External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-09 10:27:39 -02:30
Code Issues Packages Projects Releases Wiki Activity

Place vault role credentials only to vault group hosts

Browse Source
This commit is contained in:
mkrasilnikov
2017-09-05 11:05:06 +03:00
parent ad313c9d49
commit b930b0ef5a
5 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/vault/tasks/shared/issue_cert.yml
View File

@@ -29,13 +29,13 @@
- name: "issue_cert | Read in the local credentials"
command: cat {{ vault_roles_dir }}/{{ issue_cert_role }}/userpass
register: vault_creds_cat
delegate_to: "{{ issue_cert_hosts|first }}"
delegate_to: "{{ groups.vault|first }}"
run_once: true
- name: gen_certs_vault | Set facts for read Vault Creds
set_fact:
user_vault_creds: "{{ vault_creds_cat.stdout|from_json }}"
delegate_to: "{{ issue_cert_hosts|first }}"
delegate_to: "{{ groups.vault|first }}"
run_once: true
- name: gen_certs_vault | Log into Vault and obtain an token
@@ -49,7 +49,7 @@
body:
password: "{{ user_vault_creds.password }}"
register: vault_login_result
delegate_to: "{{ issue_cert_hosts|first }}"
delegate_to: "{{ groups.vault|first }}"
run_once: true
- name: gen_certs_vault | Set fact for vault_client_token