fix: Refactor to make step-ca initialization idempotent
This commit is contained in:
parent
5363eba1a3
commit
072fc56050
@ -1,14 +1,9 @@
|
||||
- block:
|
||||
|
||||
- name: Initialize tempfile
|
||||
ansible.builtin.tempfile:
|
||||
state: file
|
||||
register: values_file
|
||||
|
||||
- name: Write chart values w/ password to tempfile
|
||||
- name: Inject password into values file
|
||||
ansible.builtin.copy:
|
||||
dest: "{{ values_file.path }}"
|
||||
content: "{{ stepca_values.stdout | regex_replace('(ca_password|provisioner_password): ', '\\1: ' ~ (vapp['metacluster.password'] | b64encode)) }}"
|
||||
dest: "{{ stepconfig.path }}"
|
||||
content: "{{ lookup('ansible.builtin.file', stepconfig.path) | regex_replace('(ca_password|provisioner_password): ', '\\1: ' ~ (vapp['metacluster.password'] | b64encode)) }}"
|
||||
no_log: true
|
||||
|
||||
- name: Install step-ca chart
|
||||
@ -21,13 +16,7 @@
|
||||
wait: true
|
||||
kubeconfig: "{{ kubeconfig.path }}"
|
||||
values_files:
|
||||
- "{{ values_file.path }}"
|
||||
|
||||
- name: Cleanup tempfile
|
||||
ansible.builtin.file:
|
||||
path: "{{ values_file.path }}"
|
||||
state: absent
|
||||
when: values_file.path is defined
|
||||
- "{{ stepconfig.path }}"
|
||||
|
||||
- name: Retrieve configmap w/ root certificate
|
||||
kubernetes.core.k8s_info:
|
||||
|
@ -12,6 +12,15 @@
|
||||
- registry
|
||||
- storage
|
||||
|
||||
- name: Create step-ca config dictionary
|
||||
ansible.builtin.set_fact:
|
||||
stepconfig: "{{ { 'path': ansible_env.HOME ~ '/.step/config/values.yaml' } }}"
|
||||
|
||||
- name: Create step-ca target folder
|
||||
ansible.builtin.file:
|
||||
path: "{{ stepconfig.path | dirname }}"
|
||||
state: directory
|
||||
|
||||
- name: Initialize tempfile
|
||||
ansible.builtin.tempfile:
|
||||
state: file
|
||||
@ -36,8 +45,8 @@
|
||||
--address=:9000 \
|
||||
--provisioner=admin \
|
||||
--acme \
|
||||
--password-file={{ stepca_password.path }}
|
||||
register: stepca_values
|
||||
--password-file={{ stepca_password.path }} | tee {{ stepconfig.path }}
|
||||
creates: "{{ stepconfig.path }}"
|
||||
|
||||
- name: Cleanup tempfile
|
||||
ansible.builtin.file:
|
||||
@ -48,7 +57,7 @@
|
||||
- name: Store root CA certificate
|
||||
ansible.builtin.copy:
|
||||
dest: /usr/local/share/ca-certificates/root_ca.crt
|
||||
content: "{{ (stepca_values.stdout | from_yaml).inject.certificates.root_ca }}"
|
||||
content: "{{ (lookup('ansible.builtin.file', stepconfig.path) | from_yaml).inject.certificates.root_ca }}"
|
||||
|
||||
- name: Update certificate truststore
|
||||
ansible.builtin.command:
|
||||
|
Loading…
Reference in New Issue
Block a user