Dynamically collect secrets for backup & restore roles

- This prevents us from overwriting vars unintentionally at restore time - This will make it easier to add secrets to be backed up in the future - Add generated secret names to awx spec backup - Fail early if secret status doesn't exist - Skip if secret is not in spec for non-generated secrets - Secret values must be b64 decoded before secret is created - Cleanup temp files
2026-03-26 21:33:14 +00:00 · 2021-06-11 11:54:06 -04:00
parent 1bb6ada3a2
commit bfec61ad8d
15 changed files with 153 additions and 161 deletions
--- a/roles/backup/tasks/main.yml
+++ b/roles/backup/tasks/main.yml
@@ -30,10 +30,10 @@

    - include_tasks: postgres.yml

-    - include_tasks: secrets.yml
-
    - include_tasks: awx-cro.yml

+    - include_tasks: secrets.yml
+
    - name: Set flag signifying this backup was successful
      set_fact:
        backup_complete: true
@@ -45,5 +45,3 @@

 - name: Update status variables
  include_tasks: update_status.yml
-
-# TODO: backup tower settings or make sure that users only specify settings/config changes via AWX object.  See ticket