From d74ff169efb8a22f0c194be988733ded60a84faa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= Date: Tue, 8 Feb 2022 20:51:45 +0100 Subject: [PATCH] wireguard: bump role and add Consul ACL token MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Part of effort to lock down Consul ACLs: https://github.com/status-im/infra-hq/issues/70 Signed-off-by: Jakub SokoĊ‚owski --- ansible/bootstrap.yml | 2 ++ ansible/group_vars/all.yml | 4 +++- ansible/requirements.yml | 8 ++++---- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index ce3f750..0c2867b 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -22,6 +22,7 @@ - name: Bootstrap Python support for Ansible become: true hosts: all + serial: '{{ serial|default(1) }}' roles: - role: infra-role-bootstrap-linux/raw when: ansible_system == 'Linux' @@ -29,6 +30,7 @@ - name: Bootstrap admin users and Consul become: true hosts: all + serial: '{{ serial|default(1) }}' roles: - role: infra-role-bootstrap-linux when: ansible_system == 'Linux' diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index fcc596e..e62e97a 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -2,9 +2,11 @@ # Root password bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}' bootstrap__admin_pass: '{{lookup("bitwarden", "macos/admin", field="password")}}' -# Consul encryption key and ACL token +# Consul bootstrap__consul_encryption_key: '{{lookup("bitwarden", "consul", field="encryption-key")}}' bootstarp__consul_agent_acl_token: '{{lookup("bitwarden", "consul", field="agent-acl-token")}}' +# Wireguard +wireguard_consul_acl_token: '{{lookup("bitwarden", "consul", field="wireguard-acl-token")}}' # Custom SSH accounts for Nimbus fleet, should start from UID 8000. bootstrap__active_extra_users: diff --git a/ansible/requirements.yml b/ansible/requirements.yml index 05ea1b1..f7f550a 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -16,22 +16,22 @@ - name: infra-role-bootstrap-linux src: git@github.com:status-im/infra-role-bootstrap-linux.git - version: 3b61bca714677e6a2a44a7500659b16b78977181 + version: 7d2646cad4046e20b02628f4efc1e2b87deef773 scm: git - name: infra-role-bootstrap-windows src: git@github.com:status-im/infra-role-bootstrap-windows.git - version: 6b883f69072e26e1efc8c43b52de3af64d41c9e4 + version: 9cd9c24cec4c4a9eb8b0c080ad352d83486d1c58 scm: git - name: infra-role-bootstrap-macos src: git@github.com:status-im/infra-role-bootstrap-macos.git - version: f91aae959976703a638a007245970e936da7b781 + version: 3c46cb38d6ba9d6d79ce31fdb3877b9dfd1fb621 scm: git - name: infra-role-wireguard src: git@github.com:status-im/infra-role-wireguard.git - version: 345c9dd85ff8e57bce7e492dc05d685aee1f076c + version: 2aa2627c9f01d5c08f43237a09dd3a7635592205 scm: git - name: oauth-proxy