chore!: separated galaxy deps and own collections; modified ansible script generation to use two paths for collections

REQUIRES REGENERATING ansible.cfg!
2025-02-23 00:00:00 +00:00 · 2025-02-23 00:00:00 +00:00 · 888590ed9f
commit 888590ed9f
parent 4af69c31ce
188 changed files with 30 additions and 30 deletions
--- a/ansible_collections/nullified/infrastructure/roles/vault/tasks/install_binary.yml
+++ b/ansible_collections/nullified/infrastructure/roles/vault/tasks/install_binary.yml
@ -0,0 +1,40 @@
+---
+- name: install vault binary
+  when: not hc_vault_binary_installed or hc_vault_local_binary_version != hc_vault_version
+  notify:
+    - 'vault : restart vault service'
+  block:
+    - name: download archive
+      ansible.builtin.get_url:
+        url: 'https://releases.hashicorp.com/vault/{{ hc_vault_version }}/vault_{{ hc_vault_version }}_{{ hc_vault_architecture }}.zip'
+        dest: '{{ tmp_file.path }}/vault_{{ hc_vault_version }}_{{ hc_vault_architecture }}.zip'
+        mode: '0600'
+    - name: download SHASUMs file signature
+      ansible.builtin.get_url:
+        url: 'https://releases.hashicorp.com/vault/{{ hc_vault_version }}/vault_{{ hc_vault_version }}_SHA256SUMS.sig'
+        dest: '{{ tmp_file.path }}/shasums.sig'
+        mode: '0600'
+    - name: download SHASUMs files for vault releases
+      ansible.builtin.get_url:
+        url: 'https://releases.hashicorp.com/vault/{{ hc_vault_version }}/vault_{{ hc_vault_version }}_SHA256SUMS'
+        dest: '{{ tmp_file.path }}/shasums.txt'
+        mode: '0600'
+    - name: Verify downloaded files integrity
+      block:
+        - name: check SHASUMs file integrity
+          ansible.builtin.command: 'gpg --verify {{ tmp_file.path }}/shasums.sig {{ tmp_file.path }}/shasums.txt'
+        - name: check SHASUM of the downloaded archive
+          ansible.builtin.command:
+            cmd: 'sha256sum -c {{ tmp_file.path }}/shasums.txt'
+            chdir: '{{ tmp_file.path }}'
+          register: shasum_check
+          failed_when: 'search_string not in shasum_check.stdout'
+          vars:
+            search_string: 'vault_{{ hc_vault_version }}_{{ hc_vault_architecture }}.zip: OK'
+    - name: install vault package
+      become: true
+      ansible.builtin.shell: |
+        cd {{ tmp_file.path }}
+        unzip -o vault_{{ hc_vault_version }}_{{ hc_vault_architecture }}.zip
+        install -g {{ hc_vault_runas }} -o {{ hc_vault_runas }} -p -m 500 ./vault {{ hc_vault_binary_path }}
+        {{ hc_vault_binary_path }} -h > /dev/null || (echo "Unexpected return, binary might be invalid")