aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fdio.infra.ansible/nomad.yaml2
-rw-r--r--fdio.infra.ansible/roles/vault/defaults/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/vault/handlers/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/vault/meta/main.yaml6
-rw-r--r--fdio.infra.ansible/roles/vault/tasks/main.yaml26
5 files changed, 18 insertions, 20 deletions
diff --git a/fdio.infra.ansible/nomad.yaml b/fdio.infra.ansible/nomad.yaml
index 5a8c4ca4bc..d7aa467007 100644
--- a/fdio.infra.ansible/nomad.yaml
+++ b/fdio.infra.ansible/nomad.yaml
@@ -22,6 +22,8 @@
tags: nomad
- role: consul
tags: consul
+ - role: vault
+ tags: vault
- role: prometheus_exporter
tags: prometheus_exporter
- role: jenkins_job_health_exporter
diff --git a/fdio.infra.ansible/roles/vault/defaults/main.yaml b/fdio.infra.ansible/roles/vault/defaults/main.yaml
index 817de84ae9..5dd3db63c1 100644
--- a/fdio.infra.ansible/roles/vault/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/vault/defaults/main.yaml
@@ -16,7 +16,7 @@ packages_by_arch:
- []
# Inst - Vault Map.
-vault_version: "1.8.1"
+vault_version: "1.11.0"
vault_architecture_map:
amd64: "amd64"
x86_64: "amd64"
diff --git a/fdio.infra.ansible/roles/vault/handlers/main.yaml b/fdio.infra.ansible/roles/vault/handlers/main.yaml
index 35841c7bc3..ff2944f115 100644
--- a/fdio.infra.ansible/roles/vault/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/vault/handlers/main.yaml
@@ -2,7 +2,7 @@
# file roles/vault/handlers/main.yaml
- name: Restart Vault
- systemd:
+ ansible.builtin.systemd:
daemon_reload: true
enabled: true
name: "{{ vault_systemd_service_name }}"
diff --git a/fdio.infra.ansible/roles/vault/meta/main.yaml b/fdio.infra.ansible/roles/vault/meta/main.yaml
index e48e7d7976..882dcc3a7b 100644
--- a/fdio.infra.ansible/roles/vault/meta/main.yaml
+++ b/fdio.infra.ansible/roles/vault/meta/main.yaml
@@ -1,11 +1,6 @@
---
# file: roles/vault/meta/main.yaml
-# desc: Install vault from repo and configure service.
-# inst: Vault
-# conf: ?
-# info: 1.0 - added role
-
dependencies: []
galaxy_info:
@@ -19,5 +14,6 @@ galaxy_info:
- name: Ubuntu
versions:
- focal
+ - jammy
galaxy_tags:
- vault
diff --git a/fdio.infra.ansible/roles/vault/tasks/main.yaml b/fdio.infra.ansible/roles/vault/tasks/main.yaml
index 300cfdb363..3fceadfb4a 100644
--- a/fdio.infra.ansible/roles/vault/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/vault/tasks/main.yaml
@@ -2,7 +2,7 @@
# file: roles/vault/tasks/main.yaml
- name: Inst - Update Package Cache (APT)
- apt:
+ ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
when:
@@ -11,21 +11,21 @@
- vault-inst-prerequisites
- name: Inst - Prerequisites
- package:
+ ansible.builtin.package:
name: "{{ packages | flatten(levels=1) }}"
state: latest
tags:
- vault-inst-prerequisites
- name: Conf - Add Vault Group
- group:
+ ansible.builtin.group:
name: "{{ vault_group }}"
state: "{{ vault_user_state }}"
tags:
- vault-conf-user
- name: Conf - Add Vault user
- user:
+ ansible.builtin.user:
name: "{{ vault_user }}"
group: "{{ vault_group }}"
state: "{{ vault_group_state }}"
@@ -34,21 +34,21 @@
- vault-conf-user
- name: Inst - Clean Vault
- file:
+ ansible.builtin.file:
path: "{{ vault_inst_dir }}/vault"
state: "absent"
tags:
- vault-inst-package
- name: Inst - Download Vault
- get_url:
+ ansible.builtin.get_url:
url: "{{ vault_zip_url }}"
dest: "{{ vault_inst_dir }}/{{ vault_pkg }}"
tags:
- vault-inst-package
- name: Inst - Unarchive Vault
- unarchive:
+ ansible.builtin.unarchive:
src: "{{ vault_inst_dir }}/{{ vault_pkg }}"
dest: "{{ vault_inst_dir }}/"
creates: "{{ vault_inst_dir }}/vault"
@@ -57,7 +57,7 @@
- vault-inst-package
- name: Inst - Vault
- copy:
+ ansible.builtin.copy:
src: "{{ vault_inst_dir }}/vault"
dest: "{{ vault_bin_dir }}"
owner: "{{ vault_user }}"
@@ -69,7 +69,7 @@
- vault-inst-package
- name: Inst - Check Vault mlock capability
- command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault"
+ ansible.builtin.command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault"
changed_when: false # read-only task
ignore_errors: true
register: vault_mlock_capability
@@ -77,13 +77,13 @@
- vault-inst-package
- name: Inst - Enable non root mlock capability
- command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault"
+ ansible.builtin.command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault"
when: vault_mlock_capability is failed
tags:
- vault-inst-package
- name: Conf - Create directories
- file:
+ ansible.builtin.file:
dest: "{{ item }}"
state: directory
owner: "{{ vault_user }}"
@@ -97,7 +97,7 @@
- vault-conf
- name: Conf - Vault main configuration
- template:
+ ansible.builtin.template:
src: "{{ vault_main_configuration_template }}"
dest: "{{ vault_main_config }}"
owner: "{{ vault_user }}"
@@ -119,7 +119,7 @@
# - vault-conf
- name: Conf - System.d Script
- template:
+ ansible.builtin.template:
src: "vault_systemd.service.j2"
dest: "/lib/systemd/system/vault.service"
owner: "root"