mirror of
https://git.lapiole.org/dani/ansible-roles.git
synced 2025-10-31 10:51:27 +01:00
Update to 2022-09-13 17:00
This commit is contained in:
Daniel Berteaud
@@ -119,36 +119,25 @@
|
||||
when: nomad_vault_secrets.pki.enabled or nomad_vault_secrets.tokens.enabled
|
||||
tags: nomad
|
||||
|
||||
- name: Deploy consul-template agent cert template
|
||||
template: src=agent_cert.tpl.j2 dest={{ nomad_root_dir }}/consul-template/{{ item.where }} owner=root group=root
|
||||
loop:
|
||||
- what: certificate
|
||||
where: agent.crt.tpl
|
||||
- what: private_key
|
||||
where: agent.key.tpl
|
||||
- what: issuing_ca
|
||||
where: ca.crt.tpl
|
||||
- name: Deploy consul-template agent bundle template
|
||||
template: src=agent_bundle.pem.tpl.j2 dest={{ nomad_root_dir }}/consul-template/agent_bundle.pem.tpl owner=root group=root
|
||||
notify: restart consul-template-nomad
|
||||
when: nomad_vault_secrets.pki.enabled
|
||||
tags: nomad
|
||||
|
||||
- name: Deploy consul-template cli cert template
|
||||
template: src=cli_cert.tpl.j2 dest={{ nomad_root_dir }}/consul-template/{{ item.where }} owner=root group=root
|
||||
loop:
|
||||
- what: certificate
|
||||
where: cli.crt.tpl
|
||||
- what: private_key
|
||||
where: cli.key.tpl
|
||||
- name: Deploy consul-template cli bundle template
|
||||
template: src=cli_bundle.pem.tpl.j2 dest={{ nomad_root_dir }}/consul-template/cli_bundle.pem.tpl owner=root group=root
|
||||
notify: restart consul-template-nomad
|
||||
when: nomad_vault_secrets.pki.enabled and nomad_conf.server.enabled
|
||||
tags: nomad
|
||||
|
||||
- name: Set ACL on the TLS dir
|
||||
shell: |
|
||||
setfacl -R -b -x {{ nomad_root_dir }}/tls
|
||||
setfacl -R -b -k {{ nomad_root_dir }}/tls
|
||||
{% if nomad_admin_groups | length > 0 %}
|
||||
setfacl -R -m {% for group in nomad_admin_groups %}g:{{ group }}:rX{{ ',' if not loop.last }}{% endfor %} {{ nomad_root_dir }}/tls
|
||||
setfacl -R -m {% for group in nomad_admin_groups %}d:g:{{ group }}:rX{{ ',' if not loop.last }}{% endfor %} {{ nomad_root_dir }}/tls
|
||||
setfacl -m {% for group in nomad_admin_groups %}g:{{ group }}:rx{{ ',' if not loop.last }}{% endfor %} {{ nomad_root_dir }}/tls
|
||||
setfacl -m {% for group in nomad_admin_groups %}d:g:{{ group }}:r{{ ',' if not loop.last }}{% endfor %} {{ nomad_root_dir }}/tls
|
||||
setfacl -m {% for group in nomad_admin_groups %}g:{{ group }}:r{{ ',' if not loop.last }}{% endfor %} {{ nomad_root_dir }}/tls/*
|
||||
{% endif %}
|
||||
changed_when: False
|
||||
failed_when: False # Do not fail if eg, the FS doesn't support ACL
|
||||
@@ -159,14 +148,7 @@
|
||||
tags: nomad
|
||||
|
||||
- name: Deploy consul-template consul cert templates
|
||||
template: src=consul_cert.tpl.j2 dest={{ nomad_root_dir }}/consul-template/{{ item.where }} owner=root group=root
|
||||
loop:
|
||||
- what: certificate
|
||||
where: consul.crt.tpl
|
||||
- what: private_key
|
||||
where: consul.key.tpl
|
||||
- what: issuing_ca
|
||||
where: consul_ca.crt.tpl
|
||||
template: src=consul_bundle.pem.tpl.j2 dest={{ nomad_root_dir }}/consul-template/consul_bundle.pem.tpl owner=root group=root
|
||||
notify: restart consul-template-nomad
|
||||
when: nomad_vault_secrets.consul_pki.enabled and nomad_conf.consul.ssl
|
||||
tags: nomad
|
||||
|
||||
Reference in New Issue
Block a user