Improve gen_bootstrap.yml.

2023-10-21 10:37:55 +02:00 · 2023-10-21 10:37:55 +02:00 · 4350e12469
commit 4350e12469
parent 29d7aed870
2 changed files with 45 additions and 2 deletions
--- a/gen_bootstrap.yml
+++ b/gen_bootstrap.yml
@ -4,5 +4,44 @@
  gather_facts: false
  vars_files: main.yml
  tasks: 
-    - name: test
+    - name: Assert extra-vars are set
-      shell: echo Hello
+      ansible.builtin.assert:
        that:
          - item | length > 0
        msg: "{{ item }} environment variable must be set"
      with_items:
        - KEY
        - DOC_KEY
        - DUPLICITY_PASSPHRASE
    - name: Assert SECRETS_ARCHIVE_PASSPHRASE environment variable is set
      ansible.builtin.assert:
        that:
          - lookup('env','SECRETS_ARCHIVE_PASSPHRASE') | length > 0
        msg: "SECRETS_ARCHIVE_PASSPHRASE environment variable must be set"
    - name: Download secrets.tar.gz.enc
      ansible.builtin.get_url:
        url: "https://{{ CLOUD_SERVER }}/s/{{ KEY }}/download?path=%2F&files=secrets.tar.gz.enc"
        dest: /root/secrets.tar.gz.enc
    - name: Install openssh-client
      ansible.builtin.package:
        name: openssh-client
        state: present
    - name: Create /root/.ssh directory
      ansible.builtin.file:
        path: /root/.ssh
        state: directory
        mode: '0700'
    - name: Extract from secrets.tar.gz.enc
      shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C /root/"
    - name: Change SSH private key permissions
      ansible.builtin.file:
        path: /root/.ssh/id_rsa
        mode: '0400'
--- a/tasks/start.yml
+++ b/tasks/start.yml
@ -276,6 +276,10 @@
  remote_user: "{{ user }}"
  delegate_to: 172.17.0.1
  become: true
  register: container_output
 - debug:
    msg: "{{ container_output.container.Output.split('\n') }}"
 # docker_compose collection version will not work on Centos 7
 #- name: Start duplicity stack