C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

additional checks when vault is already configured

Browse source
This commit is contained in:
Anton Nerozya 2017-07-13 15:56:32 +02:00
parent 23b95a4146
commit 09d664dc09
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
roles/vault/tasks/cluster/init.yml
View file

@ -20,6 +20,17 @@
vault_headers: "{{ vault_client_headers|combine({'X-Vault-Token': vault_init_result.json.root_token}) }}"
when: not vault_cluster_is_initialized and inventory_hostname == groups.vault|first
- name: "cluster/init | Get existent root_token"
command: "cat {{ vault_secrets_dir }}/root_token"
register: existent_root_token
when: vault_cluster_is_initialized
- name: cluster/init | Fix facts for existent vault cluster
set_fact:
vault_root_token: "{{ existent_root_token.stdout }}"
vault_headers: "{{ vault_client_headers|combine({'X-Vault-Token': existent_root_token.stdout}) }}"
when: vault_cluster_is_initialized
- name: cluster/init | Ensure all hosts have these facts
set_fact:
vault_unseal_keys: "{{ hostvars[groups.vault|first]['vault_unseal_keys'] }}"