssl
+
+- name: Merge config for Consul agent
+  when: inventory_hostname in groups[consul_agent_group]
+  block:
+    - name: Merge config for Consul agent
+      set_fact:
+        consul_config_combined: "{{ consul_default_config | combine(consul_config, recursive=true) }}"
+
+    - name: Merge SSL options for Consul agent
+      set_fact:
+        consul_agent_ssl_config_combined: "{{ consul_agent_ssl_default_config | combine(consul_agent_ssl_config, recursive=true) }}"
+      when: consul_ssl
+
+    - name: Merge SSL options with config for Consul agent
+      set_fact:
+        consul_config_combined: "{{ consul_config_combined | combine(consul_agent_ssl_config_combined, recursive=true) }}"
+      when: consul_ssl
 
 - name: Propagate consul config
   copy:

tasks/main.yaml

@@ -18,6 +18,10 @@
 - name: "Install Consul for {{ ansible_facts['os_family'] }}"
   include_tasks: "{{ ansible_facts['os_family'] }}/main.yaml"
 
+- name: SSL certificates generation
+  import_tasks: cacert.yaml
+  when: consul_ssl
+
 - name: Bootstrap Consul
   include_tasks: bootstrap.yaml
   when: inventory_hostname in groups[consul_server_group]
@@ -32,6 +36,7 @@
     enabled: true
     state: started
     masked: no
+  register: consul_enable_and_start
   tags: consul, consul_start
 
 - name: Join new server node to cluster