generated from linux-system-roles/template
-
Notifications
You must be signed in to change notification settings - Fork 22
/
presharedkey.yml
73 lines (66 loc) · 2.88 KB
/
presharedkey.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# 1) If a key has been specified by the user, go with the specified key.
# 2) Otherwise generate a new random key. This is used as a default if no key
# can be slurped from existing cluster nodes.
# 3) If the user does not want to regenerate a key, try slurping an existing
# key from cluster nodes. If no node has a key, a random key generated in step
# 2 is going to be used.
- name: "Retrieve {{ preshared_key_label }} from the controller"
block:
- name: "Check if {{ preshared_key_label }} exists on the controller"
stat:
path: "{{ preshared_key_src }}"
register: __ha_cluster_preshared_key_stat_controller
- name: "Slurp existing {{ preshared_key_label }} from the controller"
slurp:
src: "{{ preshared_key_src }}"
register: __ha_cluster_preshared_key_slurp_controller
when: __ha_cluster_preshared_key_stat_controller.stat.exists
# Prevent key contents to be printed to the output
no_log: true
- name: "Use the slurped {{ preshared_key_label }} from the controller"
set_fact:
__ha_cluster_some_preshared_key: >
"{{ __ha_cluster_preshared_key_slurp_controller.content }}"
when: __ha_cluster_preshared_key_stat_controller.stat.exists
# Prevent key contents to be printed to the output
no_log: true
when:
- preshared_key_src is string and preshared_key_src | length > 1
run_once: yes
delegate_to: localhost
- name: "Generate random {{ preshared_key_label }}"
set_fact:
__ha_cluster_some_preshared_key: >
"{{ lookup('pipe', 'openssl rand -base64 {{ preshared_key_length }}') }}"
when:
- not (preshared_key_src is string and preshared_key_src | length > 1)
run_once: yes
# Prevent key contents to be printed to the output
no_log: true
- name: "Retrieve {{ preshared_key_label }} from cluster nodes"
block:
- name: "Check if {{ preshared_key_label }} exists on cluster nodes"
stat:
path: "{{ preshared_key_dest }}"
register: __ha_cluster_preshared_key_stat
- name: "Slurp existing {{ preshared_key_label }} from cluster nodes"
slurp:
src: "{{ preshared_key_dest }}"
register: __ha_cluster_preshared_key_slurp
when: __ha_cluster_preshared_key_stat.stat.exists
# Prevent key contents to be printed to the output
no_log: true
- name: "Use the slurped {{ preshared_key_label }} from cluster nodes"
set_fact:
__ha_cluster_some_preshared_key: >
"{{ __ha_cluster_preshared_key_slurp.content }}"
when: __ha_cluster_preshared_key_stat.stat.exists
# Prevent key contents to be printed to the output
no_log: true
# Following variables set the fact for all nodes
delegate_facts: yes
delegate_to: "{{ item }}"
with_items: "{{ ansible_play_hosts_all }}"
when:
- not (preshared_key_src is string and preshared_key_src | length > 1)
- not ha_cluster_regenerate_keys