Update to 2023-07-03 15:00

2025-08-05 16:17:38 +02:00 · 2023-07-03 15:00:09 +02:00
parent 590e8b5d83
commit 91f9384361
44 changed files with 426 additions and 429 deletions
--- a/roles/vault/tasks/install.yml
+++ b/roles/vault/tasks/install.yml
@@ -1,52 +1,31 @@
 ---

- name: Install needed tools
-  package:
-    name: "{{ vault_packages }}"
+- name: Deploy systemd service unit
+  template: src=vault.service.j2 dest=/etc/systemd/system/vault.service
+  register: vault_unit
+  notify: restart vault
  tags: vault

-# Migrate from the old vault role
- name: Check if vualt is a link
-  stat: path=/usr/local/bin/vault
-  register: vault_link
+- name: Install consul-template unit
+  template: src=consul-template-vault.service.j2 dest=/etc/systemd/system/consul-template-vault.service
+  notify: restart consul-template-vault
+  register: vault_secrets_nomad_unit
  tags: vault

- when: vault_link.stat.islnk is defined and vault_link.stat.islnk
-  block:
-
-    - name: Remove vault link
-      file: path=/usr/local/bin/vault state=absent
-
-    - set_fact: vault_install_mode='upgrade'
-
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: vault_unit.changed or vault_secrets_nomad_unit.changed
  tags: vault

- when: vault_install_mode != 'none'
-  block:
-    - name: Download vault
-      get_url:
-        url: "{{ vault_archive_url }}"
-        dest: /tmp
-        checksum: sha256:{{ vault_archive_sha256 }}
-
-    - name: Extract the archive
-      unarchive:
-        src: /tmp/vault_{{ vault_version }}_linux_amd64.zip
-        dest: /usr/local/bin
-        include: vault
-        remote_src: True
-        mode: 755
-
-    - name: Remove ZIP archive
-      file: path=/tmp/vault_{{ vault_version }}_linux_amd64.zip state=absent
-
+- name: Install dehydrated hook
+  template: src=dehydrated_hook.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/vault mode=755
  tags: vault

- name: Install bash completion support
+- name: Install profile script
  copy:
    content: |
-      complete -C /usr/local/bin/vault vault
-    dest: /etc/bash_completion.d/vault
-    mode: 0644
+      #!/bin/sh
+      export VAULT_ADDR={{ vault_conf.api_addr }}
+    dest: /etc/profile.d/vault.sh
+    mode: 0755
  tags: vault
-