From df81b15533d3017221ecc94b9a9de62a7eaa8e50 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Thu, 12 Jan 2023 00:02:27 +0100
Subject: [PATCH] Update to 2023-01-12 00:02

---
 roles/consul_template/defaults/main.yml           | 4 ++--
 roles/drbd_reactor/templates/drbd-reactor.toml.j2 | 4 ++--
 roles/n8n/defaults/main.yml                       | 2 +-
 roles/pgadmin4/defaults/main.yml                  | 2 +-
 roles/vault/defaults/main.yml                     | 5 +++++
 roles/vault/templates/vault.hcl.j2                | 7 ++++++-
 6 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/roles/consul_template/defaults/main.yml b/roles/consul_template/defaults/main.yml
index 3e67039..16fa092 100644
--- a/roles/consul_template/defaults/main.yml
+++ b/roles/consul_template/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
 
 # Version of consul-template to install
-consul_tpl_version: 0.29.6
+consul_tpl_version: 0.30.0
 # URL of the archive
 consul_tpl_archive_url: https://releases.hashicorp.com/consul-template/{{ consul_tpl_version }}/consul-template_{{ consul_tpl_version }}_linux_amd64.zip
 # Expected sha256 of the archive
-consul_tpl_archive_sha256: 0e653b76f8eb7712687fc407c4ae62206304d01c9d76d4c4d2e51d41570c8ac1
+consul_tpl_archive_sha256: c78db0f0eecc4d314a5130e3b4c8bd17086c6cd9080c4caf69c606de67cbe212
 
 # Root dir where consul-template will be installed
 consul_tpl_root_dir: /opt/consul_template
diff --git a/roles/drbd_reactor/templates/drbd-reactor.toml.j2 b/roles/drbd_reactor/templates/drbd-reactor.toml.j2
index 2d3dce1..ad4b486 100644
--- a/roles/drbd_reactor/templates/drbd-reactor.toml.j2
+++ b/roles/drbd_reactor/templates/drbd-reactor.toml.j2
@@ -4,6 +4,6 @@ statistics-poll-interval = 60
 [[log]]
 level = "info"
 
-[[promotheus]]
-enums = false
+[[prometheus]]
+enums = true
 address = "0.0.0.0:{{ drbd_reactor_prom_port }}"
diff --git a/roles/n8n/defaults/main.yml b/roles/n8n/defaults/main.yml
index d220c3f..b1e8794 100644
--- a/roles/n8n/defaults/main.yml
+++ b/roles/n8n/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 
 # Version to deploy
-n8n_version: 0.209.0
+n8n_version: 0.210.2
 # Root directory where n8n will be installed
 n8n_root_dir: /opt/n8n
 # User account under which n8n will run
diff --git a/roles/pgadmin4/defaults/main.yml b/roles/pgadmin4/defaults/main.yml
index 9df633f..eac08d3 100644
--- a/roles/pgadmin4/defaults/main.yml
+++ b/roles/pgadmin4/defaults/main.yml
@@ -10,7 +10,7 @@ pga_src_ip: []
 # Root dir where the app will be installed
 pga_root_dir: /opt/pgadmin4_{{ pga_id }}
 # Version to deploy
-pga_version: '6.17'
+pga_version: '6.18'
 
 # When pg_auth is an empty list, pgAdmin will be in single user mode
 # You can set it to a list, eg
diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml
index 76649a0..dbdecd3 100644
--- a/roles/vault/defaults/main.yml
+++ b/roles/vault/defaults/main.yml
@@ -78,6 +78,10 @@ vault_base_conf:
       # Default is False which means you can reach vault both directly or through your reverse proxy
       x_forwarded_for_reject_not_present: False
 
+      telemetry:
+        # Allow unauthenticated access to /v1/sys/metrics
+        unauthenticated_metrics_access: True
+
   # URL of the API to advertise
   api_addr: https://{{ inventory_hostname }}:{{ vault_services.api.port }}
   # URL of the inter-node communication endpoint to advertise
@@ -115,6 +119,7 @@ vault_base_conf:
   telemetry:
     prometheus_retention_time: 1h
     disable_hostname: True
+    enable_hostname_label: True
 
 # You can add additional paramters in vault_extra_conf (or vault_host_conf)
 # they will be merged into the vault_base_conf before rendering
diff --git a/roles/vault/templates/vault.hcl.j2 b/roles/vault/templates/vault.hcl.j2
index 8f89245..c25939f 100644
--- a/roles/vault/templates/vault.hcl.j2
+++ b/roles/vault/templates/vault.hcl.j2
@@ -18,6 +18,11 @@ listener "tcp" {
   x_forwarded_for_authorized_addrs = "{{ listener.x_forwarded_for_authorized_addrs | join(',') }}"
   x_forwarded_for_reject_not_present = {{ listener.x_forwarded_for_reject_not_present | ternary('true', 'false') }}
 {% endif %}
+{% if listener.telemetry.unauthenticated_metrics_access %}
+  telemetry {
+    unauthenticated_metrics_access = true
+  }
+{% endif %}
 }
 {% endfor %}
 
@@ -62,7 +67,7 @@ telemetry {
 {% for key in ['prometheus_retention_time'] %}
   {{ key }} = "{{ vault_conf.telemetry[key] }}"
 {% endfor %}
-{% for key in ['disable_hostname'] %}
+{% for key in ['disable_hostname', 'enable_hostname_label'] %}
   {{ key }} = {{ vault_conf.telemetry[key] | ternary('true', 'false') }}
 {% endfor %}
 }