summaryrefslogtreecommitdiffstats
path: root/tools/docker-compose/ansible/roles/vault/tasks/plumb.yml
diff options
context:
space:
mode:
Diffstat (limited to 'tools/docker-compose/ansible/roles/vault/tasks/plumb.yml')
-rw-r--r--tools/docker-compose/ansible/roles/vault/tasks/plumb.yml36
1 files changed, 31 insertions, 5 deletions
diff --git a/tools/docker-compose/ansible/roles/vault/tasks/plumb.yml b/tools/docker-compose/ansible/roles/vault/tasks/plumb.yml
index 8690050f74..1e804fb672 100644
--- a/tools/docker-compose/ansible/roles/vault/tasks/plumb.yml
+++ b/tools/docker-compose/ansible/roles/vault/tasks/plumb.yml
@@ -1,29 +1,45 @@
---
+- name: Set vault_addr
+ include_tasks: set_vault_addr.yml
+
- name: Load vault keys
include_vars:
file: "{{ vault_file }}"
+- name: Get AWX admin password
+ include_vars:
+ file: "{{ admin_password_file }}"
+
- name: Create a HashiCorp Vault Credential
awx.awx.credential:
credential_type: HashiCorp Vault Secret Lookup
name: Vault Lookup Cred
organization: Default
+ controller_host: "{{ awx_host }}"
+ controller_username: admin
+ controller_password: "{{ admin_password }}"
+ validate_certs: false
inputs:
api_version: "v1"
- cacert: ""
- default_auth_path: "approle"
+ cacert: "{{ lookup('ansible.builtin.file', '{{ vault_server_cert }}', errors='ignore') }}"
+ default_auth_path: "cert"
kubernetes_role: ""
namespace: ""
- role_id: ""
- secret_id: ""
+ client_cert_public: "{{ lookup('ansible.builtin.file', '{{ vault_client_cert }}', errors='ignore') }}"
+ client_cert_private: "{{ lookup('ansible.builtin.file', '{{ vault_client_key }}', errors='ignore') }}"
token: "{{ Initial_Root_Token }}"
- url: "http://tools_vault_1:1234"
+ url: "{{ vault_addr_from_container }}"
register: vault_cred
- name: Create a custom credential type
awx.awx.credential_type:
name: Vault Custom Cred Type
kind: cloud
+ controller_host: "{{ awx_host }}"
+ controller_username: admin
+ controller_password: "{{ admin_password }}"
+
+ validate_certs: false
injectors:
extra_vars:
the_secret_from_vault: "{{ '{{' }} password {{ '}}' }}"
@@ -38,6 +54,11 @@
- name: Create a credential of the custom type
awx.awx.credential:
credential_type: "{{ custom_vault_cred_type.id }}"
+ controller_host: "{{ awx_host }}"
+ controller_username: admin
+ controller_password: "{{ admin_password }}"
+
+ validate_certs: false
name: Credential From Vault
inputs: {}
organization: Default
@@ -48,6 +69,11 @@
input_field_name: password
target_credential: "{{ custom_credential.id }}"
source_credential: "{{ vault_cred.id }}"
+ controller_host: "{{ awx_host }}"
+ controller_username: admin
+ controller_password: "{{ admin_password }}"
+
+ validate_certs: false
metadata:
auth_path: ""
secret_backend: "my_engine"