C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
c12s-kubespray/roles/vault/tasks/cluster/unseal.yml
Matthew Mosesohn 2645e88b0c Fix vault setup partially (#1531) 
This does not address per-node certs and scheduler/proxy/controller-manager
component certs which are now required. This should be handled in a
follow-up patch.
2017-08-18 15:09:45 +03:00

26 lines
657 B
YAML
Raw Blame History

---
- name: cluster/unseal | Current sealed state
debug: " Sealed? {{vault_is_sealed}}"
- name: cluster/unseal | Unseal Vault
uri:
url: "https://localhost:{{ vault_port }}/v1/sys/unseal"
headers: "{{ vault_headers }}"
method: POST
body_format: json
body:
key: "{{ item }}"
with_items: "{{ vault_unseal_keys|default([]) }}"
when: vault_is_sealed
- name: cluster/unseal | Wait until server is ready
uri:
url: "https://localhost:{{ vault_port }}/v1/sys/health"
headers: "{{ vault_headers }}"
method: HEAD
status_code: 200, 429
register: vault_node_ready
until: vault_node_ready|succeeded
retries: 5
Reference in a new issue View git blame Copy permalink