--- # task/configure file for renew_consul_certificates - name: "Configure files for consul certificate renewal" become: true notify: - "systemctl-enable-consul-certs" - "systemctl-restart-consul-certs" block: - name: "Copy consul_config.hcl template" ansible.builtin.template: src: consul_config.hcl.j2 dest: "{{ renew_consul_certificates_config_dir }}/consul_config.hcl" owner: "{{ renew_consul_certificates_consul_user }}" group: "{{ renew_consul_certificates_consul_group }}" mode: '0600' - name: "Copy consul_ca.pem.tpl template" ansible.builtin.template: src: consul_ca.pem.tpl.j2 dest: "{{ renew_consul_certificates_config_dir }}/templates/consul_ca.pem.tpl" owner: "{{ renew_consul_certificates_consul_user }}" group: "{{ renew_consul_certificates_consul_group }}" mode: '0600' - name: "Copy consul_cert.pem.tpl template" ansible.builtin.template: src: consul_cert.pem.tpl.j2 dest: "{{ renew_consul_certificates_config_dir }}/templates/consul_cert.pem.tpl" owner: "{{ renew_consul_certificates_consul_user }}" group: "{{ renew_consul_certificates_consul_group }}" mode: '0600' - name: "Copy consul_cert.key.tpl template" ansible.builtin.template: src: consul_key.pem.tpl.j2 dest: "{{ renew_consul_certificates_config_dir }}/templates/consul_key.pem.tpl" owner: "{{ renew_consul_certificates_consul_user }}" group: "{{ renew_consul_certificates_consul_group }}" mode: '0600' - name: "Configure consul-certs systemd service" become: true notify: - "systemctl-daemon-reload" block: - name: "Configure consul-certs env file" ansible.builtin.template: src: consul-certs.env.j2 dest: "{{ renew_consul_certificates_config_dir }}/consul-certs.env" owner: root group: root mode: '0644' - name: "Configure consul-certs systemd service" ansible.builtin.template: src: consul-certs.service.j2 dest: /etc/systemd/system/consul-certs.service owner: root group: root mode: '0644'