jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-08-06 16:46:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2023-07-08 16:00

Browse Source
This commit is contained in:
Daniel Berteaud
2023-07-08 16:00:11 +02:00
parent f16dd6e98d
commit d87c1bdc89
60 changed files with 708 additions and 439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
roles/consul/tasks/conf.yml
View File

@@ -7,9 +7,7 @@
vars:
cert_path: "{{ consul_conf.tls.defaults.cert_file }}"
cert_key_path: "{{ consul_conf.tls.defaults.key_file }}"
cert_key_user: "{{ consul_user }}"
cert_key_group: "{{ consul_user }}"
cert_key_mode: 660
cert_key_mode: omit
when: consul_conf.tls.enabled
tags: consul
@@ -97,38 +95,15 @@
loop: "{{ consul_backup_configs.stdout_lines }}"
tags: consul
- name: Deploy vault agent configuration
template: src=vault/agent.hcl.j2 dest={{ consul_root_dir }}/vault/agent.hcl mode=640 owner=root group={{ consul_user }}
notify: restart consul-vault-agent
when: consul_vault_agent.pki.enabled
tags: consul
- name: Deploy agent cert bundle template
template: src=vault/agent_bundle.pem.tpl.j2 dest={{ consul_root_dir }}/vault/templates/agent_bundle.pem.tpl owner=root group=root
notify: restart consul-vault-agent
when: consul_vault_agent.pki.enabled
tags: consul
- when:
- consul_vault_agent.auth is defined
- consul_vault_agent.auth.approle is defined
- consul_vault_agent.auth.approle.role_id is defined
- consul_vault_agent.auth.approle.secret_id is defined
name: Setup AppRole auth
block:
- copy: content={{ consul_vault_agent.auth.approle.role_id }} dest={{ consul_root_dir }}/vault/role_id owner=root group={{ consul_user }} mode=640
- copy: content={{ consul_vault_agent.auth.approle.secret_id }} dest={{ consul_root_dir }}/vault/secret_id owner=root group={{ consul_user }} mode=640
tags: consul
- name: Set ACL on the TLS dir
shell: |
setfacl -R -b -k {{ consul_root_dir }}/tls
chown -R {{ consul_user }}:{{ consul_user }} {{ consul_root_dir }}/tls
chmod 775 {{ consul_root_dir }}/tls
chmod 660 {{ consul_root_dir }}/tls/*
setfacl -m u:{{ consul_user }}:rwx {{ consul_root_dir }}/tls
setfacl -m d:u:{{ consul_user }}:rw {{ consul_root_dir }}/tls
setfacl -m u:{{ consul_user }}:rw {{ consul_root_dir }}/tls/*
chown -R :{{ consul_user }} {{ consul_root_dir }}/tls
chmod 770 {{ consul_root_dir }}/tls
chmod 640 {{ consul_root_dir }}/tls/*
setfacl -m u:{{ consul_user }}:rx {{ consul_root_dir }}/tls
setfacl -m d:u:{{ consul_user }}:r {{ consul_root_dir }}/tls
setfacl -m u:{{ consul_user }}:r {{ consul_root_dir }}/tls/*
{% if consul_admin_groups | length > 0 %}
setfacl -m {% for group in consul_admin_groups %}g:{{ group }}:rx{{ ',' if not loop.last }}{% endfor %} {{ consul_root_dir }}/tls
setfacl -m {% for group in consul_admin_groups %}d:g:{{ group }}:r{{ ',' if not loop.last }}{% endfor %} {{ consul_root_dir }}/tls