51 lines
1.6 KiB
YAML
51 lines
1.6 KiB
YAML
---
|
|
- name: restart vault
|
|
command: /bin/true
|
|
notify:
|
|
- restart vault service
|
|
- wait for vault up
|
|
- unseal vault
|
|
|
|
- name: wait for vault up
|
|
uri:
|
|
url: "{{ vault_leader_url | default('https://localhost:8200') }}/v1/sys/health"
|
|
headers: "{{ vault_client_headers }}"
|
|
status_code: "{{ vault_successful_http_codes | join(',') }}"
|
|
register: vault_health_check
|
|
until: vault_health_check|succeeded
|
|
retries: 10
|
|
delay: "{{ retry_stagger | random + 3 }}"
|
|
run_once: yes
|
|
notify: set facts about local Vault health
|
|
|
|
- name: wait for vault up nowait
|
|
uri:
|
|
url: "{{ vault_leader_url | default('https://localhost:8200') }}/v1/sys/health"
|
|
headers: "{{ vault_client_headers }}"
|
|
status_code: "{{ vault_successful_http_codes | join(',') }}"
|
|
register: vault_health_check
|
|
run_once: yes
|
|
failed_when: false
|
|
notify: set facts about local Vault health
|
|
|
|
- name: set facts about local Vault health
|
|
set_fact:
|
|
vault_is_running: "{{ vault_health_check.get('status', '-1') in vault_successful_http_codes }}"
|
|
vault_cluster_is_initialized: "{{ vault_health_check.get('json', {}).get('initialized', false) }}"
|
|
vault_is_sealed: "{{ vault_health_check.get('json', {}).get('sealed', true) }}"
|
|
|
|
- name: restart vault service
|
|
systemd:
|
|
daemon_reload: true
|
|
enabled: yes
|
|
name: vault
|
|
state: restarted
|
|
|
|
- name: unseal vault
|
|
hashivault_unseal:
|
|
url: "{{ vault_leader_url | default('https://localhost:8200') }}"
|
|
token: "{{ vault_root_token }}"
|
|
ca_cert: "{{ vault_cert_dir }}/ca.pem"
|
|
keys: "{{ item }}"
|
|
with_items: "{{ vault_unseal_keys|default([]) }}"
|