Bertrand Lanson c53e6905df
All checks were successful
development / Check commit compliance (push) Successful in 6s
pull-requests-open / Check commit compliance (pull_request) Successful in 29s
fix(vault/consul): ensure idempotence of extra_volumes list to avoid restarting on each run due to slightly different service files
2024-05-05 02:47:49 +02:00

82 lines
3.0 KiB

# #
# Non-Editable #
# #
# vault haproxy backend #
- acl is_vault hdr(host) -i {{ vault_fqdn }}
- use_backend vault_external if is_vault
- name: vault_external
options: "{{ vault_external_backend_options + vault_external_backend_servers }}"
- description vault external http backend
- option forwardfor
- option httpchk GET /v1/sys/health?standbyok=true&sealedcode=200&standbycode=200&uninitcode=200
- http-check expect status 200
- default-server inter 2s fastinter 1s downinter 1s
vault_external_backend_servers: |
{% for host in groups['vault_servers'] %}
'server vault-{{ hostvars[host].api_interface_address }} {{ hostvars[host].api_interface_address }}:8200 check {{ 'ssl verify none ' if vault_enable_tls }}inter 5s'{% if not loop.last %},{% endif %}
{% endfor %}
# vault internal tls #
vault_certificates_directory: "{{ hashi_vault_config_dir }}/tls"
- src: "{{ sub_configuration_directories['certificates'] }}/vault/{{ inventory_hostname }}"
dest: "{{ vault_certificates_directory }}"
# vault plugins #
vault_plugin_directory: "{{ hashi_vault_config_dir }}/plugin"
- src: "{{ sub_configuration_directories['vault_servers'] }}/plugin"
dest: "{{ vault_plugin_directory }}"
# vault role variables #
hashi_vault_start_service: true
hashi_vault_version: "{{ vault_versions[deployment_method] }}"
hashi_vault_deploy_method: "{{ deployment_method }}"
hashi_vault_env_variables: {}
hashi_vault_config_dir: "/etc/vault.d"
hashi_vault_data_dir: "/opt/vault"
hashi_vault_extra_files: true
hashi_vault_extra_files_list: "{{ ([] +
(vault_certificates_extra_files_dir if vault_enable_tls else []) +
(vault_plugin_extra_files_dir if vault_enable_plugins else []) +
| unique
| sort
hashi_vault_extra_files_src: "{{ sub_configuration_directories.vault_servers }}/config"
hashi_vault_extra_files_dst: "{{ hashi_vault_config_dir }}/config"
hashi_vault_extra_container_volumes: "{{ default_container_extra_volumes | union(extra_vault_container_volumes) | unique | sort }}"
cluster_name: "{{ vault_cluster_name }}"
cluster_addr: "{{ 'https' if vault_enable_tls else 'http'}}://{{ api_interface_address }}:8201"
api_addr: "{{ 'https' if vault_enable_tls else 'http'}}://{{ api_interface_address }}:8200"
ui: "{{ vault_enable_ui }}"
disable_mlock: false
disable_cache: false
listener: "{{ vault_listener_configuration }}"
storage: "{{ vault_storage_configuration }}"