added consul reload back, with env variable file
This commit is contained in:
parent
24e38797c4
commit
e4bcbefa51
@ -28,6 +28,13 @@ renew_consul_certificates_consul_group: consul # by default, set to consul
|
|||||||
```
|
```
|
||||||
This variable defines the group that'll be running the certificate renewal service. Defaults to `consul`, and should be present on the host prior to playing this role (ideally when installing consul).
|
This variable defines the group that'll be running the certificate renewal service. Defaults to `consul`, and should be present on the host prior to playing this role (ideally when installing consul).
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
renew_consul_certificates_service_env_variables:
|
||||||
|
consul_http_addr: http://127.0.0.1:8500
|
||||||
|
# consul_http_token:
|
||||||
|
```
|
||||||
|
This variable sets the environment variables for the consul-certs services (notably the address and token to use for the `consul reload` command).
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
renew_consul_certificates_vault_addr: https://vault.example.com # by default, set to https://vault.example.com
|
renew_consul_certificates_vault_addr: https://vault.example.com # by default, set to https://vault.example.com
|
||||||
```
|
```
|
||||||
|
@ -3,6 +3,9 @@
|
|||||||
renew_consul_certificates_config_dir: /etc/consul-template.d/consul
|
renew_consul_certificates_config_dir: /etc/consul-template.d/consul
|
||||||
renew_consul_certificates_consul_user: consul
|
renew_consul_certificates_consul_user: consul
|
||||||
renew_consul_certificates_consul_group: consul
|
renew_consul_certificates_consul_group: consul
|
||||||
|
renew_consul_certificates_service_env_variables:
|
||||||
|
consul_http_addr: http://127.0.0.1:8500
|
||||||
|
# consul_http_token:
|
||||||
renew_consul_certificates_vault_addr: "https://vault.example.com"
|
renew_consul_certificates_vault_addr: "https://vault.example.com"
|
||||||
renew_consul_certificates_vault_token: mysupersecretconsultokenthatyoushouldchange
|
renew_consul_certificates_vault_token: mysupersecretconsultokenthatyoushouldchange
|
||||||
renew_consul_certificates_vault_token_unwrap: false
|
renew_consul_certificates_vault_token_unwrap: false
|
||||||
|
@ -2,6 +2,9 @@
|
|||||||
# renew_consul_certificates_config_dir: /etc/consul-template.d/consul
|
# renew_consul_certificates_config_dir: /etc/consul-template.d/consul
|
||||||
# renew_consul_certificates_consul_user: consul
|
# renew_consul_certificates_consul_user: consul
|
||||||
# renew_consul_certificates_consul_group: consul
|
# renew_consul_certificates_consul_group: consul
|
||||||
|
# renew_consul_certificates_service_env_variables:
|
||||||
|
# consul_http_addr: http://127.0.0.1:8500
|
||||||
|
# # consul_http_token:
|
||||||
# renew_consul_certificates_vault_addr: "https://consul.example.com"
|
# renew_consul_certificates_vault_addr: "https://consul.example.com"
|
||||||
# renew_consul_certificates_vault_token: mysupersecretconsultokenthatyoushouldchange
|
# renew_consul_certificates_vault_token: mysupersecretconsultokenthatyoushouldchange
|
||||||
# renew_consul_certificates_vault_token_unwrap: false
|
# renew_consul_certificates_vault_token_unwrap: false
|
||||||
|
@ -2,6 +2,9 @@
|
|||||||
renew_consul_certificates_config_dir: /etc/consul-template.d/consul
|
renew_consul_certificates_config_dir: /etc/consul-template.d/consul
|
||||||
renew_consul_certificates_consul_user: consul
|
renew_consul_certificates_consul_user: consul
|
||||||
renew_consul_certificates_consul_group: consul
|
renew_consul_certificates_consul_group: consul
|
||||||
|
renew_consul_certificates_service_env_variables:
|
||||||
|
consul_http_addr: http://127.0.0.1:8500
|
||||||
|
# consul_http_token:
|
||||||
renew_consul_certificates_vault_addr: "https://consul.example.com"
|
renew_consul_certificates_vault_addr: "https://consul.example.com"
|
||||||
renew_consul_certificates_vault_token: mysupersecretconsultokenthatyoushouldchange
|
renew_consul_certificates_vault_token: mysupersecretconsultokenthatyoushouldchange
|
||||||
renew_consul_certificates_vault_token_unwrap: false
|
renew_consul_certificates_vault_token_unwrap: false
|
||||||
|
@ -38,11 +38,21 @@
|
|||||||
mode: '0600'
|
mode: '0600'
|
||||||
|
|
||||||
- name: "Configure consul-certs systemd service"
|
- name: "Configure consul-certs systemd service"
|
||||||
|
notify:
|
||||||
|
- "systemctl-daemon-reload"
|
||||||
|
block:
|
||||||
|
- name: "Configure consul-certs env file"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: consul-certs.env.j2
|
||||||
|
dest: "{{ renew_consul_certificates_config_dir }}/consul-certs.env"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
|
- name: "Configure consul-certs systemd service"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: consul-certs.service.j2
|
src: consul-certs.service.j2
|
||||||
dest: /etc/systemd/system/consul-certs.service
|
dest: /etc/systemd/system/consul-certs.service
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
notify:
|
|
||||||
- "systemctl-daemon-reload"
|
|
||||||
|
4
templates/consul-certs.env.j2
Normal file
4
templates/consul-certs.env.j2
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
{% for item in renew_consul_certificates_service_env_variables %}
|
||||||
|
{{ item|upper }}="{{ renew_consul_certificates_service_env_variables[item] }}"
|
||||||
|
{% endfor %}
|
@ -5,6 +5,7 @@ After=network-online.target consul.service
|
|||||||
ConditionFileNotEmpty={{ renew_consul_certificates_config_dir }}/consul_config.hcl
|
ConditionFileNotEmpty={{ renew_consul_certificates_config_dir }}/consul_config.hcl
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
EnvironmentFile=-{{ renew_consul_certificates_config_dir }}/consul-certs.env
|
||||||
User={{ renew_consul_certificates_consul_user }}
|
User={{ renew_consul_certificates_consul_user }}
|
||||||
Group={{ renew_consul_certificates_consul_group }}
|
Group={{ renew_consul_certificates_consul_group }}
|
||||||
ExecStart=/usr/bin/consul-template $OPTIONS -config={{ renew_consul_certificates_config_dir }}/consul_config.hcl
|
ExecStart=/usr/bin/consul-template $OPTIONS -config={{ renew_consul_certificates_config_dir }}/consul_config.hcl
|
||||||
|
Loading…
Reference in New Issue
Block a user