123 lines
2.6 KiB
YAML
123 lines
2.6 KiB
YAML
---
|
|
|
|
|
|
- name: Ensure the consul user exists
|
|
user:
|
|
name: consul
|
|
home: '{{ consul_data_dir }}'
|
|
system: yes
|
|
groups: ssl-cert
|
|
append: yes
|
|
shell: /bin/false
|
|
createhome: no
|
|
state: present
|
|
tags: packages
|
|
|
|
- name: Ensure the consul config dir exists
|
|
file:
|
|
dest: /etc/consul.d
|
|
owner: root
|
|
group: consul
|
|
mode: 0750
|
|
state: directory
|
|
tags: packages
|
|
|
|
- name: Ensure the consul data dir exists
|
|
file:
|
|
dest: /opt/consul
|
|
owner: consul
|
|
group: consul
|
|
mode: 0750
|
|
state: directory
|
|
tags: packages
|
|
|
|
- name: Remove old consul config
|
|
file:
|
|
dest: /etc/consul.d/00-base_config.json
|
|
state: absent
|
|
tags: configs
|
|
|
|
- name: Install consul config
|
|
template:
|
|
dest: /etc/consul.d/00-base_config.hcl
|
|
src: etc_consul.d_00-base_config.hcl.j2
|
|
#validate: 'consul validate %s'
|
|
mode: 0640
|
|
owner: root
|
|
group: consul
|
|
notify: Restart consul
|
|
tags:
|
|
- configs
|
|
- consul.conf
|
|
|
|
- name: Install consul service config
|
|
template:
|
|
dest: /etc/default/consul
|
|
src: etc_default_consul.j2
|
|
when: not consul_stub_mode
|
|
notify: Restart consul
|
|
tags: configs
|
|
|
|
- name: Install consul service
|
|
template:
|
|
dest: /etc/systemd/system/consul.service
|
|
src: etc_systemd_system_consul.service.j2
|
|
when: not consul_stub_mode
|
|
notify: Restart consul
|
|
tags: configs
|
|
|
|
- name: Enable the consul service
|
|
systemd:
|
|
name: consul
|
|
state: "{{ 'started' if not consul_stub_mode else 'stopped' }}"
|
|
enabled: "{{ not consul_stub_mode }}"
|
|
daemon_reload: yes
|
|
when: not consul_stub_mode
|
|
tags: configs
|
|
|
|
- name: Remove the master token if present
|
|
lineinfile:
|
|
dest: /root/.bashrc
|
|
regexp: '^export CONSUL_HTTP_TOKEN=.*'
|
|
state: absent
|
|
when: consul_acl_master_token is defined and consul_acl_master_token and not consul_stub_mode
|
|
tags: configs
|
|
|
|
- name: Install packages needed by consul-tag
|
|
apt:
|
|
pkg:
|
|
- python3
|
|
- python3-requests
|
|
state: present
|
|
when: not consul_stub_mode
|
|
tags: consul-tag
|
|
|
|
- name: Install consul-tag
|
|
template:
|
|
dest: /usr/local/bin/consul-tag
|
|
src: usr_local_bin_consul-tag.j2
|
|
mode: 0755
|
|
owner: root
|
|
group: root
|
|
when: not consul_stub_mode
|
|
tags: consul-tag
|
|
|
|
- name: Remove old firewall config
|
|
file: dest=/etc/firewall/rules-v4.d/28_consul.sh state=absent
|
|
when: consul_firewall and not consul_stub_mode
|
|
notify: Restart firewall
|
|
tags:
|
|
- configs
|
|
- firewall
|
|
|
|
- name: Install the consul firewall config
|
|
template:
|
|
dest: /etc/firewall/rules-v4.d/78_consul.sh
|
|
src: etc_firewall_rules-v4.d_78_consul.sh.j2
|
|
mode: 0600
|
|
when: consul_firewall
|
|
notify: Restart firewall
|
|
tags:
|
|
- configs
|
|
- firewall
|