Remove secrets from this repo and create a secrets role

The secrets role provides a var 'secrets_path' we can use to access
secrets stored outside of this repo.  We will store the inventory and
secrets in lab specific repos.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>

diff --git a/roles/common/meta/main.yml b/roles/common/meta/main.yml
new file mode 100644 (file)
index 0000000..313fd69
--- /dev/null
+++ b/roles/common/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: secrets

diff --git a/roles/common/tasks/redhat/entitlements.yml b/roles/common/tasks/redhat/entitlements.yml
new file mode 100644 (file)
index 0000000..44d5032
--- /dev/null
+++ b/roles/common/tasks/redhat/entitlements.yml
@@ -0,0 +1,20 @@
+---
+- name: Include Red Hat encrypted variables.
+  include_vars: "{{ secrets_path | mandatory }}/entitlements.yml"
+  no_log: true
+  tags:
+    - vars
+
+- name: Determine if node is registered with subscription-manager.
+  command: subscription-manager identity
+  register: subscription 
+  ignore_errors: true
+  changed_when: false
+  no_log: true
+
+- name: Register with subscription-manager.
+  command: subscription-manager register
+           --activationkey={{ subscription_manager_activationkey }}
+           --org={{ subscription_manager_org }}
+  no_log: true
+  when: subscription.rc != 0

diff --git a/roles/secrets/defaults/main.yml b/roles/secrets/defaults/main.yml
new file mode 100644 (file)
index 0000000..80df7bd
--- /dev/null
+++ b/roles/secrets/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+secrets_path: "{{ lookup('env', 'ANSIBLE_SECRETS_PATH') | default('/etc/ansible/secrets', true) }}"