Add vault cacert path for fbsd, set up vault certs for docker

Add back docker after hardtack was fixed
2021-08-26 19:09:59 -04:00 · 2021-08-26 19:09:24 -04:00
3 changed files with 13 additions and 0 deletions
--- a/ansible/playbooks/site.yml
+++ b/ansible/playbooks/site.yml
@ -3,6 +3,7 @@
 - import_playbook: consul-server.yml
 - import_playbook: vault-server.yml
 - import_playbook: consul-client.yml
+- import_playbook: docker.yml
 - import_playbook: nomad.yml
 - import_playbook: nexus.yml
 - import_playbook: lnd.yml
--- a/ansible/roles/common/tasks/FreeBSD_pki.yml
+++ b/ansible/roles/common/tasks/FreeBSD_pki.yml
@ -85,6 +85,7 @@
    VAULT_ADDR: https://vault.service.masked.name:8200
    VAULT_TOKEN: "{{ lookup('file', lookup('env', 'HOME') + '/.vault-token') }}"
    VAULT_FORMAT: json
+    VAULT_CACERT: /etc/ssl/certs/MaskedName_Root_CA.crt
  register: cert_data
  when: exp.rc != 0

--- a/ansible/roles/docker/tasks/main.yml
+++ b/ansible/roles/docker/tasks/main.yml
@ -31,4 +31,15 @@
      - docker-ce
      - docker-ce-cli
      - containerd.io
+
+- name: ensure docker certs directory exists
+  file:
+    path: /etc/docker/certs.d/docker.service.{{ consul_domain }}:8082
+    state: directory
+
+- name: symlink ca cert
+  file:
+    src: /etc/pki/certs/{{ vault_ca_cert_name }}
+    dest: /etc/docker/certs.d/docker.service.{{ consul_domain }}:8082/ca.crt
+    state: link
 ...
Author	SHA1	Message	Date
Asara	38b8ee075f	Add vault cacert path for fbsd, set up vault certs for docker	2021-08-26 19:09:59 -04:00
Asara	8b59e22b7d	Add back docker after hardtack was fixed	2021-08-26 19:09:24 -04:00