add modif vault

This commit is contained in:
mperochon 2017-06-06 16:10:13 +02:00
parent 0681ad8d5f
commit cd2b9dcf99
5 changed files with 13 additions and 27 deletions

View file

@ -37,6 +37,9 @@
Accept: application/json Accept: application/json
Content-Type: application/json Content-Type: application/json
X-Vault-Token: "{{ hostvars[groups.etcd|first]['etcd_vault_login_result']['json']['auth']['client_token'] }}" X-Vault-Token: "{{ hostvars[groups.etcd|first]['etcd_vault_login_result']['json']['auth']['client_token'] }}"
when:
- inventory_hostname == groups.etcd|first
- hostvars[groups.etcd|first].get('etcd_vault_login_result', {}).get('json', {}).get('auth', {}).get('client_token') != ""
# Issue master certs to Etcd nodes # Issue master certs to Etcd nodes
- include: ../../vault/tasks/shared/issue_cert.yml - include: ../../vault/tasks/shared/issue_cert.yml

View file

@ -9,7 +9,7 @@
vars: vars:
sync_file: "{{ item }}" sync_file: "{{ item }}"
sync_file_dir: "{{ kube_cert_dir }}" sync_file_dir: "{{ kube_cert_dir }}"
sync_file_group: "{{ kuber_cert_group }}" sync_file_group: "{{ kube_cert_group }}"
sync_file_hosts: "{{ groups['k8s-cluster'] }}" sync_file_hosts: "{{ groups['k8s-cluster'] }}"
sync_file_is_cert: true sync_file_is_cert: true
sync_file_owner: kube sync_file_owner: kube
@ -29,7 +29,7 @@
vars: vars:
sync_file: ca.pem sync_file: ca.pem
sync_file_dir: "{{ kube_cert_dir }}" sync_file_dir: "{{ kube_cert_dir }}"
sync_file_group: "{{ kuber_cert_group }}" sync_file_group: "{{ kube_cert_group }}"
sync_file_hosts: "{{ groups['k8s-cluster'] }}" sync_file_hosts: "{{ groups['k8s-cluster'] }}"
sync_file_owner: kube sync_file_owner: kube

View file

@ -38,9 +38,7 @@
format: "{{ issue_cert_format | d('pem') }}" format: "{{ issue_cert_format | d('pem') }}"
ip_sans: "{{ issue_cert_ip_sans | default([]) | join(',') }}" ip_sans: "{{ issue_cert_ip_sans | default([]) | join(',') }}"
register: issue_cert_result register: issue_cert_result
when: when: inventory_hostname == issue_cert_hosts|first
- inventory_hostname in play_hosts
- inventory_hostname == issue_cert_hosts|first
- name: issue_cert | Copy the cert to all hosts - name: issue_cert | Copy the cert to all hosts
copy: copy:
@ -49,9 +47,6 @@
group: "{{ issue_cert_file_group | d('root' )}}" group: "{{ issue_cert_file_group | d('root' )}}"
mode: "{{ issue_cert_file_mode | d('0644') }}" mode: "{{ issue_cert_file_mode | d('0644') }}"
owner: "{{ issue_cert_file_owner | d('root') }}" owner: "{{ issue_cert_file_owner | d('root') }}"
when:
- inventory_hostname in play_hosts
- inventory_hostname == issue_cert_hosts|first
- name: issue_cert | Copy the key to all hosts - name: issue_cert | Copy the key to all hosts
copy: copy:
@ -60,9 +55,6 @@
group: "{{ issue_cert_file_group | d('root' )}}" group: "{{ issue_cert_file_group | d('root' )}}"
mode: "{{ issue_cert_file_mode | d('0640') }}" mode: "{{ issue_cert_file_mode | d('0640') }}"
owner: "{{ issue_cert_file_owner | d('root') }}" owner: "{{ issue_cert_file_owner | d('root') }}"
when:
- inventory_hostname in play_hosts
- inventory_hostname == issue_cert_hosts|first
- name: issue_cert | Copy issuing CA cert - name: issue_cert | Copy issuing CA cert
copy: copy:
@ -71,7 +63,4 @@
group: "{{ issue_cert_file_group | d('root' )}}" group: "{{ issue_cert_file_group | d('root' )}}"
mode: "{{ issue_cert_file_mode | d('0644') }}" mode: "{{ issue_cert_file_mode | d('0644') }}"
owner: "{{ issue_cert_file_owner | d('root') }}" owner: "{{ issue_cert_file_owner | d('root') }}"
when: when: issue_cert_copy_ca|default(false)
- inventory_hostname in play_hosts
- inventory_hostname == issue_cert_hosts|first
- issue_cert_copy_ca|default(false)

View file

@ -12,11 +12,11 @@
- name: "sync_file | Set facts for file contents" - name: "sync_file | Set facts for file contents"
set_fact: set_fact:
sync_file_contents: "{{ hostvars[sync_file_srcs|first]['sync_file_cat']['stdout'] }}" sync_file_contents: "{{ hostvars[sync_file_srcs|first].get('sync_file_cat', {}).get('stdout') }}"
- name: "sync_file | Set fact for key contents" - name: "sync_file | Set fact for key contents"
set_fact: set_fact:
sync_file_key_contents: "{{ hostvars[sync_file_srcs|first]['sync_file_key_cat']['stdout'] }}" sync_file_key_contents: "{{ hostvars[sync_file_srcs|first].get('sync_file_key_cat', {}).get('stdout') }}"
when: sync_file_is_cert|d() when: sync_file_is_cert|d()
- name: "sync_file | Ensure the directory exists" - name: "sync_file | Ensure the directory exists"

View file

@ -36,9 +36,7 @@
with_items: "{{ sync_file_hosts | unique }}" with_items: "{{ sync_file_hosts | unique }}"
loop_control: loop_control:
loop_var: host_item loop_var: host_item
when: when: hostvars[host_item].get("sync_file_stat", {}).get("stat", {}).get("exists")
- host_item in play_hosts
- hostvars[host_item]["sync_file_stat"]["stat"]["exists"]|bool
- name: "sync_file | Combine all possible key file sync sources" - name: "sync_file | Combine all possible key file sync sources"
set_fact: set_fact:
@ -46,28 +44,24 @@
with_items: "{{ sync_file_hosts | unique }}" with_items: "{{ sync_file_hosts | unique }}"
loop_control: loop_control:
loop_var: host_item loop_var: host_item
when: when: sync_file_is_cert|d() and hostvars[host_item].get("sync_file_key_stat", {}).get("stat", {}).get("exists")
- host_item in play_hosts
- sync_file_is_cert|d() and hostvars[host_item]["sync_file_key_stat"]["stat"]["exists"]|bool
- name: "sync_file | Remove sync sources with files that do not match sync_file_srcs|first" - name: "sync_file | Remove sync sources with files that do not match sync_file_srcs|first"
set_fact: set_fact:
_: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}" _: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
when: when:
- inventory_hostname in play_hosts
- sync_file_srcs|d([])|length > 1 - sync_file_srcs|d([])|length > 1
- inventory_hostname != sync_file_srcs|first - inventory_hostname != sync_file_srcs|first
- sync_file_stat.stat.get("checksum") != hostvars[sync_file_srcs|first]["sync_file_stat"]["stat"]["checksum"] - sync_file_stat.stat.get("checksum") != hostvars[sync_file_srcs|first].get("sync_file_stat", {}).get("stat", {}).get("checksum")
- name: "sync_file | Remove sync sources with keys that do not match sync_file_srcs|first" - name: "sync_file | Remove sync sources with keys that do not match sync_file_srcs|first"
set_fact: set_fact:
_: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}" _: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
when: when:
- inventory_hostname in play_hosts
- sync_file_is_cert|d() - sync_file_is_cert|d()
- sync_file_key_srcs|d([])|length > 1 - sync_file_key_srcs|d([])|length > 1
- inventory_hostname != sync_file_key_srcs|first - inventory_hostname != sync_file_key_srcs|first
- sync_file_key_stat.stat.checksum != hostvars[sync_file_srcs|first]["sync_file_key_stat"]["stat"]["checksum"] - sync_file_key_stat.stat.get("checksum") != hostvars[sync_file_srcs|first].get("sync_file_key_stat", {}).get("stat", {}).get("checksum")
- name: "sync_file | Consolidate file and key sources" - name: "sync_file | Consolidate file and key sources"
set_fact: set_fact: