ansible
/
security_ansible_playbook
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
security_ansible_playbook/playbooks/vault_install.yaml

95 lines
1.9 KiB
YAML
Raw Blame History

---
- name: Install and Configure HashiCorp Vault
hosts: security_servers
become: true
vars:
vault_version: "1.15.2"
vault_datacenter: "dc1"
tasks:
- name: Create vault user
user:
name: vault
system: yes
shell: /bin/false
home: /opt/vault
- name: Download Vault binary
get_url:
url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip"
dest: /tmp/vault.zip
mode: '0644'
- name: Install unzip
apt:
name: unzip
state: present
update_cache: yes
- name: Extract Vault binary
unarchive:
src: /tmp/vault.zip
dest: /usr/local/bin/
remote_src: yes
owner: root
group: root
mode: '0755'
- name: Create Vault directories
file:
path: "{{ item }}"
state: directory
owner: vault
group: vault
mode: '0750'
loop:
- /etc/vault.d
- /opt/vault/data
- /opt/vault/logs
- name: Generate Vault configuration
template:
src: vault.hcl.j2
dest: /etc/vault.d/vault.hcl
owner: vault
group: vault
mode: '0640'
notify: restart vault
- name: Create Vault systemd service
template:
src: vault.service.j2
dest: /etc/systemd/system/vault.service
notify:
- reload systemd
- restart vault
- name: Start and enable Vault service
service:
name: vault
state: started
enabled: yes
- name: Wait for Vault to be ready
wait_for:
port: 8200
host: 127.0.0.1
delay: 10
- name: Display Vault status
debug:
msg: |
Vault has been installed and started.
Access Vault UI at: http://{{ ansible_default_ipv4.address }}:8200
Initialize Vault with: vault operator init
handlers:
- name: reload systemd
systemd:
daemon_reload: yes
- name: restart vault
service:
name: vault
state: restarted
Reference in New Issue View Git Blame Copy Permalink