Bootstrap vault secrets
This commit is contained in:
parent
41343a6d2c
commit
bf1ac31cdf
@ -57,10 +57,12 @@ venv/bin/ansible:
|
|||||||
python3 -m venv venv
|
python3 -m venv venv
|
||||||
./venv/bin/pip install ansible
|
./venv/bin/pip install ansible
|
||||||
./venv/bin/pip install python-consul
|
./venv/bin/pip install python-consul
|
||||||
|
./venv/bin/pip install hvac
|
||||||
|
|
||||||
.PHONY: ansible-cluster
|
.PHONY: ansible-cluster
|
||||||
ansible-cluster: venv/bin/ansible
|
ansible-cluster: venv/bin/ansible
|
||||||
./venv/bin/ansible-galaxy install -p roles -r roles/requirements.yml
|
./venv/bin/ansible-galaxy install -p roles -r roles/requirements.yml
|
||||||
|
./venv/bin/ansible-galaxy collection install -r collections/requirements.yml
|
||||||
env VIRTUAL_ENV=/Users/ifij/workspace/iamthefij/orchestration-tests/nomad/venv ./venv/bin/ansible-playbook -K -vv \
|
env VIRTUAL_ENV=/Users/ifij/workspace/iamthefij/orchestration-tests/nomad/venv ./venv/bin/ansible-playbook -K -vv \
|
||||||
$(shell test -f vault-keys.json && echo '-e "@vault-keys.json"') \
|
$(shell test -f vault-keys.json && echo '-e "@vault-keys.json"') \
|
||||||
-i ansible_hosts.yml -M ./roles ./setup-cluster.yml
|
-i ansible_hosts.yml -M ./roles ./setup-cluster.yml
|
||||||
|
4
nomad/collections/requirements.yml
Normal file
4
nomad/collections/requirements.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
collections:
|
||||||
|
- name: community.hashi_vault
|
||||||
|
version: 3.0.0
|
@ -1,17 +1,18 @@
|
|||||||
---
|
---
|
||||||
- src: https://github.com/IamTheFij/ansible-consul.git
|
roles:
|
||||||
name: ansible-consul
|
- src: https://github.com/IamTheFij/ansible-consul.git
|
||||||
scm: git
|
name: ansible-consul
|
||||||
version: my-main
|
scm: git
|
||||||
- src: https://github.com/ansible-community/ansible-nomad.git
|
version: my-main
|
||||||
name: ansible-nomad
|
- src: https://github.com/ansible-community/ansible-nomad.git
|
||||||
scm: git
|
name: ansible-nomad
|
||||||
version: master
|
scm: git
|
||||||
- src: https://github.com/ansible-community/ansible-vault.git
|
version: master
|
||||||
name: ansible-vault
|
- src: https://github.com/ansible-community/ansible-vault.git
|
||||||
scm: git
|
name: ansible-vault
|
||||||
version: master
|
scm: git
|
||||||
# - src: maxhoesel.smallstep
|
version: master
|
||||||
# version: 0.4.10
|
# - src: maxhoesel.smallstep
|
||||||
- src: geerlingguy.docker
|
# version: 0.4.10
|
||||||
version: 4.2.2
|
- src: geerlingguy.docker
|
||||||
|
version: 4.2.2
|
||||||
|
@ -78,6 +78,9 @@
|
|||||||
- name: Setup Vault cluster
|
- name: Setup Vault cluster
|
||||||
hosts: vault_instances
|
hosts: vault_instances
|
||||||
|
|
||||||
|
vars_files:
|
||||||
|
- ./vault_hashi_vault_values.yml
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- name: ansible-vault
|
- name: ansible-vault
|
||||||
vars:
|
vars:
|
||||||
@ -149,6 +152,25 @@
|
|||||||
loop: "{{ unseal_keys_hex }}"
|
loop: "{{ unseal_keys_hex }}"
|
||||||
when: unseal_keys_hex is defined
|
when: unseal_keys_hex is defined
|
||||||
|
|
||||||
|
- name: Bootstrap Vault secrets
|
||||||
|
delegate_to: localhost
|
||||||
|
run_once: true
|
||||||
|
block:
|
||||||
|
- name: Install hvac
|
||||||
|
pip:
|
||||||
|
name: hvac
|
||||||
|
extra_args: --index-url https://pypi.org/simple
|
||||||
|
|
||||||
|
- name: Write values
|
||||||
|
community.hashi_vault.vault_write:
|
||||||
|
url: "http://{{ inventory_hostname }}:8200"
|
||||||
|
token: "{{ root_token }}"
|
||||||
|
path: "kv/data/{{ item.key }}"
|
||||||
|
data:
|
||||||
|
data:
|
||||||
|
"{{ item.value }}"
|
||||||
|
loop: "{{ hashi_vault_values | default({}) | dict2items }}"
|
||||||
|
|
||||||
# Not on Ubuntu 20.04
|
# Not on Ubuntu 20.04
|
||||||
# - name: Install Podman
|
# - name: Install Podman
|
||||||
# hosts: nomad_instances
|
# hosts: nomad_instances
|
||||||
|
Loading…
Reference in New Issue
Block a user