Bootstrap vault secrets

This commit is contained in:
IamTheFij 2022-06-28 12:09:07 -07:00
parent ff4e473a89
commit 1dad4d22a1
4 changed files with 45 additions and 16 deletions

View File

@ -57,10 +57,12 @@ venv/bin/ansible:
python3 -m venv venv python3 -m venv venv
./venv/bin/pip install ansible ./venv/bin/pip install ansible
./venv/bin/pip install python-consul ./venv/bin/pip install python-consul
./venv/bin/pip install hvac
.PHONY: ansible-cluster .PHONY: ansible-cluster
ansible-cluster: venv/bin/ansible ansible-cluster: venv/bin/ansible
./venv/bin/ansible-galaxy install -p roles -r roles/requirements.yml ./venv/bin/ansible-galaxy install -p roles -r roles/requirements.yml
./venv/bin/ansible-galaxy collection install -r collections/requirements.yml
env VIRTUAL_ENV=/Users/ifij/workspace/iamthefij/orchestration-tests/nomad/venv ./venv/bin/ansible-playbook -K -vv \ env VIRTUAL_ENV=/Users/ifij/workspace/iamthefij/orchestration-tests/nomad/venv ./venv/bin/ansible-playbook -K -vv \
$(shell test -f vault-keys.json && echo '-e "@vault-keys.json"') \ $(shell test -f vault-keys.json && echo '-e "@vault-keys.json"') \
-i ansible_hosts.yml -M ./roles ./setup-cluster.yml -i ansible_hosts.yml -M ./roles ./setup-cluster.yml

View File

@ -0,0 +1,4 @@
---
collections:
- name: community.hashi_vault
version: 3.0.0

View File

@ -1,17 +1,18 @@
--- ---
- src: https://github.com/IamTheFij/ansible-consul.git roles:
name: ansible-consul - src: https://github.com/IamTheFij/ansible-consul.git
scm: git name: ansible-consul
version: my-main scm: git
- src: https://github.com/ansible-community/ansible-nomad.git version: my-main
name: ansible-nomad - src: https://github.com/ansible-community/ansible-nomad.git
scm: git name: ansible-nomad
version: master scm: git
- src: https://github.com/ansible-community/ansible-vault.git version: master
name: ansible-vault - src: https://github.com/ansible-community/ansible-vault.git
scm: git name: ansible-vault
version: master scm: git
# - src: maxhoesel.smallstep version: master
# version: 0.4.10 # - src: maxhoesel.smallstep
- src: geerlingguy.docker # version: 0.4.10
version: 4.2.2 - src: geerlingguy.docker
version: 4.2.2

View File

@ -78,6 +78,9 @@
- name: Setup Vault cluster - name: Setup Vault cluster
hosts: vault_instances hosts: vault_instances
vars_files:
- ./vault_hashi_vault_values.yml
roles: roles:
- name: ansible-vault - name: ansible-vault
vars: vars:
@ -149,6 +152,25 @@
loop: "{{ unseal_keys_hex }}" loop: "{{ unseal_keys_hex }}"
when: unseal_keys_hex is defined when: unseal_keys_hex is defined
- name: Bootstrap Vault secrets
delegate_to: localhost
run_once: true
block:
- name: Install hvac
pip:
name: hvac
extra_args: --index-url https://pypi.org/simple
- name: Write values
community.hashi_vault.vault_write:
url: "http://{{ inventory_hostname }}:8200"
token: "{{ root_token }}"
path: "kv/data/{{ item.key }}"
data:
data:
"{{ item.value }}"
loop: "{{ hashi_vault_values | default({}) | dict2items }}"
# Not on Ubuntu 20.04 # Not on Ubuntu 20.04
# - name: Install Podman # - name: Install Podman
# hosts: nomad_instances # hosts: nomad_instances