feature/generate-credentials #5

Merged
lanson merged 13 commits from feature/generate-credentials into main 2024-05-03 22:32:18 +00:00
Showing only changes of commit 01392e4db0 - Show all commits

View File

@ -1,68 +1,20 @@
--- ---
# hashistack variable injection playbook # hashistack variable injection playbook
- name: "Load global variables" - name: "Load global variables"
block: ansible.builtin.import_tasks:
- name: "Stat global configuration file" file: misc/load_global_vars.yml
ansible.builtin.stat:
path: "{{ configuration_directory }}/{{ configuration_global_vars_file }}"
register: _global_config_file
delegate_to: localhost
- name: "Make sure global configuration file exists" - name: "Load credentials variables"
ansible.builtin.assert: ansible.builtin.import_tasks:
that: file: misc/load_credentials_vars.yml
- _global_config_file.stat.exists
delegate_to: localhost
- name: "Load global variables"
ansible.builtin.include_vars:
dir: "{{ configuration_directory }}"
files_matching: "{{ configuration_global_vars_file }}"
depth: 1
delegate_to: localhost
- name: "Load group specific variables" - name: "Load group specific variables"
block: ansible.builtin.import_tasks:
- name: "Stat group specific config file" file: misc/load_group_vars.yml
ansible.builtin.stat:
path: "{{ configuration_directory }}/{{ group_name }}/{{ configuration_global_vars_file }}"
register: _group_config_file
loop: "{{ group_names }}"
loop_control:
loop_var: group_name
- name: Load group specific variables
ansible.builtin.include_vars:
dir: "{{ configuration_directory }}/{{ item.group_name }}"
files_matching: "{{ configuration_global_vars_file }}"
depth: 1
loop: "{{ _group_config_file.results }}"
when: item.stat.exists
and item.group_name in group_names
loop_control:
loop_var: item
delegate_to: localhost
- name: "Load host specific variables" - name: "Load host specific variables"
block: ansible.builtin.import_tasks:
- name: "Stat host specific config file" file: misc/load_host_vars.yml
ansible.builtin.stat:
path: "{{ configuration_directory }}/{{ group_name }}/{{ inventory_hostname }}/{{ configuration_global_vars_file }}"
register: _host_config_file
loop: "{{ group_names }}"
loop_control:
loop_var: group_name
delegate_to: localhost
- name: Load host specific variables
ansible.builtin.include_vars:
dir: "{{ configuration_directory }}/{{ item.group_name }}/{{ inventory_hostname }}"
files_matching: "{{ configuration_global_vars_file }}"
loop: "{{ _host_config_file.results }}"
when: item.stat.exists
loop_control:
loop_var: item
delegate_to: localhost
- name: "Ensure remote directories exists" - name: "Ensure remote directories exists"
ansible.builtin.file: ansible.builtin.file:
@ -77,72 +29,8 @@
- "{{ hashistack_remote_data_dir }}" - "{{ hashistack_remote_data_dir }}"
- name: "Load custom CA certificates" - name: "Load custom CA certificates"
block: ansible.builtin.import_tasks:
- name: "Check if CA directory exists" file: misc/load_ca_certificates.yml
ansible.builtin.stat:
path: "{{ sub_configuration_directories['certificates'] }}/ca"
register: _hashistack_ca_directory
delegate_to: localhost
- name: "Find custom ca certificates to copy"
ansible.builtin.find:
paths: "{{ sub_configuration_directories['certificates'] }}/ca"
patterns: "*.crt"
register: _hashistack_cacert_files
delegate_to: localhost
when: _hashistack_ca_directory.stat.exists and _hashistack_ca_directory.stat.isdir
- ansible.builtin.debug:
msg: "{{ _hashistack_cacert_files }}"
- name: "Ensure remote ca directory exists"
ansible.builtin.file:
path: "{{ hashistack_remote_config_dir }}/ca"
state: directory
owner: root
group: root
mode: 0755
- name: "Copy custom ca certificates"
ansible.builtin.copy:
src: "{{ item.path }}"
dest: "{{ hashistack_remote_config_dir }}/ca/{{ item.path | basename }}"
owner: root
group: root
mode: 0644
loop: "{{ _hashistack_cacert_files.files }}"
register: _hashistack_copied_ca
- name: "Copy and update trust store"
block:
- name: "Copy ca certificates to /usr/loca/share/ca-certificates"
ansible.builtin.file:
state: link
src: "{{ item.dest }}"
dest: "/usr/local/share/ca-certificates/hashistack-customca-{{ item.dest | basename }}"
owner: root
group: root
loop: "{{ _hashistack_copied_ca.results }}"
register: _hashistack_usr_local_share_ca_certificates
- name: "Update the trust store"
ansible.builtin.command: update-ca-certificates
changed_when: false
when: _hashistack_usr_local_share_ca_certificates.changed
# - name: "Initialize list of CA certificates"
# ansible.builtin.set_fact:
# hashistack_cacert_extra_files: []
# delegate_to: localhost
# - name: "Add custom CA to list of extra certificates"
# ansible.builtin.set_fact:
# hashistack_cacert_extra_files: "{{
# hashistack_cacert_extra_files | default([])
# + [{'src': item.path, 'dest': '/etc/ssl/certs/hashistack-custom-' + item.path | basename}] }}"
# loop: "{{ _hashistack_cacert_files.files }}"
# delegate_to: localhost
# when: _hashistack_cacert_files.matched > 0
- name: "Merge consul configurations" - name: "Merge consul configurations"
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
@ -157,10 +45,3 @@
when: when:
- enable_vault | bool - enable_vault | bool
- "'vault_servers' in group_names" - "'vault_servers' in group_names"
- debug:
msg: "{{ deploy_haproxy_frontends }}"
- debug:
msg: "{{ deploy_haproxy_backends }}"
# - fail: