WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-infra/ansible_collections/nullified/infrastructure/roles/vault/tasks/main.yml

64 lines
2 KiB
YAML
Raw Blame History

---
- name: create temp directory
ansible.builtin.tempfile:
state: directory
register: tmp_file
changed_when: false
- name: find vault path
ansible.builtin.command: 'bash -c "command -v vault"'
register: output_vault_binary_path
failed_when: false
changed_when: false
- name: find local vault binary version
become: true
environment:
DBUS_SESSION_BUS_ADDRESS: /dev/null
VAULT_ADDR: 'https://127.0.0.1:8200'
ansible.builtin.shell: "{{ output_vault_binary_path.stdout }} version | sed -E 's/Vault[[:space:]]+v([0-9.-]+)(\\b|$).*$/\\1/'"
when: output_vault_binary_path.rc == 0
register: output_vault_binary_version
changed_when: false
- name: set binary facts
ansible.builtin.set_fact:
hc_vault_binary_installed: "{{ 'true' if output_vault_binary_path.rc == 0 else 'false' }}"
hc_vault_binary_path: "{{ output_vault_binary_path.stdout | default(hc_vault_default_binary_path, true) }}"
hc_vault_local_binary_version: "{{ output_vault_binary_version.get('stdout', None) }}"
- name: run prerequisite tasks
ansible.builtin.import_tasks: prerequisites.yml
- name: install vault binary
ansible.builtin.import_tasks: install_binary.yml
- name: install vault service
ansible.builtin.import_tasks: install_service.yml
- name: run security configuration
ansible.builtin.import_tasks: security.yml
- name: find vault initialization status
ansible.builtin.command: '{{ output_vault_binary_path.stdout }} operator init -status -tls-skip-verify'
become: true
register: hc_vault_init_status
environment:
DBUS_SESSION_BUS_ADDRESS: /dev/null
VAULT_ADDR: 'https://127.0.0.1:8200'
failed_when: hc_vault_init_status.rc == 1
changed_when: false
- name: initialize vault
ansible.builtin.import_tasks: initialize.yml
when: hc_vault_initialize and hc_vault_init_status.rc == 2
- name: cleanup
become: true
ansible.builtin.file:
path: '{{ tmp_file.path }}'
state: absent
changed_when: false
- name: flush handlers
meta: flush_handlers
Reference in a new issue View git blame Copy permalink