diff options
Diffstat (limited to 'tools/docker-compose/ansible/roles/vault/tasks/plumb.yml')
-rw-r--r-- | tools/docker-compose/ansible/roles/vault/tasks/plumb.yml | 36 |
1 files changed, 31 insertions, 5 deletions
diff --git a/tools/docker-compose/ansible/roles/vault/tasks/plumb.yml b/tools/docker-compose/ansible/roles/vault/tasks/plumb.yml index 8690050f74..1e804fb672 100644 --- a/tools/docker-compose/ansible/roles/vault/tasks/plumb.yml +++ b/tools/docker-compose/ansible/roles/vault/tasks/plumb.yml @@ -1,29 +1,45 @@ --- +- name: Set vault_addr + include_tasks: set_vault_addr.yml + - name: Load vault keys include_vars: file: "{{ vault_file }}" +- name: Get AWX admin password + include_vars: + file: "{{ admin_password_file }}" + - name: Create a HashiCorp Vault Credential awx.awx.credential: credential_type: HashiCorp Vault Secret Lookup name: Vault Lookup Cred organization: Default + controller_host: "{{ awx_host }}" + controller_username: admin + controller_password: "{{ admin_password }}" + validate_certs: false inputs: api_version: "v1" - cacert: "" - default_auth_path: "approle" + cacert: "{{ lookup('ansible.builtin.file', '{{ vault_server_cert }}', errors='ignore') }}" + default_auth_path: "cert" kubernetes_role: "" namespace: "" - role_id: "" - secret_id: "" + client_cert_public: "{{ lookup('ansible.builtin.file', '{{ vault_client_cert }}', errors='ignore') }}" + client_cert_private: "{{ lookup('ansible.builtin.file', '{{ vault_client_key }}', errors='ignore') }}" token: "{{ Initial_Root_Token }}" - url: "http://tools_vault_1:1234" + url: "{{ vault_addr_from_container }}" register: vault_cred - name: Create a custom credential type awx.awx.credential_type: name: Vault Custom Cred Type kind: cloud + controller_host: "{{ awx_host }}" + controller_username: admin + controller_password: "{{ admin_password }}" + + validate_certs: false injectors: extra_vars: the_secret_from_vault: "{{ '{{' }} password {{ '}}' }}" @@ -38,6 +54,11 @@ - name: Create a credential of the custom type awx.awx.credential: credential_type: "{{ custom_vault_cred_type.id }}" + controller_host: "{{ awx_host }}" + controller_username: admin + controller_password: "{{ admin_password }}" + + validate_certs: false name: Credential From Vault inputs: {} organization: Default @@ -48,6 +69,11 @@ input_field_name: password target_credential: "{{ custom_credential.id }}" source_credential: "{{ vault_cred.id }}" + controller_host: "{{ awx_host }}" + controller_username: admin + controller_password: "{{ admin_password }}" + + validate_certs: false metadata: auth_path: "" secret_backend: "my_engine" |