20 lines
898 B
YAML
20 lines
898 B
YAML
---
|
|
# file: roles/haproxy/tasks/secrest.yml
|
|
|
|
- name: "handle secret {{ user }}"
|
|
block:
|
|
- name: "get {{ user }} from hashicorp vault"
|
|
set_fact:
|
|
"{{ user }}": "{{ lookup('hashi_vault', 'secret=talas-kv/data/' + host_vars_location + '/' + ansible_hostname)['haproxy_basicauth_' + user + '_password'] }}"
|
|
rescue:
|
|
- name: "generate a random password for {{ user }}"
|
|
set_fact:
|
|
password: "{{ lookup('password','/dev/null chars=ascii_letters,digits length=50') }}"
|
|
- name: "patching hashicorp vault with generated {{ user }}"
|
|
delegate_to: localhost
|
|
become: no
|
|
command: "vault kv patch talas-kv/{{ host_vars_location }}/{{ ansible_hostname }} haproxy_basicauth_{{ user }}_password={{ password }}"
|
|
- name: "assign password value to {{ user }}"
|
|
set_fact:
|
|
"haproxy_basicauth_{{ user }}_password": "{{ password }}"
|
|
tags: haproxy
|