#consul_template

An Ansible role to install and configure HashiCorp’s consul-template, securely fetching TLS certificates and private keys\
from HashiCorp Vault using AppRole authentication, rendering them to disk, and reloading services when certificates change.

### Requirements
	•	consul-template binary downloaded from HashiCorp releases.
	•	Network connectivity from the target host to the Vault instance (vault_address).
	•	Appropriate Vault AppRole credentials (vault_approle_role_id, vault_approle_secret_id) provisioned by Terraform or other automation.

### Role Variables

The following variables are required and should be set either through inventory or as role parameters:

 | Variable	               | Description                                                | Default |
 | vault_address           | URL of your HashiCorp Vault instance                       | None (required) |
 | vault_approle_role_id   | Vault AppRole Role ID for consul-template authentication   | None (required) |
 | vault_approle_secret_id | Vault AppRole Secret ID for consul-template authentication | None (required) |
 | environment             | Environment identifier (e.g., prod, nonprod)               | None (required) |
 | short_hostname          | Short hostname of the target server (used in file naming)  | None (required) |

### Dependencies

No direct Ansible Galaxy role dependencies. However, it relies on Terraform to provision AppRole credentials and Vault secrets.

### Example Playbook

Example playbook demonstrating basic role usage:

```yml
- hosts: webservers
  become: true
  roles:
    - role: consul_template
      vars:
        vault_address: "https://vault.example.com:8200"
        vault_approle_role_id: "{{ vault_approle_role_id }}"
        vault_approle_secret_id: "{{ vault_approle_secret_id }}"
        environment: "prod"
        short_hostname: "web01"
```

### License

BSD

### Author Information

Created by Patrick De Ruiter.