ansible-roles/ansible-hashicorp-vault
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

switch to insternal storage

Browse Source
This commit is contained in:
vincent 2023-08-26 17:32:23 +02:00
parent d5677c4891
commit a085d247ae
2 changed files with 39 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
tasks/main.yml
View File

@ -1,51 +1,59 @@
--- ---
- name: Include OS-specific variables - name: Include OS-specific variables
include_vars: "{{ item }}" ansible.builtin.include_vars: '{{ item }}'
with_first_found: with_first_found:
- files: - files:
- "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml" - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml'
- "{{ ansible_os_family }}.yml" - '{{ ansible_os_family }}.yml'
- name: add hashicorp repo - name: Add hashicorp repo
get_url: ansible.builtin.get_url:
url: "https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo" url: 'https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo'
dest: '/etc/yum.repos.d/hashicorp.repo' dest: '/etc/yum.repos.d/hashicorp.repo'
owner: root owner: root
group: root group: root
mode: 0644 mode: "0644"
when: ansible_os_family == "RedHat" when: ansible_os_family == "RedHat"
- name: Add Vault/Hashicorp apt key - name: Add Vault/Hashicorp apt key
apt_key: ansible.builtin.apt_key:
url: "{{ vault_debian_repository_key_url }}" url: '{{ vault_debian_repository_key_url }}'
state: present state: present
become: true become: true
when: ansible_pkg_mgr == 'apt' when: ansible_pkg_mgr == 'apt'
- name: Add Vault/Hashicorp apt repo - name: Add Vault/Hashicorp apt repo
apt_repository: ansible.builtin.apt_repository:
repo: "deb {{ vault_debian_repository_url }} {{ ansible_distribution_release }} main" repo: 'deb {{ vault_debian_repository_url }} {{ ansible_distribution_release }} main'
state: present state: present
become: true become: true
when: ansible_pkg_mgr == 'apt' when: ansible_pkg_mgr == 'apt'
- name: install package - name: Install package
package: ansible.builtin.package:
name: "{{ vault_os_package }}" name: '{{ vault_os_package }}'
state: present state: present
when: not ansible_architecture == 'armv7l' or not ansible_distribution_release == Archlinux
- name: apply config template - name: Create /opt/vault folder
ansible.builtin.file:
state: directory
path: /opt/vault/raft
owner: vault
mode: "0755"
- name: Apply config template
notify: restart vault
block: block:
- name: server template - name: Server template
template: ansible.builtin.template:
src: config.hcl.j2 src: config.hcl.j2
dest: "{{vault_config_path}}" dest: '{{ vault_config_path }}'
owner: vault owner: vault
group: vault group: vault
mode: 0400 mode: "0400"
notify: restart vault
- name: ensure service is started - name: Ensure service is started
systemd: ansible.builtin.systemd:
name: "{{ vault_os_service }}" name: '{{ vault_os_service }}'
state: started state: started
enabled: True enabled: true

13
templates/config.hcl.j2
View File

@ -1,14 +1,15 @@
storage "consul" { storage "raft" {
address = "127.0.0.1:8500" path = "/opt/vault/raft/"
path = "vault" node_id = "{{ inventory_hostname }}"
} }
listener "tcp" { listener "tcp" {
address = "{{ vault_listener_address}}:8200" address = "{{ vault_listener_address}}:8200"
cluster_address = "{{ vault_listener_address}}:8201"
tls_disable = 1 tls_disable = 1
} }
api_addr = "http://{{ vault_listener_address}}:8200"
cluster_addr = "http://{{ ansible_default_ipv4.address }}:8201"
ui= true ui= true
{% if ansible_virtualization_type == 'lxc' %}
disable_mlock = true disable_mlock = true
{%endif%}