switch to insternal storage
This commit is contained in:
parent
d5677c4891
commit
a085d247ae
@ -1,51 +1,59 @@
|
||||
---
|
||||
- name: Include OS-specific variables
|
||||
include_vars: "{{ item }}"
|
||||
ansible.builtin.include_vars: '{{ item }}'
|
||||
with_first_found:
|
||||
- files:
|
||||
- "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
|
||||
- "{{ ansible_os_family }}.yml"
|
||||
- name: add hashicorp repo
|
||||
get_url:
|
||||
url: "https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo"
|
||||
- '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml'
|
||||
- '{{ ansible_os_family }}.yml'
|
||||
- name: Add hashicorp repo
|
||||
ansible.builtin.get_url:
|
||||
url: 'https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo'
|
||||
dest: '/etc/yum.repos.d/hashicorp.repo'
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- name: Add Vault/Hashicorp apt key
|
||||
apt_key:
|
||||
url: "{{ vault_debian_repository_key_url }}"
|
||||
ansible.builtin.apt_key:
|
||||
url: '{{ vault_debian_repository_key_url }}'
|
||||
state: present
|
||||
become: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
||||
- name: Add Vault/Hashicorp apt repo
|
||||
apt_repository:
|
||||
repo: "deb {{ vault_debian_repository_url }} {{ ansible_distribution_release }} main"
|
||||
ansible.builtin.apt_repository:
|
||||
repo: 'deb {{ vault_debian_repository_url }} {{ ansible_distribution_release }} main'
|
||||
state: present
|
||||
become: true
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
||||
- name: install package
|
||||
package:
|
||||
name: "{{ vault_os_package }}"
|
||||
- name: Install package
|
||||
ansible.builtin.package:
|
||||
name: '{{ vault_os_package }}'
|
||||
state: present
|
||||
when: not ansible_architecture == 'armv7l' or not ansible_distribution_release == Archlinux
|
||||
|
||||
- name: apply config template
|
||||
- name: Create /opt/vault folder
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
path: /opt/vault/raft
|
||||
owner: vault
|
||||
mode: "0755"
|
||||
|
||||
- name: Apply config template
|
||||
notify: restart vault
|
||||
block:
|
||||
- name: server template
|
||||
template:
|
||||
- name: Server template
|
||||
ansible.builtin.template:
|
||||
src: config.hcl.j2
|
||||
dest: "{{vault_config_path}}"
|
||||
dest: '{{ vault_config_path }}'
|
||||
owner: vault
|
||||
group: vault
|
||||
mode: 0400
|
||||
notify: restart vault
|
||||
mode: "0400"
|
||||
|
||||
- name: ensure service is started
|
||||
systemd:
|
||||
name: "{{ vault_os_service }}"
|
||||
- name: Ensure service is started
|
||||
ansible.builtin.systemd:
|
||||
name: '{{ vault_os_service }}'
|
||||
state: started
|
||||
enabled: True
|
||||
enabled: true
|
||||
|
@ -1,14 +1,15 @@
|
||||
|
||||
storage "consul" {
|
||||
address = "127.0.0.1:8500"
|
||||
path = "vault"
|
||||
storage "raft" {
|
||||
path = "/opt/vault/raft/"
|
||||
node_id = "{{ inventory_hostname }}"
|
||||
}
|
||||
|
||||
listener "tcp" {
|
||||
address = "{{ vault_listener_address}}:8200"
|
||||
address = "{{ vault_listener_address}}:8200"
|
||||
cluster_address = "{{ vault_listener_address}}:8201"
|
||||
tls_disable = 1
|
||||
}
|
||||
api_addr = "http://{{ vault_listener_address}}:8200"
|
||||
cluster_addr = "http://{{ ansible_default_ipv4.address }}:8201"
|
||||
ui= true
|
||||
{% if ansible_virtualization_type == 'lxc' %}
|
||||
disable_mlock = true
|
||||
{%endif%}
|
||||
|
Loading…
Reference in New Issue
Block a user