community.general.consul_role module – Manipulate Consul roles
Note
This module is part of the community.general collection (version 7.5.2).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.general.consul_role
.
New in community.general 7.5.0
Synopsis
Allows the addition, modification and deletion of roles in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/guides/acl.html.
Requirements
The below requirements are needed on the host that executes this module.
requests
Parameters
Parameter |
Comments |
---|---|
Description of the role. If not specified, the assigned description will not be changed. |
|
Host of the consul agent, defaults to Default: |
|
A name used to identify the role. |
|
List of node identities to attach to the role. If not specified, any node identities currently assigned will not be changed. If the parameter is an empty array ( |
|
The nodes datacenter. This will result in effective policy only being valid in this datacenter. |
|
The name of the node. Must not be longer than 256 characters, must start and end with a lowercase alphanumeric character. May only contain lowercase alphanumeric characters as well as - and _. |
|
List of policies to attach to the role. Each policy is a dict. If the parameter is left blank, any policies currently assigned will not be changed. Any empty array ( |
|
The ID of the policy to attach to this role; see community.general.consul_policy for more info. Either this or |
|
The name of the policy to attach to this role; see community.general.consul_policy for more info. Either this or |
|
The port on which the consul agent is running. Default: |
|
The protocol scheme on which the consul agent is running. Default: |
|
List of service identities to attach to the role. If not specified, any service identities currently assigned will not be changed. If the parameter is an empty array ( |
|
The datacenters the policies will be effective. This will result in effective policy only being valid in this datacenter. If an empty array ( including those which do not yet exist but may in the future. |
|
The name of the node. Must not be longer than 256 characters, must start and end with a lowercase alphanumeric character. May only contain lowercase alphanumeric characters as well as - and _. |
|
whether the role should be present or absent. Choices:
|
|
A management token is required to manipulate the roles. |
|
Whether to verify the TLS certificate of the consul agent. Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Create a role with 2 policies
community.general.consul_role:
host: consul1.example.com
token: some_management_acl
name: foo-role
policies:
- id: 783beef3-783f-f41f-7422-7087dc272765
- name: "policy-1"
- name: Create a role with service identity
community.general.consul_role:
host: consul1.example.com
token: some_management_acl
name: foo-role-2
service_identities:
- name: web
datacenters:
- dc1
- name: Create a role with node identity
community.general.consul_role:
host: consul1.example.com
token: some_management_acl
name: foo-role-3
node_identities:
- name: node-1
datacenter: dc2
- name: Remove a role
community.general.consul_role:
host: consul1.example.com
token: some_management_acl
name: foo-role-3
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The operation performed on the role. Returned: changed Sample: |
|
The role object. Returned: success Sample: |