feat(vars): add more customization for vault deployment

This commit is contained in:
Bertrand Lanson 2023-12-31 18:28:23 +01:00
parent 41f2a5edd0
commit 2e308f3e23
3 changed files with 43 additions and 14 deletions

View File

@ -5,6 +5,10 @@
gather_facts: true
become: true
tasks:
- name: Debug
ansible.builtin.debug:
msg: "{{ hashi_vault_configuration.listener }}"
- name: "Vault"
when: enable_vault | bool
tags:

View File

@ -3,7 +3,7 @@
# General options ########
##########################
enable_vault: "yes"
enable_vault: "no"
enable_consul: "yes"
enable_nomad: "yes"
@ -14,6 +14,10 @@ api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"
configuration_directory: "{{ lookup('env', 'PWD') }}/etc/hashistack"
configuration_global_vars_file: "globals.yml"
default_container_extra_volumes:
- "/etc/timezone:/etc/timezone"
- "/etc/localtime:/etc/localtime"
##########################
# Support options ########
##########################
@ -75,6 +79,10 @@ hashi_consul_configuration: {}
##########################
vault_cluster_name: vault
###############
# vault storage
###############
vault_storage_configuration:
raft:
path: "{{ hashi_vault_data_dir }}/data"
@ -88,15 +96,36 @@ vault_storage_configuration:
{% endfor %}
]
extra_vault_container_volumes: []
default_container_extra_volumes:
- "/etc/timezone:/etc/timezone"
- "/etc/localtime:/etc/localtime"
################
# vault listener
################
vault_enable_tls: true
vault_listener_configuration:
tcp:
address: "0.0.0.0:8200"
tls_disable: true
vault_tls_listener_configuration:
tcp:
tls_disable: false
tls_cert_file: "{{ hashi_vault_config_dir }}/cert.pem"
tls_key_file: "{{ hashi_vault_config_dir }}/key.pem"
vault_extra_listener_configuration: {}
#########################
# vault container volumes
#########################
extra_vault_container_volumes: []
#####################
# vault configuration
#####################
hashi_vault_start_service: true
hashi_vault_version: latest
hashi_vault_deploy_method: "{{ deployment_method }}" # deployment method, either host or docker
hashi_vault_deploy_method: "{{ deployment_method }}"
hashi_vault_env_variables: {}
hashi_vault_config_dir: "/etc/vault.d"
hashi_vault_data_dir: "/opt/vault"
hashi_vault_extra_files: false
hashi_vault_extra_files_src: /tmp/extra_files
@ -110,11 +139,7 @@ hashi_vault_configuration:
ui: true
disable_mlock: false
disable_cache: false
listener:
tcp:
address: "0.0.0.0:8200"
tls_disable: true
#tls_disable_client_certs: true
#tls_cert_file: "{{ hashi_vault_data_dir }}/tls/cert.pem"
#tls_key_file: "{{ hashi_vault_data_dir }}/tls/key.pem"
listener: "{{ vault_listener_configuration.tcp
| combine((vault_enable_tls | bool) | ternary(vault_tls_listener_configuration.tcp, {}))
| combine(vault_extra_listener_configuration.tcp | default({})) }}"
storage: "{{ vault_storage_configuration }}"

@ -1 +1 @@
Subproject commit f2c23ced7502e7879942ba53f5d2a5df0d71f599
Subproject commit daa7aec43351c7fdc6f7cde1ef59d0021fe9fe47