diff options
| author | Thedro Neely <thedroneely@gmail.com> | 2020-01-29 17:39:40 -0500 |
|---|---|---|
| committer | Thedro Neely <thedroneely@gmail.com> | 2020-01-29 17:39:40 -0500 |
| commit | 4fecc79ecb47fc57bd49eddb3d225a7cab061a69 (patch) | |
| tree | 2ebb885f7d33280f8652e0dc7e48c9752f983714 /roles/vault | |
| parent | 66478345b5dfc16f3930a220ed97197626c5973a (diff) | |
| download | playbooks-4fecc79ecb47fc57bd49eddb3d225a7cab061a69.tar.gz playbooks-4fecc79ecb47fc57bd49eddb3d225a7cab061a69.tar.bz2 playbooks-4fecc79ecb47fc57bd49eddb3d225a7cab061a69.zip | |
roles/vault: Update to 1.3.2
Diffstat (limited to 'roles/vault')
| -rw-r--r-- | roles/vault/main.yml | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/roles/vault/main.yml b/roles/vault/main.yml index 87c7326..31649fc 100644 --- a/roles/vault/main.yml +++ b/roles/vault/main.yml @@ -1,14 +1,19 @@ --- -- hosts: vault +# Target: alpine3.10 +- name: Install Vault + hosts: vault vars: username: vault deploy_path: "/opt/{{ username }}" - version: 1.3.0 + version: 1.3.2 + tasks: + - name: Ensuring group exists group: name: "{{ username }}" state: present + - name: Creating user and making home directory user: system: yes @@ -16,6 +21,7 @@ name: "{{ username }}" groups: "{{ username }}" home: "{{ deploy_path }}" + - name: Installing the required dependencies apk: state: present @@ -25,58 +31,71 @@ - supervisor - libcap - unzip + - block: + - name: Downloading and extracting application unarchive: src: "https://releases.hashicorp.com/vault/{{ version }}/vault_{{ version }}_linux_amd64.zip" dest: "{{ deploy_path }}" remote_src: yes + - name: Creating data folder file: path: "{{ deploy_path }}/data" state: directory mode: '0755' + - name: Copying config file copy: src: config.json dest: "{{ deploy_path }}" mode: '0644' register: vaultConfig + become: true become_user: "{{ username }}" + - name: Allowing application to call mlock capabilities: path: "{{ deploy_path }}/vault" capability: cap_ipc_lock=+ep state: present + - name: Copying supervisord config file copy: src: supervisord.conf dest: /etc/supervisord.conf mode: '0644' register: supervisorConfig + - name: Ensuring supervisord has been started and enabled service: name: supervisord state: started enabled: yes + - name: Waiting for supervisor to become active wait_for: port: 9100 + - name: Restarting supervisord due to config change service: name: supervisord state: restarted when: supervisorConfig.changed + - name: Ensuring vault has been started supervisorctl: name: vault state: started + - name: Waiting for application to become active wait_for: port: 8100 + - name: Restarting vault due to config change supervisorctl: name: vault state: restarted - when: vaultConfig.changed
\ No newline at end of file + when: vaultConfig.changed |