Dustin C. Hatch
b9a046c7f4
One major weakness with Ansible's "lookup" plugins is that they are evaluated _every single time they are used_, even indirectly. This means, for example, a shell command could be run many times, potentially resulting in different values, or executing a complex calculation that always provides the same result. Ansible does not have a built-in way to cache the result of a `lookup` or `query` call, so I created this one. It's inspired by [ansible-cached-lookup][0], which didn't actually work and is apparently unmaintained. Instead of using a hard-coded file-based caching system, however, my plugin uses Ansible's configuration and plugin infrastructure to store values with any available cache plugin. Although looking up the _pyrocufflink.net_ wildcard certificate with the Kubernetes API isn't particularly expensive by itself right now, I can envision several other uses that may be. Having this plugin available could speed up future playbooks. [0]: https://pypi.org/project/ansible-cached-lookup
18 lines
515 B
YAML
18 lines
515 B
YAML
pyrocufflink_wildcard_cert_secret: >-
|
|
{{ lookup(
|
|
"cache",
|
|
"kubernetes.core.k8s",
|
|
kind="Secret",
|
|
namespace="default",
|
|
resource_name="pyrocufflink-cert"
|
|
) }}
|
|
|
|
pyrocufflink_wildcard_cert: >-
|
|
{{ pyrocufflink_wildcard_cert_secret.data["tls.crt"] | b64decode }}
|
|
|
|
pyrocufflink_wildcard_key: >-
|
|
{{ pyrocufflink_wildcard_cert_secret.data["tls.key"] | b64decode }}
|
|
|
|
apache_ssl_certificate_data: "{{ pyrocufflink_wildcard_cert }}"
|
|
apache_ssl_certificate_key_data: "{{ pyrocufflink_wildcard_key }}"
|