Few additional checks for ansible dry-run (--check) mode

2017-06-23 17:45:18 +02:00 · 2017-06-23 17:45:18 +02:00 · 8baef1fc01
commit 8baef1fc01
parent da3fbc7753
5 changed files with 8 additions and 0 deletions
--- a/roles/vault/tasks/bootstrap/start_vault_temp.yml
+++ b/roles/vault/tasks/bootstrap/start_vault_temp.yml
@ -35,6 +35,7 @@
    vault_temp_unseal_keys: "{{ vault_temp_init.json['keys'] }}"
    vault_temp_root_token: "{{ vault_temp_init.json.root_token }}"
    vault_headers: "{{ vault_client_headers|combine({'X-Vault-Token': vault_temp_init.json.root_token}) }}"
+  ignore_errors: "{{ ansible_check_mode }}"

 - name: bootstrap/start_vault_temp | Unseal vault-temp
  uri:
--- a/roles/vault/tasks/shared/auth_backend.yml
+++ b/roles/vault/tasks/shared/auth_backend.yml
@ -19,3 +19,4 @@
      type: "{{ auth_backend_type }}"
    status_code: 204
  when: vault_auth_backend_check|failed
+  ignore_errors: "{{ ansible_check_mode }}"
--- a/roles/vault/tasks/shared/create_role.yml
+++ b/roles/vault/tasks/shared/create_role.yml
@ -21,6 +21,7 @@
             {%- endif -%}
    status_code: 204
  when: inventory_hostname == groups[create_role_group]|first
+  ignore_errors: "{{ ansible_check_mode }}"

 - name: create_role | Create the new role in the pki mount
  uri:
@ -36,6 +37,7 @@
          {%- endif -%}
    status_code: 204
  when: inventory_hostname == groups[create_role_group]|first
+  ignore_errors: "{{ ansible_check_mode }}"

 ## Cert based auth method

--- a/roles/vault/tasks/shared/issue_cert.yml
+++ b/roles/vault/tasks/shared/issue_cert.yml
@ -39,6 +39,7 @@
      ip_sans: "{{ issue_cert_ip_sans | default([]) | join(',') }}"
  register: issue_cert_result
  when: inventory_hostname == issue_cert_hosts|first
+  ignore_errors: "{{ ansible_check_mode }}"

 - name: issue_cert | Copy the cert to all hosts
  copy:
@ -47,6 +48,7 @@
    group: "{{ issue_cert_file_group | d('root' )}}"
    mode: "{{ issue_cert_file_mode | d('0644') }}"
    owner: "{{ issue_cert_file_owner | d('root') }}"
+  ignore_errors: "{{ ansible_check_mode }}"

 - name: issue_cert | Copy the key to all hosts
  copy:
@ -55,6 +57,7 @@
    group: "{{ issue_cert_file_group | d('root' )}}"
    mode: "{{ issue_cert_file_mode | d('0640') }}"
    owner: "{{ issue_cert_file_owner | d('root') }}"
+  ignore_errors: "{{ ansible_check_mode }}"

 - name: issue_cert | Copy issuing CA cert
  copy:
--- a/roles/vault/tasks/shared/mount.yml
+++ b/roles/vault/tasks/shared/mount.yml
@ -16,3 +16,4 @@
    body: "{{ mount_options|d() }}"
    status_code: 204
  when: vault_pki_mount_check|failed
+  ignore_errors: "{{ ansible_check_mode }}"