WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(vault): add a HashiCorp Vault role

Browse source
This commit is contained in:
NaeiKinDus 2024-06-26 00:00:00 +00:00
parent 688bdae6a1
commit ddf406fd37
Signed by: WoodSmellParticle
GPG key ID: 8E52ADFF7CA8AE56
17 changed files with 477 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

38
collections/ansible_collections/nullified/infrastructure/roles/vault/tasks/initialize.yml Normal file
View file

@ -0,0 +1,38 @@
---
- name: initialize vault
become: true
no_log: true
ansible.builtin.command:
cmd: >
vault operator init
-tls-skip-verify -non-interactive -format=yaml
-key-shares={{ hc_vault_init_key_shares_count }}
-key-threshold={{ hc_vault_init_key_threshold }}
chdir: '{{ hc_vault_root_dir }}'
environment:
VAULT_ADDR: 'https://127.0.0.1:8200'
DBUS_SESSION_BUS_ADDRESS: '/dev/null'
register: init_data
- name: set init data filename
no_log: true
ansible.builtin.set_fact:
hc_vault_init_data_filename: "{{ hc_vault_init_data_filepath | default('/tmp', True) }}/vault_{{ ansible_facts['fqdn'] }}_init.yml"
- name: save initialization data
connection: local
no_log: true
block:
- name: save content to temp file
ansible.builtin.copy:
content: '{{ init_data.stdout }}'
dest: '{{ hc_vault_init_data_filename }}'
mode: '0600'
owner: "{{ ansible_facts['user_id'] }}"
group: "{{ ansible_facts['user_id'] }}"
- name: print init data file location
no_log: true
ansible.builtin.debug:
msg: 'Initialization data is stored in file "{{ hc_vault_init_data_filename }}". MAKE SURE TO SAVE IT SOMEWHERE SAFE!'
verbosity: 0