07cc981971
* Move front-proxy-client certs back to kube mount We want the same CA for all k8s certs * Refactor vault to use a third party module The module adds idempotency and reduces some of the repetitive logic in the vault role Requires ansible-modules-hashivault on ansible node and hvac on the vault hosts themselves Add upgrade test scenario Remove bootstrap-os tags from tasks * fix upgrade issues * improve unseal logic * specify ca and fix etcd check * Fix initialization check bump machine size
92 lines
3.4 KiB
YAML
92 lines
3.4 KiB
YAML
---
|
|
|
|
# NOTE: This should be a role (or custom module), but currently include_role is too buggy to use
|
|
- name: "sync_file | Set facts for directory and file when sync_file_path is defined"
|
|
set_fact:
|
|
sync_file_dir: "{{ sync_file_path | dirname }}"
|
|
sync_file: "{{ sync_file_path | basename }}"
|
|
when: sync_file_path is defined and sync_file_path != ''
|
|
|
|
- name: "sync_file | Set fact for sync_file_path when undefined"
|
|
set_fact:
|
|
sync_file_path: "{{ (sync_file_dir, sync_file)|join('/') }}"
|
|
when: sync_file_path is not defined or sync_file_path == ''
|
|
|
|
- name: "sync_file | Set fact for key path name"
|
|
set_fact:
|
|
sync_file_key_path: "{{ sync_file_path.rsplit('.', 1)|first + '-key.' + sync_file_path.rsplit('.', 1)|last }}"
|
|
when: sync_file_key_path is not defined or sync_file_key_path == ''
|
|
|
|
- name: "sync_file | Check if {{sync_file_path}} file exists"
|
|
stat:
|
|
path: "{{ sync_file_path }}"
|
|
register: sync_file_stat
|
|
|
|
- name: "sync_file | Check if {{ sync_file_key_path }} key file exists"
|
|
stat:
|
|
path: "{{ sync_file_key_path }}"
|
|
register: sync_file_key_stat
|
|
|
|
- name: "sync_file | Combine all possible file sync sources"
|
|
set_fact:
|
|
sync_file_srcs: "{{ sync_file_srcs|default([]) + [host_item] }}"
|
|
with_items: "{{ sync_file_hosts|default() | unique }}"
|
|
loop_control:
|
|
loop_var: host_item
|
|
when: sync_file_stat.stat.exists|default()
|
|
|
|
- name: "sync_file | Combine all possible key file sync sources"
|
|
set_fact:
|
|
sync_file_key_srcs: "{{ sync_file_key_srcs|default([]) + [host_item] }}"
|
|
with_items: "{{ sync_file_hosts|default() | unique }}"
|
|
loop_control:
|
|
loop_var: host_item
|
|
when: sync_file_key_stat.stat.exists|default()
|
|
|
|
- name: "sync_file | Remove sync sources with files that do not match sync_file_srcs|first"
|
|
set_fact:
|
|
_: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
|
|
when: >-
|
|
sync_file_srcs|d([])|length > 1 and
|
|
inventory_hostname != sync_file_srcs|first
|
|
|
|
- name: "sync_file | Remove sync sources with keys that do not match sync_file_srcs|first"
|
|
set_fact:
|
|
_: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}"
|
|
when: >-
|
|
sync_file_is_cert|d() and
|
|
sync_file_key_srcs|d([])|length > 1 and
|
|
inventory_hostname != sync_file_key_srcs|first
|
|
|
|
- name: "sync_file | Consolidate file and key sources"
|
|
set_fact:
|
|
sync_file_srcs: "{{ sync_file_srcs|d([]) | intersect(sync_file_key_srcs) }}"
|
|
when: sync_file_is_cert|d()
|
|
|
|
- name: "sync_file | Set facts for situations where sync is not needed"
|
|
set_fact:
|
|
sync_file_no_srcs: "{{ true if sync_file_srcs|d([])|length == 0 else false }}"
|
|
sync_file_unneeded: "{{ true if sync_file_srcs|d([])|length == sync_file_hosts|length else false }}"
|
|
|
|
- name: "sync_file | Set sync_file_result fact"
|
|
set_fact:
|
|
sync_file_result:
|
|
no_srcs: "{{ sync_file_no_srcs }}"
|
|
path: "{{ sync_file_path }}"
|
|
sync_unneeded: "{{ sync_file_unneeded }}"
|
|
|
|
- name: "sync_file | Update sync_file_results fact"
|
|
set_fact:
|
|
sync_file_results: "{{ sync_file_results|default([]) + [sync_file_result] }}"
|
|
|
|
- include_tasks: sync.yml
|
|
when: not (sync_file_no_srcs or sync_file_unneeded)
|
|
|
|
- name: "Unset local vars to avoid variable bleed into next iteration"
|
|
set_fact:
|
|
sync_file: ''
|
|
sync_file_dir: ''
|
|
sync_file_key_path: ''
|
|
sync_file_key_srcs: []
|
|
sync_file_path: ''
|
|
sync_file_srcs: []
|