c12s-kubespray/roles/vault/tasks/bootstrap/start_vault_temp.yml

---

- name: boostrap/start_vault_temp | Ensure vault-temp isn't already running
  shell: if docker rm -f vault-temp 2>&1 1>/dev/null;then echo true;else echo false;fi
  register: vault_temp_stop_check
  changed_when: "{{ 'true' in vault_temp_stop_check.stdout }}"

- name: bootstrap/start_vault_temp | Start single node Vault with file backend
  command: >
           docker run -d --cap-add=IPC_LOCK --name vault-temp -p {{ vault_temp_port }}:{{ vault_temp_port }}
           -e 'VAULT_LOCAL_CONFIG={{ vault_temp_config|to_json }}'
           -v /etc/vault:/etc/vault
           {{ vault_image_repo }}:{{ vault_version }} server
  register: vault_temp_start

- name: bootstrap/start_vault_temp | Initialize vault-temp
  uri:
    url: "http://localhost:{{ vault_temp_port }}/v1/sys/init"
    headers: "{{ vault_client_headers }}"
    method: PUT
    body_format: json
    body:
      secret_shares: 1
      secret_threshold: 1
  register: vault_temp_init

# NOTE: vault_headers and vault_url are used by subsequent gen_cert calls
- name: bootstrap/start_vault_temp | Set needed vault facts
  set_fact:
    vault_temp_unseal_keys: "{{ vault_temp_init.json['keys'] }}"
    vault_temp_root_token: "{{ vault_temp_init.json.root_token }}"
    vault_headers: "{{ vault_client_headers|combine({'X-Vault-Token': vault_temp_init.json.root_token}) }}"

- name: bootstrap/start_vault_temp | Unseal vault-temp
  uri:
    url: "http://localhost:{{ vault_temp_port }}/v1/sys/unseal"
    headers: "{{ vault_headers }}"
    method: POST
    body_format: json
    body:
      key: "{{ item }}"
  with_items: "{{ vault_temp_unseal_keys|default([]) }}"

- name: bootstrap/start_vault_temp | Create new PKI mount
  uri:
    url: "http://localhost:{{ vault_temp_port }}/v1/sys/mounts/pki"
    headers: "{{ vault_headers }}"
    method: POST
    body_format: json
    body:
      config:
        default_lease_ttl: "{{ vault_default_lease_ttl }}"
        max_lease_ttl: "{{ vault_max_lease_ttl }}"
      type: pki
    status_code: 204
Adding the Vault role 2017-01-13 20:31:10 +00:00			`---`

			`- name: boostrap/start_vault_temp \| Ensure vault-temp isn't already running`
			`shell: if docker rm -f vault-temp 2>&1 1>/dev/null;then echo true;else echo false;fi`
			`register: vault_temp_stop_check`
			`changed_when: "{{ 'true' in vault_temp_stop_check.stdout }}"`

			`- name: bootstrap/start_vault_temp \| Start single node Vault with file backend`
			`command: >`
			`docker run -d --cap-add=IPC_LOCK --name vault-temp -p {{ vault_temp_port }}:{{ vault_temp_port }}`
			`-e 'VAULT_LOCAL_CONFIG={{ vault_temp_config\|to_json }}'`
			`-v /etc/vault:/etc/vault`
			`{{ vault_image_repo }}:{{ vault_version }} server`
			`register: vault_temp_start`

			`- name: bootstrap/start_vault_temp \| Initialize vault-temp`
			`uri:`
			`url: "http://localhost:{{ vault_temp_port }}/v1/sys/init"`
			`headers: "{{ vault_client_headers }}"`
			`method: PUT`
			`body_format: json`
			`body:`
			`secret_shares: 1`
			`secret_threshold: 1`
			`register: vault_temp_init`

			`# NOTE: vault_headers and vault_url are used by subsequent gen_cert calls`
			`- name: bootstrap/start_vault_temp \| Set needed vault facts`
			`set_fact:`
			`vault_temp_unseal_keys: "{{ vault_temp_init.json['keys'] }}"`
			`vault_temp_root_token: "{{ vault_temp_init.json.root_token }}"`
			`vault_headers: "{{ vault_client_headers\|combine({'X-Vault-Token': vault_temp_init.json.root_token}) }}"`

			`- name: bootstrap/start_vault_temp \| Unseal vault-temp`
			`uri:`
			`url: "http://localhost:{{ vault_temp_port }}/v1/sys/unseal"`
			`headers: "{{ vault_headers }}"`
			`method: POST`
			`body_format: json`
			`body:`
			`key: "{{ item }}"`
			`with_items: "{{ vault_temp_unseal_keys\|default([]) }}"`

			`- name: bootstrap/start_vault_temp \| Create new PKI mount`
			`uri:`
			`url: "http://localhost:{{ vault_temp_port }}/v1/sys/mounts/pki"`
			`headers: "{{ vault_headers }}"`
			`method: POST`
			`body_format: json`
			`body:`
			`config:`
			`default_lease_ttl: "{{ vault_default_lease_ttl }}"`
			`max_lease_ttl: "{{ vault_max_lease_ttl }}"`
			`type: pki`
			`status_code: 204`