jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-10-31 10:51:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-09-06 18:00

Browse Source
This commit is contained in:
Daniel Berteaud
2022-09-06 18:00:22 +02:00
parent ac46e06fb3
commit 382804b568
33 changed files with 311 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
roles/nomad/tasks/conf.yml
View File

@@ -113,38 +113,34 @@
loop: "{{ nomad_backup_configs.stdout_lines }}"
tags: nomad
- when: nomad_vault_tls.enabled
block:
- name: Deploy consul-template config
template: src=consul-template.hcl.j2 dest={{ nomad_root_dir }}/consul-template/consul-template.hcl
notify: restart consul-template-nomad
- name: Deploy consul-template agent cert template
template: src=agent_cert.tpl.j2 dest={{ nomad_root_dir }}/consul-template/{{ item.where }} owner=root group=root
loop:
- what: certificate
where: agent.crt.tpl
- what: private_key
where: agent.key.tpl
- what: issuing_ca
where: ca.crt.tpl
notify: restart consul-template-nomad
- name: Deploy consul-template config
template: src=consul-template.hcl.j2 dest={{ nomad_root_dir }}/consul-template/consul-template.hcl mode=600 owner=root group=root
notify: restart consul-template-nomad
when: nomad_vault_secrets.pki.enabled or nomad_vault_secrets.tokens.enabled
tags: nomad
- when: nomad_vault_tls.enabled and nomad_conf.server.enabled
block:
- name: Deploy consul-template cli cert template
template: src=cli_cert.tpl.j2 dest={{ nomad_root_dir }}/consul-template/{{ item.where }} owner=root group=root
loop:
- what: certificate
where: cli.crt.tpl
- what: private_key
where: cli.key.tpl
notify: restart consul-template-nomad
- name: Deploy consul-template agent cert template
template: src=agent_cert.tpl.j2 dest={{ nomad_root_dir }}/consul-template/{{ item.where }} owner=root group=root
loop:
- what: certificate
where: agent.crt.tpl
- what: private_key
where: agent.key.tpl
- what: issuing_ca
where: ca.crt.tpl
notify: restart consul-template-nomad
when: nomad_vault_secrets.pki.enabled
tags: nomad
- name: Deploy consul-template cli cert template
template: src=cli_cert.tpl.j2 dest={{ nomad_root_dir }}/consul-template/{{ item.where }} owner=root group=root
loop:
- what: certificate
where: cli.crt.tpl
- what: private_key
where: cli.key.tpl
notify: restart consul-template-nomad
when: nomad_vault_secrets.pki.enabled and nomad_conf.server.enabled
tags: nomad
- name: Set ACL on the TLS dir
@@ -172,6 +168,6 @@
- what: issuing_ca
where: consul_ca.crt.tpl
notify: restart consul-template-nomad
when: nomad_conf.client.enabled and nomad_conf.consul.ssl
when: nomad_vault_secrets.consul_pki.enabled and nomad_conf.client.enabled and nomad_conf.consul.ssl
tags: nomad

1
roles/nomad/tasks/install.yml
View File

@@ -114,6 +114,7 @@
template: src=consul-template-nomad.service.j2 dest=/etc/systemd/system/consul-template-nomad.service
register: nomad_consul_tpl_unit
notify: restart consul-template-nomad
when: nomad_vault_secrets.pki.enabled or nomad_vault_secrets.consul_pki.enabled
tags: nomad
- name: Reload systemd

5
roles/nomad/tasks/services.yml
View File

@@ -6,5 +6,8 @@
tags: nomad
- name: Handle consul-template-nomad service
service: name=consul-template-nomad state={{ nomad_vault_tls.enabled | ternary('started', 'stopped') }} enabled={{ nomad_vault_tls.enabled | ternary(True, False) }}
service:
name: consul-template-nomad
state: "{{ (nomad_vault_secrets.pki.enabled or nomad_vault_secrets.consul_pki.enabled or nomad_vault_secrets.tokens.enabled) | ternary('started', 'stopped') }}"
enabled: "{{ (nomad_vault_secrets.pki.enabled or nomad_vault_secrets.consul_pki.enabled or nomad_vault_secrets.tokens.enabled) | ternary(True, False) }}"
tags: nomad