2022-03-26 09:10:21 +00:00
|
|
|
---
|
|
|
|
- name: Include OS-specific variables
|
2023-08-26 15:32:23 +00:00
|
|
|
ansible.builtin.include_vars: '{{ item }}'
|
2022-03-26 09:10:21 +00:00
|
|
|
with_first_found:
|
|
|
|
- files:
|
2023-08-26 15:32:23 +00:00
|
|
|
- '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml'
|
|
|
|
- '{{ ansible_os_family }}.yml'
|
|
|
|
- name: Add hashicorp repo
|
|
|
|
ansible.builtin.get_url:
|
|
|
|
url: 'https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo'
|
2022-06-06 16:20:08 +00:00
|
|
|
dest: '/etc/yum.repos.d/hashicorp.repo'
|
|
|
|
owner: root
|
|
|
|
group: root
|
2023-08-26 15:32:23 +00:00
|
|
|
mode: "0644"
|
2022-06-19 10:28:08 +00:00
|
|
|
when: ansible_os_family == "RedHat"
|
2022-03-26 09:10:21 +00:00
|
|
|
|
2022-11-01 19:37:56 +00:00
|
|
|
- name: Add Vault/Hashicorp apt key
|
2023-08-26 15:32:23 +00:00
|
|
|
ansible.builtin.apt_key:
|
|
|
|
url: '{{ vault_debian_repository_key_url }}'
|
2022-11-01 19:37:56 +00:00
|
|
|
state: present
|
|
|
|
become: true
|
|
|
|
when: ansible_pkg_mgr == 'apt'
|
|
|
|
|
|
|
|
- name: Add Vault/Hashicorp apt repo
|
2023-08-26 15:32:23 +00:00
|
|
|
ansible.builtin.apt_repository:
|
|
|
|
repo: 'deb {{ vault_debian_repository_url }} {{ ansible_distribution_release }} main'
|
2022-11-01 19:37:56 +00:00
|
|
|
state: present
|
|
|
|
become: true
|
|
|
|
when: ansible_pkg_mgr == 'apt'
|
|
|
|
|
2023-08-26 15:32:23 +00:00
|
|
|
- name: Install package
|
|
|
|
ansible.builtin.package:
|
|
|
|
name: '{{ vault_os_package }}'
|
2022-03-26 09:10:21 +00:00
|
|
|
state: present
|
2023-10-18 17:16:03 +00:00
|
|
|
when: not ansible_architecture == 'aarch64' or not ansible_os_family == 'Archlinux'
|
2022-03-26 09:10:21 +00:00
|
|
|
|
2023-08-26 15:32:23 +00:00
|
|
|
- name: Create /opt/vault folder
|
|
|
|
ansible.builtin.file:
|
|
|
|
state: directory
|
|
|
|
path: /opt/vault/raft
|
|
|
|
owner: vault
|
|
|
|
mode: "0755"
|
|
|
|
|
|
|
|
- name: Apply config template
|
|
|
|
notify: restart vault
|
2022-03-26 09:10:21 +00:00
|
|
|
block:
|
2023-08-26 15:32:23 +00:00
|
|
|
- name: Server template
|
|
|
|
ansible.builtin.template:
|
2022-03-26 09:10:21 +00:00
|
|
|
src: config.hcl.j2
|
2023-08-26 15:32:23 +00:00
|
|
|
dest: '{{ vault_config_path }}'
|
2022-03-26 09:10:21 +00:00
|
|
|
owner: vault
|
|
|
|
group: vault
|
2023-08-26 15:32:23 +00:00
|
|
|
mode: "0400"
|
2022-03-26 09:10:21 +00:00
|
|
|
|
2023-08-26 15:32:23 +00:00
|
|
|
- name: Ensure service is started
|
|
|
|
ansible.builtin.systemd:
|
|
|
|
name: '{{ vault_os_service }}'
|
2022-03-26 09:10:21 +00:00
|
|
|
state: started
|
2023-08-26 15:32:23 +00:00
|
|
|
enabled: true
|
2023-08-27 14:54:22 +00:00
|
|
|
|
|
|
|
- name: configure backup
|
|
|
|
block:
|
|
|
|
- name: copy backup script
|
|
|
|
copy:
|
|
|
|
dest: "/opt/vault/vault-backup.sh"
|
|
|
|
mode: 0744
|
|
|
|
owner: vault
|
|
|
|
src: vault-backup.sh
|
|
|
|
- name: vault snaphot cron.d
|
|
|
|
cron:
|
|
|
|
name: vault backup
|
|
|
|
user: vault
|
|
|
|
state: present
|
|
|
|
job: "/opt/vault/vault-backup.sh {{ vault_backup_location }} {{vault_roleID}} {{vault_secretID}}"
|
|
|
|
hour: "{{vault_cron_hour}}"
|
|
|
|
when: vault_snapshot
|