I've tried with another file, like this, without success:
---
- hosts: localhost
gather_facts: no
vars:
tasks:
- name: Invoke loop
loop: "{{ query('inventory_hostnames', 'MyServers') }}"
- include: myPlay.yml
vars:
host: "{{ item }}"
El sábado, 13 de abril de 2019, 19:47:17 (UTC+2), Sergio Fernández escribió:
>
> Hi,
>
> I am using Ansible along with HashiCorp's Vault to store sensible data.
> I will be weekly sending a Secret_ID to each server, in order for them to
> get a token. With this token, they can access the contents of the Vault.
> The problem is that we must send a secret ID per host, and they can only
> be generated in the server where Ansible is installed.
> So here is my current Ansible Playbook file:
>
> ---
> - hosts: localhost
> gather_facts: no
> tasks:
> - name: Generate secret_id
> shell: vault write -f auth/approle/role/my_role/secret-id -format=json
> | jq '.data.secret_id'
> register: secret_id
> - set_fact:
> secret_id_clean: "{{ secret_id.stdout | replace('\"', '') |
> replace('\','') }}"
>
> - hosts: MyServers
> gather_facts: no
> tasks:
> - name: Get Approle Token
> shell: source /etc/profile && vault write auth/approle/login
> role_id=$VAULT_ROLE_ID secret_id="{{
> hostvars['localhost']['secret_id_clean'] }}" -format=json | jq
> '.auth.client_token'
> args:
> executable: /bin/bash
> register: token
> - set_fact:
> token_clean: "{{ token.stdout | replace('\"', '') | replace('\','')
> }}"
>
> in hosts file:
>
> [MyServers]
> 1.1.1.1
> 2.2.2.2
> 3.3.3.3
>
> But currently only 1 Secret_ID is generated and sent to the servers, so
> only the fastest one gets the token, the rest not, and that's a problem
>
> I am thinking about doing this inside another programming language, but I
> prefer just to do it inside the playbook, it must be a way of doing it.
> There are some posts:
>
> https://stackoverflow.com/questions/43140086/loop-through-hosts-with-ansible
>
>
> https://devops.stackexchange.com/questions/2978/execute-multiple-ansible-tasks-with-the-same-list-of-items
>
> But they don't explain how could I get to create 5 Secret_IDs and saving
> them to a different register/fact
>
> Thank you very much
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e21c8580-88a1-4a9e-982a-23c9d5fccb7b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
