WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(vault): add a HashiCorp Vault role

Browse source
This commit is contained in:
NaeiKinDus 2024-06-26 00:00:00 +00:00
parent 688bdae6a1
commit ddf406fd37
Signed by: WoodSmellParticle
GPG key ID: 8E52ADFF7CA8AE56
17 changed files with 477 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

61
collections/ansible_collections/nullified/infrastructure/roles/vault/tasks/main.yml Normal file
View file

@ -0,0 +1,61 @@
---
- name: create temp directory
ansible.builtin.tempfile:
state: directory
register: tmp_file
changed_when: false
- name: find vault path
ansible.builtin.command: 'bash -c "command -v vault"'
register: output_vault_binary_path
failed_when: false
changed_when: false
- name: find local vault binary version
become: true
environment:
DBUS_SESSION_BUS_ADDRESS: /dev/null
VAULT_ADDR: 'https://127.0.0.1:8200'
ansible.builtin.shell: "{{ output_vault_binary_path.stdout }} version | sed -E 's/Vault[[:space:]]+v([0-9.-]+)(\\b|$).*$/\\1/'"
when: output_vault_binary_path.rc == 0
register: output_vault_binary_version
changed_when: false
- name: set binary facts
ansible.builtin.set_fact:
hc_vault_binary_installed: "{{ 'true' if output_vault_binary_path.rc == 0 else 'false' }}"
hc_vault_binary_path: "{{ output_vault_binary_path.stdout | default(hc_vault_default_binary_path, true) }}"
hc_vault_local_binary_version: "{{ output_vault_binary_version.get('stdout', None) }}"
- name: run prerequisite tasks
ansible.builtin.import_tasks: prerequisites.yml
- name: install vault
ansible.builtin.import_tasks: install.yml
- name: run security configuration
ansible.builtin.import_tasks: security.yml
- name: find vault initialization status
ansible.builtin.command: '{{ output_vault_binary_path.stdout }} operator init -status -tls-skip-verify'
become: true
register: hc_vault_init_status
environment:
DBUS_SESSION_BUS_ADDRESS: /dev/null
VAULT_ADDR: 'https://127.0.0.1:8200'
failed_when: hc_vault_init_status.rc == 1
changed_when: false
- name: initialize vault
ansible.builtin.import_tasks: initialize.yml
when: hc_vault_initialize and hc_vault_init_status.rc == 2
- name: cleanup
become: true
ansible.builtin.file:
path: '{{ tmp_file.path }}'
state: absent
changed_when: false
- name: flush handlers
meta: flush_handlers