k3s token now templated into terraform vars

wtripp180901 · wtripp180901 · commit a8d4e173daae · 2024-09-19T15:10:06.000+01:00
diff --git a/ansible/roles/passwords/defaults/main.yml b/ansible/roles/passwords/defaults/main.yml
@@ -12,4 +12,7 @@ slurm_appliance_secrets:
 secrets_openhpc_mungekey_default:
   content: "{{ lookup('pipe', 'dd if=/dev/urandom bs=1 count=1024 2>/dev/null | base64') }}"
 
+k3s_secrets:
+  k3s_token: "{{ lookup('ansible.builtin.password', '/dev/null', length=64) }}"
+
 openhpc_passwords_output_path: "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') | default(undefined, true) | mandatory('You must define the APPLIANCES_ENVIRONMENT_ROOT environment variable') }}/inventory/group_vars/all/secrets.yml"
diff --git a/ansible/roles/passwords/tasks/main.yml b/ansible/roles/passwords/tasks/main.yml
@@ -7,17 +7,12 @@
   delegate_to: localhost
   run_once: true
 
-- name: Generate k3s token
-  ansible.builtin.set_fact:
-    k3s_token_secret: ""
-
 - name:  Generate k3s token and add to terraform
-  vars:
-    token: "{{ lookup('ansible.builtin.password', '/dev/null', length=64) }}"
-  replace:
-    path: "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/terraform/variables.tf"
-    regexp: "k3s_token_replace_me"
-    replace: "{{ token }}"
+  template:
+    src: k3s-token.auto.tfvars.json
+    dest: "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/terraform/k3s-token.auto.tfvars.json"
+  delegate_to: localhost
+  run_once: true
 
 
 # - name: Ensure munge key directory exists
diff --git a/ansible/roles/passwords/templates/k3s-token.auto.tfvars.json b/ansible/roles/passwords/templates/k3s-token.auto.tfvars.json
@@ -0,0 +1 @@
+{{ k3s_secrets | to_nice_json }}
diff --git a/environments/skeleton/{{cookiecutter.environment}}/terraform/compute/variables.tf b/environments/skeleton/{{cookiecutter.environment}}/terraform/compute/variables.tf
@@ -69,6 +69,5 @@ variable "security_group_ids" {
 }
 
 variable "k3s_token" {
-    description = "Random cryptographically secure string for K3s token (must be set by ../compute.tf)"
     type = string
 }
diff --git a/environments/skeleton/{{cookiecutter.environment}}/terraform/variables.tf b/environments/skeleton/{{cookiecutter.environment}}/terraform/variables.tf
@@ -133,7 +133,5 @@ variable "root_volume_size" {
 }
 
 variable "k3s_token" {
-    description = "Random cryptographically secure string for K3s token"
     type = string
-    default = "k3s_token_replace_me"
 }

Original file line number	Diff line number	Diff line change
`@@ -69,6 +69,5 @@ variable "security_group_ids" {`
`69`	`69`	`}`
`70`	`70`
`71`	`71`	`variable "k3s_token" {`
`72`		`- description = "Random cryptographically secure string for K3s token (must be set by ../compute.tf)"`
`73`	`72`	`type = string`
`74`	`73`	`}`
Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,5 @@ variable "root_volume_size" {`
`133`	`133`	`}`
`134`	`134`
`135`	`135`	`variable "k3s_token" {`
`136`		`- description = "Random cryptographically secure string for K3s token"`
`137`	`136`	`type = string`
`138`		`- default = "k3s_token_replace_me"`
`139`	`137`	`}`