1 files changed, 83 insertions, 0 deletions

diff --git a/roles/vault/main.yml b/roles/vault/main.yml
new file mode 100644
index 0000000..e8d0f61
--- /dev/null
+++ b/roles/vault/main.yml
@@ -0,0 +1,83 @@
+---
+- hosts: vault
+  vars:
+    username: vault
+    deploy_path: "/opt/{{ username }}"
+    version: 1.3.0
+  tasks:
+  - name: Ensuring group exists
+    group:
+      name: "{{ username }}"
+      state: present
+  - name: Creating user and making home directory
+    user:
+      system: yes
+      state: present
+      name: "{{ username }}"
+      groups: "{{ username }}"
+      home: "/opt/{{ username }}"
+  - name: Installing the required dependencies
+    apk:
+      state: present
+      update_cache: yes
+      name:
+        - sudo
+        - supervisor
+        - libcap
+  - block:
+    - name: Downloading application
+      get_url:
+        url: "https://releases.hashicorp.com/vault/{{ version }}/vault_{{ version }}_linux_amd64.zip"
+        dest: "{{ deploy_path }}"
+    - name: Extracting the application
+      shell: unzip vault_{{ version }}_linux_amd64.zip
+      args: 
+        chdir: "{{ deploy_path }}"
+        creates: vault
+        warn: false
+    - name: Creating data folder
+      file:
+        path: "{{ deploy_path }}/data"
+        state: directory
+        mode: '0755'
+    - name: Copying config file
+      copy:
+        src: config.json
+        dest: "{{ deploy_path }}"
+        owner: "{{ username }}"
+        group: "{{ username }}"
+        mode: '0644'
+      register: vaultConfig
+    become: true
+    become_user: "{{ username }}"
+  - name: Allowing program to call mlock
+    capabilities:
+      path: "{{ deploy_path }}/vault"
+      capability: cap_ipc_lock=+ep
+      state: present
+  - name: Copying supervisord config file
+    copy:
+      src: supervisord.conf
+      dest: /etc/supervisord.conf
+      owner: root
+      group: root
+      mode: '0644'
+    register: supervisorConfig
+  - name: Ensuring supervisord has been started
+    service:
+      name: supervisord
+      state: started
+  - name: Restarting supervisord due to config change
+    service:
+      name: supervisord
+      state: restarted
+    when: supervisorConfig.changed
+  - name: Ensuring vault has been started
+    supervisorctl:
+      name: vault
+      state: started
+  - name: Restarting vault due to config change
+    supervisorctl:
+      name: vault
+      state: restarted
+    when: vaultConfig.changed
\ No newline at end of file