WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-infra/ansible_collections/nullified/infrastructure/roles/vault/tasks/initialize.yml

38 lines
1.2 KiB
YAML
Raw Permalink Blame History

---
- name: initialize vault
become: true
no_log: true
ansible.builtin.command:
cmd: >
vault operator init
-tls-skip-verify -non-interactive -format=yaml
-key-shares={{ hc_vault_init_key_shares_count }}
-key-threshold={{ hc_vault_init_key_threshold }}
chdir: '{{ hc_vault_root_dir }}'
environment:
VAULT_ADDR: 'https://127.0.0.1:8200'
DBUS_SESSION_BUS_ADDRESS: '/dev/null'
register: init_data
- name: set init data filename
no_log: true
ansible.builtin.set_fact:
hc_vault_init_data_filename: "{{ hc_vault_init_data_filepath | default(provisioner_facts.artifacts_dir, True) }}/hashicorp_vault_{{ ansible_facts['fqdn'] }}_init.yml"
- name: save initialization data
connection: local
no_log: true
ansible.builtin.copy:
content: '{{ init_data.stdout }}'
dest: '{{ hc_vault_init_data_filename }}'
mode: '0600'
owner: "{{ ansible_facts['user_id'] }}"
group: "{{ ansible_facts['user_id'] }}"
vars:
ansible_python_interpreter: /usr/bin/python3
- name: print init data file location
no_log: true
ansible.builtin.debug:
msg: 'Initialization data is stored in file "{{ hc_vault_init_data_filename }}". MAKE SURE TO SAVE IT SOMEWHERE SAFE!'
verbosity: 0
Reference in a new issue View git blame Copy permalink