--- # task/configure file for consul - name: "Consul | Create consul.env" ansible.builtin.template: src: consul.env.j2 dest: "{{ consul_config_dir }}/consul.env" owner: "{{ consul_user }}" group: "{{ consul_group }}" mode: "0600" register: _consul_env_file - name: "Consul | Copy consul.json template" ansible.builtin.template: src: consul.json.j2 dest: "{{ consul_config_dir }}/consul.json" owner: "{{ consul_user }}" group: "{{ consul_group }}" mode: "0600" register: _consul_config_file - name: "Consul | Set restart-check variable" ansible.builtin.set_fact: _consul_service_need_restart: true when: _consul_env_file.changed or _consul_config_file.changed - name: "Consul | Gather initial checksums for certificate files" ansible.builtin.stat: path: "{{ item }}" checksum_algorithm: sha1 loop: "{{ consul_certificates_reload_watchlist }}" when: consul_enable_tls register: _consul_initial_cert_checksums - name: "Consul | Normalize initial checksums" ansible.builtin.set_fact: # This needs to be optimized, but I have spent so much time on it not # working that I will keep it as is for now, and we'll see later. _consul_initial_checksums_normalized: >- {% filter trim %} {% set checksums = [] %} {% for item in _consul_initial_cert_checksums.results %} {% set _ = checksums.append({ 'item': item.item, 'initial_checksum': (item.stat.checksum | default('absent')) }) %} {% endfor %} {{ checksums }} {% endfilter %} when: consul_enable_tls - name: "Consul | Copy extra configuration files" when: consul_extra_files block: - name: "Consul | Get extra file types" ansible.builtin.stat: path: "{{ item.src }}" loop: "{{ consul_extra_files_list }}" register: consul_extra_file_stat delegate_to: localhost - name: "Consul | Set list for file sources" vars: _consul_file_sources: [] ansible.builtin.set_fact: _consul_file_sources: "{{ _consul_file_sources + [item.item] }}" when: item.stat.isreg loop: "{{ consul_extra_file_stat.results }}" loop_control: loop_var: item delegate_to: localhost - name: "Consul | Set list for directory sources" vars: _consul_dir_sources: [] ansible.builtin.set_fact: _consul_dir_sources: "{{ _consul_dir_sources + [item.item] }}" when: item.stat.isdir loop: "{{ consul_extra_file_stat.results }}" loop_control: loop_var: item delegate_to: localhost - name: "Consul | Template extra file sources" ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest | regex_replace('\\.j2$', '') }}" owner: "{{ consul_user }}" group: "{{ consul_group }}" mode: "0700" loop: "{{ _consul_file_sources }}" when: _consul_file_sources is defined - name: "Consul | Template extra directory sources" ansible.builtin.include_tasks: recursive_copy_extra_dirs.yml loop: "{{ _consul_dir_sources }}" loop_control: loop_var: dir_source_item when: _consul_dir_sources is defined - name: "Consul | Gather final checksums for certificate files" ansible.builtin.stat: path: "{{ item }}" checksum_algorithm: sha1 loop: "{{ consul_certificates_reload_watchlist }}" when: consul_enable_tls register: _consul_final_cert_checksums - name: "Consul | Normalize final checksums" ansible.builtin.set_fact: # This needs to be optimized, but I have spent so much time on it not # working that I will keep it as is for now, and we'll see later. _consul_final_checksums_normalized: >- {% filter trim %} {% set checksums = [] %} {% for item in _consul_final_cert_checksums.results %} {% set _ = checksums.append({ 'item': item.item, 'final_checksum': (item.stat.checksum | default('absent')) }) %} {% endfor %} {{ checksums }} {% endfilter %} when: consul_enable_tls - name: "Consul | Merge initial and final checksum lists" ansible.builtin.set_fact: _consul_checksums_list: >- {{ _consul_initial_checksums_normalized | community.general.lists_mergeby(_consul_final_checksums_normalized, 'item') }} when: consul_enable_tls - name: "Consul | Determine if certificates have changed or were newly added" ansible.builtin.set_fact: _consul_service_need_reload: true when: - consul_enable_tls - _consul_checksums_list | json_query('[?initial_checksum!=final_checksum]') | list| length > 0