--- - name: Bootstrap Consul values hosts: consul_instances gather_facts: false vars_files: - consul_values.yml - name: Add values delegate_to: localhost run_once: true block: - name: Install python-consul pip: name: python-consul extra_args: --index-url https://pypi.org/simple - name: Set hostname consul_kv: host: "{{ inventory_hostname }}" key: global/base_hostname value: dev.homelab - name: Write values consul_kv: host: "{{ inventory_hostname }}" key: "{{ item.key }}" value: "{{ item.value }}" loop: "{{ consul_values | default({}) | dict2items }}" - name: Bootstrap value values hosts: vault_instances gather_facts: false vars_files: - ./vault_hashi_vault_values.yml tasks: - name: Bootstrap Vault secrets delegate_to: localhost run_once: true block: - name: Install hvac pip: name: hvac extra_args: --index-url https://pypi.org/simple # This fails on first run because `root_token` isn't found # Fails after taht too because the kv/ space has not been created yet either! Oh noes! # Maybe move data bootstrapping to after the cluster is bootstrapped - name: Write values community.hashi_vault.vault_write: url: "http://{{ inventory_hostname }}:8200" token: "{{ root_token }}" path: "kv/data/{{ item.key }}" data: data: "{{ item.value }}" loop: "{{ hashi_vault_values | default({}) | dict2items }}" - name: Write userpass community.hashi_vault.vault_write: url: "http://{{ inventory_hostname }}:8200" token: "{{ root_token }}" path: "auth/userpass/users/{{ item.name }}" data: '{"password": "{{ item.password }}", "policies": "{{ item.policies }}"}' loop: "{{ vault_userpass }}"