--- # hashistack generate certificates playbook - name: "Generate credentials" hosts: localhost strategy: linear gather_facts: true become: true tasks: - name: "Generate consul credentials" block: - name: "Generate consul gossip encryption key" block: - name: "Generate 24 random bytes and base64 encode" ansible.builtin.shell: cmd: | set -o pipefail dd if=/dev/urandom bs=24 count=1 2>/dev/null | base64 executable: /bin/bash changed_when: false register: _consul_random_base64_string - name: "Generate consul gossip encryption key" ansible.builtin.set_fact: _consul_gossip_encryption_key: "{{ _consul_random_base64_string.stdout }}" - name: "Generate consul root credentials" ansible.builtin.set_fact: _consul_root_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}" - name: "Generate consul agents credentials" ansible.builtin.set_fact: _consul_agents_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}" _consul_agents_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}" - name: "Generate consul vault credentials" ansible.builtin.set_fact: _consul_vault_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}" _consul_vault_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}" - name: "Generate consul nomad server credentials" ansible.builtin.set_fact: _consul_nomad_server_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}" _consul_nomad_server_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}" - name: "Generate consul nomad client credentials" ansible.builtin.set_fact: _consul_nomad_client_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}" _consul_nomad_client_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}" - name: "Generate nomad credentials" block: - name: "Generate nomad gossip encryption key" block: - name: "Generate 24 random bytes and base64 encode" ansible.builtin.shell: cmd: | set -o pipefail dd if=/dev/urandom bs=24 count=1 2>/dev/null | base64 executable: /bin/bash changed_when: false register: _nomad_random_base64_string - name: "Generate nomad gossip encryption key" ansible.builtin.set_fact: _nomad_gossip_encryption_key: "{{ _nomad_random_base64_string.stdout }}" - name: "Generate nomad root credentials" ansible.builtin.set_fact: _nomad_root_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}" - name: "Ensure secrets directory is created" ansible.builtin.file: path: "{{ hashistack_sub_configuration_directories['secrets'] }}" state: directory owner: "{{ lookup('env', 'USER') }}" group: "{{ lookup('env', 'USER') }}" mode: '0755' - name: "Write credentials file" ansible.builtin.template: src: templates/credentials.yml.j2 dest: "{{ hashistack_sub_configuration_directories['secrets'] }}/{{ hashistack_configuration_credentials_vars_file }}" owner: "{{ lookup('env', 'USER') }}" group: "{{ lookup('env', 'USER') }}" mode: '0644'