--- - name: Include OS-specific variables ansible.builtin.include_vars: '{{ item }}' with_first_found: - files: - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml' - '{{ ansible_os_family }}.yml' - name: Add hashicorp repo ansible.builtin.get_url: url: 'https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo' dest: '/etc/yum.repos.d/hashicorp.repo' owner: root group: root mode: "0644" when: ansible_os_family == "RedHat" - name: Add Vault/Hashicorp apt key ansible.builtin.apt_key: url: '{{ vault_debian_repository_key_url }}' state: present become: true when: ansible_pkg_mgr == 'apt' - name: Add Vault/Hashicorp apt repo ansible.builtin.apt_repository: repo: 'deb {{ vault_debian_repository_url }} {{ ansible_distribution_release }} main' state: present become: true when: ansible_pkg_mgr == 'apt' - name: Install package ansible.builtin.package: name: '{{ vault_os_package }}' state: present when: not ansible_architecture == 'armv7l' or not ansible_os_family == 'Archlinux' - name: Create /opt/vault folder ansible.builtin.file: state: directory path: /opt/vault/raft owner: vault mode: "0755" - name: Apply config template notify: restart vault block: - name: Server template ansible.builtin.template: src: config.hcl.j2 dest: '{{ vault_config_path }}' owner: vault group: vault mode: "0400" - name: Ensure service is started ansible.builtin.systemd: name: '{{ vault_os_service }}' state: started enabled: true