added registration of a new Netbox into Vault

81296ed6 · Arkadiusz SZCZECINSKI · d3ab6fa6 · 81296ed6
Commit 81296ed6 authored 2 weeks ago by Arkadiusz SZCZECINSKI
--- a/netbox_configuration/ansible.sh
+++ b/netbox_configuration/ansible.sh
@@ -5,7 +5,9 @@ check_vault_connection() {
    local response
    response=$(curl -s -o /dev/null -w "%{http_code}" "${VAULT_ADDR}/v1/sys/health")
-    if [[ "$response" -ne 200 && "$response" -ne 429 && "$response" -ne 472 && "$response" -ne 473 && "$response" -ne 501 ]]; then
+    if [[ "$response" -eq 200 || "$response" -eq 429 || "$response" -eq 472 || "$response" -eq 473 || "$response" -eq 501 ]]; then
+        echo "[$(date)] SUCCESS: Vault is reachable."
+    else
        echo "[$(date)] ERROR: Vault is unreachable. Response code: $response"
        exit 1
    fi
@@ -16,7 +18,6 @@ check_vault_password() {
    local response
    response=$(curl -s \
      -H "X-Vault-Token: $VAULT_TOKEN" \
-      -H "X-Vault-Namespace: ${VAULT_NAMESPACE}" \
      -X GET "${VAULT_ADDR}/v1/${VAULT_LOGIN_MOUNT_POINT}/data/${VAULT_PATH}/${NETBOX_USERNAME}")
    if echo "$response" | jq -e '.data' > /dev/null; then
@@ -32,12 +33,14 @@ check_vault_password() {
 # Function to get default password and store it in Vault
 register_default_password() {
    DEFAULT_PASSWORD=$(curl -s \
-      -H "X-Vault-Token: $VAULT_TOKEN" \
+      -H "X-Vault-Token: ${VAULT_TOKEN}" \
      -H "X-Vault-Namespace: ${VAULT_NAMESPACE}" \
-      -X GET "${VAULT_ADDR}/v1/${VAULT_LOGIN_MOUNT_POINT}/data/${DEFAULT_VAULT_PATH}/${NETBOX_USERNAME}" | jq -r '.data.password')
+      --tlsv1.2 \
+      --request GET \
+      "${VAULT_ADDR}/v1/${VAULT_LOGIN_MOUNT_POINT}/data/${DEFAULT_VAULT_PATH}" | jq -r '.data.data.password')
    if [[ -z "$DEFAULT_PASSWORD" || "$DEFAULT_PASSWORD" == "null" ]]; then
-        echo "[$(date)] ERROR: Failed to retrieve default password from ${VAULT_LOGIN_MOUNT_POINT}/${DEFAULT_VAULT_PATH}/${NETBOX_USERNAME}. Exiting."
+        echo "[$(date)] ERROR: Failed to retrieve default password from ${VAULT_ADDR}/v1/${VAULT_LOGIN_MOUNT_POINT}/data/${DEFAULT_VAULT_PATH}. Exiting."
        exit 1
    fi
@@ -47,23 +50,26 @@ register_default_password() {
      -H "X-Vault-Namespace: ${VAULT_NAMESPACE}" \
      -H "Content-Type: application/json" \
      -X POST \
-      --data "{\"password\": \"${DEFAULT_PASSWORD}\"}" \
+      --data "{\"data\": {\"password\": \"${DEFAULT_PASSWORD}\"}}" \
      "${VAULT_ADDR}/v1/${VAULT_LOGIN_MOUNT_POINT}/data/${VAULT_PATH}/${NETBOX_USERNAME}"
    echo "[$(date)] Default password stored successfully."
 }
+# Validate Vault connection before proceeding
+check_vault_connection
 while true; do
    # Get the current day of the week (7=Sunday) and current hour
    DAY=$(date +%u)  # 7 = Sunday on some systems, use 7 if needed
    HOUR=$(date +%H)
    MIN=$(date +%M)
-    # Validate Vault connection before proceeding
-    check_vault_connection
    # Check if it's Sunday (7) and the time is 02:00 AM
    if [[ "$DAY" -eq 7 && "$HOUR" -eq 02 ]]; then
+        # Validate Vault connection before proceeding
+        check_vault_connection
        echo "[$(date)] Executing password rotation script."
        JSON_DATA="{\"role_id\":\"${VAULT_ROLE_ID}\",\"secret_id\":\"${VAULT_SECRET_ID}\"}"
@@ -100,7 +106,7 @@ while true; do
          }
        }"
-        echo "[$(date)] Password rotation completed successfully."
+        # echo "[$(date)] Password rotation completed successfully."
        # Sleep for 1 hour to avoid multiple executions in the same minute
        sleep 3600