Few additional checks for ansible dry-run (--check) mode
This commit is contained in:
Anton Nerozya
parent
da3fbc7753
commit
8baef1fc01
5 changed files with 8 additions and 0 deletions
|
|
@ -35,6 +35,7 @@
|
||||||
vault_temp_unseal_keys: "{{ vault_temp_init.json['keys'] }}"
|
vault_temp_unseal_keys: "{{ vault_temp_init.json['keys'] }}"
|
||||||
vault_temp_root_token: "{{ vault_temp_init.json.root_token }}"
|
vault_temp_root_token: "{{ vault_temp_init.json.root_token }}"
|
||||||
vault_headers: "{{ vault_client_headers|combine({'X-Vault-Token': vault_temp_init.json.root_token}) }}"
|
vault_headers: "{{ vault_client_headers|combine({'X-Vault-Token': vault_temp_init.json.root_token}) }}"
|
||||||
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
|
|
||||||
- name: bootstrap/start_vault_temp | Unseal vault-temp
|
- name: bootstrap/start_vault_temp | Unseal vault-temp
|
||||||
uri:
|
uri:
|
||||||
|
|
|
||||||
|
|
@ -19,3 +19,4 @@
|
||||||
type: "{{ auth_backend_type }}"
|
type: "{{ auth_backend_type }}"
|
||||||
status_code: 204
|
status_code: 204
|
||||||
when: vault_auth_backend_check|failed
|
when: vault_auth_backend_check|failed
|
||||||
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,7 @@
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
status_code: 204
|
status_code: 204
|
||||||
when: inventory_hostname == groups[create_role_group]|first
|
when: inventory_hostname == groups[create_role_group]|first
|
||||||
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
|
|
||||||
- name: create_role | Create the new role in the pki mount
|
- name: create_role | Create the new role in the pki mount
|
||||||
uri:
|
uri:
|
||||||
|
|
@ -36,6 +37,7 @@
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
status_code: 204
|
status_code: 204
|
||||||
when: inventory_hostname == groups[create_role_group]|first
|
when: inventory_hostname == groups[create_role_group]|first
|
||||||
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
|
|
||||||
## Cert based auth method
|
## Cert based auth method
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -39,6 +39,7 @@
|
||||||
ip_sans: "{{ issue_cert_ip_sans | default([]) | join(',') }}"
|
ip_sans: "{{ issue_cert_ip_sans | default([]) | join(',') }}"
|
||||||
register: issue_cert_result
|
register: issue_cert_result
|
||||||
when: inventory_hostname == issue_cert_hosts|first
|
when: inventory_hostname == issue_cert_hosts|first
|
||||||
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
|
|
||||||
- name: issue_cert | Copy the cert to all hosts
|
- name: issue_cert | Copy the cert to all hosts
|
||||||
copy:
|
copy:
|
||||||
|
|
@ -47,6 +48,7 @@
|
||||||
group: "{{ issue_cert_file_group | d('root' )}}"
|
group: "{{ issue_cert_file_group | d('root' )}}"
|
||||||
mode: "{{ issue_cert_file_mode | d('0644') }}"
|
mode: "{{ issue_cert_file_mode | d('0644') }}"
|
||||||
owner: "{{ issue_cert_file_owner | d('root') }}"
|
owner: "{{ issue_cert_file_owner | d('root') }}"
|
||||||
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
|
|
||||||
- name: issue_cert | Copy the key to all hosts
|
- name: issue_cert | Copy the key to all hosts
|
||||||
copy:
|
copy:
|
||||||
|
|
@ -55,6 +57,7 @@
|
||||||
group: "{{ issue_cert_file_group | d('root' )}}"
|
group: "{{ issue_cert_file_group | d('root' )}}"
|
||||||
mode: "{{ issue_cert_file_mode | d('0640') }}"
|
mode: "{{ issue_cert_file_mode | d('0640') }}"
|
||||||
owner: "{{ issue_cert_file_owner | d('root') }}"
|
owner: "{{ issue_cert_file_owner | d('root') }}"
|
||||||
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
|
|
||||||
- name: issue_cert | Copy issuing CA cert
|
- name: issue_cert | Copy issuing CA cert
|
||||||
copy:
|
copy:
|
||||||
|
|
|
||||||
|
|
@ -16,3 +16,4 @@
|
||||||
body: "{{ mount_options|d() }}"
|
body: "{{ mount_options|d() }}"
|
||||||
status_code: 204
|
status_code: 204
|
||||||
when: vault_pki_mount_check|failed
|
when: vault_pki_mount_check|failed
|
||||||
|
ignore_errors: "{{ ansible_check_mode }}"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue