hcp-ansible/roles/nomad/tasks/configure.yml

141 lines
4.5 KiB
YAML

---
# task/configure file for nomad
- name: "Nomad | Create nomad.env"
ansible.builtin.template:
src: nomad.env.j2
dest: "{{ nomad_config_dir }}/nomad.env"
owner: "{{ nomad_user }}"
group: "{{ nomad_group }}"
mode: "0600"
register: _nomad_env_file
- name: "Nomad | Copy nomad.json template"
ansible.builtin.template:
src: nomad.json.j2
dest: "{{ nomad_config_dir }}/nomad.json"
owner: "{{ nomad_user }}"
group: "{{ nomad_group }}"
mode: "0600"
register: _nomad_config_file
- name: "Nomad | Set restart-check variable"
ansible.builtin.set_fact:
_nomad_service_need_restart: true
when: _nomad_env_file.changed or
_nomad_config_file.changed
- name: "Nomad | Gather initial checksums for certificate files"
ansible.builtin.stat:
path: "{{ item }}"
checksum_algorithm: sha1
loop: "{{ nomad_certificates_reload_watchlist }}"
when: nomad_enable_tls
register: _nomad_initial_cert_checksums
- name: "Nomad | Normalize initial checksums"
ansible.builtin.set_fact:
# This needs to be optimized, but I have spent so much time on it not
# working that I will keep it as is for now, and we'll see later.
_nomad_initial_checksums_normalized: >-
{% filter trim %}
{% set checksums = [] %}
{% for item in _nomad_initial_cert_checksums.results %}
{% set _ = checksums.append({
'item': item.item,
'initial_checksum': (item.stat.checksum | default('absent'))
}) %}
{% endfor %}
{{ checksums }}
{% endfilter %}
when: nomad_enable_tls
- name: "Nomad | Copy extra configuration files"
when: nomad_extra_files
block:
- name: "Nomad | Get extra file types"
ansible.builtin.stat:
path: "{{ item.src }}"
loop: "{{ nomad_extra_files_list }}"
register: nomad_extra_file_stat
delegate_to: localhost
- name: "Nomad | Set list for file sources"
vars:
_nomad_file_sources: []
ansible.builtin.set_fact:
_nomad_file_sources: "{{ _nomad_file_sources + [item.item] }}"
when: item.stat.isreg
loop: "{{ nomad_extra_file_stat.results }}"
loop_control:
loop_var: item
delegate_to: localhost
- name: "Nomad | Set list for directory sources"
vars:
_nomad_dir_sources: []
ansible.builtin.set_fact:
_nomad_dir_sources: "{{ _nomad_dir_sources + [item.item] }}"
when: item.stat.isdir
loop: "{{ nomad_extra_file_stat.results }}"
loop_control:
loop_var: item
delegate_to: localhost
- name: "Nomad | Template extra file sources"
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest | regex_replace('\\.j2$', '') }}"
owner: "{{ nomad_user }}"
group: "{{ nomad_group }}"
mode: "0700"
loop: "{{ _nomad_file_sources }}"
when: _nomad_file_sources is defined
- name: "Nomad | Template extra directory sources"
ansible.builtin.include_tasks: recursive_copy_extra_dirs.yml
loop: "{{ _nomad_dir_sources }}"
loop_control:
loop_var: dir_source_item
when: _nomad_dir_sources is defined
- name: "Nomad | Gather final checksums for certificate files"
ansible.builtin.stat:
path: "{{ item }}"
checksum_algorithm: sha1
loop: "{{ nomad_certificates_reload_watchlist }}"
when: nomad_enable_tls
register: _nomad_final_cert_checksums
- name: "Nomad | Normalize final checksums"
ansible.builtin.set_fact:
# This needs to be optimized, but I have spent so much time on it not
# working that I will keep it as is for now, and we'll see later.
_nomad_final_checksums_normalized: >-
{% filter trim %}
{% set checksums = [] %}
{% for item in _nomad_final_cert_checksums.results %}
{% set _ = checksums.append({
'item': item.item,
'final_checksum': (item.stat.checksum | default('absent'))
}) %}
{% endfor %}
{{ checksums }}
{% endfilter %}
when: nomad_enable_tls
- name: "Nomad | Merge initial and final checksum lists"
ansible.builtin.set_fact:
_nomad_checksums_list: >-
{{
_nomad_initial_checksums_normalized |
community.general.lists_mergeby(_nomad_final_checksums_normalized, 'item')
}}
when: nomad_enable_tls
- name: "Nomad | Determine if certificates have changed or were newly added"
ansible.builtin.set_fact:
_nomad_service_need_reload: true
when:
- nomad_enable_tls
- _nomad_checksums_list | json_query('[?initial_checksum!=final_checksum]') | list| length > 0