fix: Refactor to make step-ca initialization idempotent

This commit is contained in:
Danny Bessems 2023-07-15 19:08:33 +02:00
parent 5363eba1a3
commit 072fc56050
2 changed files with 16 additions and 18 deletions

View File

@ -1,14 +1,9 @@
- block: - block:
- name: Initialize tempfile - name: Inject password into values file
ansible.builtin.tempfile:
state: file
register: values_file
- name: Write chart values w/ password to tempfile
ansible.builtin.copy: ansible.builtin.copy:
dest: "{{ values_file.path }}" dest: "{{ stepconfig.path }}"
content: "{{ stepca_values.stdout | regex_replace('(ca_password|provisioner_password): ', '\\1: ' ~ (vapp['metacluster.password'] | b64encode)) }}" content: "{{ lookup('ansible.builtin.file', stepconfig.path) | regex_replace('(ca_password|provisioner_password): ', '\\1: ' ~ (vapp['metacluster.password'] | b64encode)) }}"
no_log: true no_log: true
- name: Install step-ca chart - name: Install step-ca chart
@ -21,13 +16,7 @@
wait: true wait: true
kubeconfig: "{{ kubeconfig.path }}" kubeconfig: "{{ kubeconfig.path }}"
values_files: values_files:
- "{{ values_file.path }}" - "{{ stepconfig.path }}"
- name: Cleanup tempfile
ansible.builtin.file:
path: "{{ values_file.path }}"
state: absent
when: values_file.path is defined
- name: Retrieve configmap w/ root certificate - name: Retrieve configmap w/ root certificate
kubernetes.core.k8s_info: kubernetes.core.k8s_info:

View File

@ -12,6 +12,15 @@
- registry - registry
- storage - storage
- name: Create step-ca config dictionary
ansible.builtin.set_fact:
stepconfig: "{{ { 'path': ansible_env.HOME ~ '/.step/config/values.yaml' } }}"
- name: Create step-ca target folder
ansible.builtin.file:
path: "{{ stepconfig.path | dirname }}"
state: directory
- name: Initialize tempfile - name: Initialize tempfile
ansible.builtin.tempfile: ansible.builtin.tempfile:
state: file state: file
@ -36,8 +45,8 @@
--address=:9000 \ --address=:9000 \
--provisioner=admin \ --provisioner=admin \
--acme \ --acme \
--password-file={{ stepca_password.path }} --password-file={{ stepca_password.path }} | tee {{ stepconfig.path }}
register: stepca_values creates: "{{ stepconfig.path }}"
- name: Cleanup tempfile - name: Cleanup tempfile
ansible.builtin.file: ansible.builtin.file:
@ -48,7 +57,7 @@
- name: Store root CA certificate - name: Store root CA certificate
ansible.builtin.copy: ansible.builtin.copy:
dest: /usr/local/share/ca-certificates/root_ca.crt dest: /usr/local/share/ca-certificates/root_ca.crt
content: "{{ (stepca_values.stdout | from_yaml).inject.certificates.root_ca }}" content: "{{ (lookup('ansible.builtin.file', stepconfig.path) | from_yaml).inject.certificates.root_ca }}"
- name: Update certificate truststore - name: Update certificate truststore
ansible.builtin.command: ansible.builtin.command: