c12s-kubespray/roles/vault/tasks/main.yml
Matthew Mosesohn 7a3956173a Disable vault role properly on ansible 2.2.0
when condition does not seem to work correctly at playbook
level for ansible 2.2.0.
2017-03-05 00:43:01 +04:00

19 lines
816 B
YAML

---
# The Vault role is typically a two step process:
# 1. Bootstrap
# This starts a temporary Vault to generate certs for Vault itself. This
# includes a Root CA for the cluster, assuming one doesn't exist already.
# The temporary instance will remain running after Bootstrap, to provide a
# running Vault for the Etcd role to generate certs against.
# 2. Cluster
# Once Etcd is started, then the Cluster tasks can start up a long-term
# Vault cluster using Etcd as the backend. The same Root CA is mounted as
# used during step 1, allowing all certs to have the same chain of trust.
## Bootstrap
- include: bootstrap/main.yml
when: cert_management == 'vault' and vault_bootstrap | d()
## Cluster
- include: cluster/main.yml
when: cert_management == 'vault' and not vault_bootstrap | d()