Initial version

.gitignore

@@ -0,0 +1,5 @@
+.DS_Store
+.vagrant
+.tm_properties
+*.retry
+examples/hosts

.travis.yml

@@ -0,0 +1,26 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+script:
+  # Basic role syntax check
+  - ANSIBLE_ROLES_PATH=.. ansible-playbook -i tests/inventory tests/test.yml --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

CHANGELOG.md

@@ -0,0 +1,4 @@
+## v1.0.0
+
+- Installs Vault
+- Installs Vault with Consul backend onto Consul VMs from brianshumate.consul

CONTRIBUTORS.md

@@ -0,0 +1,3 @@
+# Contributors
+
+Thank you to all these fine folks for helping with ansible-vault!

LICENSE.txt

@@ -0,0 +1,15 @@
+ansible-vault
+
+Copyright 2016 Brian Shumate
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

README.md

@@ -0,0 +1,111 @@
+# Vault
+
+![](https://travis-ci.org/brianshumate/ansible-vault.svg?branch=master)
+
+This Ansible role performs a basic [Vault](https://vault.io/) installation,
+including filesystem structure, example configuration, and Vault UI
+installation.
+
+It can also bootstrap a minimal development or evaluation cluster of 3 server
+agents running in a Vagrant and VirtualBox based environment. See
+[README_VAGRANT.md](https://github.com/brianshumate/ansible-vault/blob/master/examples/README_VAGRANT.md) and the associated [Vagrantfile](https://github.com/brianshumate/ansible-vault/blob/master/examples/Vagrantfile) for more details about the developer mode setup.
+
+## Requirements
+
+This role requires a Debian or RHEL based Linux distribution. It might work
+with other software versions, but does work with the following specific
+software and versions:
+
+* Ansible: 2.1.2.0
+* Vault: 0.6.2
+* Debian: 8
+
+## Role Variables
+
+The role specifies variables in `defaults/main.yml` and `vars/*.yml`.
+
+| Name           | Default Value | Description                        |
+| -------------- | ------------- | -----------------------------------|
+| `vault_version` | `0.6.2` | Version to install |
+| `vault_zip_url` | `https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip` | Download URL |
+| `vault_zip_sha256` | SHA256 SUM | Archive SHA256 summary |
+| `vault_bin_path` | `/usr/local/bin` | Binary installation path |
+| `vault_config_path` | `/etc/vault.d` | Configuration file path |
+| `vault_data_path` | `/var/vault` | Data path |
+| `vault_log_path` | `/var/log/vault` | Log path |
+| `vault_user` | `vault` | OS user |
+| `vault_group` | `bin` | OS group |
+| `vault_datacenter` | `dc1` | Datacenter label |
+| `vault_log_level` | `INFO` | Log level |
+| `vault_syslog_enable` | `true` | Log to syslog |
+| `vault_iface` | `eth1` | Network interface |
+| `vault_address` | `{{ hostvars[inventory_hostname]['ansible_eth1']['ipv4']['address'] }}` | Primary interface address |
+| `vault_port` | `8200` | TCP port number to use |
+| `vault_node_name` | `{{ inventory_hostname_short }}` | Short node name |
+| `vault_main_config` | `{{ vault_config_path }}/vault_main.hcl` | Main configuration file path |
+| `vault_consul` | `127.0.0.1:8500` | Address of Consul backend |
+| `vault_consul_path` | `vault` | Consul path to use |
+
+### OS Distribution Variables
+
+The Vault binary works on most Linux platforms and is not distribution
+specific. Some distributions require installation of specific OS packages with different nomenclature, so this role has support for major Linux distributions.
+
+| Name           | Default Value | Description                        |
+| -------------- | ------------- | -----------------------------------|
+| `vault_centos_pkg` | `{{ vault_version }}_linux_amd64.zip` | Vault package filename |
+| `vault_centos_url` | `{{ vault_zip_url }}` | Vault package download URL |
+| `vault_centos_sha256` | SHA256 SUM | Vault download SHA256 summary |
+| `vault_centos_os_packages` | list | List of OS packages to install |
+| `vault_debian_pkg` | `{{ vault_version }}_linux_amd64.zip` | Vault package filename |
+| `vault_debian_url` | `{{ vault_zip_url }}` | Vault package download URL |
+| `vault_debian_sha256` | SHA256 SUM | Vault download SHA256 summary |
+| `vault_debian_os_packages` | list | List of OS packages to install |
+| `vault_redhat_pkg` | `{{ vault_version }}_linux_amd64.zip` | Vault package filename |
+| `vault_redhat_url` | `{{ vault_zip_url }}` | Vault package download URL |
+| `vault_redhat_sha256` | SHA256 SUM | Vault download SHA256 summary |
+| `vault_redhat_os_packages` | list | List of OS packages to install |
+| `vault_ubuntu_pkg` | `{{ vault_version }}_linux_amd64.zip` | Vault package filename |
+| `vault_ubuntu_url` | `{{ vault_zip_url }}` | Vault package download URL |
+| `vault_ubuntu_sha256` | SHA256 SUM | Vault download SHA256 summary |
+| `vault_ubuntu_os_packages` | list | List of OS packages to install |
+
+## Dependencies
+
+None
+
+## Example Playbook
+
+
+After you have reviewed and altered any necessary variables, and created a
+host inventory file, basic Vault installation is possible using the
+included `site.yml` playbook example:
+
+```
+ansible-playbook -i hosts site.yml
+```
+
+You can also pass variables in using the `--extra-vars` option to the
+`ansible-playbook` command:
+
+```
+ansible-playbook -i hosts site.yml --extra-vars "vault_datacenter=maui"
+```
+
+### Vagrant and VirtualBox
+
+See `examples/README_VAGRANT.md` for details on quick Vagrant deployments
+under VirtualBox for testing, etc.
+
+## License
+
+BSD
+
+## Author Information
+
+[Brian Shumate](http://brianshumate.com)
+
+## Contributors
+
+Special thanks to the folks listed in [CONTRIBUTORS.md](https://github.com/brianshumate/ansible-vault/blob/master/CONTRIBUTORS.md) for their 
+contributions to this project.

defaults/main.yml

@@ -0,0 +1,25 @@
+---
+# File: defaults/main.yml - Main default variables for Vault
+
+vault_version: "0.6.0"
+#vault_version: "0.6.2"
+vault_zip_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip"
+vault_zip_sha256: "283b4f591da8a4bf92067bf9ff5b70249f20705cc963bea96ecaf032911f27c2"
+#vault_zip_sha256: "91432c812b1264306f8d1ecf7dd237c3d7a8b2b6aebf4f887e487c4e7f69338c"
+vault_bin_path: "/usr/local/bin"
+vault_config_path: "/etc/vault.d"
+vault_data_path: "/var/vault"
+vault_log_path: "/var/log/vault"
+vault_user: "vault"
+vault_group: "bin"
+vault_group_name: "cluster_nodes"
+vault_datacenter: "dc1"
+vault_consul: "127.0.0.1:8500"
+vault_consul_path: "vault"
+vault_log_level: "INFO"
+vault_syslog_enable: "true"
+vault_iface: "eth1"
+vault_address: "0.0.0.0"
+vault_port: "8200"
+vault_node_name: "{{ inventory_hostname_short }}"
+vault_main_config: "{{ vault_config_path }}/vault_main.hcl"

examples/README_VAGRANT.md

@@ -0,0 +1,112 @@
+# Vault with Ansible
+
+This project provides documentation and a collection of scripts to help you
+automate the deployment of Vault using
+[Ansible](http://www.ansibleworks.com/). These are the instructions for
+deploying a development cluster on Vagrant and VirtualBox.
+
+The documentation and scripts are merely a starting point designed to both
+help familiarize you with the processes and quickly bootstrap an environment
+for development. You may wish to expand on them and customize
+them with additional features specific to your needs later.
+
+## Vagrant Development Cluster
+
+In some situations deploying a small cluster on your local development
+machine can be handy. This document describes such a scenario using the
+following technologies:
+
+* [Vault](https://vault.io)
+* [VirtualBox](https://www.virtualbox.org/)
+* [Vagrant](http://www.vagrantup.com/) with Ansible provisioner and
+  supporting plugin
+* [Ansible](http://www.ansibleworks.com/)
+
+Each of the virtual machines for this guide are configured with
+1.5GB RAM, 2 CPU cores, and 2 network interfaces. The first interface uses
+NAT and has connection via the host to the outside world. The second
+interface is a private network and is used for Vault intra-cluster
+communication in addition to access from the host machine.
+
+The Vagrant configuration file (`Vagrantfile`) is responsible for
+configuring the virtual machines and a baseline OS installation.
+
+The Ansible playbooks then further refine OS configuration, perform Vault
+software download and installation, and the initialization of nodes
+into a ready to use cluster.
+
+## Designed for Ansible Galaxy
+
+This role is designed to be installed via the `ansible-galaxy` command
+instead of being directly run from the git repository.
+
+You should install it like this:
+
+```
+ansible-galaxy install brianshumate.vault
+```
+
+You'll want to make sure you have write access to `/etc/ansible/roles/` since
+that is where the role will be installed by default, or define your own
+Ansible role path by creating a `$HOME/.ansible.cfg` file with these contents:
+
+```
+[defaults]
+roles_path = PATH_TO_ROLES
+```
+
+Change `PATH_TO_ROLES` to a directory that you have write access to.
+
+## Quick Start
+
+Begin from the top level directory of this project and use the following
+steps to get up and running:
+
+1. Install [VirtualBox](https://www.virtualbox.org/wiki/Downloads), [Vagrant](http://downloads.vagrantup.com/), [vagrant-hosts](https://github.com/adrienthebo/vagrant-hosts), and [Ansible](http://www.ansibleworks.com/docs/intro_installation.html#latest-releases-via-pip).
+2. Edit `/etc/hosts` or use the included `bin/preinstall` script to add
+   the following entries to your development system's `/etc/hosts` file:
+ * 10.1.42.240 vault1.local vault1
+3. cd `$PATH_TO_ROLES/brianshumate.conusul/examples`
+4. `vagrant up`
+6. You can `ssh` into the node and initialize Vault:
+
+       ```
+       vagrant ssh vault1
+       VAULT_ADDR=http://10.1.42.240:8200 vault init
+       ```
+    The VAULT_ADDR` variable is set because the vault CLI expects TLS
+    to be enabled by default and this role does not yet configure TLS.
+
+By default, this project will install Debian based nodes. If you prefer, it
+can also install CentOS 7 based nodes by changing the command in step 4 to
+the following:
+
+```
+BOX_NAME="chef/centos-7.0" vagrant up
+```
+
+## Notes
+
+1. This project functions with the following software versions:
+  * Vault version 0.6.2
+  * Ansible: 2.1.2.0
+  * VirtualBox version 5.0.26
+  * Vagrant version 1.8.1
+  * Vagrant Hosts version 2.8.0
+2. This project uses Debian 8 (Jessie) by default, but you can choose another
+   OS distribution with the *BOX_NAME* environment variable
+3. The `bin/preinstall` shell script performs the following actions for you:
+ * Adds each node's host information to the host machine's `/etc/hosts`
+ * Optionally installs the Vagrant hosts plugin
+4. If you notice an error like *vm: The '' provisioner could not be found.*
+   make sure you have vagrant-hosts plugin installed
+
+## References
+
+1. https://www.vaultproject.io/
+2. https://www.vaultproject.io/intro/getting-started/deploy.html
+3. https://www.vaultproject.io/docs/index.html
+4. http://www.ansible.com/
+5. http://www.vagrantup.com/
+6. https://www.virtualbox.org/
+7. https://github.com/adrienthebo/vagrant-hosts

examples/Vagrantfile

@@ -0,0 +1,42 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vagrantfile for bootstrapping a development Vault cluster with
+# VirtualBox provider and Ansible provisioner
+
+ANSIBLE_PLAYBOOK = ENV['ANSIBLE_PLAYBOOK'] || "site.yml"
+BOX_MEM = ENV['BOX_MEM'] || "1024"
+BOX_NAME =  ENV['BOX_NAME'] || "debian/jessie64"
+VAULT_HOSTS = ENV['VAULT_HOSTS'] || "vagrant_hosts"
+LOGLEVEL = ENV['VAULT_LOGLEVEL'] || "INFO"
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.require_version ">= 1.5.0"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+
+  # Configure one Vault node
+  config.vm.define :vault do |vault_config|
+    vault_config.vm.box = BOX_NAME
+    vault_config.vm.network :private_network, ip: "10.1.42.240"
+    vault_config.vm.hostname = "vault.local"
+    vault_config.ssh.forward_agent = true
+    vault_config.vm.provider "virtualbox" do |v|
+      v.name = "vault-server"
+      v.customize ["modifyvm", :id, "--memory", BOX_MEM]
+      v.customize ["modifyvm", :id, "--ioapic", "on"]
+      v.customize ["modifyvm", :id, "--cpus", "2"]
+      v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+      v.customize ["modifyvm", :id, "--natdnsproxy1", "on"]
+    end
+    vault_config.vm.provision :ansible do |ansible|
+      ansible.inventory_path = VAULT_HOSTS
+      # Extra Ansible variables can be defined here
+      ansible.extra_vars = {
+        vault_log_level: LOGLEVEL
+      }
+      ansible.playbook = ANSIBLE_PLAYBOOK
+      ansible.limit = "all"
+    end
+  end
+end