From 6e4b4f38b7e6ba71ac5153f655eba788bcab1135 Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Sun, 7 Jan 2024 00:57:29 +0100 Subject: [PATCH] feat(vars): add logging configuration for vault --- playbooks/group_vars/all.yml | 43 +++++++++++++++++++++------------- playbooks/tasks/vault_vars.yml | 10 ++++++++ 2 files changed, 37 insertions(+), 16 deletions(-) diff --git a/playbooks/group_vars/all.yml b/playbooks/group_vars/all.yml index fafadea..a3e29a2 100644 --- a/playbooks/group_vars/all.yml +++ b/playbooks/group_vars/all.yml @@ -82,13 +82,14 @@ hashi_consul_configuration: {} ########################## vault_cluster_name: vault +vault_enable_ui: true vault_seal_configuration: key_shares: 3 key_threshold: 2 -############### -# vault storage -############### +######### +# storage +######### vault_storage_configuration: raft: path: "{{ hashi_vault_data_dir }}/data" @@ -102,9 +103,9 @@ vault_storage_configuration: {% endfor %} ] -################ -# vault listener -################ +########## +# listener +########## vault_enable_tls: false vault_listener_configuration: tcp: @@ -119,29 +120,39 @@ vault_tls_listener_configuration: vault_extra_listener_configuration: {} -############################ -# vault service registration -############################ +###################### +# service registration +###################### vault_enable_service_registration: false vault_service_registration_configuration: consul: address: "127.0.0.1:8500" scheme: "http" -############################# -# vault plugins configuration -############################# +######### +# plugins +######### vault_enable_plugins: true vault_plugin_directory: "{{ hashi_vault_extra_files_dst }}/plugin" +######### +# logging +######### +vault_enable_log_to_file: false +vault_logging_configuration: + log_level: info + log_format: standard + log_rotate_duration: 24h + log_rotate_max_files: 30 + ######################### # vault container volumes ######################### extra_vault_container_volumes: [] -##################### -# vault configuration -##################### +############### +# configuration +############### hashi_vault_start_service: true hashi_vault_version: latest hashi_vault_deploy_method: "{{ deployment_method }}" @@ -156,7 +167,7 @@ hashi_vault_configuration: cluster_name: "{{ vault_cluster_name }}" cluster_addr: "http://{{ api_interface_address }}:8201" api_addr: "http://{{ api_interface_address }}:8200" - ui: true + ui: "{{ vault_enable_ui }}" disable_mlock: false disable_cache: false listener: "{{ vault_listener_configuration }}" diff --git a/playbooks/tasks/vault_vars.yml b/playbooks/tasks/vault_vars.yml index 0e90e1b..c0ec99a 100644 --- a/playbooks/tasks/vault_vars.yml +++ b/playbooks/tasks/vault_vars.yml @@ -29,3 +29,13 @@ combine(_config_to_merge) }}" when: vault_enable_plugins + +- name: "Merge logging configuration" + vars: + _config_to_merge: "{{ vault_logging_configuration }}" + ansible.builtin.set_fact: + hashi_vault_configuration: "{{ + hashi_vault_configuration | + combine(_config_to_merge) + }}" + when: vault_enable_log_to_file