{% import 'globals.jinja' as globals %}

include:
  - systemd.helpers

consul:
  file.managed:
    - name: /usr/bin/consul
    - source: salt://consul/files/vendor/0.8.3.linux-amd64/consul
    - mode: 555
  group.present:
    - system: True
  user.present:
    - system: True
    - gid: consul
    - home: /data/consul
    - createhome: False
    - groups:
      - deployment-keys
    - require:
      - group: consul
      - group: deployment-keys
  service.running:
    - enable: True
    - require:
      - user: consul
      - group: consul
      - file: /data/consul
      - module: reload_systemd
    - watch:
      - file: consul
      - file: /etc/consul
      - x509: /etc/deployment/ssl/private/deployment.key
      - x509: /etc/deployment/ssl/certs/deployment.crt
      - file: /etc/deployment/ssl/certs/ca-chain-deployment.crt
      - file: /etc/systemd/system/consul.service

# We create this directory manually rather than using 'user.present' with
# 'createhome: True' to ensure that .bashrc, etc., are not copied into it.
/data/consul:
  file.directory:
    - user: consul
    - group: consul
    - require:
      - user: consul
      - group: consul

/etc/consul:
  file.recurse:
    - source: salt://consul/files/conf.d
    - user: root
    - group: consul
    - dir_mode: 750
    - file_mode: 640
    - template: jinja
    - context:
        consul_datacenter: {{ pillar['global']['consul_datacenter'] }}
        consul_secret: {{ pillar['global']['consul_secret'] }}
        server_ip_addresses: {{ globals.admin_ip_addresses }}
    - require:
      - group: consul

/etc/systemd/system/consul.service:
  file.managed:
    - source: salt://consul/files/consul.service
    - template: jinja
    - onchanges_in:
      - module: reload_systemd