mirror of
https://gitea.fenix-dev.com/fenix-gitea-admin/iac-ansible-private.git
synced 2026-03-22 04:19:48 +00:00
Compare commits
15 Commits
f34763271e
...
ab1769f830
| Author | SHA1 | Date | |
|---|---|---|---|
| ab1769f830 | |||
| 91ded9edd2 | |||
| 460a1e07a3 | |||
| 5fab44c939 | |||
| 46994b5cc7 | |||
| 6dcc0640b6 | |||
| 20e6e518a4 | |||
| 99f42d7223 | |||
| d9d8a41574 | |||
| 2e3fe12b16 | |||
| bd480ae5cf | |||
| 564a9b028c | |||
| ae076fd98a | |||
| 5ce25f0267 | |||
| 5bb538322b |
@ -36,7 +36,6 @@ jobs:
|
||||
echo "session"
|
||||
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
|
||||
echo "BW_SESSION=$BW_SESSION" >> $GITEA_ENV
|
||||
|
||||
|
||||
- name: Cloning ansible repository
|
||||
uses: actions/checkout@v4
|
||||
@ -56,6 +55,6 @@ jobs:
|
||||
- name: Run Ansible Playbook
|
||||
working-directory: ansible/iac
|
||||
run: |
|
||||
ansible-playbook -i inventory.ini playbook.yml
|
||||
ansible-playbook -i inventory.ini playbook.yml -e "BW_CLIENTID=$BW_CLIENTID BW_CLIENTSECRET=$BW_CLIENTSECRET BW_PASSWORD=$BW_PASSWORD BW_EMAIL=$BW_EMAIL"
|
||||
env:
|
||||
BW_SESSION: ${{ env.BW_SESSION }}
|
||||
@ -21,9 +21,12 @@
|
||||
shell: ls -l /tmp/stolon/kubernetes-files/files
|
||||
register: resultado_ls
|
||||
|
||||
|
||||
- name: Obter várias notas do Bitwarden
|
||||
shell: |
|
||||
export BW_SESSION={{ lookup('env', 'BW_SESSION') }}
|
||||
echo "unlock"
|
||||
BW_SESSION=$(bw unlock {{ bw_password }} --raw)
|
||||
echo "get item"
|
||||
bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }}
|
||||
loop:
|
||||
- { id: "iac.ansible.dockersecrets", dest: "/tmp/stolon/kubernetes-files/files/docker-secrets.yaml" }
|
||||
@ -31,6 +34,8 @@
|
||||
- { id: "iac.ansible.stolon.keeper.secret", dest: "/tmp/stolon/kubernetes-files/files/stolon-secret.yaml" }
|
||||
args:
|
||||
executable: /bin/bash
|
||||
environment:
|
||||
BW_PASSWORD: "{{ BW_PASSWORD }}"
|
||||
|
||||
|
||||
- name: Mostrar resultado do ls
|
||||
|
||||
4
roles/stolon/vars/main.yml
Normal file
4
roles/stolon/vars/main.yml
Normal file
@ -0,0 +1,4 @@
|
||||
bw_password: "{{ lookup('env', 'BW_PASSWORD') }}"
|
||||
VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}"
|
||||
BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}"
|
||||
BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}"
|
||||
@ -45,20 +45,32 @@
|
||||
register: bw_version
|
||||
failed_when: bw_version.rc != 0
|
||||
|
||||
- name: Garantir logout do Bitwarden antes de configurar
|
||||
shell: bw logout
|
||||
ignore_errors: true
|
||||
|
||||
- name: Fazer login no Bitwarden
|
||||
shell: |
|
||||
echo "config"
|
||||
echo "VAULTWARDEN_LINK: {{ VAULTWARDEN_LINK }}"
|
||||
bw config server {{ VAULTWARDEN_LINK }}
|
||||
echo $BW_CLIENTID
|
||||
echo $BW_CLIENTSECRET
|
||||
echo "login"
|
||||
bw login --apikey
|
||||
environment:
|
||||
BW_CLIENTID: "{{ BW_CLIENTID }}"
|
||||
BW_CLIENTSECRET: "{{ BW_CLIENTSECRET }}"
|
||||
VAULTWARDEN_LINK: "{{ VAULTWARDEN_LINK }}"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: bw_login
|
||||
|
||||
- name: Desbloquear cofre e guardar sessão
|
||||
shell: bw unlock --password {{ bw_password }} --raw
|
||||
shell: bw unlock {{ bw_password }} --raw
|
||||
register: bw_session
|
||||
environment:
|
||||
BW_PASSWORD: "{{ BW_PASSWORD }}"
|
||||
|
||||
- name: Exportar sessão para ambiente local
|
||||
shell: echo "export BW_SESSION={{ bw_session.stdout }}" >> /etc/profile.d/bw-session.sh
|
||||
|
||||
Reference in New Issue
Block a user