mirror of
https://github.com/ansible/awx-operator.git
synced 2026-04-21 16:21:04 +00:00
bfec61ad8d
- This prevents us from overwriting vars unintentionally at restore time - This will make it easier to add secrets to be backed up in the future - Add generated secret names to awx spec backup - Fail early if secret status doesn't exist - Skip if secret is not in spec for non-generated secrets - Secret values must be b64 decoded before secret is created - Cleanup temp files
34 lines
868 B
YAML
34 lines
868 B
YAML
---
|
|
|
|
- name: Create Temporary secrets file
|
|
tempfile:
|
|
state: file
|
|
suffix: .json
|
|
register: tmp_secrets
|
|
|
|
- name: Dump (generated) secret names from statuses and data into file
|
|
include_tasks: dump_generated_secret.yml
|
|
with_items:
|
|
- secretKeySecret
|
|
- adminPasswordSecret
|
|
- broadcastWebsocketSecret
|
|
- postgresConfigurationSecret
|
|
|
|
- name: Dump secret names from awx spec and data into file
|
|
include_tasks: dump_secret.yml
|
|
loop:
|
|
- route_tls_secret
|
|
- ldap_cacert_secret
|
|
- image_pull_secret
|
|
|
|
- name: Nest secrets under a single variable
|
|
set_fact:
|
|
secrets: {"secrets": '{{ secret_dict }}'}
|
|
|
|
- name: Write postgres configuration to pvc
|
|
k8s_exec:
|
|
namespace: "{{ backup_pvc_namespace }}"
|
|
pod: "{{ meta.name }}-db-management"
|
|
command: >-
|
|
bash -c "echo '{{ secrets | to_yaml }}' > {{ backup_dir }}/secrets.yml"
|