add modif vault
This commit is contained in:
parent
0681ad8d5f
commit
cd2b9dcf99
5 changed files with 13 additions and 27 deletions
|
@ -37,6 +37,9 @@
|
||||||
Accept: application/json
|
Accept: application/json
|
||||||
Content-Type: application/json
|
Content-Type: application/json
|
||||||
X-Vault-Token: "{{ hostvars[groups.etcd|first]['etcd_vault_login_result']['json']['auth']['client_token'] }}"
|
X-Vault-Token: "{{ hostvars[groups.etcd|first]['etcd_vault_login_result']['json']['auth']['client_token'] }}"
|
||||||
|
when:
|
||||||
|
- inventory_hostname == groups.etcd|first
|
||||||
|
- hostvars[groups.etcd|first].get('etcd_vault_login_result', {}).get('json', {}).get('auth', {}).get('client_token') != ""
|
||||||
|
|
||||||
# Issue master certs to Etcd nodes
|
# Issue master certs to Etcd nodes
|
||||||
- include: ../../vault/tasks/shared/issue_cert.yml
|
- include: ../../vault/tasks/shared/issue_cert.yml
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
vars:
|
vars:
|
||||||
sync_file: "{{ item }}"
|
sync_file: "{{ item }}"
|
||||||
sync_file_dir: "{{ kube_cert_dir }}"
|
sync_file_dir: "{{ kube_cert_dir }}"
|
||||||
sync_file_group: "{{ kuber_cert_group }}"
|
sync_file_group: "{{ kube_cert_group }}"
|
||||||
sync_file_hosts: "{{ groups['k8s-cluster'] }}"
|
sync_file_hosts: "{{ groups['k8s-cluster'] }}"
|
||||||
sync_file_is_cert: true
|
sync_file_is_cert: true
|
||||||
sync_file_owner: kube
|
sync_file_owner: kube
|
||||||
|
@ -29,7 +29,7 @@
|
||||||
vars:
|
vars:
|
||||||
sync_file: ca.pem
|
sync_file: ca.pem
|
||||||
sync_file_dir: "{{ kube_cert_dir }}"
|
sync_file_dir: "{{ kube_cert_dir }}"
|
||||||
sync_file_group: "{{ kuber_cert_group }}"
|
sync_file_group: "{{ kube_cert_group }}"
|
||||||
sync_file_hosts: "{{ groups['k8s-cluster'] }}"
|
sync_file_hosts: "{{ groups['k8s-cluster'] }}"
|
||||||
sync_file_owner: kube
|
sync_file_owner: kube
|
||||||
|
|
||||||
|
|
|
@ -38,9 +38,7 @@
|
||||||
format: "{{ issue_cert_format | d('pem') }}"
|
format: "{{ issue_cert_format | d('pem') }}"
|
||||||
ip_sans: "{{ issue_cert_ip_sans | default([]) | join(',') }}"
|
ip_sans: "{{ issue_cert_ip_sans | default([]) | join(',') }}"
|
||||||
register: issue_cert_result
|
register: issue_cert_result
|
||||||
when:
|
when: inventory_hostname == issue_cert_hosts|first
|
||||||
- inventory_hostname in play_hosts
|
|
||||||
- inventory_hostname == issue_cert_hosts|first
|
|
||||||
|
|
||||||
- name: issue_cert | Copy the cert to all hosts
|
- name: issue_cert | Copy the cert to all hosts
|
||||||
copy:
|
copy:
|
||||||
|
@ -49,9 +47,6 @@
|
||||||
group: "{{ issue_cert_file_group | d('root' )}}"
|
group: "{{ issue_cert_file_group | d('root' )}}"
|
||||||
mode: "{{ issue_cert_file_mode | d('0644') }}"
|
mode: "{{ issue_cert_file_mode | d('0644') }}"
|
||||||
owner: "{{ issue_cert_file_owner | d('root') }}"
|
owner: "{{ issue_cert_file_owner | d('root') }}"
|
||||||
when:
|
|
||||||
- inventory_hostname in play_hosts
|
|
||||||
- inventory_hostname == issue_cert_hosts|first
|
|
||||||
|
|
||||||
- name: issue_cert | Copy the key to all hosts
|
- name: issue_cert | Copy the key to all hosts
|
||||||
copy:
|
copy:
|
||||||
|
@ -60,9 +55,6 @@
|
||||||
group: "{{ issue_cert_file_group | d('root' )}}"
|
group: "{{ issue_cert_file_group | d('root' )}}"
|
||||||
mode: "{{ issue_cert_file_mode | d('0640') }}"
|
mode: "{{ issue_cert_file_mode | d('0640') }}"
|
||||||
owner: "{{ issue_cert_file_owner | d('root') }}"
|
owner: "{{ issue_cert_file_owner | d('root') }}"
|
||||||
when:
|
|
||||||
- inventory_hostname in play_hosts
|
|
||||||
- inventory_hostname == issue_cert_hosts|first
|
|
||||||
|
|
||||||
- name: issue_cert | Copy issuing CA cert
|
- name: issue_cert | Copy issuing CA cert
|
||||||
copy:
|
copy:
|
||||||
|
@ -71,7 +63,4 @@
|
||||||
group: "{{ issue_cert_file_group | d('root' )}}"
|
group: "{{ issue_cert_file_group | d('root' )}}"
|
||||||
mode: "{{ issue_cert_file_mode | d('0644') }}"
|
mode: "{{ issue_cert_file_mode | d('0644') }}"
|
||||||
owner: "{{ issue_cert_file_owner | d('root') }}"
|
owner: "{{ issue_cert_file_owner | d('root') }}"
|
||||||
when:
|
when: issue_cert_copy_ca|default(false)
|
||||||
- inventory_hostname in play_hosts
|
|
||||||
- inventory_hostname == issue_cert_hosts|first
|
|
||||||
- issue_cert_copy_ca|default(false)
|
|
||||||
|
|
|
@ -12,11 +12,11 @@
|
||||||
|
|
||||||
- name: "sync_file | Set facts for file contents"
|
- name: "sync_file | Set facts for file contents"
|
||||||
set_fact:
|
set_fact:
|
||||||
sync_file_contents: "{{ hostvars[sync_file_srcs|first]['sync_file_cat']['stdout'] }}"
|
sync_file_contents: "{{ hostvars[sync_file_srcs|first].get('sync_file_cat', {}).get('stdout') }}"
|
||||||
|
|
||||||
- name: "sync_file | Set fact for key contents"
|
- name: "sync_file | Set fact for key contents"
|
||||||
set_fact:
|
set_fact:
|
||||||
sync_file_key_contents: "{{ hostvars[sync_file_srcs|first]['sync_file_key_cat']['stdout'] }}"
|
sync_file_key_contents: "{{ hostvars[sync_file_srcs|first].get('sync_file_key_cat', {}).get('stdout') }}"
|
||||||
when: sync_file_is_cert|d()
|
when: sync_file_is_cert|d()
|
||||||
|
|
||||||
- name: "sync_file | Ensure the directory exists"
|
- name: "sync_file | Ensure the directory exists"
|
||||||
|
|
|
@ -36,9 +36,7 @@
|
||||||
with_items: "{{ sync_file_hosts | unique }}"
|
with_items: "{{ sync_file_hosts | unique }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: host_item
|
loop_var: host_item
|
||||||
when:
|
when: hostvars[host_item].get("sync_file_stat", {}).get("stat", {}).get("exists")
|
||||||
- host_item in play_hosts
|
|
||||||
- hostvars[host_item]["sync_file_stat"]["stat"]["exists"]|bool
|
|
||||||
|
|
||||||
- name: "sync_file | Combine all possible key file sync sources"
|
- name: "sync_file | Combine all possible key file sync sources"
|
||||||
set_fact:
|
set_fact:
|
||||||
|
@ -46,28 +44,24 @@
|
||||||
with_items: "{{ sync_file_hosts | unique }}"
|
with_items: "{{ sync_file_hosts | unique }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: host_item
|
loop_var: host_item
|
||||||
when:
|
when: sync_file_is_cert|d() and hostvars[host_item].get("sync_file_key_stat", {}).get("stat", {}).get("exists")
|
||||||
- host_item in play_hosts
|
|
||||||
- sync_file_is_cert|d() and hostvars[host_item]["sync_file_key_stat"]["stat"]["exists"]|bool
|
|
||||||
|
|
||||||
- name: "sync_file | Remove sync sources with files that do not match sync_file_srcs|first"
|
- name: "sync_file | Remove sync sources with files that do not match sync_file_srcs|first"
|
||||||
set_fact:
|
set_fact:
|
||||||
_: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
|
_: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in play_hosts
|
|
||||||
- sync_file_srcs|d([])|length > 1
|
- sync_file_srcs|d([])|length > 1
|
||||||
- inventory_hostname != sync_file_srcs|first
|
- inventory_hostname != sync_file_srcs|first
|
||||||
- sync_file_stat.stat.get("checksum") != hostvars[sync_file_srcs|first]["sync_file_stat"]["stat"]["checksum"]
|
- sync_file_stat.stat.get("checksum") != hostvars[sync_file_srcs|first].get("sync_file_stat", {}).get("stat", {}).get("checksum")
|
||||||
|
|
||||||
- name: "sync_file | Remove sync sources with keys that do not match sync_file_srcs|first"
|
- name: "sync_file | Remove sync sources with keys that do not match sync_file_srcs|first"
|
||||||
set_fact:
|
set_fact:
|
||||||
_: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
|
_: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in play_hosts
|
|
||||||
- sync_file_is_cert|d()
|
- sync_file_is_cert|d()
|
||||||
- sync_file_key_srcs|d([])|length > 1
|
- sync_file_key_srcs|d([])|length > 1
|
||||||
- inventory_hostname != sync_file_key_srcs|first
|
- inventory_hostname != sync_file_key_srcs|first
|
||||||
- sync_file_key_stat.stat.checksum != hostvars[sync_file_srcs|first]["sync_file_key_stat"]["stat"]["checksum"]
|
- sync_file_key_stat.stat.get("checksum") != hostvars[sync_file_srcs|first].get("sync_file_key_stat", {}).get("stat", {}).get("checksum")
|
||||||
|
|
||||||
- name: "sync_file | Consolidate file and key sources"
|
- name: "sync_file | Consolidate file and key sources"
|
||||||
set_fact:
|
set_fact:
|
||||||
|
|
Loading…
Reference in a new issue