---


- name: Ensure the consul user exists
  user:
    name: consul
    home: '{{ consul_data_dir }}'
    system: yes
    groups: ssl-cert
    append: yes
    shell: /bin/false
    createhome: no
    state: present
  tags: packages

- name: Ensure the consul config dir exists
  file:
    dest: /etc/consul.d
    owner: root
    group: consul
    mode: 0750
    state: directory
  tags: packages

- name: Ensure the consul data dir exists
  file:
    dest: /opt/consul
    owner: consul
    group: consul
    mode: 0750
    state: directory
  tags: packages

- name: Remove old consul config
  file:
    dest: /etc/consul.d/00-base_config.json
    state: absent
  tags: configs

- name: Install consul config
  template:
    dest: /etc/consul.d/00-base_config.hcl
    src: etc_consul.d_00-base_config.hcl.j2
    #validate: 'consul validate %s'
    mode: 0640
    owner: root
    group: consul
  notify: Restart consul
  tags:
   - configs
   - consul.conf

- name: Install consul service config
  template:
    dest: /etc/default/consul
    src: etc_default_consul.j2
  when: not consul_stub_mode
  notify: Restart consul
  tags: configs

- name: Install consul service
  template:
    dest: /etc/systemd/system/consul.service
    src: etc_systemd_system_consul.service.j2
  when: not consul_stub_mode
  notify: Restart consul
  tags: configs

- name: Enable the consul service
  systemd:
    name: consul
    state: "{{ 'started' if not consul_stub_mode else 'stopped' }}"
    enabled: "{{ not consul_stub_mode }}"
    daemon_reload: yes
  when: not consul_stub_mode
  tags: configs

- name: Remove the master token if present
  lineinfile:
    dest: /root/.bashrc
    regexp: '^export CONSUL_HTTP_TOKEN=.*'
    state: absent
  when: consul_acl_master_token is defined and consul_acl_master_token and not consul_stub_mode
  tags: configs

- name: Install packages needed by consul-tag
  apt:
    pkg:
      - python3
      - python3-requests
    state: present
  when: not consul_stub_mode
  tags: consul-tag

- name: Install consul-tag
  template:
    dest: /usr/local/bin/consul-tag
    src: usr_local_bin_consul-tag.j2
    mode: 0755
    owner: root
    group: root
  when: not consul_stub_mode
  tags: consul-tag

- name: Remove old firewall config
  file: dest=/etc/firewall/rules-v4.d/28_consul.sh state=absent
  when: consul_firewall and not consul_stub_mode
  notify: Restart firewall
  tags:
  - configs
  - firewall

- name: Install the consul firewall config
  template:
    dest: /etc/firewall/rules-v4.d/78_consul.sh
    src: etc_firewall_rules-v4.d_78_consul.sh.j2
    mode: 0600
  when: consul_firewall
  notify: Restart firewall
  tags:
  - configs
  - firewall