feat(ansible): Migrate Ubuntu Jammy IV.

author Peter Mikus <pmikus@cisco.com>

Fri, 8 Jul 2022 10:20:40 +0000 (10:20 +0000)

committer Peter Mikus <pmikus@cisco.com>

Fri, 8 Jul 2022 10:20:40 +0000 (10:20 +0000)
author Peter Mikus <pmikus@cisco.com>
Fri, 8 Jul 2022 10:20:40 +0000 (10:20 +0000)
committer Peter Mikus <pmikus@cisco.com>
Fri, 8 Jul 2022 10:20:40 +0000 (10:20 +0000)
diff --git a/fdio.infra.ansible/nomad.yaml b/fdio.infra.ansible/nomad.yaml

index 5a8c4ca..d7aa467 100644 (file)
--- a/fdio.infra.ansible/nomad.yaml
+++ b/fdio.infra.ansible/nomad.yaml
@@ -22,6 +22,8 @@
        tags: nomad
      - role: consul
        tags: consul
+    - role: vault
+      tags: vault
      - role: prometheus_exporter
        tags: prometheus_exporter
      - role: jenkins_job_health_exporter
diff --git a/fdio.infra.ansible/roles/vault/defaults/main.yaml b/fdio.infra.ansible/roles/vault/defaults/main.yaml

index 817de84..5dd3db6 100644 (file)
--- a/fdio.infra.ansible/roles/vault/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/vault/defaults/main.yaml
@@ -16,7 +16,7 @@ packages_by_arch:
      - []
  
  # Inst - Vault Map.
-vault_version: "1.8.1"
+vault_version: "1.11.0"
  vault_architecture_map:
    amd64: "amd64"
    x86_64: "amd64"
diff --git a/fdio.infra.ansible/roles/vault/handlers/main.yaml b/fdio.infra.ansible/roles/vault/handlers/main.yaml

index 35841c7..ff2944f 100644 (file)
--- a/fdio.infra.ansible/roles/vault/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/vault/handlers/main.yaml
@@ -2,7 +2,7 @@
  # file roles/vault/handlers/main.yaml
  
  - name: Restart Vault
-  systemd:
+  ansible.builtin.systemd:
      daemon_reload: true
      enabled: true
      name: "{{ vault_systemd_service_name }}"
diff --git a/fdio.infra.ansible/roles/vault/meta/main.yaml b/fdio.infra.ansible/roles/vault/meta/main.yaml

index e48e7d7..882dcc3 100644 (file)
--- a/fdio.infra.ansible/roles/vault/meta/main.yaml
+++ b/fdio.infra.ansible/roles/vault/meta/main.yaml
@@ -1,11 +1,6 @@
  ---
  # file: roles/vault/meta/main.yaml
  
-# desc: Install vault from repo and configure service.
-# inst: Vault
-# conf: ?
-# info: 1.0 - added role
-
  dependencies: []
  
  galaxy_info:
@@ -19,5 +14,6 @@ galaxy_info:
      - name: Ubuntu
        versions:
          - focal
+        - jammy
    galaxy_tags:
      - vault
diff --git a/fdio.infra.ansible/roles/vault/tasks/main.yaml b/fdio.infra.ansible/roles/vault/tasks/main.yaml

index 300cfdb..3fceadf 100644 (file)
--- a/fdio.infra.ansible/roles/vault/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/vault/tasks/main.yaml
@@ -2,7 +2,7 @@
  # file: roles/vault/tasks/main.yaml
  
  - name: Inst - Update Package Cache (APT)
-  apt:
+  ansible.builtin.apt:
      update_cache: true
      cache_valid_time: 3600
    when:
@@ -11,21 +11,21 @@
      - vault-inst-prerequisites
  
  - name: Inst - Prerequisites
-  package:
+  ansible.builtin.package:
      name: "{{ packages | flatten(levels=1) }}"
      state: latest
    tags:
      - vault-inst-prerequisites
  
  - name: Conf - Add Vault Group
-  group:
+  ansible.builtin.group:
      name: "{{ vault_group }}"
      state: "{{ vault_user_state }}"
    tags:
      - vault-conf-user
  
  - name: Conf - Add Vault user
-  user:
+  ansible.builtin.user:
      name: "{{ vault_user }}"
      group: "{{ vault_group }}"
      state: "{{ vault_group_state }}"
@@ -34,21 +34,21 @@
      - vault-conf-user
  
  - name: Inst - Clean Vault
-  file:
+  ansible.builtin.file:
      path: "{{ vault_inst_dir }}/vault"
      state: "absent"
    tags:
      - vault-inst-package
  
  - name: Inst - Download Vault
-  get_url:
+  ansible.builtin.get_url:
      url: "{{ vault_zip_url }}"
      dest: "{{ vault_inst_dir }}/{{ vault_pkg }}"
    tags:
      - vault-inst-package
  
  - name: Inst - Unarchive Vault
-  unarchive:
+  ansible.builtin.unarchive:
      src: "{{ vault_inst_dir }}/{{ vault_pkg }}"
      dest: "{{ vault_inst_dir }}/"
      creates: "{{ vault_inst_dir }}/vault"
@@ -57,7 +57,7 @@
      - vault-inst-package
  
  - name: Inst - Vault
-  copy:
+  ansible.builtin.copy:
      src: "{{ vault_inst_dir }}/vault"
      dest: "{{ vault_bin_dir }}"
      owner: "{{ vault_user }}"
@@ -69,7 +69,7 @@
      - vault-inst-package
  
  - name: Inst - Check Vault mlock capability
-  command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault"
+  ansible.builtin.command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault"
    changed_when: false  # read-only task
    ignore_errors: true
    register: vault_mlock_capability
@@ -77,13 +77,13 @@
      - vault-inst-package
  
  - name: Inst - Enable non root mlock capability
-  command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault"
+  ansible.builtin.command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault"
    when: vault_mlock_capability is failed
    tags:
      - vault-inst-package
  
  - name: Conf - Create directories
-  file:
+  ansible.builtin.file:
      dest: "{{ item }}"
      state: directory
      owner: "{{ vault_user }}"
@@ -97,7 +97,7 @@
      - vault-conf
  
  - name: Conf - Vault main configuration
-  template:
+  ansible.builtin.template:
      src: "{{ vault_main_configuration_template }}"
      dest: "{{ vault_main_config }}"
      owner: "{{ vault_user }}"
@@ -119,7 +119,7 @@
  #     - vault-conf
  
  - name: Conf - System.d Script
-  template:
+  ansible.builtin.template:
      src: "vault_systemd.service.j2"
      dest: "/lib/systemd/system/vault.service"
      owner: "root"
author	Peter Mikus <pmikus@cisco.com>
	Fri, 8 Jul 2022 10:20:40 +0000 (10:20 +0000)
committer	Peter Mikus <pmikus@cisco.com>
	Fri, 8 Jul 2022 10:20:40 +0000 (10:20 +0000)
fdio.infra.ansible/nomad.yaml		patch \| blob \| history
fdio.infra.ansible/roles/vault/defaults/main.yaml		patch \| blob \| history
fdio.infra.ansible/roles/vault/handlers/main.yaml		patch \| blob \| history
fdio.infra.ansible/roles/vault/meta/main.yaml		patch \| blob \| history
fdio.infra.ansible/roles/vault/tasks/main.yaml		patch \| blob \| history