From 09d664dc097e8a9633bc3a96f5b588cd3dfddd3d Mon Sep 17 00:00:00 2001
From: Anton Nerozya <nerozya.anton@gmail.com>
Date: Thu, 13 Jul 2017 15:56:32 +0200
Subject: [PATCH] additional checks when vault is already configured

---
 roles/vault/tasks/cluster/init.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/roles/vault/tasks/cluster/init.yml b/roles/vault/tasks/cluster/init.yml
index 9960577ac..deaa73443 100644
--- a/roles/vault/tasks/cluster/init.yml
+++ b/roles/vault/tasks/cluster/init.yml
@@ -20,6 +20,17 @@
     vault_headers: "{{ vault_client_headers|combine({'X-Vault-Token': vault_init_result.json.root_token}) }}"
   when: not vault_cluster_is_initialized and inventory_hostname == groups.vault|first
 
+- name: "cluster/init | Get existent root_token"
+  command: "cat {{ vault_secrets_dir }}/root_token"
+  register: existent_root_token
+  when: vault_cluster_is_initialized
+
+- name: cluster/init | Fix facts for existent vault cluster
+  set_fact:
+    vault_root_token: "{{ existent_root_token.stdout }}"
+    vault_headers: "{{ vault_client_headers|combine({'X-Vault-Token': existent_root_token.stdout}) }}"
+  when: vault_cluster_is_initialized
+
 - name: cluster/init | Ensure all hosts have these facts
   set_fact:
     vault_unseal_keys: "{{ hostvars[groups.vault|first]['vault_unseal_keys'] }}"