Store vault users passwords to credentials dir. Create vault and etcd roles after start vault cluster (#1632)

roles/vault/tasks/cluster/create_mounts.yml

@@ -6,7 +6,7 @@
     create_mount_max_lease_ttl: "{{ item.max_lease_ttl }}"
     create_mount_description: "{{ item.description }}"
     create_mount_cert_dir: "{{ item.cert_dir }}"
-    create_mount_config_ca_needed: "{{ item.name != vault_pki_mounts.kube.name }}"
+    create_mount_config_ca_needed: item.name != vault_pki_mounts.kube.name
   with_items:
     - "{{ vault_pki_mounts.vault }}"
     - "{{ vault_pki_mounts.etcd }}"

roles/vault/tasks/cluster/create_roles.yml

@@ -6,5 +6,5 @@
     create_role_password: "{{ item.password }}"
     create_role_policy_rules: "{{ item.policy_rules }}"
     create_role_options: "{{ item.role_options }}"
-    create_role_mount_path: "{{ vault_pki_mounts.kube.name }}"
-  with_items: "{{ vault_pki_mounts.kube.roles }}"
+    create_role_mount_path: "{{ mount.name }}"
+  with_items: "{{ mount.roles }}"

roles/vault/tasks/cluster/main.yml

@@ -42,4 +42,10 @@
   when: inventory_hostname == groups.vault|first
 
 - include: create_roles.yml
+  with_items:
+    - "{{ vault_pki_mounts.vault }}"
+    - "{{ vault_pki_mounts.etcd }}"
+    - "{{ vault_pki_mounts.kube }}"
+  loop_control:
+    loop_var: mount
   when: inventory_hostname in groups.vault