diff options
-rw-r--r-- | fdio.infra.ansible/nomad.yaml | 2 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/vault/defaults/main.yaml | 2 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/vault/handlers/main.yaml | 2 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/vault/meta/main.yaml | 6 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/vault/tasks/main.yaml | 26 |
5 files changed, 18 insertions, 20 deletions
diff --git a/fdio.infra.ansible/nomad.yaml b/fdio.infra.ansible/nomad.yaml index 5a8c4ca4bc..d7aa467007 100644 --- a/fdio.infra.ansible/nomad.yaml +++ b/fdio.infra.ansible/nomad.yaml @@ -22,6 +22,8 @@ tags: nomad - role: consul tags: consul + - role: vault + tags: vault - role: prometheus_exporter tags: prometheus_exporter - role: jenkins_job_health_exporter diff --git a/fdio.infra.ansible/roles/vault/defaults/main.yaml b/fdio.infra.ansible/roles/vault/defaults/main.yaml index 817de84ae9..5dd3db63c1 100644 --- a/fdio.infra.ansible/roles/vault/defaults/main.yaml +++ b/fdio.infra.ansible/roles/vault/defaults/main.yaml @@ -16,7 +16,7 @@ packages_by_arch: - [] # Inst - Vault Map. -vault_version: "1.8.1" +vault_version: "1.11.0" vault_architecture_map: amd64: "amd64" x86_64: "amd64" diff --git a/fdio.infra.ansible/roles/vault/handlers/main.yaml b/fdio.infra.ansible/roles/vault/handlers/main.yaml index 35841c7bc3..ff2944f115 100644 --- a/fdio.infra.ansible/roles/vault/handlers/main.yaml +++ b/fdio.infra.ansible/roles/vault/handlers/main.yaml @@ -2,7 +2,7 @@ # file roles/vault/handlers/main.yaml - name: Restart Vault - systemd: + ansible.builtin.systemd: daemon_reload: true enabled: true name: "{{ vault_systemd_service_name }}" diff --git a/fdio.infra.ansible/roles/vault/meta/main.yaml b/fdio.infra.ansible/roles/vault/meta/main.yaml index e48e7d7976..882dcc3a7b 100644 --- a/fdio.infra.ansible/roles/vault/meta/main.yaml +++ b/fdio.infra.ansible/roles/vault/meta/main.yaml @@ -1,11 +1,6 @@ --- # file: roles/vault/meta/main.yaml -# desc: Install vault from repo and configure service. -# inst: Vault -# conf: ? -# info: 1.0 - added role - dependencies: [] galaxy_info: @@ -19,5 +14,6 @@ galaxy_info: - name: Ubuntu versions: - focal + - jammy galaxy_tags: - vault diff --git a/fdio.infra.ansible/roles/vault/tasks/main.yaml b/fdio.infra.ansible/roles/vault/tasks/main.yaml index 300cfdb363..3fceadfb4a 100644 --- a/fdio.infra.ansible/roles/vault/tasks/main.yaml +++ b/fdio.infra.ansible/roles/vault/tasks/main.yaml @@ -2,7 +2,7 @@ # file: roles/vault/tasks/main.yaml - name: Inst - Update Package Cache (APT) - apt: + ansible.builtin.apt: update_cache: true cache_valid_time: 3600 when: @@ -11,21 +11,21 @@ - vault-inst-prerequisites - name: Inst - Prerequisites - package: + ansible.builtin.package: name: "{{ packages | flatten(levels=1) }}" state: latest tags: - vault-inst-prerequisites - name: Conf - Add Vault Group - group: + ansible.builtin.group: name: "{{ vault_group }}" state: "{{ vault_user_state }}" tags: - vault-conf-user - name: Conf - Add Vault user - user: + ansible.builtin.user: name: "{{ vault_user }}" group: "{{ vault_group }}" state: "{{ vault_group_state }}" @@ -34,21 +34,21 @@ - vault-conf-user - name: Inst - Clean Vault - file: + ansible.builtin.file: path: "{{ vault_inst_dir }}/vault" state: "absent" tags: - vault-inst-package - name: Inst - Download Vault - get_url: + ansible.builtin.get_url: url: "{{ vault_zip_url }}" dest: "{{ vault_inst_dir }}/{{ vault_pkg }}" tags: - vault-inst-package - name: Inst - Unarchive Vault - unarchive: + ansible.builtin.unarchive: src: "{{ vault_inst_dir }}/{{ vault_pkg }}" dest: "{{ vault_inst_dir }}/" creates: "{{ vault_inst_dir }}/vault" @@ -57,7 +57,7 @@ - vault-inst-package - name: Inst - Vault - copy: + ansible.builtin.copy: src: "{{ vault_inst_dir }}/vault" dest: "{{ vault_bin_dir }}" owner: "{{ vault_user }}" @@ -69,7 +69,7 @@ - vault-inst-package - name: Inst - Check Vault mlock capability - command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault" + ansible.builtin.command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault" changed_when: false # read-only task ignore_errors: true register: vault_mlock_capability @@ -77,13 +77,13 @@ - vault-inst-package - name: Inst - Enable non root mlock capability - command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault" + ansible.builtin.command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault" when: vault_mlock_capability is failed tags: - vault-inst-package - name: Conf - Create directories - file: + ansible.builtin.file: dest: "{{ item }}" state: directory owner: "{{ vault_user }}" @@ -97,7 +97,7 @@ - vault-conf - name: Conf - Vault main configuration - template: + ansible.builtin.template: src: "{{ vault_main_configuration_template }}" dest: "{{ vault_main_config }}" owner: "{{ vault_user }}" @@ -119,7 +119,7 @@ # - vault-conf - name: Conf - System.d Script - template: + ansible.builtin.template: src: "vault_systemd.service.j2" dest: "/lib/systemd/system/vault.service" owner: "root" |