Fix vault setup partially (#1531)

This does not address per-node certs and scheduler/proxy/controller-manager
component certs which are now required. This should be handled in a
follow-up patch.

roles/vault/tasks/shared/find_leader.yml

@@ -5,7 +5,7 @@
     url: "{{ vault_config.listener.tcp.tls_disable|d()|ternary('http', 'https') }}://localhost:{{ vault_port }}/v1/sys/health"
     headers: "{{ hostvars[groups.vault|first]['vault_headers'] }}"
     method: HEAD
-    status_code: 200,429
+    status_code: 200,429,503
   register: vault_leader_check
   until: "vault_leader_check|succeeded"
   retries: 10
@@ -14,7 +14,8 @@
   set_fact:
     vault_leader_url: "{{ vault_config.listener.tcp.tls_disable|d()|ternary('http', 'https') }}://{{ item }}:{{ vault_port }}"
   with_items: "{{ groups.vault }}"
-  when: "hostvars[item]['vault_leader_check'].get('status') == 200"
-  run_once: true
+  when: "hostvars[item]['vault_leader_check'].get('status') in [200,503]"
+  #run_once: true
 
-- debug: var=vault_leader_url verbosity=2
+- name: find_leader| show vault_leader_url
+  debug: var=vault_leader_url verbosity=2