From 1142c0f53f6593d5ff7eef632086a8d2bc708781 Mon Sep 17 00:00:00 2001 From: Ian Fijolek Date: Mon, 25 Jul 2022 15:40:22 -0700 Subject: [PATCH] Add new playbook and make target for bootstrapping values to Consul and Vault --- Makefile | 14 +++++++++-- bootstrap-values.yml | 59 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 bootstrap-values.yml diff --git a/Makefile b/Makefile index 7321f76..01b48c6 100644 --- a/Makefile +++ b/Makefile @@ -57,14 +57,24 @@ venv/bin/ansible: python3 -m venv venv ./venv/bin/pip install ansible python-consul hvac -.PHONY: ansible-cluster -ansible-cluster: venv/bin/ansible +.PHONY: galaxy +galaxy: venv/bin/ansible ./venv/bin/ansible-galaxy install -p roles -r roles/requirements.yml ./venv/bin/ansible-galaxy collection install -r collections/requirements.yml + + +.PHONY: ansible-cluster +ansible-cluster: venv/bin/ansible galaxy env VIRTUAL_ENV=/Users/ifij/workspace/iamthefij/orchestration-tests/nomad/venv ./venv/bin/ansible-playbook -K -vv \ $(shell test -f vault-keys.json && echo '-e "@vault-keys.json"') \ -i ansible_hosts.yml -M ./roles ./setup-cluster.yml +.PHONY: bootstrap-values +bootstrap-values: venv/bin/ansible galaxy + env VIRTUAL_ENV=/Users/ifij/workspace/iamthefij/orchestration-tests/nomad/venv ./venv/bin/ansible-playbook -vv \ + $(shell test -f vault-keys.json && echo '-e "@vault-keys.json"') \ + -i ansible_hosts.yml -M ./roles ./bootstrap-values.yml + .PHONY: init init: @terraform init diff --git a/bootstrap-values.yml b/bootstrap-values.yml new file mode 100644 index 0000000..60604c4 --- /dev/null +++ b/bootstrap-values.yml @@ -0,0 +1,59 @@ +--- +- name: Bootstrap Consul values + hosts: consul_instances + gather_facts: false + + vars_files: + - consul_values.yml + + - name: Add values + delegate_to: localhost + run_once: true + block: + - name: Install python-consul + pip: + name: python-consul + extra_args: --index-url https://pypi.org/simple + + - name: Set hostname + consul_kv: + host: "{{ inventory_hostname }}" + key: global/base_hostname + value: dev.homelab + + - name: Write values + consul_kv: + host: "{{ inventory_hostname }}" + key: "{{ item.key }}" + value: "{{ item.value }}" + loop: "{{ consul_values | default({}) | dict2items }}" + +- name: Bootstrap value values + hosts: vault_instances + gather_facts: false + + vars_files: + - ./vault_hashi_vault_values.yml + + tasks: + - name: Bootstrap Vault secrets + delegate_to: localhost + run_once: true + block: + - name: Install hvac + pip: + name: hvac + extra_args: --index-url https://pypi.org/simple + + # This fails on first run because `root_token` isn't found + # Fails after taht too because the kv/ space has not been created yet either! Oh noes! + # Maybe move data bootstrapping to after the cluster is bootstrapped + - name: Write values + community.hashi_vault.vault_write: + url: "http://{{ inventory_hostname }}:8200" + token: "{{ root_token }}" + path: "kv/data/{{ item.key }}" + data: + data: + "{{ item.value }}" + loop: "{{ hashi_vault_values | default({}) | dict2items }}"