blob: 31649fc1f309c27297094687903b0368eda70c3c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
---
# Target: alpine3.10
- name: Install Vault
hosts: vault
vars:
username: vault
deploy_path: "/opt/{{ username }}"
version: 1.3.2
tasks:
- name: Ensuring group exists
group:
name: "{{ username }}"
state: present
- name: Creating user and making home directory
user:
system: yes
state: present
name: "{{ username }}"
groups: "{{ username }}"
home: "{{ deploy_path }}"
- name: Installing the required dependencies
apk:
state: present
update_cache: yes
name:
- sudo
- supervisor
- libcap
- unzip
- block:
- name: Downloading and extracting application
unarchive:
src: "https://releases.hashicorp.com/vault/{{ version }}/vault_{{ version }}_linux_amd64.zip"
dest: "{{ deploy_path }}"
remote_src: yes
- name: Creating data folder
file:
path: "{{ deploy_path }}/data"
state: directory
mode: '0755'
- name: Copying config file
copy:
src: config.json
dest: "{{ deploy_path }}"
mode: '0644'
register: vaultConfig
become: true
become_user: "{{ username }}"
- name: Allowing application to call mlock
capabilities:
path: "{{ deploy_path }}/vault"
capability: cap_ipc_lock=+ep
state: present
- name: Copying supervisord config file
copy:
src: supervisord.conf
dest: /etc/supervisord.conf
mode: '0644'
register: supervisorConfig
- name: Ensuring supervisord has been started and enabled
service:
name: supervisord
state: started
enabled: yes
- name: Waiting for supervisor to become active
wait_for:
port: 9100
- name: Restarting supervisord due to config change
service:
name: supervisord
state: restarted
when: supervisorConfig.changed
- name: Ensuring vault has been started
supervisorctl:
name: vault
state: started
- name: Waiting for application to become active
wait_for:
port: 8100
- name: Restarting vault due to config change
supervisorctl:
name: vault
state: restarted
when: vaultConfig.changed
|