From d894fcb9556cdc24be468b92f66d2b57bb8ebfbd Mon Sep 17 00:00:00 2001
From: Brian Shumate <brian@brianshumate.com>
Date: Fri, 10 Mar 2017 12:23:46 -0500
Subject: [PATCH] Updates and fixes

- Add support for version specification via VAULT_VERSION environment variable
- Renamed backend configuration template
- Renamed main template to be inline with configuration section naming
- Fix broken unit file
---
 CHANGELOG.md                                          |  7 +++++++
 README.md                                             |  2 +-
 defaults/main.yml                                     | 11 +++++++++--
 tasks/main.yml                                        |  7 +++----
 .../{backend_consul.j2 => vault_backend_consul.j2}    |  0
 .../{vault_main.hcl.j2 => vault_listener.hcl.j2}      |  4 ++--
 templates/vault_systemd.service.j2                    |  2 +-
 version.txt                                           |  2 +-
 8 files changed, 24 insertions(+), 11 deletions(-)
 rename templates/{backend_consul.j2 => vault_backend_consul.j2} (100%)
 rename templates/{vault_main.hcl.j2 => vault_listener.hcl.j2} (78%)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 92a80eaa..a19404a7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -116,3 +116,10 @@
 - Update CONTRIBUTORS
 - Fix merge conflict (thanks @arledesma)
 - Fix missed variable (thanks @arledesma)
+
+## v1.3.0
+
+- Add support for version specification via VAULT_VERSION environment variable
+- Renamed backend configuration template
+- Renamed main template to be inline with configuration section naming
+- Fix broken unit file
diff --git a/README.md b/README.md
index c6d661f0..f754d785 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,7 @@ The role defines variables in `defaults/main.yml`:
 
 | Name           | Default Value | Description                        |
 | -------------- | ------------- | -----------------------------------|
-| `vault_version` | `0.6.5` | Version to install |
+| `vault_version` | `0.6.5` | Version to install - can also be specified or overridden with `VAULT_VERSION` environment variable |
 | `vault_zip_url` | `https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip` | Download URL |
 | `vault_zip_sha256` | SHA256 SUM | Archive SHA256 summary |
 | `vault_bin_path` | `/usr/local/bin` | Binary installation path |
diff --git a/defaults/main.yml b/defaults/main.yml
index 90becf24..4c105f76 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 # File: defaults/main.yml - Main default variables for Vault
 
-vault_version: "0.6.5"
+vault_version: "{{ lookup('env','VAULT_VERSION') | default('0.6.5', true) }}"
 vault_pkg: "vault_{{ vault_version }}_linux_amd64.zip"
 vault_zip_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/{{ vault_pkg }}"
 vault_zip_sha256: "91432c812b1264306f8d1ecf7dd237c3d7a8b2b6aebf4f887e487c4e7f69338c"
@@ -26,4 +26,11 @@ vault_port: "8200"
 vault_node_name: "{{ inventory_hostname_short }}"
 vault_main_config: "{{ vault_config_path }}/vault_main.hcl"
 vault_primary_node: "{{hostvars[groups['primary'][0]]['ansible_fqdn']}}"
-vault_backend: "backend_consul.j2"
+vault_backend: vault_backend_consul.j2
+vault_tls_disable: 1
+vault_cluster_address:
+vault_tls_cert_file:
+vault_tls_key_file:
+vault_tls_min_version:
+vault_tls_cipher_suites:
+vault_tls_prefer_server_cipher_suites:
diff --git a/tasks/main.yml b/tasks/main.yml
index c90c2847..542a4a21 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -38,7 +38,7 @@
 - name: Include OS-specific variables.
   include_vars: "{{ ansible_os_family }}.yml"
 
-- name: Install specified packages  
+- name: Install OS packages
   include: install.yml
 
 - name: Enable non root mlock capability
@@ -56,9 +56,9 @@
     - /var/run/vault
     - "{{ vault_config_path }}"
 
-- name: Vault server configuration
+- name: Vault listener configuration section
   template:
-    src: vault_main.hcl.j2
+    src: vault_listener.hcl.j2
     dest: "{{ vault_main_config }}"
 
 - name: SYSV init script
@@ -99,4 +99,3 @@
     host: "{{ vault_address}}"
     port: 8200
     delay: 10
-
diff --git a/templates/backend_consul.j2 b/templates/vault_backend_consul.j2
similarity index 100%
rename from templates/backend_consul.j2
rename to templates/vault_backend_consul.j2
diff --git a/templates/vault_main.hcl.j2 b/templates/vault_listener.hcl.j2
similarity index 78%
rename from templates/vault_main.hcl.j2
rename to templates/vault_listener.hcl.j2
index 289b0db1..f7fb2d85 100644
--- a/templates/vault_main.hcl.j2
+++ b/templates/vault_listener.hcl.j2
@@ -4,5 +4,5 @@ cluster_name = "{{ vault_cluster_name }}"
 
 listener "tcp" {
  address = "{{ vault_address}}:{{ vault_port }}"
- tls_disable = 1
-}
\ No newline at end of file
+ tls_disable = {{ vault_tls_disable }}
+}
diff --git a/templates/vault_systemd.service.j2 b/templates/vault_systemd.service.j2
index be11eb9d..2def3e3a 100644
--- a/templates/vault_systemd.service.j2
+++ b/templates/vault_systemd.service.j2
@@ -17,7 +17,7 @@ After=basic.target network.target
 User={{ vault_user }}
 Group={{ vault_group }}
 PIDFile=/var/run/vault/vault.pid
-ExecStart="{{ vault_bin_path }}/vault" server -config={{ vault_main_config }} -log-level={{ vault_log_level }}
+ExecStart={{ vault_bin_path }}/vault server -config={{ vault_main_config }} -log-level={{ vault_log_level }}
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure
diff --git a/version.txt b/version.txt
index c28fae92..18fa8e74 100644
--- a/version.txt
+++ b/version.txt
@@ -1 +1 @@
-v1.2.10
+v1.3.0