mirror of
https://gitea.0xace.cc/ansible-galaxy/consul.git
synced 2024-11-28 15:46:40 +00:00
53 lines
2.0 KiB
YAML
53 lines
2.0 KiB
YAML
- name: Bootstrap encrypt
|
|
block:
|
|
- name: Get gossip encryption key on previously bootstrapped server
|
|
block:
|
|
- name: Check for gossip encryption key on previously bootstrapped server
|
|
slurp:
|
|
src: "{{ consul_config_path }}/consul.json"
|
|
register: consul_config_b64
|
|
ignore_errors: true
|
|
|
|
- name: Deserialize existing configuration
|
|
set_fact:
|
|
consul_config_local: "{{ consul_config_b64.content | b64decode | from_json }}"
|
|
when: consul_config_b64.content is defined
|
|
|
|
- name: Save gossip encryption key from existing configuration
|
|
set_fact:
|
|
consul_raw_key: "{{ consul_config_local.encrypt }}"
|
|
delegate_to: "{{ item }}"
|
|
delegate_facts: true
|
|
run_once: true
|
|
loop: "{{ ansible_play_hosts_all }}"
|
|
when: consul_config_local.encrypt is defined and consul_config_local.encrypt | length != 0
|
|
|
|
no_log: false
|
|
when:
|
|
- consul_config.encrypt is not defined or consul_config.encrypt | length == 0
|
|
- cluster_node_list != 0
|
|
- (hostvars[inventory_hostname]['ansible_host'] is defined and hostvars[inventory_hostname]['ansible_host'] in cluster_node_list) or hostvars[inventory_hostname]['ansible_default_ipv4']['address'] in cluster_node_list
|
|
|
|
- name: Generate new key if none was found
|
|
block:
|
|
- name: Generate gossip encryption key
|
|
shell: "consul keygen"
|
|
register: consul_keygen
|
|
when:
|
|
- consul_raw_key is not defined
|
|
|
|
- name: Save gossip encryption key as fact
|
|
set_fact:
|
|
consul_raw_key: "{{ consul_keygen.stdout }}"
|
|
delegate_to: "{{ item }}"
|
|
delegate_facts: true
|
|
loop: "{{ ansible_play_hosts_all }}"
|
|
when:
|
|
- hostvars[inventory_hostname]['consul_raw_key'] is not defined
|
|
no_log: false
|
|
run_once: true
|
|
when:
|
|
- consul_config.encrypt is not defined or consul_config.encrypt | length == 0
|
|
|
|
no_log: false
|