-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup.yml
55 lines (48 loc) · 2 KB
/
setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
---
- name: "Setup for a HA AWX system on a RKE2 K8s cluster."
hosts: "{{ 'k8s_cluster' }}"
gather_facts: no
#become: true # breaks local execution like in configure-awx role...
pre_tasks:
- name: Check if vault password file exists
delegate_to: localhost
ansible.builtin.stat:
path: "{{ playbook_dir }}/vault/password-file"
run_once: true
register: vault_password_file
- name: Prompt for vault password if the password file doesn't exist
delegate_to: localhost
ansible.builtin.pause:
prompt: "Enter the vault password:"
run_once: true
when: not vault_password_file.stat.exists
register: vault_password_prompt
- name: Exit playbook if the vault password prompt is empty
ansible.builtin.fail:
msg: "Interactive Vault password prompt was empty. Exiting..."
run_once: true
when: ( not vault_password_file.stat.exists ) and ( vault_password_prompt.user_input | length == 0 )
- name: Create the password-file if it didn't already exists
delegate_to: localhost
ansible.builtin.copy:
content: "{{ vault_password_prompt.user_input }}"
dest: "{{ playbook_dir }}/vault/password-file"
mode: 0600
when: ( not vault_password_file.stat.exists ) and ( vault_password_prompt.user_input | length > 0 )
run_once: true
no_log: true
- name: Exit the playbook prompting the user to use the vault password file on the next run_once
ansible.builtin.fail:
msg: "Please run the playbook again with the vault password file, for example:\n\n$ ansible-playbook -i inventories/dev/ setup.yml --vault-password-file vault/password-file\n\nExiting..."
run_once: true
when: ( not vault_password_file.stat.exists ) and ( vault_password_prompt.user_input | length > 0 )
roles:
- load-vault-secrets
- rke2-pre-check
- role: lablabs.rke2
tags: rke2-setup
- rke2-test
- longhorn-setup
- rancher
- awx-setup
- awx-custom-config