Bertrand Lanson
30adf2ba7a
All checks were successful
development / Check commit compliance (push) Successful in 34s
48 lines
2.2 KiB
YAML
48 lines
2.2 KiB
YAML
---
|
|
# hashistack generate certificates playbook
|
|
- name: "Generate credentials"
|
|
hosts: localhost
|
|
strategy: linear
|
|
gather_facts: true
|
|
become: true
|
|
tasks:
|
|
- name: "Generate consul credentials"
|
|
block:
|
|
- name: "Generate consul gossip encryption key"
|
|
ansible.builtin.set_fact:
|
|
_consul_gossip_encryption_key: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | b64encode }}"
|
|
|
|
- name: "Generate consul root credentials"
|
|
ansible.builtin.set_fact:
|
|
_consul_root_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
|
|
|
- name: "Generate consul agents credentials"
|
|
ansible.builtin.set_fact:
|
|
_cosul_agents_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
|
_consul_agents_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
|
|
|
- name: "Generate consul vault credentials"
|
|
ansible.builtin.set_fact:
|
|
_cosul_vault_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
|
_consul_vault_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
|
|
|
- name: "Generate nomad credentials"
|
|
block:
|
|
- name: "Generate nomad gossip encryption key"
|
|
ansible.builtin.set_fact:
|
|
_nomad_gossip_encryption_key: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | b64encode }}"
|
|
|
|
- name: "Generate nomad root credentials"
|
|
ansible.builtin.set_fact:
|
|
_nomad_root_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
|
|
|
- name: "Write credentials file"
|
|
ansible.builtin.template:
|
|
src: templates/credentials.yml.j2
|
|
dest: "{{ sub_configuration_directories['secrets'] }}/{{ configuration_credentials_vars_file }}"
|
|
owner: "{{ lookup('env', 'USER') }}"
|
|
group: "{{ lookup('env', 'USER') }}"
|
|
mode: '0644'
|
|
|
|
# - fail:
|