diff --git a/gen_bootstrap.yml b/gen_bootstrap.yml index f93c706..7fff1f2 100755 --- a/gen_bootstrap.yml +++ b/gen_bootstrap.yml @@ -4,5 +4,44 @@ gather_facts: false vars_files: main.yml tasks: - - name: test - shell: echo Hello + - name: Assert extra-vars are set + ansible.builtin.assert: + that: + - item | length > 0 + msg: "{{ item }} environment variable must be set" + with_items: + - KEY + - DOC_KEY + - DUPLICITY_PASSPHRASE + + - name: Assert SECRETS_ARCHIVE_PASSPHRASE environment variable is set + ansible.builtin.assert: + that: + - lookup('env','SECRETS_ARCHIVE_PASSPHRASE') | length > 0 + msg: "SECRETS_ARCHIVE_PASSPHRASE environment variable must be set" + + - name: Download secrets.tar.gz.enc + ansible.builtin.get_url: + url: "https://{{ CLOUD_SERVER }}/s/{{ KEY }}/download?path=%2F&files=secrets.tar.gz.enc" + dest: /root/secrets.tar.gz.enc + + - name: Install openssh-client + ansible.builtin.package: + name: openssh-client + state: present + + - name: Create /root/.ssh directory + ansible.builtin.file: + path: /root/.ssh + state: directory + mode: '0700' + + - name: Extract from secrets.tar.gz.enc + shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C /root/" + + - name: Change SSH private key permissions + ansible.builtin.file: + path: /root/.ssh/id_rsa + mode: '0400' + + diff --git a/tasks/start.yml b/tasks/start.yml index d8308e8..e482229 100755 --- a/tasks/start.yml +++ b/tasks/start.yml @@ -276,6 +276,10 @@ remote_user: "{{ user }}" delegate_to: 172.17.0.1 become: true + register: container_output + +- debug: + msg: "{{ container_output.container.Output.split('\n') }}" # docker_compose collection version will not work on Centos 7 #- name: Start duplicity stack