58 lines
1.1 KiB
YAML
58 lines
1.1 KiB
YAML
# roles/vault/tasks/main.yml
|
|
---
|
|
- name: Create vault user
|
|
user:
|
|
name: vault
|
|
system: yes
|
|
shell: /bin/false
|
|
home: /opt/vault
|
|
|
|
- name: Download Vault binary
|
|
get_url:
|
|
url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip"
|
|
dest: /tmp/vault.zip
|
|
mode: '0644'
|
|
|
|
- name: Extract Vault binary
|
|
unarchive:
|
|
src: /tmp/vault.zip
|
|
dest: /usr/local/bin/
|
|
remote_src: yes
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
|
|
- name: Create Vault directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: vault
|
|
group: vault
|
|
mode: '0750'
|
|
loop:
|
|
- /etc/vault.d
|
|
- /opt/vault/data
|
|
- /opt/vault/logs
|
|
|
|
- name: Generate Vault configuration
|
|
template:
|
|
src: vault.hcl.j2
|
|
dest: /etc/vault.d/vault.hcl
|
|
owner: vault
|
|
group: vault
|
|
mode: '0640'
|
|
notify: restart vault
|
|
|
|
- name: Create Vault systemd service
|
|
template:
|
|
src: vault.service.j2
|
|
dest: /etc/systemd/system/vault.service
|
|
notify:
|
|
- reload systemd
|
|
- restart vault
|
|
|
|
- name: Start and enable Vault service
|
|
service:
|
|
name: vault
|
|
state: started
|
|
enabled: yes |