internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-05-08 06:12:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Template only what is needed from secrets and awx cro

Browse Source
This commit is contained in:
Christian M. Adams
2021-04-09 16:32:59 -04:00
parent 82efe05343
commit 8ed0b1fe61
6 changed files with 28 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
roles/backup/tasks/secrets.yml
View File

@@ -1,8 +1,8 @@
---
- name: Make temp secrets directory
tempfile:
prefix: "secrets-"
file:
path: "/tmp/secrets" #-{{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=8')}}"
state: directory
register: secrets_dir
@@ -17,23 +17,6 @@
set_fact:
secret_key: "{{ _secret_key['resources'][0]['data']['secret_key'] | b64decode }}"
- name: Template secret_key definition
template:
src: secret_key_secret.yml.j2
dest: "{{ secrets_dir.path }}/secret_key_secret.yml"
mode: '0700'
- name: Set secret key template
set_fact:
secret_key_template: "{{ lookup('file', '{{ secrets_dir.path }}/secret_key_secret.yml') }}"
- name: Write secret_key to pvc
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
bash -c "echo '{{ secret_key_template }}' > {{ backup_dir }}/secret_key_secret.yml"
- name: Get admin_password
k8s_info:
kind: Secret
@@ -45,23 +28,6 @@
set_fact:
admin_password: "{{ _admin_password['resources'][0]['data']['password'] | b64decode }}"
- name: Template admin_password definition
template:
src: admin_password_secret.yml.j2
dest: "{{ secrets_dir.path }}/admin_password_secret.yml"
mode: '0700'
- name: Set admin_password template
set_fact:
admin_password_template: "{{ lookup('file', '{{ secrets_dir.path }}/admin_password_secret.yml') }}"
- name: Write secret_key to pvc
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
bash -c "echo '{{ admin_password_template }}' > {{ backup_dir }}/admin_password_secret.yml"
- name: Get broadcast_websocket
k8s_info:
kind: Secret
@@ -71,24 +37,7 @@
- name: Set broadcast_websocket key
set_fact:
secret_key: "{{ _broadcast_websocket['resources'][0]['data']['secret'] | b64decode }}"
- name: Template broadcast_websocket definition
template:
src: broadcast_websocket_secret.yml.j2
dest: "{{ secrets_dir.path }}/broadcast_websocket_secret.yml"
mode: '0700'
- name: Set broadcast_websocket template
set_fact:
broadcast_websocket_template: "{{ lookup('file', '{{ secrets_dir.path }}/broadcast_websocket_secret.yml') }}"
- name: Write broadcast_websocket definition to pvc
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
bash -c "echo '{{ broadcast_websocket_template }}' > {{ backup_dir }}/broadcast_websocket_secret.yml"
broadcast_websocket: "{{ _broadcast_websocket['resources'][0]['data']['secret'] | b64decode }}"
- name: Get postgres configuration
k8s_info:
@@ -106,19 +55,13 @@
database_host: "{{ _postgres_configuration['resources'][0]['data']['host'] | b64decode }}"
database_type: "{{ _postgres_configuration['resources'][0]['data']['type'] | b64decode }}"
- name: Template postgres configuration definition
template:
src: postgres_secret.yml.j2
dest: "{{ secrets_dir.path }}/postgres_secret.yml"
mode: '0700'
- name: Set postgres configuration
- name: Template secrets into yaml
set_fact:
postgres_secret_template: "{{ lookup('file', '{{ secrets_dir.path }}/postgres_secret.yml') }}"
secrets_file: "{{ lookup('template', 'secrets.yml.j2')}}"
- name: Write postgres configuration to pvc
k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
bash -c "echo '{{ postgres_secret_template }}' > {{ backup_dir }}/postgres_secret.yml"
bash -c "echo '{{ secrets_file }}' > {{ backup_dir }}/secrets.yml"