Update to 2023-07-03 15:00

2025-07-29 18:55:34 +02:00 · 2023-07-03 15:00:09 +02:00
parent 590e8b5d83
commit 91f9384361
44 changed files with 426 additions and 429 deletions
--- a/roles/vault_bin/defaults/main.yml
+++ b/roles/vault_bin/defaults/main.yml
@@ -0,0 +1,7 @@
+# Version of Vault to install
+vault_version: 1.14.0
+# URL of the archive
+vault_archive_url: https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip
+# Expected sha256 of the archive
+vault_archive_sha256: 3d5c27e35d8ed43d861e892fc7d8f888f2fda4319a36f344f8c09603fb184b50
+
--- a/roles/vault_bin/tasks/facts.yml
+++ b/roles/vault_bin/tasks/facts.yml
@@ -0,0 +1,38 @@
+---
+
+# Load distribution specific variables
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+  tags: vault
+
+- set_fact:
+    vault_install_mode: 'none'
+  tags: vault
+
+- name: Detect if vault is installed
+  stat: path=/usr/local/bin/vault
+  register: vault_bin
+  tags: vault
+
+- when: not vault_bin.stat.exists
+  set_fact: vault_install_mode='install'
+  tags: vault
+
+- when: vault_bin.stat.exists
+  block:
+    - name: Detect installed version
+      shell: /usr/local/bin/vault version | perl -pe 's/Vault v(\d+(\.\d+)*)\s.*/$1/'
+      changed_when: False
+      register: vault_current_version
+    - set_fact:
+        vault_current_version: "{{ vault_current_version.stdout }}"
+  tags: vault
+
+- when: vault_bin.stat.exists and vault_current_version != vault_version
+  set_fact: vault_install_mode='upgrade'
+  tags: vault
+
--- a/roles/vault_bin/tasks/install.yml
+++ b/roles/vault_bin/tasks/install.yml
@@ -0,0 +1,52 @@
+---
+
+- name: Install needed tools
+  package:
+    name: "{{ vault_packages }}"
+  tags: vault
+
+# Migrate from the old vault role
+- name: Check if vault is a link
+  stat: path=/usr/local/bin/vault
+  register: vault_link
+  tags: vault
+
+- when: vault_link.stat.islnk is defined and vault_link.stat.islnk
+  block:
+
+    - name: Remove vault link
+      file: path=/usr/local/bin/vault state=absent
+
+    - set_fact: vault_install_mode='upgrade'
+
+  tags: vault
+
+- when: vault_install_mode != 'none'
+  block:
+    - name: Download vault
+      get_url:
+        url: "{{ vault_archive_url }}"
+        dest: /tmp
+        checksum: sha256:{{ vault_archive_sha256 }}
+
+    - name: Extract the archive
+      unarchive:
+        src: /tmp/vault_{{ vault_version }}_linux_amd64.zip
+        dest: /usr/local/bin
+        include: vault
+        remote_src: True
+        mode: 755
+
+    - name: Remove ZIP archive
+      file: path=/tmp/vault_{{ vault_version }}_linux_amd64.zip state=absent
+
+  tags: vault
+
+- name: Install bash completion support
+  copy:
+    content: |
+      complete -C /usr/local/bin/vault vault
+    dest: /etc/bash_completion.d/vault
+    mode: 0644
+  tags: vault
+
--- a/roles/vault_bin/tasks/main.yml
+++ b/roles/vault_bin/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
--- a/roles/vault_bin/vars/RedHat.yml
+++ b/roles/vault_bin/vars/RedHat.yml
@@ -0,0 +1,8 @@
+---
+
+vault_packages:
+  - tar
+  - zstd
+  - unzip
+  - jq
+