Skip to content
Snippets Groups Projects
Commit feab494a authored by František Dvořák's avatar František Dvořák
Browse files

Security assets with GLPI tool

parent d4a7ebc3
No related branches found
No related tags found
No related merge requests found
---
#
# Secrets in "/glpi-agent":
#
# * server (or local)
# * user
# * password
# * tag
#
- name: GLPI Agent Configuration
hosts: allnodes
become: true
tasks:
- name: Get Secrets From Vault
set_fact:
secret: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/glpi-agent', token_validate=false) }}"
- name: Debug Secrets
debug:
msg: "{{ item.key }} = {{ item.value }}"
loop: "{{ secret | dict2items }}"
- name: Directory for for GLPI agent configuration
file:
path: /etc/glpi-agent/conf.d
state: directory
mode: 0755
- name: Configuration For GLPI Agent
template:
src: "templates/{{ item }}.j2"
dest: "{{ item }}"
mode: 0600
loop:
- /etc/glpi-agent/conf.d/01-eosc.cfg
- name: GLPI Agent Deployment
hosts: allnodes
roles:
- role: 'ipr-cnrs.glpi_agent'
vars:
glpi_agent__install_from_url: true
glpi_agent__version: '1.10-1'
{{ ansible_managed | comment }}
{% for key, value in secret.items() -%}
{% if value|length -%}
{{ key }} = {{ value }}
{% endif -%}
{% endfor -%}
......@@ -6,3 +6,4 @@ collections:
- community.hashi_vault
roles:
- grycap.kubernetes
- ipr-cnrs.glpi_agent
......@@ -53,3 +53,5 @@ ansible-playbook playbooks/cvmfs.yaml
# wait for finish
while ansible -m command -a 'kubectl get pods --all-namespaces' master | tail -n +3 | grep -v ' Running '; do sleep 5; done
ansible-playbook playbooks/security-assets.yaml
../../common/playbooks/security-assets.yaml
\ No newline at end of file
../../../../common/playbooks/templates/etc/glpi-agent
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment