2022-11-29 20:23:44 +00:00
|
|
|
---
|
2023-10-29 14:35:11 +00:00
|
|
|
- name: Vault install
|
|
|
|
hosts: homelab
|
2022-06-19 10:38:23 +00:00
|
|
|
roles:
|
|
|
|
- role: ansible-hashicorp-vault
|
2023-08-26 15:30:41 +00:00
|
|
|
become: true
|
2023-10-29 14:35:11 +00:00
|
|
|
post_tasks:
|
2023-12-24 14:52:06 +00:00
|
|
|
- name: Reading root contents
|
|
|
|
ansible.builtin.command: cat "{{ vault_unseal_keys_dir_output }}/rootkey"
|
|
|
|
register: root_token
|
|
|
|
delegate_to: localhost
|
|
|
|
changed_when: false
|
|
|
|
- name: debug
|
|
|
|
ansible.builtin.debug:
|
|
|
|
var: root_token
|
2023-10-29 14:35:11 +00:00
|
|
|
- name: Generate nomad token
|
|
|
|
community.hashi_vault.vault_token_create:
|
|
|
|
renewable: true
|
|
|
|
policies: "nomad-server-policy"
|
|
|
|
period: 72h
|
|
|
|
no_parent: true
|
2023-12-24 14:52:06 +00:00
|
|
|
token: "{{ root_token.stdout }}"
|
2023-10-29 14:35:11 +00:00
|
|
|
url: http://{{ ansible_default_ipv4.address }}:8200
|
|
|
|
retries: 4
|
|
|
|
run_once: true
|
|
|
|
delegate_to: localhost
|
2023-12-24 14:52:06 +00:00
|
|
|
when: root_token.stdout is defined
|
2023-10-29 14:35:11 +00:00
|
|
|
register: nomad_token_data
|
|
|
|
|
|
|
|
- name: Gather nomad token
|
|
|
|
ansible.builtin.set_fact:
|
|
|
|
nomad_vault_token: "{{ nomad_token_data.login.auth.client_token }}"
|
2023-10-29 19:03:08 +00:00
|
|
|
when: nomad_token_data.login is defined
|
2023-10-29 14:35:11 +00:00
|
|
|
|
|
|
|
- name: Hashicorp stack
|
|
|
|
hosts: all
|
|
|
|
vars:
|
|
|
|
unseal_keys_dir_output: ~/vaultunseal
|
|
|
|
roles:
|
2023-08-26 15:30:41 +00:00
|
|
|
- role: ansible-consul
|
2022-06-19 10:38:23 +00:00
|
|
|
become: true
|
|
|
|
- role: ansible-nomad
|
|
|
|
become: true
|
|
|
|
- role: docker
|
|
|
|
become: true
|