c12s-kubespray/roles/vault/tasks/cluster/pki_mount.yml

---

- name: cluster/pki_mount | Test if default PKI mount exists
  uri:
    url: "https://localhost:{{ vault_port }}/v1/sys/mounts/pki/tune"
    headers: "{{ vault_headers }}"
    validate_certs: false
  ignore_errors: true
  register: vault_pki_mount_check

- name: cluster/pki_mount | Mount default PKI mount if needed
  uri:
    url: "https://localhost:{{ vault_port }}/v1/sys/mounts/pki"
    headers: "{{ vault_headers }}"
    method: POST
    body_format: json
    body:
      config:
        default_lease_ttl: "{{ vault_default_lease_ttl }}"
        max_lease_ttl: "{{ vault_max_lease_ttl }}"
      type: pki
    status_code: 204
  when: vault_pki_mount_check | failed