Merge branch 'master' of github.com:brianshumate/ansible-vault

ansible-community · Apr 25, 2017 · 97328aa · 97328aa
2 parents 1d075cc + 910a3e1
commit 97328aa
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 1 deletion.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -58,3 +58,6 @@ vault_tls_prefer_server_cipher_suites: "{{ lookup('env','VAULT_TLS_PREFER_SERVER
 ### Vault
 
 vault_pkg: "vault_{{ vault_version }}_{{ vault_os }}_{{ vault_architecture }}.zip"
+
+### Install Method
+vault_install_remotely: false
diff --git a/tasks/install_remote.yml b/tasks/install_remote.yml
@@ -0,0 +1,65 @@
+---
+# File: tasks/install_remote.yml - package installation tasks for vault
+
+- name: OS packages
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ vault_os_packages }}"
+  tags: installation
+
+- name: Ensure remote vault dir exists
+  file:
+    path: /tmp/vault
+    state: directory
+
+- name: Check Vault package checksum file
+  stat:
+    path: "/tmp/vault/vault_{{ vault_version }}_SHA256SUMS"
+  run_once: true
+  register: vault_checksum
+
+- name: Get Vault package checksum file
+  get_url:
+    url: "{{ vault_checksum_file_url }}"
+    dest: "/tmp/vault/vault_{{ vault_version }}_SHA256SUMS"
+  run_once: true
+  tags: installation
+  when: vault_checksum.stat.exists == False
+
+- name: Get Vault package checksum
+  shell: "grep {{ vault_pkg }} /tmp/vault/vault_{{ vault_version }}_SHA256SUMS"
+  register: vault_sha256
+  tags: installation
+
+- name: Check Vault package file
+  stat:
+    path: "/tmp/vault/{{ vault_pkg }}"
+  register: vault_package
+  tags: installation
+
+- name: Download Vault
+  get_url:
+    url: "{{ vault_zip_url }}"
+    dest: "/tmp/vault/{{ vault_pkg }}"
+    checksum: "sha256:{{ vault_sha256.stdout.split(' ')|first }}"
+    timeout: "42"
+  tags: installation
+  when: vault_package.stat.exists == False
+
+- name: Unarchive Vault and install binary
+  unarchive:
+    remote_src: yes
+    src: "/tmp/vault/{{ vault_pkg }}"
+    dest: "{{ vault_bin_path }}"
+    owner: "{{ vault_user }}"
+    group: "{{ vault_group }}"
+    mode: "0755"
+  tags: installation
+
+- name: Cleanup
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_fileglob: "/tmp/vault"
+  tags: installation
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -44,8 +44,13 @@
 - name: Include OS-specific variables
   include_vars: "{{ ansible_os_family }}.yml"
 
-- name: Install OS packages
+- name: Install OS packages and vault - locally
   include: install.yml
+  when: not vault_install_remotely
+
+- name: Install OS packages and vault - remotely
+  include: install_remote.yml
+  when: vault_install_remotely
 
 - name: Enable non root mlock capability
   command: "setcap cap_ipc_lock=+ep {{ vault_bin_path }}/vault"