Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: I0472e26646ba059875682e15d75cf7e1a7ab0c93
tags: nomad
- role: consul
tags: consul
tags: nomad
- role: consul
tags: consul
+ - role: vault
+ tags: vault
- role: prometheus_exporter
tags: prometheus_exporter
- role: jenkins_job_health_exporter
- role: prometheus_exporter
tags: prometheus_exporter
- role: jenkins_job_health_exporter
vault_architecture_map:
amd64: "amd64"
x86_64: "amd64"
vault_architecture_map:
amd64: "amd64"
x86_64: "amd64"
# file roles/vault/handlers/main.yaml
- name: Restart Vault
# file roles/vault/handlers/main.yaml
- name: Restart Vault
+ ansible.builtin.systemd:
daemon_reload: true
enabled: true
name: "{{ vault_systemd_service_name }}"
daemon_reload: true
enabled: true
name: "{{ vault_systemd_service_name }}"
---
# file: roles/vault/meta/main.yaml
---
# file: roles/vault/meta/main.yaml
-# desc: Install vault from repo and configure service.
-# inst: Vault
-# conf: ?
-# info: 1.0 - added role
-
dependencies: []
galaxy_info:
dependencies: []
galaxy_info:
- name: Ubuntu
versions:
- focal
- name: Ubuntu
versions:
- focal
# file: roles/vault/tasks/main.yaml
- name: Inst - Update Package Cache (APT)
# file: roles/vault/tasks/main.yaml
- name: Inst - Update Package Cache (APT)
update_cache: true
cache_valid_time: 3600
when:
update_cache: true
cache_valid_time: 3600
when:
- vault-inst-prerequisites
- name: Inst - Prerequisites
- vault-inst-prerequisites
- name: Inst - Prerequisites
+ ansible.builtin.package:
name: "{{ packages | flatten(levels=1) }}"
state: latest
tags:
- vault-inst-prerequisites
- name: Conf - Add Vault Group
name: "{{ packages | flatten(levels=1) }}"
state: latest
tags:
- vault-inst-prerequisites
- name: Conf - Add Vault Group
name: "{{ vault_group }}"
state: "{{ vault_user_state }}"
tags:
- vault-conf-user
- name: Conf - Add Vault user
name: "{{ vault_group }}"
state: "{{ vault_user_state }}"
tags:
- vault-conf-user
- name: Conf - Add Vault user
name: "{{ vault_user }}"
group: "{{ vault_group }}"
state: "{{ vault_group_state }}"
name: "{{ vault_user }}"
group: "{{ vault_group }}"
state: "{{ vault_group_state }}"
- vault-conf-user
- name: Inst - Clean Vault
- vault-conf-user
- name: Inst - Clean Vault
path: "{{ vault_inst_dir }}/vault"
state: "absent"
tags:
- vault-inst-package
- name: Inst - Download Vault
path: "{{ vault_inst_dir }}/vault"
state: "absent"
tags:
- vault-inst-package
- name: Inst - Download Vault
+ ansible.builtin.get_url:
url: "{{ vault_zip_url }}"
dest: "{{ vault_inst_dir }}/{{ vault_pkg }}"
tags:
- vault-inst-package
- name: Inst - Unarchive Vault
url: "{{ vault_zip_url }}"
dest: "{{ vault_inst_dir }}/{{ vault_pkg }}"
tags:
- vault-inst-package
- name: Inst - Unarchive Vault
+ ansible.builtin.unarchive:
src: "{{ vault_inst_dir }}/{{ vault_pkg }}"
dest: "{{ vault_inst_dir }}/"
creates: "{{ vault_inst_dir }}/vault"
src: "{{ vault_inst_dir }}/{{ vault_pkg }}"
dest: "{{ vault_inst_dir }}/"
creates: "{{ vault_inst_dir }}/vault"
- vault-inst-package
- name: Inst - Vault
- vault-inst-package
- name: Inst - Vault
src: "{{ vault_inst_dir }}/vault"
dest: "{{ vault_bin_dir }}"
owner: "{{ vault_user }}"
src: "{{ vault_inst_dir }}/vault"
dest: "{{ vault_bin_dir }}"
owner: "{{ vault_user }}"
- vault-inst-package
- name: Inst - Check Vault mlock capability
- vault-inst-package
- name: Inst - Check Vault mlock capability
- command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault"
+ ansible.builtin.command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault"
changed_when: false # read-only task
ignore_errors: true
register: vault_mlock_capability
changed_when: false # read-only task
ignore_errors: true
register: vault_mlock_capability
- vault-inst-package
- name: Inst - Enable non root mlock capability
- vault-inst-package
- name: Inst - Enable non root mlock capability
- command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault"
+ ansible.builtin.command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault"
when: vault_mlock_capability is failed
tags:
- vault-inst-package
- name: Conf - Create directories
when: vault_mlock_capability is failed
tags:
- vault-inst-package
- name: Conf - Create directories
dest: "{{ item }}"
state: directory
owner: "{{ vault_user }}"
dest: "{{ item }}"
state: directory
owner: "{{ vault_user }}"
- vault-conf
- name: Conf - Vault main configuration
- vault-conf
- name: Conf - Vault main configuration
+ ansible.builtin.template:
src: "{{ vault_main_configuration_template }}"
dest: "{{ vault_main_config }}"
owner: "{{ vault_user }}"
src: "{{ vault_main_configuration_template }}"
dest: "{{ vault_main_config }}"
owner: "{{ vault_user }}"
# - vault-conf
- name: Conf - System.d Script
# - vault-conf
- name: Conf - System.d Script
+ ansible.builtin.template:
src: "vault_systemd.service.j2"
dest: "/lib/systemd/system/vault.service"
owner: "root"
src: "vault_systemd.service.j2"
dest: "/lib/systemd/system/vault.service"
owner: "root"