jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-09-13 19:14:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2025-08-29 16:00

Browse Source
This commit is contained in:
Daniel Berteaud
2025-08-29 16:00:23 +02:00
parent 0008480f7b
commit 565853d64c
10 changed files with 195 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/vault_unseal/tasks/conf.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Deploy vault-unseal configuration
template: src=vault-unseal.yaml.j2 dest=/etc/vault-unseal.yaml owner=root group={{ vault_unseal_user }} mode=440
notify: restart vault-unseal
tags: vault

38
roles/vault_unseal/tasks/facts.yml Normal file
View File

@@ -0,0 +1,38 @@
---
- set_fact:
vault_unseal_install_mode: 'none'
tags: vault
- name: Detect if vault_unseal is installed
stat: path=/usr/local/bin/vault_unseal
register: vault_unseal_bin
tags: vault
- when: not vault_unseal_bin.stat.exists
set_fact: vault_unseal_install_mode='install'
tags: vault
- when: vault_unseal_bin.stat.exists
block:
- name: Detect installed version
shell: |
/usr/local/bin/vault_unseal -v | perl -pe 's/vault-unseal version: (\d+(\.\d+)*).*/$1/'
changed_when: False
register: vault_unseal_current_version
- set_fact:
vault_current_version: "{{ vault_unseal_current_version.stdout }}"
tags: vault
- when: vault_unseal_bin.stat.exists and vault_unseal_current_version != vault_unseal_version
set_fact: vault_unseal_install_mode='upgrade'
tags: vault
- debug: msg={{ vault_unseal_conf }}
tags: vault
- debug: msg={{ vault_unseal_conf.vault_nodes }}
tags: vault
- set_fact: vault_unseal_enabled={{ (vault_unseal_conf.vault_nodes | length > 0 and vault_unseal_conf.unseal_tokens | length > 0) | ternary(true, false) }}
tags: vault

17
roles/vault_unseal/tasks/install.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- name: Download vault-unseal
get_url:
url: "{{ vault_unseal_bin_url }}"
dest: /usr/local/bin/vault-unseal
checksum: sha256:{{ vault_unseal_bin_sha256 }}
owner: root
group: root
mode: 755
when: vault_unseal_install_mode != 'none'
tags: vault
- name: Deploy systemd unit
template: src=vault-unseal.service.j2 dest=/etc/systemd/system/vault-unseal.service
notify: restart vault-unseal
tags: vault

16
roles/vault_unseal/tasks/main.yml Normal file
View File

@@ -0,0 +1,16 @@
---
- include_tasks: user.yml
tags: always
- include_tasks: facts.yml
tags: always
- include_tasks: install.yml
tags: always
- include_tasks: conf.yml
tags: always
- include_tasks: service.yml
tags: always

5
roles/vault_unseal/tasks/service.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- name: Handle vault-unseal service
service: name=vault-unseal state={{ vault_unseal_enabled | ternary('started', 'stopped') }} enabled={{ vault_unseal_enabled }}
tags: vault

9
roles/vault_unseal/tasks/user.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- name: Create vault-unseal user
user:
name: "{{ vault_unseal_user }}"
home: "{{ vault_unseal_root_dir }}"
system: true
shell: /sbin/nologin
tags: vault