homelab/consul-deployment
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
7bc9062d85
consul-deployment/deploy_consul.yaml
Jim Nicholson 7bc9062d85 Lots of changes
2021-12-16 11:01:42 -08:00

105 lines
3.2 KiB
YAML
Raw Blame History

- name: Deploy consul cluster
hosts:
- consul
vars:
gather_facts: true
tasks:
- name: Install zip utils
apk:
name:
- unzip
- consul
state: present
- name: Check for upgrade requirement
shell: /usr/sbin/consul version
register: consul_version
changed_when: false
- name: Apply upgrades if needed
block:
- name: Obtain consul binary
get_url:
url: https://releases.hashicorp.com/consul/1.10.4/consul_1.10.4_linux_amd64.zip
dest: /tmp/consul.zip
- name: Remove old consul binary
file:
path: /usr/sbin/consul
state: absent
- name: Expand binary
unarchive:
src: /tmp/consul.zip
dest: /usr/sbin/
remote_src: yes
when: consul_version.stdout.find('Consul v1.10.4') == -1
- name: Create keys directory
file:
path: /etc/consul.keys
state: directory
owner: root
- name: Set up CA and create certs
block:
- name: Create a CA for key creation
shell: consul tls ca create
args:
chdir: /etc/consul.keys
creates: /etc/consul.keys/consul-agent-ca-key.pem
- name: Retrieve new CA key and certificate
fetch:
src: '/etc/consul.keys/{{item}}'
dest: 'files/keys/{{item}}'
flat: yes
loop:
- consul-agent-ca-key.pem
- consul-agent-ca.pem
- name: Install server certificate script
copy:
src: 'files/scripts/consul-server-cert.sh'
dest: '/usr/sbin/consul-server-cert'
mode: '0700'
- name: Create server certificates
shell: '/usr/sbin/consol-server-cert {{item}}'
args:
chdir: /etc/consul.keys
creates: '/etc/consul.keys/{{item}}.key.pem'
loop: "{{ groups.consul }}"
- name: Retrieve server certificates
fetch:
src: '/etc/consul.keys/{{item}}.pem'
dest: 'files/keys/{{item}}.pem'
flat: yes
loop: "{{ groups.consul }}"
- name: Retrieve server keys
fetch:
src: '/etc/consul.keys/{{item}}.key.pem'
dest: 'files/keys/{{item}}.key.pem'
flat: yes
loop: "{{ groups.consul }}"
when: inventory_hostname in 'cnsl01'
- name: Distribute CA certificate
copy:
src: keys/consul-agent-ca.pem
dest: /etc/consul.keys/consul-agent-ca.pem
- name: Distribute certificates and keys
block:
- name: Ship certificate
copy:
src: "keys/{{inventory_hostname}}.pem"
dest: "/etc/consul.keys/{{inventory_hostname}}.pem"
- name: Ship key
copy:
src: "keys/{{inventory_hostname}}.key.pem"
dest: "/etc/consul.keys/{{inventory_hostname}}.key.pem"
when: inventory_hostname not in 'cnsl01'
- name: Update server tls config
template:
src: tls.json
dest: /etc/consul/
- name: Copy static server config files
copy:
src: files/server_cfg/
dest: /etc/consul
Reference in New Issue View Git Blame Copy Permalink