-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathrandom.yml
50 lines (42 loc) · 1.24 KB
/
random.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
---
- name: Set fact secretdir
ansible.builtin.set_fact:
secretdir: "{{ broids_etc }}"
- name: Ensure openssl is present
ansible.builtin.package:
name: openssl
state: present
register: pkg_result
until: pkg_result is success
- name: Generating salt # noqa no-free-form
ansible.builtin.shell: |
set -o pipefail
openssl rand -base64 32 | sed 's@[=\\/\\+]@@g;'| tee {{ secretdir }}/.zeek_secrets-{{ random_name }}
args:
executable: /bin/bash
creates: "{{ secretdir }}/.zeek_secrets-{{ random_name }}"
register: secrets
changed_when: false
no_log: true
- name: Check if existing secrets
ansible.builtin.stat:
path: "{{ secretdir }}/.zeek_secrets-{{ random_name }}"
register: s
- name: Recover existing salt
ansible.builtin.command: "cat {{ secretdir }}/.zeek_secrets-{{ random_name }}"
changed_when: false
register: s2
when: s.stat.exists
no_log: true
- name: Set fact salt
ansible.builtin.set_fact: # noqa no-handler
salt: "{{ secrets.stdout_lines.0 }}"
when: secrets.changed
no_log: true
- name: Set fact salt
ansible.builtin.set_fact:
salt: "{{ s2.stdout_lines.0 }}"
when: s.stat.exists
no_log: true
# - ansible.builtin.debug: var=secrets
# - ansible.builtin.debug: var=salt