ansible-collection-famedly-.../roles/synapse/tasks/generate_secret.yml

33 lines
918 B
YAML

---
- name: Set full file path
set_fact:
secret_file_path: "{{ matrix_synapse_secrets_path }}/{{ secret.file }}"
tags: ['deploy', 'deploy-synapse']
- name: Check if secret exists
stat:
path: "{{ secret_file_path }}"
register: secret_file_stat
tags: ['deploy', 'deploy-synapse']
- name: Generate random string
copy:
content: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=42') }}"
dest: "{{ secret_file_path }}"
owner: synapse
group: synapse
mode: "0600"
when:
- not secret_file_stat.stat.exists
tags: ['deploy', 'deploy-synapse']
# TODO: This below is a dirty hack and should be properly revisited
- name: Retrieve secret
slurp:
src: "{{ secret_file_path }}"
register: secret_var
tags: ['deploy', 'deploy-synapse']
- name: Set secret.var fact
set_fact: { "{{ secret.var }}": "{{ secret_var }}" }
tags: ['deploy', 'deploy-synapse']