NIXKnight/ansible-wrapper.sh

## ansible-wrapper.sh
#!/usr/bin/env bash

# +------------------------------------------------------------------------------------------+
# + FILE: ansible-wrapper                                                                    +
# +                                                                                          +
# + AUTHOR: Saad Ali (https://github.com/NIXKnight)                                          +
# + To be used with https://github.com/NIXKnight/Docker-Kube-Utils.git                       +
# +------------------------------------------------------------------------------------------+

export K8S_SERVICEACCOUNT_DIR="/var/run/secrets/kubernetes.io/serviceaccount"
export K8S_AUTH_TOKEN="$(cat $K8S_SERVICEACCOUNT_DIR/token)"

cat <<EOF > /tmp/payload.json
{
  "role": "postgresql-db-manager",
  "jwt": "$K8S_AUTH_TOKEN"
}
EOF

export VAULT_ADDR="http://vault.vault.svc.cluster.local:8200"
export VAULT_TOKEN="$(curl --data @/tmp/payload.json -X POST $VAULT_ADDR/v1/auth/kubernetes/login | jq -r '.auth.client_token')"

export ANSIBLE_STDOUT_CALLBACK="debug"
export ANSIBLE_CALLBACKS_ENABLED="profile_tasks"

cd /postgresql-db-manager/
ansible-playbook playbook.yaml -vv

## extravars.yml
# To be used with Ansible role https://github.com/NIXKnight/Ansible-PgSQL-DB-User.git
postgresql_login_host: "{{ lookup('ansible.builtin.env', 'POSTGRESQL_SERVICE_HOST') }}"
postgresql_login_username: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/postgresql:admin_username') }}"
postgresql_login_password: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/postgresql:admin_password') }}"

postgresql_db_users:
  # Database for Keycloak
  - db_name: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/keycloak:postgresql_database') }}"
    username: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/keycloak:postgresql_username') }}"
    password: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/keycloak:postgresql_password') }}"
    encoding: "UTF-8"
    lc_collate: "en_US.UTF-8"
    lc_ctype: "en_US.UTF-8"
    privileges: "ALL"
    db_objects: "ALL_DEFAULT"
    db_object_type: "default_privs"
  # Database for Terraform state
  - db_name: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/terraform:state_db_name') }}"
    username: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/terraform:state_db_username') }}"
    password: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/terraform:state_db_password') }}"
    encoding: "UTF-8"
    lc_collate: "en_US.UTF-8"
    lc_ctype: "en_US.UTF-8"
    privileges: "ALL"
    db_objects: "ALL_DEFAULT"
    db_object_type: "default_privs"

## playbook.yml
- name: Ensure Databases and Users Exist in PostgreSQL
  connection: local
  hosts: localhost
  gather_facts: yes
  become: False
  vars_files:
    - "{{ playbook_dir }}/extravars.yaml"
  roles:
    - Ansible-PgSQL-DB-User
	#!/usr/bin/env bash

	# +------------------------------------------------------------------------------------------+
	# + FILE: ansible-wrapper +
	# + +
	# + AUTHOR: Saad Ali (https://github.com/NIXKnight) +
	# + To be used with https://github.com/NIXKnight/Docker-Kube-Utils.git +
	# +------------------------------------------------------------------------------------------+

	export K8S_SERVICEACCOUNT_DIR="/var/run/secrets/kubernetes.io/serviceaccount"
	export K8S_AUTH_TOKEN="$(cat $K8S_SERVICEACCOUNT_DIR/token)"

	cat <<EOF > /tmp/payload.json
	{
	"role": "postgresql-db-manager",
	"jwt": "$K8S_AUTH_TOKEN"
	}
	EOF

	export VAULT_ADDR="http://vault.vault.svc.cluster.local:8200"
	export VAULT_TOKEN="$(curl --data @/tmp/payload.json -X POST $VAULT_ADDR/v1/auth/kubernetes/login \| jq -r '.auth.client_token')"

	export ANSIBLE_STDOUT_CALLBACK="debug"
	export ANSIBLE_CALLBACKS_ENABLED="profile_tasks"

	cd /postgresql-db-manager/
	ansible-playbook playbook.yaml -vv
	# To be used with Ansible role https://github.com/NIXKnight/Ansible-PgSQL-DB-User.git
	postgresql_login_host: "{{ lookup('ansible.builtin.env', 'POSTGRESQL_SERVICE_HOST') }}"
	postgresql_login_username: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/postgresql:admin_username') }}"
	postgresql_login_password: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/postgresql:admin_password') }}"

	postgresql_db_users:
	# Database for Keycloak
	- db_name: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/keycloak:postgresql_database') }}"
	username: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/keycloak:postgresql_username') }}"
	password: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/keycloak:postgresql_password') }}"
	encoding: "UTF-8"
	lc_collate: "en_US.UTF-8"
	lc_ctype: "en_US.UTF-8"
	privileges: "ALL"
	db_objects: "ALL_DEFAULT"
	db_object_type: "default_privs"
	# Database for Terraform state
	- db_name: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/terraform:state_db_name') }}"
	username: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/terraform:state_db_username') }}"
	password: "{{ lookup('community.hashi_vault.hashi_vault', 'kv_secrets/data/apps/terraform:state_db_password') }}"
	encoding: "UTF-8"
	lc_collate: "en_US.UTF-8"
	lc_ctype: "en_US.UTF-8"
	privileges: "ALL"
	db_objects: "ALL_DEFAULT"
	db_object_type: "default_privs"
	- name: Ensure Databases and Users Exist in PostgreSQL
	connection: local
	hosts: localhost
	gather_facts: yes
	become: False
	vars_files:
	- "{{ playbook_dir }}/extravars.yaml"
	roles:
	- Ansible-PgSQL-DB-User