Updates and fixes

- Add support for version specification via VAULT_VERSION environment variable
- Renamed backend configuration template
- Renamed main template to be inline with configuration section naming
- Fix broken unit file

CHANGELOG.md

@@ -116,3 +116,10 @@
 - Update CONTRIBUTORS
 - Fix merge conflict (thanks @arledesma)
 - Fix missed variable (thanks @arledesma)
+
+## v1.3.0
+
+- Add support for version specification via VAULT_VERSION environment variable
+- Renamed backend configuration template
+- Renamed main template to be inline with configuration section naming
+- Fix broken unit file

README.md

@@ -28,7 +28,7 @@ The role defines variables in `defaults/main.yml`:
 
 | Name           | Default Value | Description                        |
 | -------------- | ------------- | -----------------------------------|
-| `vault_version` | `0.6.5` | Version to install |
+| `vault_version` | `0.6.5` | Version to install - can also be specified or overridden with `VAULT_VERSION` environment variable |
 | `vault_zip_url` | `https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip` | Download URL |
 | `vault_zip_sha256` | SHA256 SUM | Archive SHA256 summary |
 | `vault_bin_path` | `/usr/local/bin` | Binary installation path |

defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 # File: defaults/main.yml - Main default variables for Vault
 
-vault_version: "0.6.5"
+vault_version: "{{ lookup('env','VAULT_VERSION') | default('0.6.5', true) }}"
 vault_pkg: "vault_{{ vault_version }}_linux_amd64.zip"
 vault_zip_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/{{ vault_pkg }}"
 vault_zip_sha256: "91432c812b1264306f8d1ecf7dd237c3d7a8b2b6aebf4f887e487c4e7f69338c"
@@ -26,4 +26,11 @@ vault_port: "8200"
 vault_node_name: "{{ inventory_hostname_short }}"
 vault_main_config: "{{ vault_config_path }}/vault_main.hcl"
 vault_primary_node: "{{hostvars[groups['primary'][0]]['ansible_fqdn']}}"
-vault_backend: "backend_consul.j2"
+vault_backend: vault_backend_consul.j2
+vault_tls_disable: 1
+vault_cluster_address:
+vault_tls_cert_file:
+vault_tls_key_file:
+vault_tls_min_version:
+vault_tls_cipher_suites:
+vault_tls_prefer_server_cipher_suites:

tasks/main.yml

@@ -38,7 +38,7 @@
 - name: Include OS-specific variables.
   include_vars: "{{ ansible_os_family }}.yml"
 
-- name: Install specified packages  
+- name: Install OS packages
   include: install.yml
 
 - name: Enable non root mlock capability
@@ -56,9 +56,9 @@
     - /var/run/vault
     - "{{ vault_config_path }}"
 
-- name: Vault server configuration
+- name: Vault listener configuration section
   template:
-    src: vault_main.hcl.j2
+    src: vault_listener.hcl.j2
     dest: "{{ vault_main_config }}"
 
 - name: SYSV init script
@@ -99,4 +99,3 @@
     host: "{{ vault_address}}"
     port: 8200
     delay: 10
-

templates/vault_main.hcl.j2 → templates/vault_listener.hcl.j2

@@ -4,5 +4,5 @@ cluster_name = "{{ vault_cluster_name }}"
 
 listener "tcp" {
  address = "{{ vault_address}}:{{ vault_port }}"
- tls_disable = 1
-}
+ tls_disable = {{ vault_tls_disable }}
+}

templates/vault_systemd.service.j2

@@ -17,7 +17,7 @@ After=basic.target network.target
 User={{ vault_user }}
 Group={{ vault_group }}
 PIDFile=/var/run/vault/vault.pid
-ExecStart="{{ vault_bin_path }}/vault" server -config={{ vault_main_config }} -log-level={{ vault_log_level }}
+ExecStart={{ vault_bin_path }}/vault server -config={{ vault_main_config }} -log-level={{ vault_log_level }}
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure

version.txt

@@ -1 +1 @@
-v1.2.10
+v1.3.0