Skip to content

Commit

Permalink
Cleanup and updates
Browse files Browse the repository at this point in the history 
- Handle cluster_addre differently
- Cleanup tasks
- Consistent variable style
- Cleanup meta
  • Loading branch information
@brianshumate
brianshumate committed Mar 23, 2017
1 parent b0b2c87 commit 7b3148d
Show file tree
Hide file tree
Showing 6 changed files with 47 additions and 138 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,3 +148,10 @@
## v1.3.5

- Remove explicit cluster_addr and let Vault default the value for now

## v1.3.6

- Handle cluster_addre differently
- Cleanup tasks
- Consistent variable style
- Cleanup meta
42 changes: 22 additions & 20 deletions defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,35 +4,37 @@
vault_version: "{{ lookup('env','VAULT_VERSION') | default('0.7.0', true) }}"
vault_pkg: "vault_{{ vault_version }}_linux_amd64.zip"
vault_zip_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/{{ vault_pkg }}"
vault_zip_sha256: "91432c812b1264306f8d1ecf7dd237c3d7a8b2b6aebf4f887e487c4e7f69338c"
vault_checksum_file_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version}}_SHA256SUMS"
vault_bin_path: "/usr/local/bin"
vault_config_path: "/etc/vault.d"
vault_data_path: "/var/vault"
vault_log_path: "/var/log/vault"
vault_user: "vault"
vault_group: "bin"
vault_group_name: "cluster_nodes"
vault_cluster_name: "sutakku"
vault_datacenter: "dc1"
vault_consul: "127.0.0.1:8500"
vault_consul_path: "vault"
vault_log_level: "info"
vault_syslog_enable: "true"
vault_iface: "eth1"
vault_bin_path: /usr/local/bin
vault_config_path: /etc/vault.d
vault_data_path: /var/vault
vault_log_path: /var/log/vault
vault_run_path: /var/run/vault
vault_user: vault
vault_group: bin
vault_group_name: cluster_nodes
vault_cluster_name: sutakku
vault_datacenter: dc1
vault_consul: 127.0.0.1:8500
vault_consul_path: vault
vault_log_level: info
vault_syslog_enable: true
vault_iface: eth1
vault_address: "0.0.0.0"
vault_redirect_addr: "{{ hostvars[inventory_hostname]['ansible_'+vault_iface]['ipv4']['address'] }}"
vault_port: "8200"
vault_port: 8200
vault_node_name: "{{ inventory_hostname_short }}"
vault_main_config: "{{ vault_config_path }}/vault_main.hcl"
vault_primary_node: "{{hostvars[groups['primary'][0]]['ansible_fqdn']}}"
vault_backend: vault_backend_consul.j2
vault_cluster_address: "{{hostvars[groups['primary'][0]]['ansible_default_ipv4']['address']}}"
vault_cluster_disable: false
vault_cluster_address: "{{ hostvars[inventory_hostname]['ansible_'+vault_iface]['ipv4']['address'] }}"
vault_tls_disable: 1
vault_cluster_address:
vault_tls_cert_file:
vault_tls_cert_file_dest: "{{ vault_config_path }}/vault.crt" # "/etc/pki/tls/certs/vault.crt"
vault_tls_cert_file_dest: "{{ vault_config_path }}/vault.crt" # /etc/pki/tls/certs/vault.crt
vault_tls_key_file:
vault_tls_key_file_dest: "{{ vault_config_path }}/vault.key" # "/etc/pki/tls/private/vault.key"
vault_tls_min_version: "tls12"
vault_tls_min_version: tls12
vault_tls_cipher_suites:
vault_tls_prefer_server_cipher_suites: "false"
vault_tls_prefer_server_cipher_suites: false
112 changes: 4 additions & 108 deletions meta/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,132 +3,28 @@ galaxy_info:
author: Brian Shumate
description: Vault server role
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: license BSD
min_ansible_version: 2.0
#
# Below are all platforms currently available. Just uncomment
# the ones that apply to your role. If you don't see your
# platform on this list, let us know and we'll get it added!
#
min_ansible_version: 2.1.0.0
platforms:
- name: EL
versions:
# - all
# - 5
- 6
- 7
#- name: GenericUNIX
# versions:
# - all
# - any
#- name: Fedora
# versions:
# - all
# - 16
# - 17
# - 18
# - 19
# - 20
# - 21
# - 22
#- name: SmartOS
# versions:
# - all
# - any
#- name: opensuse
# versions:
# - all
# - 12.1
# - 12.2
# - 12.3
# - 13.1
# - 13.2
#- name: Amazon
# versions:
# - all
# - 2013.03
# - 2013.09
#- name: GenericBSD
# versions:
# - all
# - any
#- name: FreeBSD
# versions:
# - all
# - 8.0
# - 8.1
# - 8.2
# - 8.3
# - 8.4
# - 9.0
# - 9.1
# - 9.1
# - 9.2
# - 11.0
- name: Ubuntu
versions:
# - all
# - lucid
# - maverick
# - natty
# - oneiric
# - precise
# - quantal
# - raring
# - saucy
- trusty
# - utopic
- vivid
#- name: SLES
# versions:
# - all
# - 10SP3
# - 10SP4
# - 11
# - 11SP1
# - 11SP2
# - 11SP3
#- name: GenericLinux
# versions:
# - all
# - any
- xenial
- name: Debian
versions:
# - all
# - etch
- jessie
# - lenny
# - squeeze
# - wheezy
#
# Below are all categories currently available. Just as with
# the platforms above, uncomment those that apply to your role.
#
galaxy_tags:
#- cloud
#- cloud:ec2
#- cloud:gce
#- cloud:rax
#- clustering
#- database
#- database:nosql
#- database:sql
#- development
#- monitoring
- networking
#- packaging
- security
- system
#- web
dependencies: []
# List your role dependencies here, one per line.
# Be sure to remove the '[]' above if you add dependencies
# to this list.
16 changes: 8 additions & 8 deletions tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
group_by:
key: "{{ vault_node_role }}"

- name: "Add Vault user"
- name: "Add Vault user
user:
name: "{{ vault_user }}"
comment: "Vault user"
Expand All @@ -52,10 +52,10 @@
owner: "{{ vault_user }}"
group: "{{ vault_group}}"
with_items:
- "{{ vault_config_path }}"
- "{{ vault_data_path }}"
- "{{ vault_log_path }}"
- /var/run/vault
- "{{ vault_config_path }}"
- "{{ vault_run_path }}"

- name: Vault SSL Certificate and Key
copy:
Expand All @@ -67,13 +67,13 @@
with_items:
- src: "{{ vault_tls_cert_file }}"
dest: "{{ vault_tls_cert_file_dest }}"
mode: "0644"
mode: 0644
- src: "{{ vault_tls_key_file }}"
dest: "{{ vault_tls_key_file_dest }}"
mode: "0600"
mode: 0600
when: vault_tls_cert_file is defined and vault_tls_key_file is defined

- name: Vault listener configuration section
- name: Vault listener configuration
template:
src: vault_listener.hcl.j2
dest: "{{ vault_main_config }}"
Expand All @@ -96,7 +96,7 @@
mode: 0755
when: ansible_distribution == "Debian" and ansible_distribution_major_version|int <= 7

- name: systemd script
- name: systemd unit
template:
src: vault_systemd.service.j2
dest: /lib/systemd/system/vault.service
Expand All @@ -111,7 +111,7 @@
state: started
enabled: yes

- name: Vault running?
- name: Vault API reachable?
wait_for:
host: "{{ vault_address}}"
port: "{{ vault_port }}"
Expand Down
6 changes: 5 additions & 1 deletion templates/vault_backend_consul.j2
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
{% set _vault_plus_one_port = vault_port | int + 1 | abs %}

backend "consul" {
address = "{{ vault_consul }}"
redirect_addr = "http://{{ vault_redirect_addr }}:{{ vault_port }}"
path = "vault"
redirect_addr = "http://{{ vault_redirect_addr }}:{{ vault_port }}"
cluster_addr = "http://{{ vault_cluster_address }}:{{ _vault_plus_one_port }}"
disable_clustering = "{{ vault_cluster_disable }}"
}
2 changes: 1 addition & 1 deletion version.txt
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
v1.3.5
v1.3.6

0 comments on commit 7b3148d

Please sign in to comment.