homelab-nomad/bootstrap-values.yml

---
- name: Bootstrap Consul values
  hosts: consul_instances
  gather_facts: false

  vars_files:
    - consul_values.yml

  tasks:
    - name: Add values
      delegate_to: localhost
      run_once: true
      block:
        - name: Install python-consul
          pip:
            name: python-consul
            extra_args: --index-url https://pypi.org/simple

        - name: Write values
          consul_kv:
            host: "{{ inventory_hostname }}"
            key: "{{ item.key }}"
            value: "{{ item.value }}"
          loop: "{{ consul_values | default({}) | dict2items }}"

- name: Bootstrap value values
  hosts: vault_instances
  gather_facts: false

  vars_files:
    - ./vault_hashi_vault_values.yml

  tasks:
    - name: Bootstrap Vault secrets
      delegate_to: localhost
      run_once: true
      block:
        - name: Install hvac
          pip:
            name: hvac
            extra_args: --index-url https://pypi.org/simple

        # This fails on first run because `root_token` isn't found
        # Fails after taht too because the kv/ space has not been created yet either! Oh noes!
        # Maybe move data bootstrapping to after the cluster is bootstrapped
        - name: Write values
          no_log: true
          community.hashi_vault.vault_write:
            url: "http://{{ inventory_hostname }}:8200"
            token: "{{ root_token }}"
            path: "kv/data/{{ item.key }}"
            data:
              data:
                "{{ item.value }}"
          loop: "{{ hashi_vault_values | default({}) | dict2items }}"

        - name: Write userpass
          no_log: true
          community.hashi_vault.vault_write:
            url: "http://{{ inventory_hostname }}:8200"
            token: "{{ root_token }}"
            path: "auth/userpass/users/{{ item.name }}"
            data: '{"password": "{{ item.password }}", "policies": "{{ item.policies }}"}'
          loop: "{{ vault_userpass }}"
Add new playbook and make target for bootstrapping values to Consul and Vault 2022-07-25 22:40:22 +00:00			`---`
			`- name: Bootstrap Consul values`
			`hosts: consul_instances`
			`gather_facts: false`

			`vars_files:`
			`- consul_values.yml`

Fix consul value bootstrap and hide secrets in log 2022-07-27 18:11:03 +00:00			`tasks:`
Add new playbook and make target for bootstrapping values to Consul and Vault 2022-07-25 22:40:22 +00:00			`- name: Add values`
			`delegate_to: localhost`
			`run_once: true`
			`block:`
			`- name: Install python-consul`
			`pip:`
			`name: python-consul`
			`extra_args: --index-url https://pypi.org/simple`

			`- name: Write values`
			`consul_kv:`
			`host: "{{ inventory_hostname }}"`
			`key: "{{ item.key }}"`
			`value: "{{ item.value }}"`
			`loop: "{{ consul_values \| default({}) \| dict2items }}"`

			`- name: Bootstrap value values`
			`hosts: vault_instances`
			`gather_facts: false`

			`vars_files:`
			`- ./vault_hashi_vault_values.yml`

			`tasks:`
			`- name: Bootstrap Vault secrets`
			`delegate_to: localhost`
			`run_once: true`
			`block:`
			`- name: Install hvac`
			`pip:`
			`name: hvac`
			`extra_args: --index-url https://pypi.org/simple`

			# This fails on first run because `root_token` isn't found
			`# Fails after taht too because the kv/ space has not been created yet either! Oh noes!`
			`# Maybe move data bootstrapping to after the cluster is bootstrapped`
			`- name: Write values`
Fix consul value bootstrap and hide secrets in log 2022-07-27 18:11:03 +00:00			`no_log: true`
Add new playbook and make target for bootstrapping values to Consul and Vault 2022-07-25 22:40:22 +00:00			`community.hashi_vault.vault_write:`
			`url: "http://{{ inventory_hostname }}:8200"`
			`token: "{{ root_token }}"`
			`path: "kv/data/{{ item.key }}"`
			`data:`
			`data:`
			`"{{ item.value }}"`
			`loop: "{{ hashi_vault_values \| default({}) \| dict2items }}"`
Add userpass login to Vault 2022-07-27 03:09:52 +00:00
			`- name: Write userpass`
Fix consul value bootstrap and hide secrets in log 2022-07-27 18:11:03 +00:00			`no_log: true`
Add userpass login to Vault 2022-07-27 03:09:52 +00:00			`community.hashi_vault.vault_write:`
			`url: "http://{{ inventory_hostname }}:8200"`
			`token: "{{ root_token }}"`
			`path: "auth/userpass/users/{{ item.name }}"`
			`data: '{"password": "{{ item.password }}", "policies": "{{ item.policies }}"}'`
			`loop: "{{ vault_userpass }}"`