ansible-roles/ansible-hashicorp-vault
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ab60789665
ansible-hashicorp-vault/tasks/main.yml

86 lines
2.4 KiB
YAML
Raw Normal View History

first commit
2022-03-26 09:10:21 +00:00
---
- name: Include OS-specific variables
switch to insternal storage
2023-08-26 15:32:23 +00:00
ansible.builtin.include_vars: '{{ item }}'
first commit
2022-03-26 09:10:21 +00:00
with_first_found:
- files:
switch to insternal storage
2023-08-26 15:32:23 +00:00
- '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml'
- '{{ ansible_os_family }}.yml'
- name: Add hashicorp repo
ansible.builtin.get_url:
url: 'https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo'
adapt for red hat
2022-06-06 16:20:08 +00:00
dest: '/etc/yum.repos.d/hashicorp.repo'
owner: root
group: root
switch to insternal storage
2023-08-26 15:32:23 +00:00
mode: "0644"
add condition to add repo
2022-06-19 10:28:08 +00:00
when: ansible_os_family == "RedHat"
first commit
2022-03-26 09:10:21 +00:00
add debian compatibility
2022-11-01 19:37:56 +00:00
- name: Add Vault/Hashicorp apt key
switch to insternal storage
2023-08-26 15:32:23 +00:00
ansible.builtin.apt_key:
url: '{{ vault_debian_repository_key_url }}'
add debian compatibility
2022-11-01 19:37:56 +00:00
state: present
become: true
when: ansible_pkg_mgr == 'apt'
- name: Add Vault/Hashicorp apt repo
switch to insternal storage
2023-08-26 15:32:23 +00:00
ansible.builtin.apt_repository:
repo: 'deb {{ vault_debian_repository_url }} {{ ansible_distribution_release }} main'
add debian compatibility
2022-11-01 19:37:56 +00:00
state: present
become: true
when: ansible_pkg_mgr == 'apt'
switch to insternal storage
2023-08-26 15:32:23 +00:00
- name: Install package
ansible.builtin.package:
name: '{{ vault_os_package }}'
first commit
2022-03-26 09:10:21 +00:00
state: present
change detection to aarch to not install package
2023-10-18 17:16:03 +00:00
when: not ansible_architecture == 'aarch64' or not ansible_os_family == 'Archlinux'
first commit
2022-03-26 09:10:21 +00:00
switch to insternal storage
2023-08-26 15:32:23 +00:00
- name: Create /opt/vault folder
ansible.builtin.file:
state: directory
path: /opt/vault/raft
owner: vault
mode: "0755"
- name: Apply config template
first commit
2022-03-26 09:10:21 +00:00
block:
switch to insternal storage
2023-08-26 15:32:23 +00:00
- name: Server template
ansible.builtin.template:
first commit
2022-03-26 09:10:21 +00:00
src: config.hcl.j2
switch to insternal storage
2023-08-26 15:32:23 +00:00
dest: '{{ vault_config_path }}'
first commit
2022-03-26 09:10:21 +00:00
owner: vault
group: vault
switch to insternal storage
2023-08-26 15:32:23 +00:00
mode: "0400"
manage init and unseal
2023-10-29 14:39:20 +00:00
register: vault_config_change
- name: Restart service if change
ansible.builtin.service:
name: '{{ vault_os_service }}'
state: restarted
when: vault_config_change.changed == true
first commit
2022-03-26 09:10:21 +00:00
switch to insternal storage
2023-08-26 15:32:23 +00:00
- name: Ensure service is started
ansible.builtin.systemd:
name: '{{ vault_os_service }}'
first commit
2022-03-26 09:10:21 +00:00
state: started
switch to insternal storage
2023-08-26 15:32:23 +00:00
enabled: true
feat: add backup script
2023-08-27 14:54:22 +00:00
- name: configure backup
block:
- name: copy backup script
copy:
dest: "/opt/vault/vault-backup.sh"
mode: 0744
owner: vault
src: vault-backup.sh
- name: vault snaphot cron.d
cron:
name: vault backup
user: vault
state: present
job: "/opt/vault/vault-backup.sh {{ vault_backup_location }} {{vault_roleID}} {{vault_secretID}}"
hour: "{{vault_cron_hour}}"
when: vault_snapshot
manage init and unseal
2023-10-29 14:39:20 +00:00
- name: Import Init
ansible.builtin.import_tasks: init.yml
- name: Import UnSeal
ansible.builtin.import_tasks: unseal.yml
Reference in New Issue Copy Permalink