43 lines
1.3 KiB
YAML
43 lines
1.3 KiB
YAML
|
---
|
||
|
|
- name: Vault API reachable?
|
||
|
|
ansible.builtin.uri:
|
||
|
|
url: "{{ vault_api_addr }}/v1/sys/health"
|
||
|
|
method: GET
|
||
|
|
# 200 if initialized, unsealed, and active
|
||
|
|
# 429 if unsealed and standby
|
||
|
|
# 472 if data recovery mode replication secondary and active
|
||
|
|
# 473 if performance standby
|
||
|
|
# 501 if not initialized
|
||
|
|
# 503 if sealed
|
||
|
|
# See: https://www.vaultproject.io/api/system/health.html
|
||
|
|
status_code: 200, 429, 472, 473, 501, 503
|
||
|
|
body_format: json
|
||
|
|
register: check_result1
|
||
|
|
retries: 6
|
||
|
|
until: check_result1 is succeeded
|
||
|
|
delay: 10
|
||
|
|
changed_when: false
|
||
|
|
|
||
|
|
- name: Debug
|
||
|
|
ansible.builtin.debug:
|
||
|
|
var: check_result1.status
|
||
|
|
- name: Reading unseal key contents
|
||
|
|
ansible.builtin.command: cat {{ item }}
|
||
|
|
register: unseal_keys
|
||
|
|
with_fileglob: "{{ vault_unseal_keys_dir_output }}/unseal*"
|
||
|
|
delegate_to: localhost
|
||
|
|
when: check_result1.status == 503
|
||
|
|
- name: Set_fact if unseal files
|
||
|
|
ansible.builtin.set_fact:
|
||
|
|
vault_unseal_token: "{{ item.stdout }}"
|
||
|
|
with_items: "{{ unseal_keys.results }}"
|
||
|
|
when: check_result1.status == 503 and unseal_keys.results is defined
|
||
|
|
|
||
|
|
- name: Unseal vault with unseal keys
|
||
|
|
ansible.builtin.shell: |
|
||
|
|
vault operator unseal {{ item }}
|
||
|
|
environment:
|
||
|
|
VAULT_ADDR: "http://127.0.0.1:8200"
|
||
|
|
with_items: "{{vault_unseal_token}}"
|
||
|
|
when: check_result1.status == 503
|