Asara/infra
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add vault cacert path for fbsd, set up vault certs for docker

Browse source
This commit is contained in:
Amarpreet Minhas 2021-08-26 19:09:59 -04:00
parent 8b59e22b7d
commit 38b8ee075f
2 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ansible/roles/common/tasks/FreeBSD_pki.yml
View file

@ -85,6 +85,7 @@
VAULT_ADDR: https://vault.service.masked.name:8200 VAULT_ADDR: https://vault.service.masked.name:8200
VAULT_TOKEN: "{{ lookup('file', lookup('env', 'HOME') + '/.vault-token') }}" VAULT_TOKEN: "{{ lookup('file', lookup('env', 'HOME') + '/.vault-token') }}"
VAULT_FORMAT: json VAULT_FORMAT: json
VAULT_CACERT: /etc/ssl/certs/MaskedName_Root_CA.crt
register: cert_data register: cert_data
when: exp.rc != 0 when: exp.rc != 0

11
ansible/roles/docker/tasks/main.yml
View file

@ -31,4 +31,15 @@
- docker-ce - docker-ce
- docker-ce-cli - docker-ce-cli
- containerd.io - containerd.io
- name: ensure docker certs directory exists
file:
path: /etc/docker/certs.d/docker.service.{{ consul_domain }}:8082
state: directory
- name: symlink ca cert
file:
src: /etc/pki/certs/{{ vault_ca_cert_name }}
dest: /etc/docker/certs.d/docker.service.{{ consul_domain }}:8082/ca.crt
state: link
... ...