Update to 2022-09-06 18:00

2025-07-27 00:05:44 +02:00 · 2022-09-06 18:00:22 +02:00
parent ac46e06fb3
commit 382804b568
33 changed files with 311 additions and 113 deletions
--- a/roles/consul/tasks/conf.yml
+++ b/roles/consul/tasks/conf.yml
@@ -94,42 +94,40 @@
  loop: "{{ consul_backup_configs.stdout_lines }}"
  tags: consul

- when: consul_vault_tls.enabled
-  block:
-
-    - name: Deploy consul-template config
-      template: src=consul-template.hcl.j2 dest={{ consul_root_dir }}/consul-template/consul-template.hcl
-      notify: restart consul-template-consul
-
-    - name: Deploy consul-template agent cert template
-      template: src=agent_cert.tpl.j2 dest={{ consul_root_dir }}/consul-template/{{ item.where }} owner=root group=root
-      loop:
-        - what: certificate
-          where: agent.crt.tpl
-        - what: private_key
-          where: agent.key.tpl
-        - what: issuing_ca
-          where: ca.crt.tpl
-      notify: restart consul-template-consul
-
-    - name: Check if certificate exists
-      stat: path={{ consul_conf.tls.defaults.cert_file }}
-      register: consul_tls_cert_file
-
+- name: Deploy consul-template config
+  template: src=consul-template.hcl.j2 dest={{ consul_root_dir }}/consul-template/consul-template.hcl mode=600 owner=root group=root
+  notify: restart consul-template-consul
+  when: consul_vault_secrets.pki.enabled or consul_vault_secrets.tokens.enabled
  tags: consul

- when: consul_vault_tls.enabled and consul_conf.server
-  block:
+- name: Deploy consul-template agent cert template
+  template: src=agent_cert.tpl.j2 dest={{ consul_root_dir }}/consul-template/{{ item.where }} owner=root group=root
+  loop:
+    - what: certificate
+      where: agent.crt.tpl
+    - what: private_key
+      where: agent.key.tpl
+    - what: issuing_ca
+      where: ca.crt.tpl
+  notify: restart consul-template-consul
+  when: consul_vault_secrets.pki.enabled
+  tags: consul

-    - name: Deploy consul-template cli cert template
-      template: src=cli_cert.tpl.j2 dest={{ consul_root_dir }}/consul-template/{{ item.where }} owner=root group=root
-      loop:
-        - what: certificate
-          where: cli.crt.tpl
-        - what: private_key
-          where: cli.key.tpl
-      notify: restart consul-template-consul
+- name: Deploy consul-template cli cert template
+  template: src=cli_cert.tpl.j2 dest={{ consul_root_dir }}/consul-template/{{ item.where }} owner=root group=root
+  loop:
+    - what: certificate
+      where: cli.crt.tpl
+    - what: private_key
+      where: cli.key.tpl
+  notify: restart consul-template-consul
+  when: consul_vault_secrets.pki.enabled and consul_conf.server
+  tags: consul

+- name: Deploy the consul-template agent token template
+  template: src=agent.token.tpl.j2 dest={{ consul_root_dir }}/consul-template/agent.token.tpl owner=root group=root
+  notify: restart consul-template-consul
+  when: consul_vault_secrets.tokens.enabled
  tags: consul

 - name: Set ACL on the TLS dir
--- a/roles/consul/tasks/services.yml
+++ b/roles/consul/tasks/services.yml
@@ -6,6 +6,9 @@
  tags: consul

 - name: Handle consul-template-consul service
-  service: name=consul-template-consul state={{ consul_vault_tls.enabled | ternary('started', 'stopped') }} enabled={{ consul_vault_tls.enabled | ternary(True, False) }}
+  service:
+    name: consul-template-consul
+    state: "{{ (consul_vault_secrets.pki.enabled or consul_vault_secrets.tokens.enabled) | ternary('started', 'stopped') }}"
+    enabled: "{{ (consul_vault_secrets.pki.enabled or consul_vault_secrets.tokens.enabled) | ternary(True, False) }}"
  tags: consul