feat(vars): add more customization for vault deployment

2023-12-31 18:28:23 +01:00 · 2023-12-31 18:28:23 +01:00 · 2e308f3e23
commit 2e308f3e23
parent 41f2a5edd0
3 changed files with 43 additions and 14 deletions
--- a/playbooks/deploy.yml
+++ b/playbooks/deploy.yml
@ -5,6 +5,10 @@
  gather_facts: true
  become: true
  tasks:
    - name: Debug
      ansible.builtin.debug:
        msg: "{{ hashi_vault_configuration.listener }}"
    - name: "Vault"
      when: enable_vault | bool
      tags:
--- a/playbooks/group_vars/all.yml
+++ b/playbooks/group_vars/all.yml
@ -3,7 +3,7 @@
 # General options ########
 ##########################
-enable_vault: "yes"
+enable_vault: "no"
 enable_consul: "yes"
 enable_nomad: "yes"
@ -14,6 +14,10 @@ api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"
 configuration_directory: "{{ lookup('env', 'PWD') }}/etc/hashistack"
 configuration_global_vars_file: "globals.yml"
 default_container_extra_volumes:
  - "/etc/timezone:/etc/timezone"
  - "/etc/localtime:/etc/localtime"
 ##########################
 # Support options ########
 ##########################
@ -75,6 +79,10 @@ hashi_consul_configuration: {}
 ##########################
 vault_cluster_name: vault
 ###############
 # vault storage
 ###############
 vault_storage_configuration:
  raft:
    path: "{{ hashi_vault_data_dir }}/data"
@ -88,15 +96,36 @@ vault_storage_configuration:
      {% endfor %}
      ]
-extra_vault_container_volumes: []
+################
-default_container_extra_volumes:
+# vault listener
-  - "/etc/timezone:/etc/timezone"
+################
-  - "/etc/localtime:/etc/localtime"
+vault_enable_tls: true
 vault_listener_configuration:
  tcp:
    address: "0.0.0.0:8200"
    tls_disable: true
 vault_tls_listener_configuration:
  tcp:
    tls_disable: false
    tls_cert_file: "{{ hashi_vault_config_dir }}/cert.pem"
    tls_key_file: "{{ hashi_vault_config_dir }}/key.pem"
 vault_extra_listener_configuration: {}
 #########################
 # vault container volumes
 #########################
 extra_vault_container_volumes: []
 #####################
 # vault configuration
 #####################
 hashi_vault_start_service: true
 hashi_vault_version: latest
-hashi_vault_deploy_method: "{{ deployment_method }}"  # deployment method, either host or docker
+hashi_vault_deploy_method: "{{ deployment_method }}"
 hashi_vault_env_variables: {}
 hashi_vault_config_dir: "/etc/vault.d"
 hashi_vault_data_dir: "/opt/vault"
 hashi_vault_extra_files: false
 hashi_vault_extra_files_src: /tmp/extra_files
@ -110,11 +139,7 @@ hashi_vault_configuration:
  ui: true
  disable_mlock: false
  disable_cache: false
-  listener:
+  listener: "{{ vault_listener_configuration.tcp
-    tcp:
+    | combine((vault_enable_tls | bool) | ternary(vault_tls_listener_configuration.tcp, {}))
-      address: "0.0.0.0:8200"
+    | combine(vault_extra_listener_configuration.tcp | default({})) }}"
      tls_disable: true
      #tls_disable_client_certs: true
      #tls_cert_file: "{{ hashi_vault_data_dir }}/tls/cert.pem"
      #tls_key_file: "{{ hashi_vault_data_dir }}/tls/key.pem"
  storage: "{{ vault_storage_configuration }}"
--- a/roles/hashicorp_vault
+++ b/roles/hashicorp_vault
@ -1 +1 @@
-Subproject commit f2c23ced7502e7879942ba53f5d2a5df0d71f599
+Subproject commit daa7aec43351c7fdc6f7cde1ef59d0021fe9fe47
		`@ -1 +1 @@`
			`Subproject commit f2c23ced7502e7879942ba53f5d2a5df0d71f599`				`Subproject commit daa7aec43351c7fdc6f7cde1ef59d0021fe9fe47`