Support tls files in subdirectories

[sroughto]

Our Consul VMs came with pre-installed TLS keys, certs, and CAs. These were located in subdirectories of /etc/pki/tls (e.g., /etc/pki/tls/private).

We tried to work around this by defining TLS location variables to include a subdirectory, such as:

consul_server_key: private/server-consul.key

However, this breaks the Ansible role (because, in this example, private does not exist under the destination consul_tls_dir, resulting in a file not found error).

To proceed, we could either (a) copy the files to a single source directory so the role would work as-is, (b) modify the role to create subdirectories under consul_tls_dir, or (c) modify the role to copy files from source subdirectories into consul_tls_dir without subdirectories. We chose the latter.

The simplest approach was to add a "basename" filter where TLS variables were used, e.g.,

- dest: "{{ consul_tls_dir }}/{{ consul_server_key }}"
+ dest: "{{ consul_tls_dir }}/{{ consul_server_key | basename }}"

This enables consul_server_key (and other TLS source location variables) to include a subdirectory prefix. This change should be backward-compatible with existing playbooks that expect TLS source files co-located in one directory.

This change is needed in two files (tasks/tls.yml and templates/config.json.j2), for the following variables:

• consul_server_key
• consul_tls_ca_crt
• consul_tls_server_crt

[brianshumate]

Hey!

Thanks for reporting this and the suggestion. I've made the changes and they'll be in next release version.

[brianshumate]

Closing since this has been added.