infrastructure/ansible-role-nebula
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5aa3105d30
ansible-role-nebula/tasks/setup_member.yml
Louis Abel 1be345119f
Startup nebula ansible role 
* Provide most options for nebula config
* Provide ability for future modifications to use other distros
* Provide information on usable variables in README
2024-04-18 18:30:15 -07:00

98 lines
3.0 KiB
YAML
Raw Blame History

---
- name: Perform all member tasks on CA host
delegate_to: "{{ nebula_ca_host }}"
block:
- name: Waiting for CA certificate to be generated (default 5 minutes) if needed
ansible.builtin.wait_for:
path: "{{ nebula_config_dir }}/ca.key"
timeout: "{{ nebula_ca_wait_timeout_seconds }}"
- name: Writing public key of member node if applicable
ansible.builtin.copy:
dest: "{{ nebula_config_dir }}/{{ nebula_nodename }}.pub"
content: "{{ nebula_cert_public_key }}"
mode: '0600'
owner: root
group: root
when: nebula_cert_public_key is defined
- name: Create nebula cert generator for ansible members
ansible.builtin.template:
src: managed.sh.j2
dest: "/var/tmp/{{ nebula_nodename }}-generator.sh"
mode: "0755"
owner: root
group: root
- name: Run the member generator
ansible.builtin.command:
cmd: "/bin/bash /var/tmp/{{ item.key }}-generator.sh"
creates: "{{ nebula_config_dir }}/{{ nebula_nodename }}.crt"
- name: Register CA cert
ansible.builtin.slurp:
src: "{{ nebula_config_dir }}/ca.crt"
register: ca_cert_data
- name: Register client cert
ansible.builtin.slurp:
src: "{{ nebula_config_dir }}/{{ nebula_nodename }}.crt"
register: client_cert_data
- name: Register client key
ansible.builtin.slurp:
src: "{{ nebula_config_dir }}/{{ nebula_nodename }}.key"
register: client_key_data
when: nebula_cert_public_key is not defined
- name: Deploy the CA certificate
ansible.builtin.copy:
dest: "{{ nebula_config_dir }}/ca.crt"
content: "{{ ca_cert_data.content | b64decode }}"
mode: '0600'
no_log: true
- name: Deploy the client certificate
ansible.builtin.copy:
dest: "{{ nebula_config_dir }}/{{ nebula_nodename }}.crt"
content: "{{ client_cert_data.content | b64decode }}"
mode: '0600'
no_log: true
- name: Deploy client key if applicable
ansible.builtin.copy:
dest: "{{ nebula_config_dir }}/{{ nebula_nodename }}.key"
content: "{{ nebula_cert_private_key }}"
mode: '0600'
when: nebula_cert_private_key is defined
no_log: true
- name: Deploy client key generated on CA host
ansible.builtin.copy:
dest: "{{ nebula_config_dir }}/{{ nebula_nodename }}.key"
content: "{{ client_key_data.content | b64decode }}"
mode: '0600'
when: nebula_cert_public_key is not defined
no_log: true
- name: Waiting for a routable IP for nebula to be set on all the lighthouses
ansible.builtin.wait_for:
timeout: 10
retries: 12
delay: 10
when: hostvars[item]['nebula_am_lighthouse']|bool
until: hostvars[item]['nebula_routable_ip'] is defined
loop: "{{ ansible_play_hosts_all }}"
loop_control:
loop_var: item
- name: Push out nebula configuration
ansible.builtin.template:
src: config.yml.j2
dest: "{{ nebula_config_dir }}/config.yml"
mode: '0644'
owner: root
group: root
notify: restart_nebula
...
Reference in New Issue View Git Blame Copy Permalink