jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-27 00:05:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-09-02 10:00

Browse Source
This commit is contained in:
Daniel Berteaud
2022-09-02 10:00:20 +02:00
parent c6ecd988cf
commit 67bfcd5db3
12 changed files with 73 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
roles/vault/tasks/archive_pre.yml
View File

@@ -4,6 +4,17 @@
file: path={{ vault_root_dir }}/archives/{{ vault_current_version }} state=directory
tags: vault
#- name: Take a snapshot of the data
# command: vault operator raft snapshot save {{ vault_root_dir }}/archives/{{ vault_current_version }}/vault.snap
# when:
# - vault_bkp_token is defined
# - vault_sys_services.ansible_facts.services['nomad.service'] is defined
# - vault_sys_services.ansible_facts.services['nomad.service'].state == 'started'
# - vault_status.initialized is defined and vault_status.initialized
# - vault_status.sealed is defined and not vault_status.sealed
# - vault_status.leader_address == vault_conf.api_addr
# tags: vault
- name: Backup previous version
copy: src={{ vault_root_dir }}/bin/vault dest={{ vault_root_dir }}/archives/{{ vault_current_version }}/ remote_src=True
tags: vault

4
roles/vault/tasks/conf.yml
View File

@@ -18,3 +18,7 @@
mode: 0400
notify: restart vault
tags: vault
- name: Setup logrotate
template: src=logrotate.conf.j2 dest=/etc/logrotate.d/vault
tags: vault

5
roles/vault/tasks/directories.yml
View File

@@ -15,6 +15,11 @@
owner: root
group: root
mode: 700
- dir: log
owner: "{{ vault_user }}"
group: "{{ vault_user }}"
mode: u=rwX,g=-,o=-
recurse: True
- dir: meta
owner: root
group: root

44
roles/vault/tasks/facts.yml
View File

@@ -1,12 +1,40 @@
---
- name: Detect installed version
block:
- import_tasks: ../includes/webapps_set_install_mode.yml
vars:
- root_dir: "{{ vault_root_dir }}"
- version: "{{ vault_version }}"
- set_fact: vault_install_mode={{ install_mode | default('none') }}
- set_fact: vault_current_version={{ current_version | default('') }}
- set_fact:
vault_install_mode: 'none'
vault_status: {}
tags: vault
- name: Detect if vault is installed
stat: path=/usr/local/bin/vault
register: vault_bin
tags: vault
- when: not vault_bin.stat.exists
set_fact: vault_install_mode='install'
tags: vault
- when: vault_bin.stat.exists
block:
- name: Detect installed version
shell: /usr/local/bin/vault version | perl -pe 's/Vault v(\d+(\.\d+)*)\s.*/$1/'
changed_when: False
register: vault_current_version
#- command: /usr/local/bin/vault status -format=json -tls-skip-verify
# changed_when: False
# register: vault_status
# failed_when: False # do not fail if vault is not running
- set_fact:
vault_current_version: "{{ vault_current_version.stdout }}"
# vault_status: "{{ (vault_status.rc == 0) | ternary(vault_status.stdout | from_json, {}) }}"
tags: vault
- when: vault_bin.stat.exists and vault_current_version != vault_version
set_fact: vault_install_mode='upgrade'
tags: vault
- name: Check the state of the services
service_facts:
register: vault_sys_services
tags: vault

3
roles/vault/tasks/main.yml
View File

@@ -26,9 +26,6 @@
- include_tasks: services.yml
tags: always
- include_tasks: write_version.yml
tags: always
- include_tasks: archive_post.yml
when: vault_install_mode | default('none') == 'upgrade'
tags: always

5
roles/vault/tasks/write_version.yml
View File

@@ -1,5 +0,0 @@
---
- name: Write installed version
copy: content={{ vault_version }} dest={{ vault_root_dir }}/meta/ansible_version
tags: vault