ansible/xoxys.vault
1
0
Fork 0
Code Issues Pull Requests Releases Activity
42d0fa0da0
xoxys.vault/tasks/main.yml
Robert Kaussow 42d0fa0da0
Some checks failed
continuous-integration/drone/push Build is failing
Details
initial commit
2023-07-30 22:49:18 +02:00

87 lines
2.3 KiB
YAML
Raw Blame History

---
- block:
- name: Create network specs
template:
src: etc/containers/systemd/vault.network.j2
dest: "/etc/containers/systemd/vault.network"
owner: root
group: root
mode: "0640"
when: vault_network | splitext | last == ".network"
notify: __vault_restart
- name: Create container volumes
podman_volume:
name: "{{ item.name }}"
options: "{{ item.options | default(omit) }}"
state: "{{ item.state | default('present') }}"
loop: "{{ vault_volumes }}"
loop_control:
label: "{{ item.name }}"
when: item.type | default("volume") | lower == "volume"
register: __vault_volumes_raw
- name: Register container volumes map
set_fact:
__vault_volumes_map: "{{ __vault_volumes_raw.results | json_query('[].volume') | items2dict(key_name='Name', value_name='Mountpoint') }}"
- name: Deploy vault env file
template:
src: etc/containers/systemd/vault.env.j2
dest: "/etc/containers/systemd/vault.env"
owner: root
group: root
mode: "0640"
notify: __vault_restart
- name: Deploy vault config
template:
src: vault/config.hcl.j2
dest: "{{ __vault_volumes_map[vault_config_volume] }}/config.hcl"
owner: root
group: root
mode: "0644"
notify: __vault_reload
- name: Create container specs
template:
src: etc/containers/systemd/vault.container.j2
dest: "/etc/containers/systemd/vault.container"
owner: root
group: root
mode: "0640"
notify: __vault_restart
- name: Ensure service state
systemd:
name: "vault.service"
state: started
daemon_reload: True
enabled: True
become: True
become_user: root
- block:
- name: Flush handlers
meta: flush_handlers
- name: Wait for Vault startup
uri:
url: "{{ vault_url }}/{{ __vault_health_path }}"
follow_redirects: none
method: GET
register: __vault_http_result
until: __vault_http_result.status == 200
retries: 10
delay: 3
- name: Unseal vault
hashivault_unseal:
keys: "{{ vault_unseal_keys }}"
url: "{{ vault_url }}"
become: True
become_user: root
when:
- vault_auto_unseal | bool
- vault_unseal_keys | length > 0
Reference in New Issue View Git Blame Copy Permalink