Fix needed to fetch vault secrets to remote hosts

jboss-set · Dec 3, 2024 · eee7394 · eee7394
1 parent 0315509
commit eee7394
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 2 deletions.
diff --git a/cci_vm_automate.yml b/cci_vm_automate.yml
@@ -151,8 +151,23 @@
     path: inventory
     block: "{{ instance.servers[0].access_ipv4 }}"
 
-- name: Run cci_worker.yml playbook
-  ansible.builtin.command: ansible-playbook -i inventory -u cloud-user cci_worker.yml
+- name: Fetch IP of vault.corp.redhat.com
+  ansible.builtin.shell: "ping -c 1 vault.corp.redhat.com | head -n 1 | awk -F'[()]' '{print $2}'"
+  register: vault_ip
+  changed_when: false
+
+- name: Store vault IP in a variable
+  ansible.builtin.set_fact:
+    vault_ip_address: "{{ vault_ip.stdout }}"
+
+- name: Pause for a minute to start the instance
+  ansible.builtin.pause:
+    minutes: 1
+
+- name: Run cci_worker.yml playbook with vault IP as an extra variable
+  ansible.builtin.command: >
+    ansible-playbook -i inventory -u cloud-user cci_worker.yml
+    --extra-vars "vault_ip_address={{ vault_ip_address }}"
 
 - name: Remove the inventory file
   ansible.builtin.file:

diff --git a/cci_worker.yml b/cci_worker.yml
@@ -10,6 +10,13 @@
     - vars/java.yml
 
   pre_tasks:
+    - name: Add vault.corp.redhat.com entry to /etc/hosts
+      ansible.builtin.lineinfile:
+        path: /etc/hosts
+        line: "{{ vault_ip_address }} vault.corp.redhat.com"
+        create: yes
+        state: present
+
     - name: "Load Secrets from Vault"
       ansible.builtin.include_role:
         name: "vault"