ansible-collections/hashistack
ansible-collections/hashistack
4
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat(vars): add logging configuration for vault

Browse Source
This commit is contained in:
Bertrand Lanson 2024-01-07 00:57:29 +01:00
parent 7b10b55fa7
commit 6e4b4f38b7
2 changed files with 37 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
playbooks/group_vars/all.yml
View File

@ -82,13 +82,14 @@ hashi_consul_configuration: {}
########################## ##########################
vault_cluster_name: vault vault_cluster_name: vault
vault_enable_ui: true
vault_seal_configuration: vault_seal_configuration:
key_shares: 3 key_shares: 3
key_threshold: 2 key_threshold: 2
############### #########
# vault storage # storage
############### #########
vault_storage_configuration: vault_storage_configuration:
raft: raft:
path: "{{ hashi_vault_data_dir }}/data" path: "{{ hashi_vault_data_dir }}/data"
@ -102,9 +103,9 @@ vault_storage_configuration:
{% endfor %} {% endfor %}
] ]
################ ##########
# vault listener # listener
################ ##########
vault_enable_tls: false vault_enable_tls: false
vault_listener_configuration: vault_listener_configuration:
tcp: tcp:
@ -119,29 +120,39 @@ vault_tls_listener_configuration:
vault_extra_listener_configuration: {} vault_extra_listener_configuration: {}
############################ ######################
# vault service registration # service registration
############################ ######################
vault_enable_service_registration: false vault_enable_service_registration: false
vault_service_registration_configuration: vault_service_registration_configuration:
consul: consul:
address: "127.0.0.1:8500" address: "127.0.0.1:8500"
scheme: "http" scheme: "http"
############################# #########
# vault plugins configuration # plugins
############################# #########
vault_enable_plugins: true vault_enable_plugins: true
vault_plugin_directory: "{{ hashi_vault_extra_files_dst }}/plugin" vault_plugin_directory: "{{ hashi_vault_extra_files_dst }}/plugin"
#########
# logging
#########
vault_enable_log_to_file: false
vault_logging_configuration:
log_level: info
log_format: standard
log_rotate_duration: 24h
log_rotate_max_files: 30
######################### #########################
# vault container volumes # vault container volumes
######################### #########################
extra_vault_container_volumes: [] extra_vault_container_volumes: []
##################### ###############
# vault configuration # configuration
##################### ###############
hashi_vault_start_service: true hashi_vault_start_service: true
hashi_vault_version: latest hashi_vault_version: latest
hashi_vault_deploy_method: "{{ deployment_method }}" hashi_vault_deploy_method: "{{ deployment_method }}"
@ -156,7 +167,7 @@ hashi_vault_configuration:
cluster_name: "{{ vault_cluster_name }}" cluster_name: "{{ vault_cluster_name }}"
cluster_addr: "http://{{ api_interface_address }}:8201" cluster_addr: "http://{{ api_interface_address }}:8201"
api_addr: "http://{{ api_interface_address }}:8200" api_addr: "http://{{ api_interface_address }}:8200"
ui: true ui: "{{ vault_enable_ui }}"
disable_mlock: false disable_mlock: false
disable_cache: false disable_cache: false
listener: "{{ vault_listener_configuration }}" listener: "{{ vault_listener_configuration }}"

10
playbooks/tasks/vault_vars.yml
View File

@ -29,3 +29,13 @@
combine(_config_to_merge) combine(_config_to_merge)
}}" }}"
when: vault_enable_plugins when: vault_enable_plugins
- name: "Merge logging configuration"
vars:
_config_to_merge: "{{ vault_logging_configuration }}"
ansible.builtin.set_fact:
hashi_vault_configuration: "{{
hashi_vault_configuration |
combine(_config_to_merge)
}}"
when: vault_enable_log_to_file