Ansible: Enable consul TLS

[csit.git] / resources / tools / testbed-setup / ansible / roles / consul / tasks / main.yaml

---
# file: roles/consul/tasks/main.yaml

- name: Inst - Prerequisites
  package:
    name: "{{ packages | flatten(levels=1) }}"
    state: latest
    update_cache: true
  tags:
    - consul-inst-prerequisites

- name: Conf - Add Consul Group
  group:
    name: "{{ consul_group }}"
    state: "{{ consul_group_state }}"
  when:
    - consul_manage_group | bool
  tags:
    - consul-conf-user

- name: Conf - Add Consul user
  user:
    name: "{{ consul_user }}"
    group: "{{ consul_group }}"
    groups: "{{ consul_user_groups }}"
    state: "{{ consul_user_state }}"
    system: true
  when:
    - consul_manage_user | bool
  tags:
    - consul-conf-user

- name: Inst - Clean Consul
  file:
    path: "{{ consul_inst_dir }}/consul"
    state: "absent"
  tags:
    - consul-inst-package

- name: Inst - Download Consul
  get_url:
    url: "{{ consul_zip_url }}"
    dest: "{{ consul_inst_dir }}/{{ consul_pkg }}"
  tags:
    - consul-inst-package

- name: Inst - Unarchive Consul
  unarchive:
    src: "{{ consul_inst_dir }}/{{ consul_pkg }}"
    dest: "{{ consul_inst_dir }}/"
    creates: "{{ consul_inst_dir }}/consul"
    remote_src: true
  tags:
    - consul-inst-package

- name: Inst - Consul
  copy:
    src: "{{ consul_inst_dir }}/consul"
    dest: "{{ consul_bin_dir }}"
    owner: "{{ consul_user }}"
    group: "{{ consul_group }}"
    force: true
    mode: 0755
    remote_src: true
  tags:
    - consul-inst-package

- name: Conf - Create Directories "{{ consul_data_dir }}"
  file:
    dest: "{{ consul_data_dir }}"
    state: directory
    owner: "{{ consul_user }}"
    group: "{{ consul_group }}"
  tags:
    - consul-conf

- name: Conf - Create Directories "{{ consul_ssl_dir }}"
  file:
    dest: "{{ consul_ssl_dir }}"
    state: directory
    owner: "{{ consul_user }}"
    group: "{{ consul_group }}"
  tags:
    - consul-conf

- name: Conf - Create Config Directory
  file:
    dest: "{{ consul_config_dir }}"
    state: directory
    owner: "{{ consul_user }}"
    group: "{{ consul_group }}"
    mode: 0755
  tags:
    - consul-conf

- name: Conf - Nomad integration Consul Configuration
  template:
    src: consul.hcl.j2
    dest: "{{ nomad_config_dir }}/consul.hcl"
    owner: "nomad"
    group: "nomad"
    mode: 0644
  when:
    - consul_nomad_integration | bool
  tags:
    - consul-conf

- name: Conf - Base Configuration
  template:
    src: base.hcl.j2
    dest: "{{ consul_config_dir }}/base.hcl"
    owner: "{{ consul_user }}"
    group: "{{ consul_group }}"
    mode: 0644
  tags:
    - consul-conf

- name: Conf - Ports Configuration
  template:
    src: ports.hcl.j2
    dest: "{{ consul_config_dir }}/ports.hcl"
    owner: "{{ consul_user }}"
    group: "{{ consul_group }}"
    mode: 0644
  tags:
    - consul-conf

- name: Conf - Services Configuration
  template:
    src: services.json.j2
    dest: "{{ consul_config_dir }}/services.json"
    owner: "{{ consul_user }}"
    group: "{{ consul_group }}"
    mode: 0644
  when:
    - consul_services
  tags:
    - consul-conf

- name: Conf - Copy Certificates And Keys
  copy:
    content: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ consul_user }}"
    group: "{{ consul_group }}"
    mode: 0600
  no_log: true
  loop: "{{ consul_certificates | flatten(levels=1) }}"
  tags:
    - consul-conf

- name: Conf - System.d Script
  template:
    src: "consul_systemd.service.j2"
    dest: "/lib/systemd/system/consul.service"
    owner: "root"
    group: "root"
    mode: 0644
  notify:
    - "Restart Consul"
#    - "Stop Systemd-resolved"
#    - "Restart Nomad"
  tags:
    - consul-conf