chore!: separated galaxy deps and own collections; modified ansible script generation to use two paths for collections
REQUIRES REGENERATING ansible.cfg!
This commit is contained in:
parent
4af69c31ce
commit
888590ed9f
188 changed files with 30 additions and 30 deletions
|
@ -0,0 +1,62 @@
|
|||
---
|
||||
# APT repository is unreliable, not working when this code was developed, so the zip solution is favored
|
||||
- name: install required packages
|
||||
become: true
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
force_apt_get: true
|
||||
pkg:
|
||||
- gpg
|
||||
- curl
|
||||
- coreutils
|
||||
|
||||
- name: create vault group
|
||||
become: true
|
||||
ansible.builtin.group:
|
||||
name: '{{ hc_vault_runas }}'
|
||||
system: true
|
||||
|
||||
- name: create vault user
|
||||
become: true
|
||||
ansible.builtin.user:
|
||||
comment: vault dedicated user
|
||||
create_home: true
|
||||
home: '{{ hc_vault_root_dir }}'
|
||||
group: '{{ hc_vault_runas }}'
|
||||
name: '{{ hc_vault_runas }}'
|
||||
password_lock: true
|
||||
shell: '{{ hc_vault_default_shell }}'
|
||||
state: present
|
||||
system: true
|
||||
umask: '{{ hc_vault_default_umask }}'
|
||||
|
||||
- name: check HC GPG key is imported
|
||||
become: true
|
||||
ansible.builtin.command: gpg --list-keys 'HashiCorp Security'
|
||||
register: gpg_list_keys
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
||||
- name: import and verify HC GPG key
|
||||
become: true
|
||||
block:
|
||||
- name: fetch HC GPG key
|
||||
ansible.builtin.get_url:
|
||||
url: 'https://www.hashicorp.com/.well-known/pgp-key.txt'
|
||||
dest: '{{ tmp_file.path }}/pgp-key.txt'
|
||||
mode: '0600'
|
||||
- name: import HC GPG key
|
||||
ansible.builtin.command: 'gpg --import {{ tmp_file.path }}/pgp-key.txt'
|
||||
- name: check GPG key ID
|
||||
ansible.builtin.command: "gpg --list-keys 'HashiCorp Security' | grep -iE '{{ hc_vault_gpg_key_id_regexp }}'"
|
||||
- name: check GPG key fingerprint
|
||||
ansible.builtin.command: "gpg --fingerprint --list-signatures 'HashiCorp Security' | grep -iE '{{ hc_vault_gpg_key_fingerprint_regexp }}'"
|
||||
when: gpg_list_keys.rc != 0
|
||||
rescue:
|
||||
- name: remove invalid GPG key
|
||||
ansible.builtin.command: "gpg --delete-keys --batch --yes 'HashiCorp Security'"
|
||||
- name: stop the playbook run
|
||||
ansible.builtin.debug:
|
||||
msg: 'Task "{{ ansible_failed_task }}" found an inconsistency with the imported GPG key; something somewhere is deeply wrong.'
|
||||
failed_when: true
|
Loading…
Add table
Add a link
Reference in a new issue