Update to 2023-07-03 00:00

2025-08-05 16:17:38 +02:00 · 2023-07-03 00:00:20 +02:00
parent 71179d1d72
commit 53d90f07e0
33 changed files with 312 additions and 283 deletions
--- a/roles/vault/tasks/install.yml
+++ b/roles/vault/tasks/install.yml
@@ -2,11 +2,23 @@

 - name: Install needed tools
  package:
-    name:
-      - tar
-      - zstd
-      - unzip
-      - jq
+    name: "{{ vault_packages }}"
+  tags: vault
+
+# Migrate from the old vault role
+- name: Check if vualt is a link
+  stat: path=/usr/local/bin/vault
+  register: vault_link
+  tags: vault
+
+- when: vault_link.stat.islnk is defined and vault_link.stat.islnk
+  block:
+
+    - name: Remove vault link
+      file: path=/usr/local/bin/vault state=absent
+
+    - set_fact: vault_install_mode='upgrade'
+
  tags: vault

 - when: vault_install_mode != 'none'
@@ -14,63 +26,27 @@
    - name: Download vault
      get_url:
        url: "{{ vault_archive_url }}"
-        dest: "{{ vault_root_dir }}/tmp"
+        dest: /tmp
        checksum: sha256:{{ vault_archive_sha256 }}

    - name: Extract the archive
      unarchive:
-        src: "{{ vault_root_dir }}/tmp/vault_{{ vault_version }}_linux_amd64.zip"
-        dest: "{{ vault_root_dir }}/tmp"
-        remote_src: True
-
-    - name: Install vault binary
-      copy:
-        src: "{{ vault_root_dir }}/tmp/vault"
-        dest: "{{ vault_root_dir }}/bin/vault"
+        src: /tmp/vault_{{ vault_version }}_linux_amd64.zip
+        dest: /usr/local/bin
+        include: vault
        remote_src: True
        mode: 755
-      notify: restart vault

-    - name: Link in /usr/local/bin
-      file: src={{ vault_root_dir }}/bin/vault dest=/usr/local/bin/vault state=link force=True
+    - name: Remove ZIP archive
+      file: path=/tmp/vault_{{ vault_version }}_linux_amd64.zip state=absent

  tags: vault

 - name: Install bash completion support
  copy:
    content: |
-      complete -C {{ vault_root_dir }}/bin/vault vault
+      complete -C /usr/local/bin/vault vault
    dest: /etc/bash_completion.d/vault
    mode: 0644
  tags: vault

- name: Deploy systemd service unit
-  template: src=vault.service.j2 dest=/etc/systemd/system/vault.service
-  register: vault_unit
-  notify: restart vault
-  tags: vault
-
- name: Install consul-template unit
-  template: src=consul-template-vault.service.j2 dest=/etc/systemd/system/consul-template-vault.service
-  notify: restart consul-template-vault
-  register: vault_secrets_nomad_unit
-  tags: vault
-
- name: Reload systemd
-  systemd: daemon_reload=True
-  when: vault_unit.changed or vault_secrets_nomad_unit.changed
-  tags: vault
-
- name: Install dehydrated hook
-  template: src=dehydrated_hook.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/vault mode=755
-  tags: vault
-
- name: Install profile script
-  copy:
-    content: |
-      #!/bin/sh
-      export VAULT_ADDR={{ vault_conf.api_addr }}
-    dest: /etc/profile.d/vault.sh
-    mode: 0755
-  tags: vault
-