diff --git a/run.sh b/run.sh index 32b28c8..a88d20f 100755 --- a/run.sh +++ b/run.sh @@ -61,23 +61,24 @@ if [ ! -z "$ANSIBLE_HOSTS" ] ; then fi #echo "Find vault encrypted files if any" -if [ -d ./group_vars ] ; then - VAULT_GROUP_FILES=$( find ./group_vars -name \*vault\* ) -fi -if [ -d ./host_vars ] ; then - VAULT_HOST_FILES=$( find ./host_vars -name \*vault\* ) -fi +#if [ -d ./group_vars ] ; then +# VAULT_GROUP_FILES=$( find ./group_vars -name \*vault\* ) +#fi +#if [ -d ./host_vars ] ; then +# VAULT_HOST_FILES=$( find ./host_vars -name \*vault\* ) +#fi -if [ -n "$VAULT_GROUP_FILES" ] || [ -n "$VAULT_HOST_FILES" ] ; then +#if [ -n "$VAULT_GROUP_FILES" ] || [ -n "$VAULT_HOST_FILES" ] ; then # Vault requires a password. # To encrypt a password for a user: python -c "from passlib.hash import sha512_crypt; print sha512_crypt.encrypt('')" - if [ -f ~/.conductor_ansible_vault_pass.txt ] ; then - PLAY_OPTS="$PLAY_OPTS --vault-password-file=~/.conductor_ansible_vault_pass.txt" - else - echo "There are password protected encrypted files, we will ask for password before proceeding" - PLAY_OPTS="$PLAY_OPTS --ask-vault-pass" - fi -fi +# if [ -f ~/.conductor_ansible_vault_pass.txt ] ; then +# PLAY_OPTS="$PLAY_OPTS --vault-password-file=~/.conductor_ansible_vault_pass.txt" +# else +# echo "There are password protected encrypted files, we will ask for password before proceeding" +# PLAY_OPTS="$PLAY_OPTS --ask-vault-pass" +# fi +#fi +PLAY_OPTS="$PLAY_OPTS --ask-vault-pass" # Main ansible-playbook $PLAY_OPTS $MAIN $@ diff --git a/site-prod.yaml b/site-prod.yaml index 67b733c..2bc5a12 100644 --- a/site-prod.yaml +++ b/site-prod.yaml @@ -1,5 +1,7 @@ --- - hosts: prod_infra + vars_files: + - roles/external-postgres/defaults/vault_main.yaml vars: cluster_check: true conductor_workers_server: http://conductor-server:8080/api