diff --git a/playbook.yml b/playbook.yml index 16a6ac6..8a0e0bb 100644 --- a/playbook.yml +++ b/playbook.yml @@ -3,6 +3,7 @@ become: yes roles: - common + - vaultwarden - kubernetes - kube-master - stolon @@ -12,5 +13,6 @@ become: yes roles: - common + - vaultwarden - kubernetes - kube-node diff --git a/roles/stolon/tasks/main.yml b/roles/stolon/tasks/main.yml index a8457b0..a22578e 100644 --- a/roles/stolon/tasks/main.yml +++ b/roles/stolon/tasks/main.yml @@ -21,52 +21,17 @@ shell: ls -l /tmp/stolon/kubernetes-files/files register: resultado_ls +- name: Obter várias notas do Bitwarden + shell: | + export BW_SESSION={{ lookup('env', 'BW_SESSION') }} + bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }} + loop: + - { id: "iac.ansible.dockersecrets", dest: "/tmp/stolon/kubernetes-files/files/docker-secrets.yaml" } + - { id: "iac.ansible.stolon.repl.secret", dest: "/tmp/stolon/kubernetes-files/files/stolon-repl-secret.yaml" } + - { id: "iac.ansible.stolon.keeper.secret", dest: "/tmp/stolon/kubernetes-files/files/stolon-secret.yaml" } + args: + executable: /bin/bash -- name: Buscar values.yaml do Bitwarden e aplicar remotamente - hosts: localhost - gather_facts: no - tasks: - - name: Criar diretório temporário no remoto - file: - path: /tmp/stolon/kubernetes-files - state: directory - mode: '0755' - - name: Buscar values.yaml do Bitwarden - shell: | - bw get item "iac.ansible.dockersecrets" --session $BW_SESSION | jq -r '.notes' > /tmp/stolon/kubernetes-files/files/docker-secrets.yaml - bw get item "iac.ansible.stolon.repl.secret" --session $BW_SESSION | jq -r '.notes' > /tmp/stolon/kubernetes-files/files/stolon-repl-secret.yaml - bw get item "iac.ansible.stolon.keeper.secret" --session $BW_SESSION | jq -r '.notes' > /tmp/stolon/kubernetes-files/files/stolon-secret.yaml - args: - executable: /bin/bash - environment: - BW_SESSION: "{{ lookup('env', 'BW_SESSION') }}" - -- name: Copiar ficheiros para o nó remoto - hosts: localhost - gather_facts: no - vars: - remote_host: "k8s-node-01" - files_to_copy: - - { src: "/tmp/stolon/kubernetes-files/files/docker-secrets.yaml", dest: "/tmp/stolon/kubernetes-files/files/docker-secrets.yaml" } - - { src: "/tmp/stolon/kubernetes-files/files/stolon-repl-secret.yaml", dest: "/tmp/stolon/kubernetes-files/files/stolon-repl-secret.yaml" } - - { src: "/tmp/stolon/kubernetes-files/files/stolon-secret.yaml", dest: "/tmp/stolon/kubernetes-files/files/stolon-secret.yaml" } - - tasks: - - name: Copiar ficheiros para o nó remoto - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: '0600' - loop: "{{ files_to_copy }}" - delegate_to: "{{ groups['master'][0] }}" - -#- name: Buscar values.yaml do Bitwarden -# shell: | -# bw get item "iac.ansible.dockersecrets" --session {{ lookup('env', 'BW_SESSION') }} | jq -r '.notes' > /tmp/stolon/kubernetes-files/files/docker-secrets.yaml -# bw get item "iac.ansible.stolon.repl.secret" --session {{ lookup('env', 'BW_SESSION') }} | jq -r '.notes' > /tmp/stolon/kubernetes-files/files/stolon-repl-secret.yaml -# bw get item "iac.ansible.stolon.keeper.secret" --session {{ lookup('env', 'BW_SESSION') }} | jq -r '.notes' > /tmp/stolon/kubernetes-files/files/stolon-secret.yaml -# args: -# executable: /bin/bash - name: Mostrar resultado do ls debug: diff --git a/roles/vaultwarden/tasks/main.yml b/roles/vaultwarden/tasks/main.yml new file mode 100644 index 0000000..87515a4 --- /dev/null +++ b/roles/vaultwarden/tasks/main.yml @@ -0,0 +1,33 @@ +- name: Instalar dependências (curl, unzip, jq) + become: true + apt: + name: + - curl + - unzip + - jq + state: present + update_cache: true + +- name: Instalar Bitwarden CLI + become: true + shell: | + curl -L https://github.com/bitwarden/cli/releases/latest/download/bw-linux.zip -o bw.zip + unzip bw.zip + chmod +x bw + mv bw /usr/local/bin/bw + args: + creates: /usr/local/bin/bw + +- name: Fazer login no Bitwarden + shell: bw login {{ bw_email }} --password {{ bw_password }} + register: bw_login + no_log: true + +- name: Desbloquear cofre e guardar sessão + shell: bw unlock --password {{ bw_password }} --raw + register: bw_session + no_log: true + +- name: Exportar sessão para ambiente local + shell: echo "export BW_SESSION={{ bw_session.stdout }}" >> /etc/profile.d/bw-session.sh + become: true \ No newline at end of file diff --git a/roles/vaultwarden/vars/main.yml b/roles/vaultwarden/vars/main.yml new file mode 100644 index 0000000..ea48867 --- /dev/null +++ b/roles/vaultwarden/vars/main.yml @@ -0,0 +1,2 @@ +bw_email: "{{ lookup('env', 'BW_EMAIL') }}" +bw_password: "{{ lookup('env', 'BW_PASSWORD') }}" \ No newline at end of file