Store vault users passwords to credentials dir. Create vault and etcd roles after start vault cluster (#1632)

roles/vault/defaults/main.yml

@@ -111,7 +111,7 @@ vault_pki_mounts:
     roles:
       - name: vault
         group: vault
-        password: "{{ lookup('pipe','date +%Y%m%d%H%M%S' + cluster_name + 'vault') | to_uuid }}"
+        password: "{{ lookup('password', 'credentials/vault/vault length=15') }}"
         policy_rules: default
         role_options: default
   etcd:
@@ -123,7 +123,7 @@ vault_pki_mounts:
     roles:
       - name: etcd
         group: etcd
-        password: "{{ lookup('pipe','date +%Y%m%d%H%M%S' + cluster_name + 'etcd') | to_uuid }}"
+        password: "{{ lookup('password', 'credentials/vault/etcd length=15') }}"
         policy_rules: default
         role_options:
           allow_any_name: true
@@ -138,7 +138,7 @@ vault_pki_mounts:
     roles:
       - name: kube-master
         group: kube-master
-        password: "{{ lookup('pipe','date +%Y%m%d%H%M%S' + cluster_name + 'kube-master') | to_uuid }}"
+        password: "{{ lookup('password', 'credentials/vault/kube-master length=15') }}"
         policy_rules: default
         role_options:
           allow_any_name: true
@@ -146,7 +146,7 @@ vault_pki_mounts:
           organization: "system:masters"
       - name: kube-node
         group: k8s-cluster
-        password: "{{ lookup('pipe','date +%Y%m%d%H%M%S' + cluster_name + 'kube-node') | to_uuid }}"
+        password: "{{ lookup('password', 'credentials/vault/kube-node length=15') }}"
         policy_rules: default
         role_options:
           allow_any_name: true
@@ -154,7 +154,7 @@ vault_pki_mounts:
           organization: "system:nodes"
       - name: kube-proxy
         group: k8s-cluster
-        password: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S' + cluster_name + 'kube-proxy') | to_uuid }}"
+        password: "{{ lookup('password', 'credentials/vault/kube-proxy length=15') }}"
         policy_rules: default
         role_options:
           allow_any_name: true