public-mirrors/NewsBlur
1
0
Fork 0
mirror of https://github.com/samuelclay/NewsBlur.git synced 2025-09-18 21:50:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
NewsBlur/ansible/roles/ansible-consul/tasks/acl.yml

99 lines
3 KiB
YAML
Raw Blame History

---
# File: acl.yml - ACL tasks for Consul
- block:
- name: Read ACL master token from previously boostrapped server
command: "cat {{ consul_config_path }}/config.json"
register: config_read
no_log: true
changed_when: false
run_once: true
- name: Save acl_master_token from existing configuration
set_fact:
consul_acl_master_token: "{{ config_read.stdout | from_json | json_query(query) }}"
vars:
query: "acl.tokens.master"
no_log: true
when:
- bootstrap_state.stat.exists | bool
- (consul_acl_master_token is not defined or consul_acl_master_token | length == 0)
- consul_node_role == 'server'
- block:
- name: Generate ACL master token
command: "echo {{ lookup('password', '/dev/null length=32 chars=ascii_letters') | to_uuid }}"
register: consul_acl_master_token_keygen
run_once: true
no_log: true
- name: Save ACL master token
set_fact:
consul_acl_master_token: "{{ consul_acl_master_token_keygen.stdout }}"
no_log: true
when:
- (consul_acl_master_token is not defined or consul_acl_master_token | length == 0)
- not bootstrap_state.stat.exists | bool
- consul_node_role == 'server'
- name: Display ACL Master Token
debug:
msg: "{{ consul_acl_master_token }}"
run_once: true
when:
- consul_acl_master_token_display | bool
- consul_node_role == 'server'
- block:
- name: Read ACL replication token from previously boostrapped server
shell: >
cat {{ consul_config_path }}/config.json |
grep "replication" |
sed -E 's/"replication": "(.+)",?/\1/' |
sed 's/^ *//;s/ *$//'
changed_when: false
check_mode: false
register: consul_acl_replication_token_read
run_once: true
- name: Save acl_replication_token from existing configuration
set_fact: consul_acl_replication_token="{{ consul_acl_replication_token_read.stdout }}"
ignore_errors: true
when:
- bootstrap_state.stat.exists | bool
- (consul_acl_replication_token is not defined or consul_acl_replication_token | length == 0)
- consul_node_role == 'server'
- block:
- name: Generate ACL replication token
command: "echo {{ lookup('password', '/dev/null length=32 chars=ascii_letters') | to_uuid }}"
register: consul_acl_replication_token_keygen
no_log: true
run_once: true
- name: Save ACL replication token
set_fact:
consul_acl_replication_token: "{{ consul_acl_replication_token_keygen.stdout }}"
no_log: true
when:
- (consul_acl_replication_token is not defined or consul_acl_replication_token | length == 0)
- not bootstrap_state.stat.exists | bool
- consul_node_role == 'server'
- name: Create ACL policy configuration
template:
src: configd_50acl_policy.hcl.j2
dest: "{{ consul_configd_path }}/50acl_policy.hcl"
owner: "{{ consul_user }}"
group: "{{ consul_group }}"
mode: 0600
notify:
- restart consul
when: consul_acl_policy | bool
Reference in a new issue View git blame Copy permalink