Move VM secrets to a separate password store directory
This commit is contained in:
parent
6dcae194d7
commit
000f625988
|
@ -28,8 +28,8 @@
|
|||
command: ktutil
|
||||
responses:
|
||||
'.*:':
|
||||
- 'add_entry -password -p {{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }} -k 1 -e aes256-cts-hmac-sha1-96'
|
||||
- '{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_pass") }}'
|
||||
- 'add_entry -password -p {{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="ldap_user") }} -k 1 -e aes256-cts-hmac-sha1-96'
|
||||
- '{{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="ldap_pass") }}'
|
||||
- 'write_kt /etc/krb5.keytab'
|
||||
- 'exit'
|
||||
args:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
dns={{ dns[0] }}
|
||||
ldap_user={{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }}
|
||||
ldap_user={{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="ldap_user") }}
|
||||
ttl=10
|
||||
|
||||
kinit -k -t /etc/krb5.keytab "${ldap_user}"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
dns={{ dns[0] }}
|
||||
ldap_user={{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }}
|
||||
ldap_user={{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="ldap_user") }}
|
||||
|
||||
kinit -k -t /etc/krb5.keytab "${ldap_user}"
|
||||
nsupdate -g <<EOF
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
become_method: su
|
||||
become_flags: "-s /bin/sh"
|
||||
git:
|
||||
repo: '{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="friwall_repo") }}'
|
||||
repo: '{{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="friwall_repo") }}'
|
||||
dest: /srv/friwall/app
|
||||
force: yes
|
||||
notify: reload uwsgi
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
{
|
||||
"ldap_host": "{{ domain }}",
|
||||
"ldap_user": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }}",
|
||||
"ldap_pass": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_pass") }}",
|
||||
"ldap_user": "{{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="ldap_user") }}",
|
||||
"ldap_pass": "{{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="ldap_pass") }}",
|
||||
"ldap_base_dn": "{{ ldap_base_dn }}",
|
||||
"oidc_server": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="oidc_server") }}",
|
||||
"oidc_client_id": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="oidc_client_id") }}",
|
||||
"oidc_client_secret": "{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="oidc_client_secret") }}",
|
||||
"oidc_server": "{{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="oidc_server") }}",
|
||||
"oidc_client_id": "{{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="oidc_client_id") }}",
|
||||
"oidc_client_secret": "{{ lookup("passwordstore", "vm/"~inventory_hostname, subkey="oidc_client_secret") }}",
|
||||
"wg_net": "{{ wg_net }}"
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue