homelab/ansible/playbooks/HashicorpStack.yml

---
- name: Consul install
  hosts: all
  roles:
    - role: ansible-consul
      become: true

- name: Vault install
  hosts: homelab
  roles:
    - role: ansible-hashicorp-vault
      become: true
  post_tasks:
    - name: Stat root file
      ansible.builtin.stat:
        path: "{{ vault_unseal_keys_dir_output }}/rootkey"
      register: rootkey_exist
      delegate_to: localhost
    - name: Reading root contents
      ansible.builtin.command: cat "{{ vault_unseal_keys_dir_output }}/rootkey"
      register: root_token
      delegate_to: localhost
      when: rootkey_exist.stat.exists
      changed_when: false
    - name: debug
      ansible.builtin.debug:
        var: root_token
    - name: Generate nomad token
      community.hashi_vault.vault_token_create:
        renewable: true
        policies: "nomad-server-policy"
        period: 72h
        no_parent: true
        token: "{{ root_token.stdout }}"
        url: "http://active.vault.service.consul:8200"
        retries: 4
      run_once: true
      delegate_to: localhost
      when: root_token.stdout is defined
      register: nomad_token_data

    - name: Gather nomad token
      ansible.builtin.set_fact:
        nomad_vault_token: "{{ nomad_token_data.login.auth.client_token }}"
      when: nomad_token_data.login is defined

- name: nomad
  hosts: all
  vars:
    unseal_keys_dir_output: ~/vaultunseal
  roles:
    - role: ansible-nomad
      become: true
    - role: docker
      become: true
style: fix yaml 2022-11-29 20:23:44 +00:00			`---`
refactor: consul in first of hashicorp stack 2024-02-04 20:25:14 +00:00			`- name: Consul install`
			`hosts: all`
			`roles:`
			`- role: ansible-consul`
			`become: true`

manage nomad vault token in ansible 2023-10-29 14:35:11 +00:00			`- name: Vault install`
			`hosts: homelab`
split workstation and server playbook from https://git.ducamps.win/vincent/ansible 2022-06-19 10:38:23 +00:00			`roles:`
			`- role: ansible-hashicorp-vault`
exclude VPS from vault 2023-08-26 15:30:41 +00:00			`become: true`
manage nomad vault token in ansible 2023-10-29 14:35:11 +00:00			`post_tasks:`
fix: case where vault root file not exist 2024-01-30 17:32:25 +00:00			`- name: Stat root file`
			`ansible.builtin.stat:`
			`path: "{{ vault_unseal_keys_dir_output }}/rootkey"`
			`register: rootkey_exist`
refactor: consul in first of hashicorp stack 2024-02-04 20:25:14 +00:00			`delegate_to: localhost`
feat: improce variable management 2024-01-09 17:49:36 +00:00			`- name: Reading root contents`
			`ansible.builtin.command: cat "{{ vault_unseal_keys_dir_output }}/rootkey"`
			`register: root_token`
			`delegate_to: localhost`
fix: case where vault root file not exist 2024-01-30 17:32:25 +00:00			`when: rootkey_exist.stat.exists`
feat: improce variable management 2024-01-09 17:49:36 +00:00			`changed_when: false`
			`- name: debug`
			`ansible.builtin.debug:`
			`var: root_token`
manage nomad vault token in ansible 2023-10-29 14:35:11 +00:00			`- name: Generate nomad token`
			`community.hashi_vault.vault_token_create:`
			`renewable: true`
			`policies: "nomad-server-policy"`
			`period: 72h`
			`no_parent: true`
feat: improce variable management 2024-01-09 17:49:36 +00:00			`token: "{{ root_token.stdout }}"`
fix: modify vault endpoint for create nomad token 2024-02-13 19:27:01 +00:00			`url: "http://active.vault.service.consul:8200"`
manage nomad vault token in ansible 2023-10-29 14:35:11 +00:00			`retries: 4`
			`run_once: true`
			`delegate_to: localhost`
feat: improce variable management 2024-01-09 17:49:36 +00:00			`when: root_token.stdout is defined`
manage nomad vault token in ansible 2023-10-29 14:35:11 +00:00			`register: nomad_token_data`

			`- name: Gather nomad token`
			`ansible.builtin.set_fact:`
			`nomad_vault_token: "{{ nomad_token_data.login.auth.client_token }}"`
fix nomad token condition Signed-off-by: vincent <vincent@ducamps.win> 2023-10-29 19:03:08 +00:00			`when: nomad_token_data.login is defined`
manage nomad vault token in ansible 2023-10-29 14:35:11 +00:00
refactor: consul in first of hashicorp stack 2024-02-04 20:25:14 +00:00			`- name: nomad`
manage nomad vault token in ansible 2023-10-29 14:35:11 +00:00			`hosts: all`
			`vars:`
			`unseal_keys_dir_output: ~/vaultunseal`
			`roles:`
split workstation and server playbook from https://git.ducamps.win/vincent/ansible 2022-06-19 10:38:23 +00:00			`- role: ansible-nomad`
			`become: true`
			`- role: docker`
			`become: true`