From 906af8541274d5e97f0dbb305849f8f503263755 Mon Sep 17 00:00:00 2001 From: Brian Shumate Date: Thu, 23 Feb 2017 10:01:38 -0500 Subject: [PATCH] Update tasks --- CHANGELOG.md | 6 +++++ tasks/install.yml | 35 ++++++++++++++++++------ tasks/main.yml | 69 ++++++++++++++++++++++++++++++++--------------- version.txt | 2 +- 4 files changed, 82 insertions(+), 30 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4cbac17e..a53bfcc0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -90,3 +90,9 @@ ## v1.2.6 - Check for local packages and summary files + +## v1.2.7 + +- Update main tasks +- Update install tasks +- Prefer compact YAML format across all tasks files diff --git a/tasks/install.yml b/tasks/install.yml index cfbb7347..05454682 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -2,21 +2,26 @@ # File: tasks/install.yml - package installation tasks for vault - name: OS packages - package: "name={{ item }} state=present" + package: + name: "{{ item }}" + state: present with_items: "{{ vault_os_packages }}" tags: installation - name: Check Vault package checksum file become: no connection: local - stat: "path={{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS" + stat: + path: "{{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS" run_once: true register: vault_checksum - name: Get Vault package checksum file become: no connection: local - get_url: "url={{ vault_checksum_file_url }} dest={{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS" + get_url: + url: "{{ vault_checksum_file_url }}" + dest: "{{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS" run_once: true tags: installation when: vault_checksum.stat.exists == False @@ -32,14 +37,18 @@ - name: Check Vault package file become: no connection: local - stat: "path={{ role_path }}/files/{{ vault_pkg }}" + stat: + path: "{{ role_path }}/files/{{ vault_pkg }}" run_once: true register: vault_package - name: Download vault become: no connection: local - get_url: "url={{ vault_zip_url }} dest={{ role_path }}/files/{{ vault_pkg }} checksum=sha256:{{ vault_sha256.stdout.split(' ')|first }} timeout=42" + get_url: + url: "{{ vault_zip_url }}" + dest: "{{ role_path }}/files/{{ vault_pkg }} checksum=sha256:{{ vault_sha256.stdout.split(' ')|first }}" + timeout: 42 run_once: true tags: installation when: vault_package.stat.exists == False @@ -47,17 +56,27 @@ - name: Unarchive vault become: no connection: local - unarchive: "src={{ role_path }}/files/{{ vault_pkg }} dest={{ role_path }}/files/ creates={{ role_path }}/files/vault" + unarchive: + src: "{{ role_path }}/files/{{ vault_pkg }}" + dest: "{{ role_path }}/files/" + creates: "{{ role_path }}/files/vault" run_once: true tags: installation - name: Install vault - copy: "src={{ role_path }}/files/vault dest=/usr/local/bin/ owner={{ vault_user }} group={{ vault_group }} mode=0755" + copy: + src: "{{ role_path }}/files/vault" + dest: "/usr/local/bin/" + owner: "{{ vault_user }}" + group: "{{ vault_group }}" + mode: 0755 tags: installation - name: Cleanup become: no connection: local - file: "dest={{ role_path }}/files/vault* state=absent" + file: + dest: "{{ role_path }}/files/vault*" + state: absent run_once: true tags: installation diff --git a/tasks/main.yml b/tasks/main.yml index 0cf41a98..14172aa7 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -24,8 +24,15 @@ - name: Create cluster groupings group_by: "key=os_{{ ansible_os_family }}" +- name: Create cluster groupings + group_by: "key={{ vault_node_role }}" + - name: "Add Vault user" - user: name=vault comment="Vault user" uid=1043 group=bin + user: + name: vault + comment: "Vault user" + uid: 1043 + group: bin - name: Include OS-specific variables. include_vars: "{{ ansible_os_family }}.yml" @@ -36,38 +43,58 @@ - name: Enable non root mlock capability command: "setcap cap_ipc_lock=+ep {{ vault_bin_path }}/vault" -- name: Vault directory - file: "dest=/opt/vault state=directory owner={{ vault_user }} group={{ vault_group}}" - -- name: Vault data directory - file: "dest=/var/vault state=directory owner={{ vault_user }} group={{ vault_group}}" - -- name: Vault log directory - file: "dest=/var/log/vault state=directory owner={{ vault_user }} group={{ vault_group}}" - -- name: Vault PID directory - file: "dest=/var/run/vault state=directory owner={{ vault_user }} group={{ vault_group}}" - -- name: Vault dot d directory - file: "dest=/etc/vault.d state=directory owner={{ vault_user }} group={{ vault_group}}" +- name: Create directories + file: + dest: "{{ item }}" + state: directory + owner: "{{ vault_user }}" + group: "{{ vault_group}}" + with_items: + - /opt/vault + - /var/vault + - /var/log/vault + - /var/run/vault + - /etc/vault.d - name: Vault server configuration - template: "src=vault_main.hcl.j2 dest={{ vault_config_path }}/vault_main.hcl" + template: + src: vault_main.hcl.j2 + dest: "{{ vault_config_path }}/vault_main.hcl" - name: SYSV init script - template: "src=vault_sysvinit.j2 dest=/etc/init.d/vault owner=root group=root mode=755" + template: + src: vault_sysvinit.j2 + dest: /etc/init.d/vault + owner: root + group: root + mode: 0755 when: not ansible_distribution == "Debian" - name: Debian init script - template: "src=vault_debian.init.j2 dest=/etc/init.d/vault owner=root group=root mode=755" + template: + src: vault_debian.init.j2 + dest: /etc/init.d/vault + owner: root + group: root + mode: 0755 when: ansible_distribution == "Debian" and ansible_distribution_major_version|int <= 7 - name: systemd script - template: "src=vault_systemd.service.j2 dest=/lib/systemd/system/vault.service owner=root group=root mode=644" + template: + src: vault_systemd.service.j2 + dest: /lib/systemd/system/vault.service + owner: root + group: root + mode: 0644 when: ansible_distribution_major_version|int >= 7 - name: Start Vault - service: name=vault state=started enabled=yes + service: + name: vault + state: started + enabled: yes - name: Vault running? - wait_for: port=8200 delay=10 + wait_for: + port: 8200 + delay: 10 diff --git a/version.txt b/version.txt index a6c5252c..503f4b12 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -v1.2.6 +v1.2.7