Update tasks

CHANGELOG.md

@@ -90,3 +90,9 @@
 ## v1.2.6
 
 - Check for local packages and summary files
+
+## v1.2.7
+
+- Update main tasks
+- Update install tasks
+- Prefer compact YAML format across all tasks files

tasks/install.yml

@@ -2,21 +2,26 @@
 # File: tasks/install.yml - package installation tasks for vault
 
 - name: OS packages
-  package: "name={{ item }} state=present"
+  package:
+    name: "{{ item }}"
+    state: present
   with_items: "{{ vault_os_packages }}"
   tags: installation
 
 - name: Check Vault package checksum file
   become: no
   connection: local
-  stat: "path={{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS"
+  stat:
+    path: "{{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS"
   run_once: true
   register: vault_checksum
 
 - name: Get Vault package checksum file
   become: no
   connection: local
-  get_url: "url={{ vault_checksum_file_url }} dest={{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS"
+  get_url:
+    url: "{{ vault_checksum_file_url }}"
+    dest: "{{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS"
   run_once: true
   tags: installation
   when: vault_checksum.stat.exists == False
@@ -32,32 +37,46 @@
 - name: Check Vault package file
   become: no
   connection: local
-  stat: "path={{ role_path }}/files/{{ vault_pkg }}"
+  stat:
+    path: "{{ role_path }}/files/{{ vault_pkg }}"
   run_once: true
   register: vault_package
 
 - name: Download vault
   become: no
   connection: local
-  get_url: "url={{ vault_zip_url }} dest={{ role_path }}/files/{{ vault_pkg }} checksum=sha256:{{ vault_sha256.stdout.split(' ')|first }} timeout=42"
+  get_url:
+    url: "{{ vault_zip_url }}"
+    dest: "{{ role_path }}/files/{{ vault_pkg }} checksum=sha256:{{ vault_sha256.stdout.split(' ')|first }}"
+    timeout: 42
   run_once: true
   tags: installation
   when: vault_package.stat.exists == False
 
 - name: Unarchive vault
   become: no
   connection: local
-  unarchive: "src={{ role_path }}/files/{{ vault_pkg }} dest={{ role_path }}/files/ creates={{ role_path }}/files/vault"
+  unarchive:
+    src: "{{ role_path }}/files/{{ vault_pkg }}"
+    dest: "{{ role_path }}/files/"
+    creates: "{{ role_path }}/files/vault"
   run_once: true
   tags: installation
 
 - name: Install vault
-  copy: "src={{ role_path }}/files/vault dest=/usr/local/bin/ owner={{ vault_user }} group={{ vault_group }} mode=0755"
+  copy:
+    src: "{{ role_path }}/files/vault"
+    dest: "/usr/local/bin/"
+    owner: "{{ vault_user }}"
+    group: "{{ vault_group }}"
+    mode: 0755
   tags: installation
 
 - name: Cleanup
   become: no
   connection: local
-  file: "dest={{ role_path }}/files/vault* state=absent"
+  file:
+    dest: "{{ role_path }}/files/vault*"
+    state: absent
   run_once: true
   tags: installation

tasks/main.yml

@@ -24,8 +24,15 @@
 - name: Create cluster groupings
   group_by: "key=os_{{ ansible_os_family }}"
 
+- name: Create cluster groupings
+  group_by: "key={{ vault_node_role }}"
+
 - name: "Add Vault user"
-  user: name=vault comment="Vault user" uid=1043 group=bin
+  user:
+    name: vault
+    comment: "Vault user"
+    uid: 1043
+    group: bin
 
 - name: Include OS-specific variables.
   include_vars: "{{ ansible_os_family }}.yml"
@@ -36,38 +43,58 @@
 - name: Enable non root mlock capability
   command: "setcap cap_ipc_lock=+ep {{ vault_bin_path }}/vault"
 
-- name: Vault directory
-  file: "dest=/opt/vault state=directory owner={{ vault_user }} group={{ vault_group}}"
-
-- name: Vault data directory
-  file: "dest=/var/vault state=directory owner={{ vault_user }} group={{ vault_group}}"
-
-- name: Vault log directory
-  file: "dest=/var/log/vault state=directory owner={{ vault_user }} group={{ vault_group}}"
-
-- name: Vault PID directory
-  file: "dest=/var/run/vault state=directory owner={{ vault_user }} group={{ vault_group}}"
-
-- name: Vault dot d directory
-  file: "dest=/etc/vault.d state=directory owner={{ vault_user }} group={{ vault_group}}"
+- name: Create directories
+  file:
+    dest: "{{ item }}"
+    state: directory
+    owner: "{{ vault_user }}"
+    group: "{{ vault_group}}"
+  with_items:
+    - /opt/vault
+    - /var/vault
+    - /var/log/vault
+    - /var/run/vault
+    - /etc/vault.d
 
 - name: Vault server configuration
-  template: "src=vault_main.hcl.j2 dest={{ vault_config_path }}/vault_main.hcl"
+  template:
+    src: vault_main.hcl.j2
+    dest: "{{ vault_config_path }}/vault_main.hcl"
 
 - name: SYSV init script
-  template: "src=vault_sysvinit.j2 dest=/etc/init.d/vault owner=root group=root mode=755"
+  template:
+    src: vault_sysvinit.j2
+    dest: /etc/init.d/vault
+    owner: root
+    group: root
+    mode: 0755
   when: not ansible_distribution == "Debian"
 
 - name: Debian init script
-  template: "src=vault_debian.init.j2 dest=/etc/init.d/vault owner=root group=root mode=755"
+  template:
+    src: vault_debian.init.j2
+    dest: /etc/init.d/vault
+    owner: root
+    group: root
+    mode: 0755
   when: ansible_distribution == "Debian" and ansible_distribution_major_version|int <= 7
 
 - name: systemd script
-  template: "src=vault_systemd.service.j2 dest=/lib/systemd/system/vault.service owner=root group=root mode=644"
+  template:
+    src: vault_systemd.service.j2
+    dest: /lib/systemd/system/vault.service
+    owner: root
+    group: root
+    mode: 0644
   when: ansible_distribution_major_version|int >= 7
 
 - name: Start Vault
-  service: name=vault state=started enabled=yes
+  service:
+    name: vault
+    state: started
+    enabled: yes
 
 - name: Vault running?
-  wait_for: port=8200 delay=10
+  wait_for:
+    port: 8200
+    delay: 10

version.txt

@@ -1 +1 @@
-v1.2.6
+v1.2.7