External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-12 20:07:39 -02:30
Code Issues Packages Projects Releases Wiki Activity

Place vault role credentials only to vault group hosts

Browse Source
This commit is contained in:
mkrasilnikov
2017-09-05 11:05:06 +03:00
parent ad313c9d49
commit b930b0ef5a
5 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
roles/vault/tasks/shared/create_role.yml
View File

@@ -19,7 +19,8 @@
{{ create_role_policy_rules | to_json + '\n' }}
{%- endif -%}
status_code: 204
when: inventory_hostname == groups[create_role_group]|first
delegate_to: "{{ groups.vault|first }}"
run_once: true
- name: create_role | Create {{ create_role_name }} role in the {{ create_role_mount_path }} pki mount
uri:
@@ -34,15 +35,14 @@
{{ create_role_options }}
{%- endif -%}
status_code: 204
when: inventory_hostname == groups[create_role_group]|first
delegate_to: "{{ groups.vault|first }}"
run_once: true
## Userpass based auth method
- include: gen_userpass.yml
vars:
gen_userpass_group: "{{ create_role_group }}"
gen_userpass_password: "{{ create_role_password }}"
gen_userpass_policies: "{{ create_role_name }}"
gen_userpass_role: "{{ create_role_name }}"
gen_userpass_username: "{{ create_role_name }}"
when: inventory_hostname in groups[create_role_group]