internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-26 21:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ce8c58f542689db52e54162ab77b29aa0e8aeaa4
awx-operator/roles/backup/tasks/secrets.yml
Christian M. Adams ce8c58f542 added secrets logic, fixed permissions issues
2021-04-30 10:24:36 -04:00

125 lines
4.1 KiB
YAML
Raw Blame History

---
- name: Make _secrets directory
file:
path: "_secrets"
state: directory
mode: '0700'
- name: Get secret_key
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ tower_secret_key_secret }}'
register: _secret_key
- name: Set secret key
set_fact:
secret_key: "{{ _secret_key['resources'][0]['data']['secret_key'] | b64decode }}"
- name: Template secret_key definition
template:
src: secret_key_secret.yml.j2
dest: "_secrets/secret_key_secret.yml"
mode: '0700'
- name: Set secret key template
set_fact:
secret_key_template: "{{ lookup('file', '_secrets/secret_key_secret.yml') }}"
- name: Write secret_key to pvc
community.kubernetes.k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
bash -c "echo '{{ secret_key_template }}' > {{ backup_dir }}/secret_key_secret.yml"
- name: Get admin_password
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ tower_admin_password_secret }}'
register: _admin_password
- name: Set admin_password
set_fact:
admin_password: "{{ _admin_password['resources'][0]['data']['password'] | b64decode }}"
- name: Template admin_password definition
template:
src: admin_password_secret.yml.j2
dest: "_secrets/admin_password_secret.yml"
mode: '0700'
- name: Set admin_password template
set_fact:
admin_password_template: "{{ lookup('file', '_secrets/admin_password_secret.yml') }}"
- name: Write secret_key to pvc
community.kubernetes.k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
bash -c "echo '{{ admin_password_template }}' > {{ backup_dir }}/admin_password_secret.yml"
- name: Get broadcast_websocket
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ tower_broadcast_websocket_secret }}'
register: _broadcast_websocket
- name: Set broadcast_websocket key
set_fact:
secret_key: "{{ _broadcast_websocket['resources'][0]['data']['secret'] | b64decode }}"
- name: Template broadcast_websocket definition
template:
src: broadcast_websocket_secret.yml.j2
dest: "_secrets/broadcast_websocket_secret.yml"
mode: '0700'
- name: Set broadcast_websocket template
set_fact:
broadcast_websocket_template: "{{ lookup('file', '_secrets/broadcast_websocket_secret.yml') }}"
- name: Write broadcast_websocket definition to pvc
community.kubernetes.k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
bash -c "echo '{{ broadcast_websocket_template }}' > {{ backup_dir }}/broadcast_websocket_secret.yml"
- name: Get postgres configuration
k8s_info:
kind: Secret
namespace: '{{ tower_backup_pvc_namespace }}'
name: '{{ tower_postgres_configuration_secret }}'
register: _postgres_configuration
- name: Set postgres configuration
set_fact:
database_password: "{{ _postgres_configuration['resources'][0]['data']['password'] | b64decode }}"
database_username: "{{ _postgres_configuration['resources'][0]['data']['username'] | b64decode }}"
database_name: "{{ _postgres_configuration['resources'][0]['data']['database'] | b64decode }}"
database_port: "{{ _postgres_configuration['resources'][0]['data']['port'] | b64decode }}"
database_host: "{{ _postgres_configuration['resources'][0]['data']['host'] | b64decode }}"
database_type: "{{ _postgres_configuration['resources'][0]['data']['type'] | b64decode }}"
- name: Template postgres configuration definition
template:
src: postgres_secret.yml.j2
dest: "_secrets/postgres_secret.yml"
mode: '0700'
- name: Set postgres configuration
set_fact:
postgres_secret_template: "{{ lookup('file', '_secrets/postgres_secret.yml') }}"
- name: Write postgres configuration to pvc
community.kubernetes.k8s_exec:
namespace: "{{ tower_backup_pvc_namespace }}"
pod: "{{ meta.name }}-db-management"
command: >-
bash -c "echo '{{ postgres_secret_template }}' > {{ backup_dir }}/postgres_secret.yml"
Reference in New Issue View Git Blame Copy Permalink