wireguard: bump role and add Consul ACL token

Part of effort to lock down Consul ACLs: https://github.com/status-im/infra-hq/issues/70 Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-02-08 20:51:45 +01:00 · 2022-02-08 20:51:45 +01:00 · d74ff169ef
parent cdf63cba43
commit d74ff169ef
3 changed files with 9 additions and 5 deletions
--- a/ansible/bootstrap.yml
+++ b/ansible/bootstrap.yml
@ -22,6 +22,7 @@
 - name: Bootstrap Python support for Ansible
  become: true
  hosts: all
+  serial: '{{ serial|default(1) }}'
  roles:
    - role: infra-role-bootstrap-linux/raw
      when: ansible_system == 'Linux'
@ -29,6 +30,7 @@
 - name: Bootstrap admin users and Consul
  become: true
  hosts: all
+  serial: '{{ serial|default(1) }}'
  roles:
    - role: infra-role-bootstrap-linux
      when: ansible_system == 'Linux'
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -2,9 +2,11 @@
 # Root password
 bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}'
 bootstrap__admin_pass: '{{lookup("bitwarden", "macos/admin", field="password")}}'
-# Consul encryption key and ACL token
+# Consul
 bootstrap__consul_encryption_key: '{{lookup("bitwarden", "consul", field="encryption-key")}}'
 bootstarp__consul_agent_acl_token: '{{lookup("bitwarden", "consul", field="agent-acl-token")}}'
+# Wireguard
+wireguard_consul_acl_token: '{{lookup("bitwarden", "consul", field="wireguard-acl-token")}}'

 # Custom SSH accounts for Nimbus fleet, should start from UID 8000.
 bootstrap__active_extra_users:
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -16,22 +16,22 @@

 - name: infra-role-bootstrap-linux
  src: git@github.com:status-im/infra-role-bootstrap-linux.git
-  version: 3b61bca714677e6a2a44a7500659b16b78977181
+  version: 7d2646cad4046e20b02628f4efc1e2b87deef773
  scm: git

 - name: infra-role-bootstrap-windows
  src: git@github.com:status-im/infra-role-bootstrap-windows.git
-  version: 6b883f69072e26e1efc8c43b52de3af64d41c9e4
+  version: 9cd9c24cec4c4a9eb8b0c080ad352d83486d1c58
  scm: git

 - name: infra-role-bootstrap-macos
  src: git@github.com:status-im/infra-role-bootstrap-macos.git
-  version: f91aae959976703a638a007245970e936da7b781
+  version: 3c46cb38d6ba9d6d79ce31fdb3877b9dfd1fb621
  scm: git

 - name: infra-role-wireguard
  src: git@github.com:status-im/infra-role-wireguard.git
-  version: 345c9dd85ff8e57bce7e492dc05d685aee1f076c
+  version: 2aa2627c9f01d5c08f43237a09dd3a7635592205
  scm: git

 - name: oauth-proxy