Security assets with GLPI tool

common/playbooks/security-assets.yaml

+---
+#
+# Secrets in "/glpi-agent":
+#
+# * server (or local)
+# * user
+# * password
+# * tag
+#
+- name: GLPI Agent Configuration
+  hosts: allnodes
+  become: true
+  tasks:
+    - name: Get Secrets From Vault
+      set_fact:
+        secret: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/glpi-agent', token_validate=false) }}"
+    - name: Debug Secrets
+      debug:
+        msg: "{{ item.key }} = {{ item.value }}"
+      loop: "{{ secret | dict2items }}"
+    - name: Directory for for GLPI agent configuration
+      file:
+        path: /etc/glpi-agent/conf.d
+        state: directory
+        mode: 0755
+    - name: Configuration For GLPI Agent
+      template:
+        src: "templates/{{ item }}.j2"
+        dest: "{{ item }}"
+        mode: 0600
+      loop:
+        - /etc/glpi-agent/conf.d/01-eosc.cfg
+
+- name: GLPI Agent Deployment
+  hosts: allnodes
+  roles:
+    - role: 'ipr-cnrs.glpi_agent'
+      vars:
+        glpi_agent__install_from_url: true
+        glpi_agent__version: '1.10-1'

common/playbooks/templates/etc/glpi-agent/conf.d/01-eosc.cfg.j2

+{{ ansible_managed | comment }}
+
+{% for key, value in secret.items() -%}
+{% if value|length -%}
+{{ key }} = {{ value }}
+{% endif -%}
+{% endfor -%}

requirements.yml

@@ -6,3 +6,4 @@ collections:
   - community.hashi_vault
 roles:
   - grycap.kubernetes
+  - ipr-cnrs.glpi_agent

staging1/deploy.sh

@@ -53,3 +53,5 @@ ansible-playbook playbooks/cvmfs.yaml
 
 # wait for finish
 while ansible -m command -a 'kubectl get pods --all-namespaces' master | tail -n +3 | grep -v ' Running '; do sleep 5; done
+
+ansible-playbook playbooks/security-assets.yaml

staging1/playbooks/security-assets.yaml

+../../common/playbooks/security-assets.yaml
\ No newline at end of file

staging1/playbooks/templates/etc/glpi-agent

+../../../../common/playbooks/templates/etc/glpi-agent
\ No newline at end of file