commit
eacc42fedd
|
@ -31,12 +31,18 @@
|
|||
register: etcd_vault_login_result
|
||||
when: inventory_hostname == groups.etcd|first
|
||||
|
||||
- name: gen_certs_vault | Set fact for vault_client_token
|
||||
set_fact:
|
||||
vault_client_token: "{{ etcd_vault_login_result.get('json', {}).get('auth', {}).get('client_token') }}"
|
||||
delegate_to: "{{ groups['etcd'][0] }}"
|
||||
|
||||
- name: gen_certs_vault | Set fact for Vault API token
|
||||
set_fact:
|
||||
etcd_vault_headers:
|
||||
Accept: application/json
|
||||
Content-Type: application/json
|
||||
X-Vault-Token: "{{ hostvars[groups.etcd|first]['etcd_vault_login_result']['json']['auth']['client_token'] }}"
|
||||
X-Vault-Token: "{{ vault_client_token }}"
|
||||
when: vault_client_token != ""
|
||||
|
||||
# Issue master certs to Etcd nodes
|
||||
- include: ../../vault/tasks/shared/issue_cert.yml
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
vars:
|
||||
sync_file: "{{ item }}"
|
||||
sync_file_dir: "{{ kube_cert_dir }}"
|
||||
sync_file_group: "{{ kuber_cert_group }}"
|
||||
sync_file_group: "{{ kube_cert_group }}"
|
||||
sync_file_hosts: "{{ groups['k8s-cluster'] }}"
|
||||
sync_file_is_cert: true
|
||||
sync_file_owner: kube
|
||||
|
@ -29,7 +29,7 @@
|
|||
vars:
|
||||
sync_file: ca.pem
|
||||
sync_file_dir: "{{ kube_cert_dir }}"
|
||||
sync_file_group: "{{ kuber_cert_group }}"
|
||||
sync_file_group: "{{ kube_cert_group }}"
|
||||
sync_file_hosts: "{{ groups['k8s-cluster'] }}"
|
||||
sync_file_owner: kube
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
- name: bootstrap/ca_trust | pull CA from cert from groups.vault|first
|
||||
command: "cat {{ vault_cert_dir }}/ca.pem"
|
||||
register: vault_cert_file_cat
|
||||
when: inventory_hostname == groups.vault|first
|
||||
delegate_to: "{{ groups['vault']|first }}"
|
||||
|
||||
# This part is mostly stolen from the etcd role
|
||||
- name: bootstrap/ca_trust | target ca-certificate store file
|
||||
|
@ -19,7 +19,7 @@
|
|||
|
||||
- name: bootstrap/ca_trust | add CA to trusted CA dir
|
||||
copy:
|
||||
content: "{{ hostvars[groups.vault|first]['vault_cert_file_cat']['stdout'] }}"
|
||||
content: "{{ vault_cert_file_cat.get('stdout') }}"
|
||||
dest: "{{ ca_cert_path }}"
|
||||
register: vault_ca_cert
|
||||
|
||||
|
|
|
@ -12,11 +12,11 @@
|
|||
|
||||
- name: "sync_file | Set facts for file contents"
|
||||
set_fact:
|
||||
sync_file_contents: "{{ hostvars[sync_file_srcs|first]['sync_file_cat']['stdout'] }}"
|
||||
sync_file_contents: "{{ hostvars[sync_file_srcs|first].get('sync_file_cat', {}).get('stdout') }}"
|
||||
|
||||
- name: "sync_file | Set fact for key contents"
|
||||
set_fact:
|
||||
sync_file_key_contents: "{{ hostvars[sync_file_srcs|first]['sync_file_key_cat']['stdout'] }}"
|
||||
sync_file_key_contents: "{{ hostvars[sync_file_srcs|first].get('sync_file_key_cat', {}).get('stdout') }}"
|
||||
when: sync_file_is_cert|d()
|
||||
|
||||
- name: "sync_file | Ensure the directory exists"
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
with_items: "{{ sync_file_hosts | unique }}"
|
||||
loop_control:
|
||||
loop_var: host_item
|
||||
when: hostvars[host_item]["sync_file_stat"]["stat"]["exists"]|bool
|
||||
when: hostvars[host_item].get("sync_file_stat", {}).get("stat", {}).get("exists")
|
||||
|
||||
- name: "sync_file | Combine all possible key file sync sources"
|
||||
set_fact:
|
||||
|
@ -44,7 +44,7 @@
|
|||
with_items: "{{ sync_file_hosts | unique }}"
|
||||
loop_control:
|
||||
loop_var: host_item
|
||||
when: sync_file_is_cert|d() and hostvars[host_item]["sync_file_key_stat"]["stat"]["exists"]|bool
|
||||
when: sync_file_is_cert|d() and hostvars[host_item].get("sync_file_key_stat", {}).get("stat", {}).get("exists")
|
||||
|
||||
- name: "sync_file | Remove sync sources with files that do not match sync_file_srcs|first"
|
||||
set_fact:
|
||||
|
@ -52,7 +52,7 @@
|
|||
when: >-
|
||||
sync_file_srcs|d([])|length > 1 and
|
||||
inventory_hostname != sync_file_srcs|first and
|
||||
sync_file_stat.stat.get("checksum") != hostvars[sync_file_srcs|first]["sync_file_stat"]["stat"]["checksum"]
|
||||
sync_file_stat.stat.get("checksum") != hostvars[sync_file_srcs|first].get("sync_file_stat", {}).get("stat", {}).get("checksum")
|
||||
|
||||
- name: "sync_file | Remove sync sources with keys that do not match sync_file_srcs|first"
|
||||
set_fact:
|
||||
|
@ -61,7 +61,7 @@
|
|||
sync_file_is_cert|d() and
|
||||
sync_file_key_srcs|d([])|length > 1 and
|
||||
inventory_hostname != sync_file_key_srcs|first and
|
||||
sync_file_key_stat.stat.checksum != hostvars[sync_file_srcs|first]["sync_file_key_stat"]["stat"]["checksum"]
|
||||
sync_file_key_stat.stat.get("checksum") != hostvars[sync_file_srcs|first].get("sync_file_key_stat", {}).get("stat", {}).get("checksum")
|
||||
|
||||
- name: "sync_file | Consolidate file and key sources"
|
||||
set_fact:
|
||||
|
|
Loading…
Reference in New Issue