epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-09 19:58:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

Vault security hardening and role isolation

Browse Source
This commit is contained in:
Josh Conant
2017-02-08 21:41:36 +00:00
parent f4ec2d18e5
commit 245e05ce61
78 changed files with 1408 additions and 706 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
roles/vault/tasks/cluster/unseal.yml
View File

@@ -11,16 +11,12 @@
with_items: "{{ vault_unseal_keys|default([]) }}"
when: vault_is_sealed
- name: cluster/unseal | Find the current leader
- name: cluster/unseal | Wait until server is ready
uri:
url: "https://localhost:{{ vault_port }}/v1/sys/health"
headers: "{{ vault_headers }}"
method: HEAD
status_code: 200,429
register: vault_leader_check
- name: cluster/unseal | Set fact for current leader
set_fact:
vault_leader: "{{ item }}"
with_items: "{{ groups.vault }}"
when: 'hostvars[item]["vault_leader_check"]["status"] == 200'
status_code: 200, 429
register: vault_node_ready
until: vault_node_ready|succeeded
retries: 5