--- - name: Container Setup vars: lxc_base: ansible-alpine3.11 lxc_name: vault import_playbook: ../common/tasks/lxc.yml - name: Installing Vault hosts: vault vars_files: - ../variables.yml tasks: - name: Ensuring group exists group: name: "{{ vault_user }}" state: present - name: Creating user and making home directory user: system: yes state: present name: "{{ vault_user }}" groups: "{{ vault_user }}" home: "{{ vault_home }}" - name: Installing the required dependencies apk: state: present update_cache: yes name: - sudo - supervisor - libcap - unzip - block: - name: Downloading and extracting application unarchive: src: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip" dest: "{{ vault_home }}" remote_src: yes - name: Creating data folder file: path: "{{ vault_home }}/data" state: directory mode: '0755' - name: Copying config file copy: src: config.json dest: "{{ vault_home }}" mode: '0644' register: vaultConfig become: true become_user: "{{ vault_user }}" - name: Allowing application to call mlock capabilities: path: "{{ vault_home }}/vault" capability: cap_ipc_lock=+ep state: present - name: Copying supervisord config file copy: src: supervisord.conf dest: /etc/supervisord.conf mode: '0644' register: supervisorConfig - name: Ensuring supervisord has been started and enabled service: name: supervisord state: started enabled: yes - name: Waiting for supervisor to become active wait_for: port: 9100 - name: Restarting supervisord due to config change service: name: supervisord state: restarted when: supervisorConfig.changed - name: Ensuring vault has been started supervisorctl: name: vault state: started - name: Waiting for application to become active wait_for: port: 8100 - name: Restarting vault due to config change supervisorctl: name: vault state: restarted when: vaultConfig.changed