From 6d4f607fab9c8de6bfb30e78fc72a881c5918e99 Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Mon, 17 Apr 2023 00:31:28 +0200 Subject: [PATCH] added a few configs --- tasks/configure.yml | 12 ++++++++++++ tasks/install.yml | 15 +++++++++++++++ tasks/main.yml | 5 +++++ tasks/prerequisites.yml | 7 +++++++ templates/vault_config.hcl.j2 | 23 ++++++++--------------- 5 files changed, 47 insertions(+), 15 deletions(-) create mode 100644 tasks/configure.yml create mode 100644 tasks/install.yml diff --git a/tasks/configure.yml b/tasks/configure.yml new file mode 100644 index 0000000..52e3e40 --- /dev/null +++ b/tasks/configure.yml @@ -0,0 +1,12 @@ +--- +# task/configure file for renew_vault_certificates +- name: "Copy vault_cert.pem.tpl template" + ansible.builtin.template: + src: vault_cert.tpl.j2 + dest: "{{ renew_vault_certificates_config_dir }}/vault_cert.pem.tpl" + owner: "{{ renew_vault_certificates_vault_user }}" + group: "{{ renew_vault_certificates_vault_group }}" + mode: '0600' + notify: + - "systemctl-enable-vault-ctpl" + - "systemctl-restart-vault-ctpl" \ No newline at end of file diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..0c0891f --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,15 @@ +--- +# task/install file for renew_vault_certificates +- name: "Configure hashicorp repository" + ansible.builtin.include_role: + name: ednxzu.manage_repositories + vars: + manage_repositories_enable_default_repo: false + manage_repositories_enable_custom_repo: true + manage_repositories_custom_repo: "{{ renew_vault_certificates_repository }}" + +- name: "Install vault:{{ hashi_vault_version }}" + ansible.builtin.include_role: + name: ednxzu.manage_apt_packages + vars: + manage_apt_packages_list: "{{ renew_vault_certificates_packages }}" diff --git a/tasks/main.yml b/tasks/main.yml index ef36110..0e05a2f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,2 +1,7 @@ --- # task/main file for renew_vault_certificates +- name: "Import prerequisites.yml" + ansible.builtin.include_tasks: prerequisites.yml + +- name: "Import install.yml" + ansible.builtin.include_tasks: install.yml \ No newline at end of file diff --git a/tasks/prerequisites.yml b/tasks/prerequisites.yml index 59f280c..5147449 100644 --- a/tasks/prerequisites.yml +++ b/tasks/prerequisites.yml @@ -8,3 +8,10 @@ delegate_to: localhost run_once: true +- name: "Create directory {{ renew_vault_certificates_config_dir }}" + ansible.builtin.file: + path: "{{ renew_vault_certificates_config_dir }}" + state: directory + owner: "{{ renew_vault_certificates_vault_user }}" + group: "{{ renew_vault_certificates_vault_group }}" + mode: '0755' diff --git a/templates/vault_config.hcl.j2 b/templates/vault_config.hcl.j2 index 2e953c4..9adf120 100644 --- a/templates/vault_config.hcl.j2 +++ b/templates/vault_config.hcl.j2 @@ -6,26 +6,19 @@ vault { } template { - source = "/etc/consul-template/ednz.pem.tpl" - destination = "/opt/vault/tls/ednz.pem" + source = "{{ renew_vault_certificates_config_dir }}/vault_cert.pem.tpl" + destination = "{{ renew_vault_certificates_cert_dest }}" perms = 0700 - user = "vault" - group = "vault" + user = "{{ renew_vault_certificates_vault_user }}" + group = "{{ renew_vault_certificates_vault_group }}" command = "sh -c 'date && pkill -SIGHUP vault'" } template { - source = "/etc/consul-template/ednz.key.tpl" - destination = "/opt/vault/tls/ednz.key" + source = "{{ renew_vault_certificates_config_dir }}/vault_key.pem.tpl" + destination = "{{ renew_vault_certificates_key_dest }}" perms = 0700 - user = "vault" - group = "vault" + user = "{{ renew_vault_certificates_vault_user }}" + group = "{{ renew_vault_certificates_vault_group }}" command = "sh -c 'date && pkill -SIGHUP vault'" } - -template { - source = "/etc/consul-template/ca.crt.tpl" - destination = "/opt/vault/tls/ca.crt" - user = "vault" - group = "vault" -} \ No newline at end of file