From c63266aec7a979e65f213606450dc1c152e73c39 Mon Sep 17 00:00:00 2001 From: Thedro Neely Date: Thu, 19 Dec 2019 11:14:42 -0500 Subject: roles: Rename entrypoint to main.yml --- roles/vault/main.yml | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++ roles/vault/vault.yml | 83 --------------------------------------------------- 2 files changed, 83 insertions(+), 83 deletions(-) create mode 100644 roles/vault/main.yml delete mode 100644 roles/vault/vault.yml (limited to 'roles/vault') diff --git a/roles/vault/main.yml b/roles/vault/main.yml new file mode 100644 index 0000000..e8d0f61 --- /dev/null +++ b/roles/vault/main.yml @@ -0,0 +1,83 @@ +--- +- hosts: vault + vars: + username: vault + deploy_path: "/opt/{{ username }}" + version: 1.3.0 + tasks: + - name: Ensuring group exists + group: + name: "{{ username }}" + state: present + - name: Creating user and making home directory + user: + system: yes + state: present + name: "{{ username }}" + groups: "{{ username }}" + home: "/opt/{{ username }}" + - name: Installing the required dependencies + apk: + state: present + update_cache: yes + name: + - sudo + - supervisor + - libcap + - block: + - name: Downloading application + get_url: + url: "https://releases.hashicorp.com/vault/{{ version }}/vault_{{ version }}_linux_amd64.zip" + dest: "{{ deploy_path }}" + - name: Extracting the application + shell: unzip vault_{{ version }}_linux_amd64.zip + args: + chdir: "{{ deploy_path }}" + creates: vault + warn: false + - name: Creating data folder + file: + path: "{{ deploy_path }}/data" + state: directory + mode: '0755' + - name: Copying config file + copy: + src: config.json + dest: "{{ deploy_path }}" + owner: "{{ username }}" + group: "{{ username }}" + mode: '0644' + register: vaultConfig + become: true + become_user: "{{ username }}" + - name: Allowing program to call mlock + capabilities: + path: "{{ deploy_path }}/vault" + capability: cap_ipc_lock=+ep + state: present + - name: Copying supervisord config file + copy: + src: supervisord.conf + dest: /etc/supervisord.conf + owner: root + group: root + mode: '0644' + register: supervisorConfig + - name: Ensuring supervisord has been started + service: + name: supervisord + state: started + - name: Restarting supervisord due to config change + service: + name: supervisord + state: restarted + when: supervisorConfig.changed + - name: Ensuring vault has been started + supervisorctl: + name: vault + state: started + - name: Restarting vault due to config change + supervisorctl: + name: vault + state: restarted + when: vaultConfig.changed \ No newline at end of file diff --git a/roles/vault/vault.yml b/roles/vault/vault.yml deleted file mode 100644 index e8d0f61..0000000 --- a/roles/vault/vault.yml +++ /dev/null @@ -1,83 +0,0 @@ ---- -- hosts: vault - vars: - username: vault - deploy_path: "/opt/{{ username }}" - version: 1.3.0 - tasks: - - name: Ensuring group exists - group: - name: "{{ username }}" - state: present - - name: Creating user and making home directory - user: - system: yes - state: present - name: "{{ username }}" - groups: "{{ username }}" - home: "/opt/{{ username }}" - - name: Installing the required dependencies - apk: - state: present - update_cache: yes - name: - - sudo - - supervisor - - libcap - - block: - - name: Downloading application - get_url: - url: "https://releases.hashicorp.com/vault/{{ version }}/vault_{{ version }}_linux_amd64.zip" - dest: "{{ deploy_path }}" - - name: Extracting the application - shell: unzip vault_{{ version }}_linux_amd64.zip - args: - chdir: "{{ deploy_path }}" - creates: vault - warn: false - - name: Creating data folder - file: - path: "{{ deploy_path }}/data" - state: directory - mode: '0755' - - name: Copying config file - copy: - src: config.json - dest: "{{ deploy_path }}" - owner: "{{ username }}" - group: "{{ username }}" - mode: '0644' - register: vaultConfig - become: true - become_user: "{{ username }}" - - name: Allowing program to call mlock - capabilities: - path: "{{ deploy_path }}/vault" - capability: cap_ipc_lock=+ep - state: present - - name: Copying supervisord config file - copy: - src: supervisord.conf - dest: /etc/supervisord.conf - owner: root - group: root - mode: '0644' - register: supervisorConfig - - name: Ensuring supervisord has been started - service: - name: supervisord - state: started - - name: Restarting supervisord due to config change - service: - name: supervisord - state: restarted - when: supervisorConfig.changed - - name: Ensuring vault has been started - supervisorctl: - name: vault - state: started - - name: Restarting vault due to config change - supervisorctl: - name: vault - state: restarted - when: vaultConfig.changed \ No newline at end of file -- cgit v1.2.3