added a few configs

This commit is contained in:
Bertrand Lanson 2023-04-17 00:31:28 +02:00
parent 9ba73f6088
commit 6d4f607fab
5 changed files with 47 additions and 15 deletions

12
tasks/configure.yml Normal file
View File

@ -0,0 +1,12 @@
---
# task/configure file for renew_vault_certificates
- name: "Copy vault_cert.pem.tpl template"
ansible.builtin.template:
src: vault_cert.tpl.j2
dest: "{{ renew_vault_certificates_config_dir }}/vault_cert.pem.tpl"
owner: "{{ renew_vault_certificates_vault_user }}"
group: "{{ renew_vault_certificates_vault_group }}"
mode: '0600'
notify:
- "systemctl-enable-vault-ctpl"
- "systemctl-restart-vault-ctpl"

15
tasks/install.yml Normal file
View File

@ -0,0 +1,15 @@
---
# task/install file for renew_vault_certificates
- name: "Configure hashicorp repository"
ansible.builtin.include_role:
name: ednxzu.manage_repositories
vars:
manage_repositories_enable_default_repo: false
manage_repositories_enable_custom_repo: true
manage_repositories_custom_repo: "{{ renew_vault_certificates_repository }}"
- name: "Install vault:{{ hashi_vault_version }}"
ansible.builtin.include_role:
name: ednxzu.manage_apt_packages
vars:
manage_apt_packages_list: "{{ renew_vault_certificates_packages }}"

View File

@ -1,2 +1,7 @@
---
# task/main file for renew_vault_certificates
- name: "Import prerequisites.yml"
ansible.builtin.include_tasks: prerequisites.yml
- name: "Import install.yml"
ansible.builtin.include_tasks: install.yml

View File

@ -8,3 +8,10 @@
delegate_to: localhost
run_once: true
- name: "Create directory {{ renew_vault_certificates_config_dir }}"
ansible.builtin.file:
path: "{{ renew_vault_certificates_config_dir }}"
state: directory
owner: "{{ renew_vault_certificates_vault_user }}"
group: "{{ renew_vault_certificates_vault_group }}"
mode: '0755'

View File

@ -6,26 +6,19 @@ vault {
}
template {
source = "/etc/consul-template/ednz.pem.tpl"
destination = "/opt/vault/tls/ednz.pem"
source = "{{ renew_vault_certificates_config_dir }}/vault_cert.pem.tpl"
destination = "{{ renew_vault_certificates_cert_dest }}"
perms = 0700
user = "vault"
group = "vault"
user = "{{ renew_vault_certificates_vault_user }}"
group = "{{ renew_vault_certificates_vault_group }}"
command = "sh -c 'date && pkill -SIGHUP vault'"
}
template {
source = "/etc/consul-template/ednz.key.tpl"
destination = "/opt/vault/tls/ednz.key"
source = "{{ renew_vault_certificates_config_dir }}/vault_key.pem.tpl"
destination = "{{ renew_vault_certificates_key_dest }}"
perms = 0700
user = "vault"
group = "vault"
user = "{{ renew_vault_certificates_vault_user }}"
group = "{{ renew_vault_certificates_vault_group }}"
command = "sh -c 'date && pkill -SIGHUP vault'"
}
template {
source = "/etc/consul-template/ca.crt.tpl"
destination = "/opt/vault/tls/ca.crt"
user = "vault"
group = "vault"
}