refactor: yml -> yaml
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
45
roles/proxmox/tasks/15_create_secret.yaml
Normal file
45
roles/proxmox/tasks/15_create_secret.yaml
Normal file
@@ -0,0 +1,45 @@
|
||||
---
|
||||
- name: Decrypt vm vault file
|
||||
ansible.builtin.shell: cd ../; ansible-vault decrypt "./playbooks/{{ proxmox_vault_file }}"
|
||||
no_log: true
|
||||
|
||||
- name: Load existing vault content
|
||||
ansible.builtin.slurp:
|
||||
src: "{{ proxmox_vault_file }}"
|
||||
register: vault_content
|
||||
no_log: true
|
||||
|
||||
- name: Parse vault content as YAML
|
||||
ansible.builtin.set_fact:
|
||||
vault_data: "{{ (vault_content['content'] | b64decode | from_yaml) if (vault_content['content'] | length > 0) else {} }}"
|
||||
no_log: true
|
||||
|
||||
- name: Setup secret name
|
||||
ansible.builtin.set_fact:
|
||||
vm_name_secret: "{{ proxmox_secrets_prefix }}_{{ vm_name | replace('-', '_') }}"
|
||||
|
||||
- name: Check if variable is in vault
|
||||
ansible.builtin.set_fact:
|
||||
variable_exists: "{{ vm_name_secret in vault_data }}"
|
||||
|
||||
- name: Set new secret
|
||||
ansible.builtin.set_fact:
|
||||
cipassword: "{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}"
|
||||
when: not variable_exists
|
||||
|
||||
- name: Set new secret
|
||||
ansible.builtin.set_fact:
|
||||
new_vault_data: "{{ vault_data | combine({vm_name_secret: cipassword}) }}"
|
||||
when: not variable_exists
|
||||
|
||||
- name: Write updated Vault content to file (temporary plaintext)
|
||||
ansible.builtin.copy:
|
||||
content: "{{ new_vault_data | to_nice_yaml }}"
|
||||
dest: "{{ proxmox_vault_file }}"
|
||||
mode: "0600"
|
||||
when: not variable_exists
|
||||
no_log: true
|
||||
|
||||
- name: Encrypt vm vault file
|
||||
ansible.builtin.shell: cd ../; ansible-vault encrypt "./playbooks/{{ proxmox_vault_file }}"
|
||||
no_log: true
|
||||
Reference in New Issue
Block a user