fix: Refactor to make step-ca initialization idempotent
This commit is contained in:
parent
5363eba1a3
commit
072fc56050
@ -1,14 +1,9 @@
|
|||||||
- block:
|
- block:
|
||||||
|
|
||||||
- name: Initialize tempfile
|
- name: Inject password into values file
|
||||||
ansible.builtin.tempfile:
|
|
||||||
state: file
|
|
||||||
register: values_file
|
|
||||||
|
|
||||||
- name: Write chart values w/ password to tempfile
|
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
dest: "{{ values_file.path }}"
|
dest: "{{ stepconfig.path }}"
|
||||||
content: "{{ stepca_values.stdout | regex_replace('(ca_password|provisioner_password): ', '\\1: ' ~ (vapp['metacluster.password'] | b64encode)) }}"
|
content: "{{ lookup('ansible.builtin.file', stepconfig.path) | regex_replace('(ca_password|provisioner_password): ', '\\1: ' ~ (vapp['metacluster.password'] | b64encode)) }}"
|
||||||
no_log: true
|
no_log: true
|
||||||
|
|
||||||
- name: Install step-ca chart
|
- name: Install step-ca chart
|
||||||
@ -21,13 +16,7 @@
|
|||||||
wait: true
|
wait: true
|
||||||
kubeconfig: "{{ kubeconfig.path }}"
|
kubeconfig: "{{ kubeconfig.path }}"
|
||||||
values_files:
|
values_files:
|
||||||
- "{{ values_file.path }}"
|
- "{{ stepconfig.path }}"
|
||||||
|
|
||||||
- name: Cleanup tempfile
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ values_file.path }}"
|
|
||||||
state: absent
|
|
||||||
when: values_file.path is defined
|
|
||||||
|
|
||||||
- name: Retrieve configmap w/ root certificate
|
- name: Retrieve configmap w/ root certificate
|
||||||
kubernetes.core.k8s_info:
|
kubernetes.core.k8s_info:
|
||||||
|
@ -12,6 +12,15 @@
|
|||||||
- registry
|
- registry
|
||||||
- storage
|
- storage
|
||||||
|
|
||||||
|
- name: Create step-ca config dictionary
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
stepconfig: "{{ { 'path': ansible_env.HOME ~ '/.step/config/values.yaml' } }}"
|
||||||
|
|
||||||
|
- name: Create step-ca target folder
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ stepconfig.path | dirname }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
- name: Initialize tempfile
|
- name: Initialize tempfile
|
||||||
ansible.builtin.tempfile:
|
ansible.builtin.tempfile:
|
||||||
state: file
|
state: file
|
||||||
@ -36,8 +45,8 @@
|
|||||||
--address=:9000 \
|
--address=:9000 \
|
||||||
--provisioner=admin \
|
--provisioner=admin \
|
||||||
--acme \
|
--acme \
|
||||||
--password-file={{ stepca_password.path }}
|
--password-file={{ stepca_password.path }} | tee {{ stepconfig.path }}
|
||||||
register: stepca_values
|
creates: "{{ stepconfig.path }}"
|
||||||
|
|
||||||
- name: Cleanup tempfile
|
- name: Cleanup tempfile
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
@ -48,7 +57,7 @@
|
|||||||
- name: Store root CA certificate
|
- name: Store root CA certificate
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
dest: /usr/local/share/ca-certificates/root_ca.crt
|
dest: /usr/local/share/ca-certificates/root_ca.crt
|
||||||
content: "{{ (stepca_values.stdout | from_yaml).inject.certificates.root_ca }}"
|
content: "{{ (lookup('ansible.builtin.file', stepconfig.path) | from_yaml).inject.certificates.root_ca }}"
|
||||||
|
|
||||||
- name: Update certificate truststore
|
- name: Update certificate truststore
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
|
Loading…
Reference in New Issue
Block a user