internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-05-06 21:32:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fix-helm-release-again
awx-operator/roles/restore/tasks/secrets.yml

101 lines
3.3 KiB
YAML
Raw Permalink Blame History

---
- name: Create Temporary secrets file
tempfile:
state: file
suffix: .json
register: tmp_secrets
- name: Get secret definition from pvc
k8s_cp:
namespace: "{{ backup_pvc_namespace }}"
pod: "{{ ansible_operator_meta.name }}-db-management"
remote_path: "{{ backup_dir }}/secrets.yml"
local_path: "{{ tmp_secrets.path }}"
state: from_pod
no_log: "{{ no_log }}"
- name: Include secret vars from backup
include_vars: "{{ tmp_secrets.path }}"
no_log: "{{ no_log }}"
- name: If deployment is managed, set the database_host in the pg config secret
block:
- name: Set new database host
set_fact:
database_host: "{{ deployment_name }}-postgres-{{ supported_pg_version }}"
no_log: "{{ no_log }}"
- name: Set tmp postgres secret dict
set_fact:
_pg_secret: "{{ secrets['postgresConfigurationSecret'] }}"
no_log: "{{ no_log }}"
- name: Change postgres host value
set_fact:
_pg_data: "{{ _pg_secret['data'] | combine({'host': database_host | b64encode }) }}"
no_log: "{{ no_log }}"
- name: Create a postgres secret with the new host value
set_fact:
_pg_secret: "{{ _pg_secret | combine({'data': _pg_data}) }}"
no_log: "{{ no_log }}"
- name: Create a new dict of secrets with the new postgres secret
set_fact:
secrets: "{{ secrets | combine({'postgresConfigurationSecret': _pg_secret}) }}"
no_log: "{{ no_log }}"
when: secrets['postgresConfigurationSecret']['data']['type'] | b64decode == 'managed'
- name: Set new receptor secret names
set_fact:
previous_receptor_ca_name: "{{ previous_deployment_name }}-receptor-ca"
previous_receptor_tls_name: "{{ previous_deployment_name }}-receptor-work-signing"
no_log: "{{ no_log }}"
- name: Set new name for receptor secrets using deployment_name
block:
- name: Set new receptor secret names
set_fact:
receptor_ca_name: "{{ deployment_name }}-receptor-ca"
receptor_work_signing_name: "{{ deployment_name }}-receptor-work-signing"
no_log: "{{ no_log }}"
- name: Set tmp dict for receptor secrets
set_fact:
_ca_secret: "{{ secrets[previous_receptor_ca_name] }}"
_work_signing_secret: "{{ secrets[previous_receptor_tls_name] }}"
no_log: "{{ no_log }}"
- name: Change receptor secret names in tmp dict
set_fact:
_ca_secret_name: "{{ _ca_secret | combine({ 'name': receptor_ca_name }) }}"
_work_signing_secret_name: "{{ _work_signing_secret | combine({ 'name': receptor_work_signing_name}) }}"
no_log: "{{ no_log }}"
- name: Create a new dict of receptor secrets with updated names
set_fact:
secrets: "{{ secrets | combine({previous_receptor_ca_name: _ca_secret_name, previous_receptor_tls_name: _work_signing_secret_name}) }}"
no_log: "{{ no_log }}"
- name: Apply secret
k8s:
state: present
namespace: "{{ ansible_operator_meta.namespace }}"
apply: yes
wait: yes
definition: "{{ lookup('template', 'secrets.yml.j2') }}"
no_log: "{{ no_log }}"
- name: Remove ownerReference on restored secrets
k8s:
definition:
apiVersion: v1
kind: Secret
metadata:
name: "{{ item.value.name }}"
namespace: '{{ ansible_operator_meta.namespace }}'
ownerReferences: null
loop: "{{ secrets | dict2items }}"
no_log: "{{ no_log }}"
Reference in New Issue View Git Blame Copy Permalink