diff options
author | Thedro Neely <thedroneely@gmail.com> | 2019-12-19 11:14:42 -0500 |
---|---|---|
committer | Thedro Neely <thedroneely@gmail.com> | 2019-12-19 11:14:42 -0500 |
commit | c63266aec7a979e65f213606450dc1c152e73c39 (patch) | |
tree | a66a0289552f3056c8b7bd4d878beb9488329140 /roles/vault/main.yml | |
parent | d47cbe82b2653a3c4fa165dc155d7433f01fe314 (diff) | |
download | playbooks-c63266aec7a979e65f213606450dc1c152e73c39.tar.gz playbooks-c63266aec7a979e65f213606450dc1c152e73c39.tar.bz2 playbooks-c63266aec7a979e65f213606450dc1c152e73c39.zip |
roles: Rename entrypoint to main.yml
Diffstat (limited to 'roles/vault/main.yml')
-rw-r--r-- | roles/vault/main.yml | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/roles/vault/main.yml b/roles/vault/main.yml new file mode 100644 index 0000000..e8d0f61 --- /dev/null +++ b/roles/vault/main.yml @@ -0,0 +1,83 @@ +--- +- hosts: vault + vars: + username: vault + deploy_path: "/opt/{{ username }}" + version: 1.3.0 + tasks: + - name: Ensuring group exists + group: + name: "{{ username }}" + state: present + - name: Creating user and making home directory + user: + system: yes + state: present + name: "{{ username }}" + groups: "{{ username }}" + home: "/opt/{{ username }}" + - name: Installing the required dependencies + apk: + state: present + update_cache: yes + name: + - sudo + - supervisor + - libcap + - block: + - name: Downloading application + get_url: + url: "https://releases.hashicorp.com/vault/{{ version }}/vault_{{ version }}_linux_amd64.zip" + dest: "{{ deploy_path }}" + - name: Extracting the application + shell: unzip vault_{{ version }}_linux_amd64.zip + args: + chdir: "{{ deploy_path }}" + creates: vault + warn: false + - name: Creating data folder + file: + path: "{{ deploy_path }}/data" + state: directory + mode: '0755' + - name: Copying config file + copy: + src: config.json + dest: "{{ deploy_path }}" + owner: "{{ username }}" + group: "{{ username }}" + mode: '0644' + register: vaultConfig + become: true + become_user: "{{ username }}" + - name: Allowing program to call mlock + capabilities: + path: "{{ deploy_path }}/vault" + capability: cap_ipc_lock=+ep + state: present + - name: Copying supervisord config file + copy: + src: supervisord.conf + dest: /etc/supervisord.conf + owner: root + group: root + mode: '0644' + register: supervisorConfig + - name: Ensuring supervisord has been started + service: + name: supervisord + state: started + - name: Restarting supervisord due to config change + service: + name: supervisord + state: restarted + when: supervisorConfig.changed + - name: Ensuring vault has been started + supervisorctl: + name: vault + state: started + - name: Restarting vault due to config change + supervisorctl: + name: vault + state: restarted + when: vaultConfig.changed
\ No newline at end of file |