Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly (#2446)

2026-03-06 10:08:37 +03:00 · 2018-03-21 08:50:32 +01:00
parent a6b918c1a1
commit ee8f678010
7 changed files with 12 additions and 11 deletions
--- a/roles/vault/defaults/main.yml
+++ b/roles/vault/defaults/main.yml
@@ -115,7 +115,7 @@ vault_pki_mounts:
    roles:
      - name: vault
        group: vault
-        password: "{{ lookup('password', inventory_dir + '/credentials/vault/vault length=15') }}"
+        password: "{{ lookup('password', inventory_dir + '/credentials/vault/vault.creds length=15') }}"
        policy_rules: default
        role_options: default
  etcd:
@@ -127,7 +127,7 @@ vault_pki_mounts:
    roles:
      - name: etcd
        group: etcd
-        password: "{{ lookup('password', inventory_dir + '/credentials/vault/etcd length=15') }}"
+        password: "{{ lookup('password', inventory_dir + '/credentials/vault/etcd.creds length=15') }}"
        policy_rules: default
        role_options:
          allow_any_name: true
@@ -142,7 +142,7 @@ vault_pki_mounts:
    roles:
      - name: kube-master
        group: kube-master
-        password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-master length=15') }}"
+        password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-master.creds length=15') }}"
        policy_rules: default
        role_options:
          allow_any_name: true
@@ -150,7 +150,7 @@ vault_pki_mounts:
          organization: "system:masters"
      - name: kube-node
        group: k8s-cluster
-        password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-node length=15') }}"
+        password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-node.creds length=15') }}"
        policy_rules: default
        role_options:
          allow_any_name: true
@@ -158,7 +158,7 @@ vault_pki_mounts:
          organization: "system:nodes"
      - name: kube-proxy
        group: k8s-cluster
-        password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-proxy length=15') }}"
+        password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-proxy.creds length=15') }}"
        policy_rules: default
        role_options:
          allow_any_name: true
@@ -166,7 +166,7 @@ vault_pki_mounts:
          organization: "system:node-proxier"
      - name: front-proxy-client
        group: k8s-cluster
-        password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-proxy length=15') }}"
+        password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-proxy.creds length=15') }}"
        policy_rules: default
        role_options:
          allow_any_name: true