- name: "Consul" block: - name: "Include ednz_cloud.hashistack.hashicorp_consul" ansible.builtin.include_role: name: ednz_cloud.hashistack.hashicorp_consul - name: "Wait for consul cluster to initialize" # noqa: run-once[task] ansible.builtin.wait_for: timeout: 15 delegate_to: localhost run_once: true - name: "Initialize consul cluster" # noqa: run-once[task] community.general.consul_acl_bootstrap: host: "{{ hashi_consul_configuration['advertise_addr'] }}" port: 8500 scheme: http state: present run_once: true delegate_to: "{{ groups['consul_servers'] | first }}" # retries: 5 # delay: 5 register: _consul_init_secret # until: _consul_init_secret.result is defined when: hashi_consul_configuration.acl.enabled - name: "Write consul configuration to file" # noqa: run-once[task] no-handler ansible.builtin.blockinfile: marker: "## -- {root_token} ANSIBLE MANAGED BLOCK ##" block: "{{ { 'root_token':{ 'accessor_id': _consul_init_secret.result.AccessorID, 'secret_id': _consul_init_secret.result.SecretID } } | to_nice_yaml }}" path: "{{ sub_configuration_directories.consul_servers }}/consul_config.yml" mode: "0644" when: _consul_init_secret.result is defined run_once: true delegate_to: localhost - name: "Load consul cluster variables" ansible.builtin.include_vars: file: "{{ sub_configuration_directories.consul_servers }}/consul_config.yml" name: _consul_cluster_config - name: "Create consul agents token" when: - _consul_init_secret.changed - consul_acl_configuration.enabled block: - name: "Create consul agents token" # noqa: run-once[task] no-handler run_once: true delegate_to: localhost block: - name: "Create consul agent policy" community.general.consul_policy: host: "{{ hashi_consul_configuration['advertise_addr'] }}" token: "{{ _consul_cluster_config.root_token.secret_id }}" port: 8500 scheme: http state: present name: agents-policy rules: "{{ consul_default_agent_policy }}" register: _consul_agent_policy - name: "Create consul agents token" vars: consul_full_url: "http://{{ hashi_consul_configuration['advertise_addr'] }}:8500" consul_token_body: Policies: - ID: "{{ _consul_agent_policy.policy.ID }}" ansible.builtin.uri: url: "{{ consul_full_url }}/v1/acl/token" method: PUT headers: X-Consul-Token: "{{ _consul_cluster_config.root_token.secret_id }}" body: "{{ consul_token_body | to_json }}" status_code: - 200 register: _consul_agent_token - name: "Write consul agents token to file" # no-handler ansible.builtin.blockinfile: marker: "## -- {tokens} ANSIBLE MANAGED BLOCK ##" block: "{{ { 'tokens':{ 'agent': _consul_agent_token.json.SecretID } } | to_nice_yaml }}" path: "{{ sub_configuration_directories.consul_servers }}/consul_config.yml" mode: "0644" when: "'OK' in _consul_agent_token.msg" - name: "Merge token configuration" delegate_to: localhost block: - name: "Stat consul secrets file" ansible.builtin.stat: path: "{{ sub_configuration_directories.consul_servers }}/consul_config.yml" register: _consul_config_file - name: "Load consul secrets file" ansible.builtin.include_vars: file: "{{ sub_configuration_directories.consul_servers }}/consul_config.yml" name: _consul_cluster_config when: _consul_config_file.stat.exists - name: "Merge token configuration" vars: _config_to_merge: acl: tokens: "{{ _consul_cluster_config.tokens }}" ansible.builtin.set_fact: hashi_consul_configuration: "{{ hashi_consul_configuration | default({}) | combine(_config_to_merge, recursive=true) }}" when: _consul_cluster_config.tokens is defined - name: "Include ednz_cloud.hashistack.hashicorp_consul" ansible.builtin.include_role: name: ednz_cloud.hashistack.hashicorp_consul