consul/tasks/bootstrap.yaml
2023-02-07 23:11:11 +03:00

53 lines
2.0 KiB
YAML

- name: Bootstrap encrypt
block:
- name: Get gossip encryption key on previously boostrapped server
block:
- name: Check for gossip encryption key on previously boostrapped server
slurp:
src: "{{ consul_config_path }}/consul.json"
register: consul_config_b64
ignore_errors: true
- name: Deserialize existing configuration
set_fact:
consul_config_local: "{{ consul_config_b64.content | b64decode | from_json }}"
when: consul_config_b64.content is defined
- name: Save gossip encryption key from existing configuration
set_fact:
consul_raw_key: "{{ consul_config_local.encrypt }}"
delegate_to: "{{ item }}"
delegate_facts: true
run_once: true
loop: "{{ ansible_play_hosts_all }}"
when: consul_config_local.encrypt is defined and consul_config_local.encrypt | length != 0
no_log: false
when:
- consul_config.encrypt is not defined or consul_config.encrypt | length == 0
- cluster_node_list != 0
- (hostvars[inventory_hostname]['ansible_host'] is defined and hostvars[inventory_hostname]['ansible_host'] in cluster_node_list) or hostvars[inventory_hostname]['ansible_default_ipv4']['address'] in cluster_node_list
- name: Generate new key if none was found
block:
- name: Generate gossip encryption key
shell: "consul keygen"
register: consul_keygen
when:
- consul_raw_key is not defined
- name: Save gossip encryption key as fact
set_fact:
consul_raw_key: "{{ consul_keygen.stdout }}"
delegate_to: "{{ item }}"
delegate_facts: true
loop: "{{ ansible_play_hosts_all }}"
when:
- hostvars[inventory_hostname]['consul_raw_key'] is not defined
no_log: false
run_once: true
when:
- consul_config.encrypt is not defined or consul_config.encrypt | length == 0
no_log: false