When enabling auto_encrypt agent won't start in client mode.
endyman opened this issue · comments
When enabling auto_encrypt
client config contains cert_file and key_file properties and the agent won't start. The template needs to exclude cert_file and key_file in clients mode if auto_encrypt
is enabled.
I've also got this problem. I grabbed a copy of your PR, but made a couple changes/fixes to make it more complete.
In the last commit to your fork, you're missing a quote here (endyman@ad262a0#diff-32770839e59ae5da477388c7d674000df855dfcd601cc84471f8362bd24dd8ecR100) that causes the to_nice_json filter to mangle the output.
In the TLS task (https://github.com/ansible-community/ansible-consul/blob/master/tasks/tls.yml#L23-L41), I moved the cert and key tasks into a block that has the same conditional as the config template (except it's using consul_node_role instead of item.config_version) so that it won't break when it can't find the file to copy (which is how I'm using it).
My changes are sitting in a fork right now, but I'm glad to open a PR if someone wants it.