hcp-ansible/roles/vault/vars/main.yml

---
# vars file for vault
vault_user: "vault"
vault_group: "vault"
vault_binary_path: /usr/local/bin/vault
vault_deb_architecture_map:
  x86_64: "amd64"
  aarch64: "arm64"
  armv7l: "arm"
  armv6l: "arm"
vault_architecture: "{{ vault_deb_architecture_map[ansible_architecture] | default(ansible_architecture) }}"
vault_service_name: "vault"
vault_github_api: https://api.github.com/repos
vault_github_project: hashicorp/vault
vault_github_url: https://github.com
vault_repository_url: https://releases.hashicorp.com/vault

vault_certificates_reload_watchlist: |
  {% filter trim %}
  {% set watchlist = [] %}
  {% for listener in vault_configuration.listener %}
    {% if listener.get('tcp') %}
      {% for key in ['tls_key_file', 'tls_cert_file', 'tls_client_ca_file'] %}
        {% if listener['tcp'].get(key) %}
          {{ watchlist.append(listener['tcp'][key]) }}
        {% endif %}
      {% endfor %}
    {% endif %}
  {% endfor %}
  {{ watchlist | unique }}
  {% endfilter %}


vault_configuration:
  cluster_name: "{{ vault_cluster_name }}"
  cluster_addr: "{{ 'https' if vault_enable_tls else 'http'}}://{{ vault_cluster_addr }}:8201"
  api_addr: "{{ 'https' if vault_enable_tls else 'http'}}://{{ vault_cluster_addr }}:8200"
  ui: "{{ vault_enable_ui }}"
  disable_mlock: "{{ vault_disable_mlock }}"
  disable_cache: "{{ vault_disable_cache }}"
  listener: "{{ vault_listener_configuration }}"
  storage: "{{ vault_storage_configuration }}"
feat(roles): integrate vault role to hashistack collection 2024-07-19 21:31:41 +00:00			`---`
chore: fix boilerplate for vault role 2024-10-06 10:18:07 +00:00			`# vars file for vault`
feat(roles): integrate vault role to hashistack collection 2024-07-19 21:31:41 +00:00			`vault_user: "vault"`
			`vault_group: "vault"`
			`vault_binary_path: /usr/local/bin/vault`
			`vault_deb_architecture_map:`
			`x86_64: "amd64"`
			`aarch64: "arm64"`
			`armv7l: "arm"`
			`armv6l: "arm"`
			`vault_architecture: "{{ vault_deb_architecture_map[ansible_architecture] \| default(ansible_architecture) }}"`
			`vault_service_name: "vault"`
			`vault_github_api: https://api.github.com/repos`
			`vault_github_project: hashicorp/vault`
			`vault_github_url: https://github.com`
			`vault_repository_url: https://releases.hashicorp.com/vault`

feat: add automatic reload of vault service for certificate reloading This feature adds logic to automatically reload the vault service if tls is enbabled and the certificates have changed. This only tracks certificates copied by the extra_files logic. 2024-11-10 16:07:14 +00:00			`vault_certificates_reload_watchlist: \|`
			`{% filter trim %}`
			`{% set watchlist = [] %}`
			`{% for listener in vault_configuration.listener %}`
			`{% if listener.get('tcp') %}`
			`{% for key in ['tls_key_file', 'tls_cert_file', 'tls_client_ca_file'] %}`
			`{% if listener['tcp'].get(key) %}`
			`{{ watchlist.append(listener['tcp'][key]) }}`
			`{% endif %}`
			`{% endfor %}`
			`{% endif %}`
			`{% endfor %}`
			`{{ watchlist \| unique }}`
			`{% endfilter %}`


feat(roles): integrate vault role to hashistack collection 2024-07-19 21:31:41 +00:00			`vault_configuration:`
			`cluster_name: "{{ vault_cluster_name }}"`
			`cluster_addr: "{{ 'https' if vault_enable_tls else 'http'}}://{{ vault_cluster_addr }}:8201"`
			`api_addr: "{{ 'https' if vault_enable_tls else 'http'}}://{{ vault_cluster_addr }}:8200"`
			`ui: "{{ vault_enable_ui }}"`
			`disable_mlock: "{{ vault_disable_mlock }}"`
			`disable_cache: "{{ vault_disable_cache }}"`
			`listener: "{{ vault_listener_configuration }}"`
			`storage: "{{ vault_storage_configuration }}"`