You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

30 lines
1.0 KiB

  1. ---
  2. - name: config_ca | Read root CA cert for Vault
  3. command: "cat /etc/vault/ssl/{{ ca_name }}.pem"
  4. register: vault_ca_cert_cat
  5. - name: config_ca | Pull current CA cert from Vault
  6. uri:
  7. url: "{{ vault_leader_url }}/v1/{{ mount_name }}/ca/pem"
  8. headers: "{{ vault_headers }}"
  9. return_content: true
  10. status_code: 200,204
  11. validate_certs: no
  12. register: vault_pull_current_ca
  13. - name: config_ca | Read root CA key for Vault
  14. command: "cat /etc/vault/ssl/{{ ca_name }}-key.pem"
  15. register: vault_ca_key_cat
  16. when: vault_ca_cert_cat.stdout.strip() != vault_pull_current_ca.content.strip()
  17. - name: config_ca | Configure pki mount to use the found root CA cert and key
  18. uri:
  19. url: "{{ vault_leader_url }}/v1/{{ mount_name }}/config/ca"
  20. headers: "{{ vault_headers }}"
  21. method: POST
  22. body_format: json
  23. body:
  24. pem_bundle: "{{ vault_ca_cert_cat.stdout + '\n' + vault_ca_key_cat.stdout }}"
  25. status_code: 204
  26. when: vault_ca_cert_cat.stdout.strip() != vault_pull_current_ca.get("content","").strip()