110 lines
2.8 KiB
YAML
110 lines
2.8 KiB
YAML
---
|
|
- name: Include variables
|
|
include_vars: "{{ lookup('first_found', params) }}"
|
|
vars:
|
|
params:
|
|
files: "{{ distro_lookup_path }}"
|
|
paths:
|
|
- "vars"
|
|
|
|
- name: Include OS-specific tasks
|
|
include_tasks: "{{ lookup('first_found', file_list) }}"
|
|
vars:
|
|
file_list: "{{ distro_lookup_path }}"
|
|
|
|
- name: Add PPA GPG key
|
|
become: true
|
|
apt_key:
|
|
data: "{{ hashicorp_gpg_key }}"
|
|
|
|
- name: Install required packages
|
|
become: true
|
|
ansible.builtin.package:
|
|
state: present
|
|
name: "{{ item }}"
|
|
loop:
|
|
- "{{ packages }}"
|
|
when: "ansible_facts.pkg_mgr != 'atomic_container'"
|
|
register: task_result
|
|
until: task_result is success
|
|
retries: 5
|
|
|
|
- name: Create storage
|
|
ansible.builtin.file:
|
|
state: "directory"
|
|
path: "{{ vault_storage_path }}"
|
|
owner: "{{ vault_owner }}"
|
|
group: "{{ vault_group }}"
|
|
mode: 0755
|
|
|
|
- name: Create plugins dir
|
|
ansible.builtin.file:
|
|
state: "directory"
|
|
path: "{{ vault_plugin_path }}"
|
|
owner: "{{ vault_owner }}"
|
|
group: "{{ vault_group }}"
|
|
mode: 0755
|
|
|
|
- name: Install plugins
|
|
ansible.builtin.unarchive:
|
|
src: "{{ zj_plugin.url }}"
|
|
dest: "{{ vault_plugin_path }}"
|
|
owner: "{{ vault_owner }}"
|
|
group: "{{ vault_group }}"
|
|
remote_src: "yes"
|
|
loop:
|
|
"{{ vault_plugins }}"
|
|
loop_control:
|
|
loop_var: "zj_plugin"
|
|
|
|
- name: Write config
|
|
ansible.builtin.template:
|
|
dest: /etc/vault.d/vault.hcl
|
|
src: vault.hcl.j2
|
|
mode: 0644
|
|
owner: "{{ vault_owner }}"
|
|
group: "{{ vault_group }}"
|
|
notify:
|
|
- Restart Vault
|
|
|
|
- name: Write SSL Cert file
|
|
ansible.builtin.copy:
|
|
path: "{{ vault_tls_cert_file }}"
|
|
content: "{{ vault_tls_cert_content }}"
|
|
owner: "{{ vault_owner }}"
|
|
group: "{{ vault_group }}"
|
|
recurse: true
|
|
when: "vault_tls_cert_content is defined and vault_tls_cert_content|length>0"
|
|
|
|
- name: Write SSL Key file
|
|
ansible.builtin.copy:
|
|
path: "{{ vault_tls_key_file }}"
|
|
content: "{{ vault_tls_key_content }}"
|
|
owner: "{{ vault_owner }}"
|
|
group: "{{ vault_group }}"
|
|
recurse: true
|
|
when: "vault_tls_key_content is defined and vault_tls_key_content|length>0"
|
|
|
|
- name: Correct certs ownership
|
|
ansible.builtin.file:
|
|
path: "/etc/ssl/{{ inventory_hostname }}/vault"
|
|
state: "directory"
|
|
owner: "{{ vault_owner }}"
|
|
group: "{{ vault_group }}"
|
|
recurse: true
|
|
|
|
- name: Enable vault service
|
|
ansible.builtin.service:
|
|
name: "vault"
|
|
enabled: "true"
|
|
state: "started"
|
|
|
|
# - name: Renew transit token
|
|
# include_tasks: "renew_transit_token.yaml"
|
|
# vars:
|
|
# vault_addr: "{{ vault_seal_transit_address }}"
|
|
# transit_token: "{{ vault_seal_transit_token }}"
|
|
# when:
|
|
# - "vault_seal_transit_address is defined and vault_seal_transit_address | length > 0"
|
|
# - "vault_seal_transit_token is defined and vault_seal_transit_token | length > 0"
|