| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- ---
- # This should be run on the first master so we can set_fact some items
- # to ensure values are consistent across cluster
- - name: Determine if sessions secrets already in place
- stat:
- path: "{{ openshift_master_session_secrets_file }}"
- register: l_osm_session_secrets_stat
- - name: Determine if sessions secrets already in place
- slurp:
- src: "{{ openshift_master_session_secrets_file }}"
- register: l_osm_session_secrets_slurp
- when: l_osm_session_secrets_stat.stat.exists
- - name: slurp session secrets if defined
- slurp:
- src: "{{ openshift_master_session_secrets_file }}"
- register: osm_session_secrets
- no_log: true
- when: l_osm_session_secrets_stat.stat.exists
- # lib_utils_oo_collect is a custom filter in
- # roles/lib_utils/filter_plugins/oo_filters.py
- - name: Gather existing session secrets from first master
- set_fact:
- l_osm_session_auth_secrets: "{{ l_existing_osm_session.secrets | lib_utils_oo_collect('authentication') }}"
- l_osm_session_encryption_secrets: "{{ l_existing_osm_session.secrets | lib_utils_oo_collect('encryption') }}"
- vars:
- l_existing_osm_session: "{{ (l_osm_session_secrets_slurp.content | b64decode | from_yaml) }}"
- when:
- - l_osm_session_secrets_stat.stat.exists
- - l_osm_session_secrets_slurp is defined
- - l_existing_osm_session.secrets is defined
- - l_existing_osm_session.secrets != ''
- - l_existing_osm_session.secrets != []
- # No existing secrets file found, create new secrets
- - name: setup session secrets if not defined
- set_fact:
- l_osm_session_auth_secrets: "{{ [ 24 | lib_utils_oo_generate_secret ] }}"
- l_osm_session_encryption_secrets: "{{ [ 24 | lib_utils_oo_generate_secret ] }}"
- when: not l_osm_session_secrets_stat.stat.exists
|
