Vault 0.6.3 and more

CHANGELOG.md

@@ -54,3 +54,14 @@
 - Update documentation
 - Update failure cases for CentOS
 - Fix SysV init script
+
+## v1.2.0
+
+- Vault 0.6.3
+- Dynamic SHA
+- Streamline tasks
+- Streamline and consolidate variables
+- Move OS variables to vars
+- Separate install tasks
+- Remove OS specific tasks
+- Update documentation

README.md

@@ -58,21 +58,21 @@ differences acros distros:
 
 | Name           | Default Value | Description                        |
 | -------------- | ------------- | -----------------------------------|
-| `vault_centos_pkg` | `{{ vault_version }}_linux_amd64.zip` | Vault package filename |
+| `vault_pkg` | `{{ vault_version }}_linux_amd64.zip` | Vault package filename |
 | `vault_centos_url` | `{{ vault_zip_url }}` | Vault package download URL |
-| `vault_centos_sha256` | SHA256 SUM | Vault download SHA256 summary |
+| `vault_sha256` | SHA256 SUM | Vault download SHA256 summary |
 | `vault_centos_os_packages` | list | List of OS packages to install |
-| `vault_debian_pkg` | `{{ vault_version }}_linux_amd64.zip` | Vault package filename |
+| `vault_pkg` | `{{ vault_version }}_linux_amd64.zip` | Vault package filename |
 | `vault_debian_url` | `{{ vault_zip_url }}` | Vault package download URL |
-| `vault_debian_sha256` | SHA256 SUM | Vault download SHA256 summary |
+| `vault_sha256` | SHA256 SUM | Vault download SHA256 summary |
 | `vault_debian_os_packages` | list | List of OS packages to install |
-| `vault_redhat_pkg` | `{{ vault_version }}_linux_amd64.zip` | Vault package filename |
+| `vault_pkg` | `{{ vault_version }}_linux_amd64.zip` | Vault package filename |
 | `vault_redhat_url` | `{{ vault_zip_url }}` | Vault package download URL |
-| `vault_redhat_sha256` | SHA256 SUM | Vault download SHA256 summary |
+| `vault_sha256` | SHA256 SUM | Vault download SHA256 summary |
 | `vault_redhat_os_packages` | list | List of OS packages to install |
-| `vault_ubuntu_pkg` | `{{ vault_version }}_linux_amd64.zip` | Vault package filename |
+| `vault_pkg` | `{{ vault_version }}_linux_amd64.zip` | Vault package filename |
 | `vault_ubuntu_url` | `{{ vault_zip_url }}` | Vault package download URL |
-| `vault_ubuntu_sha256` | SHA256 SUM | Vault download SHA256 summary |
+| `vault_sha256` | SHA256 SUM | Vault download SHA256 summary |
 | `vault_ubuntu_os_packages` | list | List of OS packages to install |
 
 ## Dependencies

defaults/main.yml

@@ -1,9 +1,11 @@
 ---
 # File: defaults/main.yml - Main default variables for Vault
 
-vault_version: "0.6.2"
-vault_zip_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip"
+vault_version: "0.6.3"
+vault_pkg: "vault_{{ vault_version }}_linux_amd64.zip"
+vault_zip_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/{{ vault_pkg }}"
 vault_zip_sha256: "91432c812b1264306f8d1ecf7dd237c3d7a8b2b6aebf4f887e487c4e7f69338c"
+vault_checksum_file_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version}}_SHA256SUMS"
 vault_bin_path: "/usr/local/bin"
 vault_config_path: "/etc/vault.d"
 vault_data_path: "/var/vault"
@@ -21,41 +23,3 @@ vault_address: "0.0.0.0"
 vault_port: "8200"
 vault_node_name: "{{ inventory_hostname_short }}"
 vault_main_config: "{{ vault_config_path }}/vault_main.hcl"
-
-# CentOS vars
-vault_centos_pkg: "{{ vault_version }}_linux_amd64.zip"
-vault_centos_url: "{{ vault_zip_url }}"
-vault_centos_sha256: "{{ vault_zip_sha256 }}"
-
-vault_centos_os_packages:
-  - libselinux-python
-  - git
-  - unzip
-
-# Debian vars
-vault_debian_pkg: "{{ vault_version }}_linux_amd64.zip"
-vault_debian_url: "{{ vault_zip_url }}"
-vault_debian_sha256: "{{ vault_zip_sha256 }}"
-
-vault_debian_os_packages:
-  - git
-  - unzip
-
-# Red Hat vars
-vault_redhat_pkg: "{{ vault_version }}_linux_amd64.zip"
-vault_redhat_url: "{{ vault_zip_url }}"
-vault_redhat_sha256: "{{ vault_zip_sha256 }}"
-
-vault_redhat_os_packages:
-  - libselinux-python
-  - git
-  - unzip
-
-# Ubuntu vars
-vault_ubuntu_pkg: "{{ vault_version }}_linux_amd64.zip"
-vault_ubuntu_url: "{{ vault_zip_url }}"
-vault_ubuntu_sha256: "{{ vault_zip_sha256 }}"
-
-vault_ubuntu_os_packages:
-  - git
-  - unzip

tasks/install.yml

@@ -0,0 +1,47 @@
+---
+# File: tasks/install.yml - package installation tasks for vault
+
+- name: OS packages
+  package: "name={{ item }} state=present"
+  with_items: "{{ vault_os_packages }}"
+  tags: installation
+
+- name: Get vault package checksum file
+  become: no
+  connection: local
+  get_url: "url={{ vault_checksum_file_url }} dest={{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS"
+  run_once: true
+  tags: installation
+
+- name: Get vault package checksum
+  become: no
+  connection: local
+  shell: "grep {{ vault_pkg }} {{ role_path }}/files/vault_{{ vault_version }}_SHA256SUMS"
+  run_once: true
+  register: vault_sha256
+  tags: installation
+
+- name: Download vault
+  become: no
+  connection: local
+  get_url: "url={{ vault_zip_url }} dest={{ role_path }}/files/{{ vault_pkg }} checksum=sha256:{{ vault_sha256.stdout.split(' ')|first }} timeout=42"
+  run_once: true
+  tags: installation
+
+- name: Unarchive vault
+  become: no
+  connection: local
+  unarchive: "src={{ role_path }}/files/{{ vault_pkg }} dest={{ role_epath }}/files/ creates={{ role_path }}/files/vault"
+  run_once: true
+  tags: installation
+
+- name: Install vault
+  copy: "src={{ role_path }}/files/vault dest=/usr/local/bin/ owner={{ vault_user }} group={{ vault_group }} mode=0755"
+  tags: installation
+
+- name: Cleanup
+  become: no
+  connection: local
+  file: "dest={{ role_path }}/files/vault* state=absent"
+  run_once: true
+  tags: installation

tasks/main.yml

@@ -1,47 +1,34 @@
 ---
 # File: tasks/main.yml - Main tasks for Vault
 
-- name: Fail if not a new release of CentOS
+- name: Check distribution compatibility
   fail:
-    msg: "{{ ansible_distribution_version }} is not an acceptable version of Debian for this role"
-  when: ansible_distribution == "CentOS" and ansible_distribution_version|version_compare(7, '<')
+    msg: "{{ ansible_distribution }} is not supported by this role"
+  when: ansible_distribution not in ['RedHat', 'CentOS', 'Debian', 'Ubuntu']
 
-- name: Fail if not a new release of Debian
+- name: Fail if not a new release of Red Hat / CentOS
   fail:
-    msg: "{{ ansible_distribution_version }} is not an acceptable version of Debian for this role"
-  when: ansible_distribution == "Debian" and ansible_distribution_version|version_compare(8.5, '<')
+    msg: "{{ ansible_distribution_version }} is not an acceptable version of {{ ansible_distribution }} for this role"
+  when: ansible_distribution in ['RedHat', 'CentOS'] and ansible_distribution_version|version_compare(7, '<')
 
-- name: Fail if not a new release of Red Hat
+- name: Fail if not a new release of Debian
   fail:
-    msg: "{{ ansible_distribution_version }} is not an acceptable version of Debian for this role"
-  when: ansible_distribution == "RedHat" and ansible_distribution_version|version_compare(7, '<')
+    msg: "{{ ansible_distribution_version }} is not an acceptable version of {{ ansible_distribution }} for this role"
+  when: ansible_distribution == "Debian" and ansible_distribution_version|version_compare(8.5, '<')
 
 - name: Fail if not a new release of Ubuntu
   fail:
-    msg: "{{ ansible_distribution_version }} is not an acceptable version of Ubuntu for this role"
-  when: ansible_distribution == "Ubuntu" and ( ansible_distribution_version|version_compare(12.04, '<') or ansible_distribution_version|version_compare(12.10, '=') )
+    msg: "{{ ansible_distribution_version }} is not an acceptable version of {{ ansible_distribution }} for this role"
+  when: ansible_distribution == "Ubuntu" and ansible_distribution_version|version_compare(13.04, '<')
 
 - name: Create cluster groupings
   group_by: key=os_{{ ansible_os_family }}
 
 - name: "Add Vault user"
   user: name=vault comment="Vault user" uid=1043 group=bin
 
-- name: "CentOS tasks"
-  include: CentOS.yml
-  when: ansible_distribution  == "CentOS"
-
-- name: "Debian tasks"
-  include: Debian.yml
-  when: ansible_distribution  == "Debian"
-
-- name: "Red Hat tasks"
-  include: RedHat.yml
-  when: ansible_distribution  == "RedHat"
-
-- name: "Ubuntu tasks"
-  include: Ubuntu.yml
-  when: ansible_distribution  == "Ubuntu"
+- name: Include OS-specific variables.
+  include_vars: "{{ ansible_os_family }}.yml"
 
 - name: Enable non root mlock capability
   command: "setcap cap_ipc_lock=+ep {{ vault_bin_path }}/vault"

vars/Debian.yml

@@ -0,0 +1,6 @@
+---
+# File: vars/Debian.yml - Debian vars for Vault
+
+vault_os_packages:
+  - git
+  - unzip

vars/RedHat.yml

@@ -0,0 +1,7 @@
+---
+# File: vars/RedHat.yml - Red Hat vars for Vault
+
+vault_os_packages:
+  - libselinux-python
+  - git
+  - unzip

version.txt

@@ -1 +1 @@
-v1.0.11
+v1.2.0