From 8baef1fc012b794023cf4fefde2ac770e414e8ee Mon Sep 17 00:00:00 2001 From: Anton Nerozya Date: Fri, 23 Jun 2017 17:45:18 +0200 Subject: [PATCH] Few additional checks for ansible dry-run (--check) mode --- roles/vault/tasks/bootstrap/start_vault_temp.yml | 1 + roles/vault/tasks/shared/auth_backend.yml | 1 + roles/vault/tasks/shared/create_role.yml | 2 ++ roles/vault/tasks/shared/issue_cert.yml | 3 +++ roles/vault/tasks/shared/mount.yml | 1 + 5 files changed, 8 insertions(+) diff --git a/roles/vault/tasks/bootstrap/start_vault_temp.yml b/roles/vault/tasks/bootstrap/start_vault_temp.yml index 4a5e6bc5e..4032577ba 100644 --- a/roles/vault/tasks/bootstrap/start_vault_temp.yml +++ b/roles/vault/tasks/bootstrap/start_vault_temp.yml @@ -35,6 +35,7 @@ vault_temp_unseal_keys: "{{ vault_temp_init.json['keys'] }}" vault_temp_root_token: "{{ vault_temp_init.json.root_token }}" vault_headers: "{{ vault_client_headers|combine({'X-Vault-Token': vault_temp_init.json.root_token}) }}" + ignore_errors: "{{ ansible_check_mode }}" - name: bootstrap/start_vault_temp | Unseal vault-temp uri: diff --git a/roles/vault/tasks/shared/auth_backend.yml b/roles/vault/tasks/shared/auth_backend.yml index ad5b191c9..c818017b0 100644 --- a/roles/vault/tasks/shared/auth_backend.yml +++ b/roles/vault/tasks/shared/auth_backend.yml @@ -19,3 +19,4 @@ type: "{{ auth_backend_type }}" status_code: 204 when: vault_auth_backend_check|failed + ignore_errors: "{{ ansible_check_mode }}" diff --git a/roles/vault/tasks/shared/create_role.yml b/roles/vault/tasks/shared/create_role.yml index c39fafe8c..1ab27ec37 100644 --- a/roles/vault/tasks/shared/create_role.yml +++ b/roles/vault/tasks/shared/create_role.yml @@ -21,6 +21,7 @@ {%- endif -%} status_code: 204 when: inventory_hostname == groups[create_role_group]|first + ignore_errors: "{{ ansible_check_mode }}" - name: create_role | Create the new role in the pki mount uri: @@ -36,6 +37,7 @@ {%- endif -%} status_code: 204 when: inventory_hostname == groups[create_role_group]|first + ignore_errors: "{{ ansible_check_mode }}" ## Cert based auth method diff --git a/roles/vault/tasks/shared/issue_cert.yml b/roles/vault/tasks/shared/issue_cert.yml index 0733e86a0..532d376ab 100644 --- a/roles/vault/tasks/shared/issue_cert.yml +++ b/roles/vault/tasks/shared/issue_cert.yml @@ -39,6 +39,7 @@ ip_sans: "{{ issue_cert_ip_sans | default([]) | join(',') }}" register: issue_cert_result when: inventory_hostname == issue_cert_hosts|first + ignore_errors: "{{ ansible_check_mode }}" - name: issue_cert | Copy the cert to all hosts copy: @@ -47,6 +48,7 @@ group: "{{ issue_cert_file_group | d('root' )}}" mode: "{{ issue_cert_file_mode | d('0644') }}" owner: "{{ issue_cert_file_owner | d('root') }}" + ignore_errors: "{{ ansible_check_mode }}" - name: issue_cert | Copy the key to all hosts copy: @@ -55,6 +57,7 @@ group: "{{ issue_cert_file_group | d('root' )}}" mode: "{{ issue_cert_file_mode | d('0640') }}" owner: "{{ issue_cert_file_owner | d('root') }}" + ignore_errors: "{{ ansible_check_mode }}" - name: issue_cert | Copy issuing CA cert copy: diff --git a/roles/vault/tasks/shared/mount.yml b/roles/vault/tasks/shared/mount.yml index b98b45c57..7b51083ca 100644 --- a/roles/vault/tasks/shared/mount.yml +++ b/roles/vault/tasks/shared/mount.yml @@ -16,3 +16,4 @@ body: "{{ mount_options|d() }}" status_code: 204 when: vault_pki_mount_check|failed + ignore_errors: "{{ ansible_check_mode }}"