Add tasks to setup gpg agent

service-provider-setup/.gitignore

@@ -0,0 +1,2 @@
+dns-vars.yml
+k8s-vars.yml

service-provider-setup/dns-vars.yml

@@ -1,5 +0,0 @@
-domain: "test.wireitin.com"
-subdomain_prefix: "dss-ind"
-subdomain_cluster_control: "{{ subdomain_prefix }}-cluster-control"
-cluster_control_ip: "64.227.134.44"
-do_api_token: ""

service-provider-setup/k8s-vars.example.yml

@@ -0,0 +1,3 @@
+target_host: ""
+gpg_key_id: ""
+vault_passphrase: ""

service-provider-setup/setup-k8s.yml

@@ -4,8 +4,8 @@
 - name: Setup k8s
   hosts: "{{ target_host }}"
 
-  vars:
+  vars_files:
-    target_host: "localhost"
+    - k8s-vars.yml
 
   tasks:
     - name: Install Python and pip
@@ -29,3 +29,30 @@
         line: 'export PATH="$HOME/.local/bin:$PATH"'
         state: present
         create: yes
+
+    - name: Clone the service provider template repo
+      git:
+        repo: "https://git.vdb.to/cerc-io/service-provider-template.git"
+        dest: "{{ ansible_env.HOME }}/service-provider-template"
+
+    - name: Update .vault/vault-keys file
+      lineinfile:
+        path: "service-provider-template/.vault/vault-keys"
+        regexp: '^.*$'
+        line: "{{ gpg_key_id }}"
+        create: yes
+
+    - name: Start GPG agent
+      command: gpg-agent --daemon
+      ignore_errors: yes
+
+    - name: Set VAULT_KEY environment variable
+      shell: export VAULT_KEY='{{ vault_passphrase }}'
+
+    - name: Run vault-rekey.sh
+      expect:
+        command: bash .vault/vault-rekey.sh
+        responses:
+          "Enter passphrase:": "{{ vault_passphrase }}"
+      args:
+        chdir: "service-provider-template"