Fixing up vault variables
This commit is contained in:
parent
238a268f29
commit
bccbb172c6
5 changed files with 17 additions and 11 deletions
|
@ -31,12 +31,18 @@
|
||||||
register: etcd_vault_login_result
|
register: etcd_vault_login_result
|
||||||
when: inventory_hostname == groups.etcd|first
|
when: inventory_hostname == groups.etcd|first
|
||||||
|
|
||||||
|
- name: gen_certs_vault | Set fact for vault_client_token
|
||||||
|
set_fact:
|
||||||
|
vault_client_token: "{{ etcd_vault_login_result.get('json', {}).get('auth', {}).get('client_token') }}"
|
||||||
|
delegate_to: "{{ groups['etcd'][0] }}"
|
||||||
|
|
||||||
- name: gen_certs_vault | Set fact for Vault API token
|
- name: gen_certs_vault | Set fact for Vault API token
|
||||||
set_fact:
|
set_fact:
|
||||||
etcd_vault_headers:
|
etcd_vault_headers:
|
||||||
Accept: application/json
|
Accept: application/json
|
||||||
Content-Type: application/json
|
Content-Type: application/json
|
||||||
X-Vault-Token: "{{ hostvars[groups.etcd|first]['etcd_vault_login_result']['json']['auth']['client_token'] }}"
|
X-Vault-Token: "{{ vault_client_token }}"
|
||||||
|
when: vault_client_token != ""
|
||||||
|
|
||||||
# Issue master certs to Etcd nodes
|
# Issue master certs to Etcd nodes
|
||||||
- include: ../../vault/tasks/shared/issue_cert.yml
|
- include: ../../vault/tasks/shared/issue_cert.yml
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
vars:
|
vars:
|
||||||
sync_file: "{{ item }}"
|
sync_file: "{{ item }}"
|
||||||
sync_file_dir: "{{ kube_cert_dir }}"
|
sync_file_dir: "{{ kube_cert_dir }}"
|
||||||
sync_file_group: "{{ kuber_cert_group }}"
|
sync_file_group: "{{ kube_cert_group }}"
|
||||||
sync_file_hosts: "{{ groups['k8s-cluster'] }}"
|
sync_file_hosts: "{{ groups['k8s-cluster'] }}"
|
||||||
sync_file_is_cert: true
|
sync_file_is_cert: true
|
||||||
sync_file_owner: kube
|
sync_file_owner: kube
|
||||||
|
@ -29,7 +29,7 @@
|
||||||
vars:
|
vars:
|
||||||
sync_file: ca.pem
|
sync_file: ca.pem
|
||||||
sync_file_dir: "{{ kube_cert_dir }}"
|
sync_file_dir: "{{ kube_cert_dir }}"
|
||||||
sync_file_group: "{{ kuber_cert_group }}"
|
sync_file_group: "{{ kube_cert_group }}"
|
||||||
sync_file_hosts: "{{ groups['k8s-cluster'] }}"
|
sync_file_hosts: "{{ groups['k8s-cluster'] }}"
|
||||||
sync_file_owner: kube
|
sync_file_owner: kube
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
- name: bootstrap/ca_trust | pull CA from cert from groups.vault|first
|
- name: bootstrap/ca_trust | pull CA from cert from groups.vault|first
|
||||||
command: "cat {{ vault_cert_dir }}/ca.pem"
|
command: "cat {{ vault_cert_dir }}/ca.pem"
|
||||||
register: vault_cert_file_cat
|
register: vault_cert_file_cat
|
||||||
when: inventory_hostname == groups.vault|first
|
delegate_to: "{{ groups['vault']|first }}"
|
||||||
|
|
||||||
# This part is mostly stolen from the etcd role
|
# This part is mostly stolen from the etcd role
|
||||||
- name: bootstrap/ca_trust | target ca-certificate store file
|
- name: bootstrap/ca_trust | target ca-certificate store file
|
||||||
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
- name: bootstrap/ca_trust | add CA to trusted CA dir
|
- name: bootstrap/ca_trust | add CA to trusted CA dir
|
||||||
copy:
|
copy:
|
||||||
content: "{{ hostvars[groups.vault|first]['vault_cert_file_cat']['stdout'] }}"
|
content: "{{ vault_cert_file_cat.get('stdout') }}"
|
||||||
dest: "{{ ca_cert_path }}"
|
dest: "{{ ca_cert_path }}"
|
||||||
register: vault_ca_cert
|
register: vault_ca_cert
|
||||||
|
|
||||||
|
|
|
@ -12,11 +12,11 @@
|
||||||
|
|
||||||
- name: "sync_file | Set facts for file contents"
|
- name: "sync_file | Set facts for file contents"
|
||||||
set_fact:
|
set_fact:
|
||||||
sync_file_contents: "{{ hostvars[sync_file_srcs|first]['sync_file_cat']['stdout'] }}"
|
sync_file_contents: "{{ hostvars[sync_file_srcs|first].get('sync_file_cat', {}).get('stdout') }}"
|
||||||
|
|
||||||
- name: "sync_file | Set fact for key contents"
|
- name: "sync_file | Set fact for key contents"
|
||||||
set_fact:
|
set_fact:
|
||||||
sync_file_key_contents: "{{ hostvars[sync_file_srcs|first]['sync_file_key_cat']['stdout'] }}"
|
sync_file_key_contents: "{{ hostvars[sync_file_srcs|first].get('sync_file_key_cat', {}).get('stdout') }}"
|
||||||
when: sync_file_is_cert|d()
|
when: sync_file_is_cert|d()
|
||||||
|
|
||||||
- name: "sync_file | Ensure the directory exists"
|
- name: "sync_file | Ensure the directory exists"
|
||||||
|
|
|
@ -36,7 +36,7 @@
|
||||||
with_items: "{{ sync_file_hosts | unique }}"
|
with_items: "{{ sync_file_hosts | unique }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: host_item
|
loop_var: host_item
|
||||||
when: hostvars[host_item]["sync_file_stat"]["stat"]["exists"]|bool
|
when: hostvars[host_item].get("sync_file_stat", {}).get("stat", {}).get("exists")
|
||||||
|
|
||||||
- name: "sync_file | Combine all possible key file sync sources"
|
- name: "sync_file | Combine all possible key file sync sources"
|
||||||
set_fact:
|
set_fact:
|
||||||
|
@ -44,7 +44,7 @@
|
||||||
with_items: "{{ sync_file_hosts | unique }}"
|
with_items: "{{ sync_file_hosts | unique }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: host_item
|
loop_var: host_item
|
||||||
when: sync_file_is_cert|d() and hostvars[host_item]["sync_file_key_stat"]["stat"]["exists"]|bool
|
when: sync_file_is_cert|d() and hostvars[host_item].get("sync_file_key_stat", {}).get("stat", {}).get("exists")
|
||||||
|
|
||||||
- name: "sync_file | Remove sync sources with files that do not match sync_file_srcs|first"
|
- name: "sync_file | Remove sync sources with files that do not match sync_file_srcs|first"
|
||||||
set_fact:
|
set_fact:
|
||||||
|
@ -52,7 +52,7 @@
|
||||||
when: >-
|
when: >-
|
||||||
sync_file_srcs|d([])|length > 1 and
|
sync_file_srcs|d([])|length > 1 and
|
||||||
inventory_hostname != sync_file_srcs|first and
|
inventory_hostname != sync_file_srcs|first and
|
||||||
sync_file_stat.stat.get("checksum") != hostvars[sync_file_srcs|first]["sync_file_stat"]["stat"]["checksum"]
|
sync_file_stat.stat.get("checksum") != hostvars[sync_file_srcs|first].get("sync_file_stat", {}).get("stat", {}).get("checksum")
|
||||||
|
|
||||||
- name: "sync_file | Remove sync sources with keys that do not match sync_file_srcs|first"
|
- name: "sync_file | Remove sync sources with keys that do not match sync_file_srcs|first"
|
||||||
set_fact:
|
set_fact:
|
||||||
|
@ -61,7 +61,7 @@
|
||||||
sync_file_is_cert|d() and
|
sync_file_is_cert|d() and
|
||||||
sync_file_key_srcs|d([])|length > 1 and
|
sync_file_key_srcs|d([])|length > 1 and
|
||||||
inventory_hostname != sync_file_key_srcs|first and
|
inventory_hostname != sync_file_key_srcs|first and
|
||||||
sync_file_key_stat.stat.checksum != hostvars[sync_file_srcs|first]["sync_file_key_stat"]["stat"]["checksum"]
|
sync_file_key_stat.stat.get("checksum") != hostvars[sync_file_srcs|first].get("sync_file_key_stat", {}).get("stat", {}).get("checksum")
|
||||||
|
|
||||||
- name: "sync_file | Consolidate file and key sources"
|
- name: "sync_file | Consolidate file and key sources"
|
||||||
set_fact:
|
set_fact:
|
||||||
|
|
Loading…
Reference in a new issue