Patrick de Ruiter
dc269e5fc2
- Removed gitlink entries for consul_template-legacy and consul_template-org - Converted from git submodules to regular directories - Fixes: 'fatal: No url found for submodule path' error when downloading module - Required for using module with git::https:// source in parent modules
1.9 KiB
#consul_template
An Ansible role to install and configure HashiCorp’s consul-template, securely fetching TLS certificates and private keys
from HashiCorp Vault using AppRole authentication, rendering them to disk, and reloading services when certificates change.
Requirements
• consul-template binary downloaded from HashiCorp releases.
• Network connectivity from the target host to the Vault instance (vault_address).
• Appropriate Vault AppRole credentials (vault_approle_role_id, vault_approle_secret_id) provisioned by Terraform or other automation.
Role Variables
The following variables are required and should be set either through inventory or as role parameters:
| Variable | Description | Default | | vault_address | URL of your HashiCorp Vault instance | None (required) | | vault_approle_role_id | Vault AppRole Role ID for consul-template authentication | None (required) | | vault_approle_secret_id | Vault AppRole Secret ID for consul-template authentication | None (required) | | environment | Environment identifier (e.g., prod, nonprod) | None (required) | | short_hostname | Short hostname of the target server (used in file naming) | None (required) |
Dependencies
No direct Ansible Galaxy role dependencies. However, it relies on Terraform to provision AppRole credentials and Vault secrets.
Example Playbook
Example playbook demonstrating basic role usage:
- hosts: webservers
become: true
roles:
- role: consul_template
vars:
vault_address: "https://vault.example.com:8200"
vault_approle_role_id: "{{ vault_approle_role_id }}"
vault_approle_secret_id: "{{ vault_approle_secret_id }}"
environment: "prod"
short_hostname: "web01"
License
BSD
Author Information
Created by Patrick De Ruiter.