Skip to content

Commit 403597e

Browse files
tired-engineertired-engineer
authored
fix: Make Consul commands conditional on TLS configuration (#1345)
1 parent 5d1676a commit 403597e

File tree

1 file changed

+20
-15
lines changed

1 file changed

+20
-15
lines changed

automation/playbooks/remove_node.yml

Lines changed: 20 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -216,14 +216,20 @@
216216
gather_facts: true
217217
vars:
218218
target_node: "{{ node_to_remove | default('') }}"
219+
consul_http_addr: "{% if consul_tls_enable | default(true) | bool %}https{% else %}http{% endif %}://127.0.0.1:8500"
220+
consul_ca_flag: "{% if consul_tls_enable | default(true) | bool %}-ca-file=/etc/consul/tls/ca.crt{% endif %}"
221+
consul_client_flags: >-
222+
{% if consul_tls_enable | default(true) | bool %}
223+
-client-cert=/etc/consul/tls/server.crt -client-key=/etc/consul/tls/server.key
224+
{% endif %}
219225
tasks:
220226
- block:
221227
- name: Fetch consul cluster members before removal
222228
run_once: true # noqa run-once
223229
ansible.builtin.command: >-
224-
consul operator raft list-peers \
225-
-http-addr=https://127.0.0.1:8500 \
226-
-ca-file=/etc/consul/tls/ca.crt
230+
consul operator raft list-peers
231+
-http-addr={{ consul_http_addr }}
232+
{{ consul_ca_flag }}
227233
changed_when: false
228234
register: consul_members_list_before
229235
until: consul_members_list_before.rc == 0
@@ -250,10 +256,10 @@
250256
- name: Force-leave target node from consul cluster
251257
run_once: true # noqa run-once
252258
ansible.builtin.command: >-
253-
consul force-leave \
254-
-http-addr=https://127.0.0.1:8500 \
255-
-ca-file=/etc/consul/tls/ca.crt \
256-
{{ hostvars[target_node].ansible_hostname | default(target_node) }}
259+
consul force-leave
260+
-http-addr={{ consul_http_addr }}
261+
{{ consul_ca_flag }}
262+
{{ hostvars[target_node].ansible_hostname | default(target_node) }}
257263
when:
258264
- inventory_hostname != target_node
259265
- consul_members_list_before.stdout | default('') is search(hostvars[target_node].ansible_hostname | default(target_node))
@@ -278,11 +284,10 @@
278284
- name: Remove target node from the Raft configuration
279285
run_once: true # noqa run-once
280286
ansible.builtin.command: >-
281-
consul operator raft remove-peer -id="{{ target_raft_id }}" \
282-
-http-addr=https://127.0.0.1:8500 \
283-
-ca-file=/etc/consul/tls/ca.crt \
284-
-client-cert=/etc/consul/tls/server.crt \
285-
-client-key=/etc/consul/tls/server.key
287+
consul operator raft remove-peer -id="{{ target_raft_id }}"
288+
-http-addr={{ consul_http_addr }}
289+
{{ consul_ca_flag }}
290+
{{ consul_client_flags }}
286291
register: raft_remove_result
287292
until: raft_remove_result.rc == 0
288293
retries: 3
@@ -313,9 +318,9 @@
313318
- name: Fetch consul cluster members after removal
314319
run_once: true # noqa run-once
315320
ansible.builtin.command: >-
316-
consul operator raft list-peers \
317-
-http-addr=https://127.0.0.1:8500 \
318-
-ca-file=/etc/consul/tls/ca.crt
321+
consul operator raft list-peers
322+
-http-addr={{ consul_http_addr }}
323+
{{ consul_ca_flag }}
319324
changed_when: false
320325
register: consul_members_list_after
321326
until: consul_members_list_after.rc == 0

0 commit comments

Comments
 (0)