07cc981971
* Move front-proxy-client certs back to kube mount We want the same CA for all k8s certs * Refactor vault to use a third party module The module adds idempotency and reduces some of the repetitive logic in the vault role Requires ansible-modules-hashivault on ansible node and hvac on the vault hosts themselves Add upgrade test scenario Remove bootstrap-os tags from tasks * fix upgrade issues * improve unseal logic * specify ca and fix etcd check * Fix initialization check bump machine size
23 lines
612 B
YAML
23 lines
612 B
YAML
---
|
|
- name: cluster/configure | Ensure the vault directories exist
|
|
file:
|
|
dest: "{{ item }}"
|
|
owner: vault
|
|
mode: 0750
|
|
state: directory
|
|
recurse: true
|
|
with_items:
|
|
- "{{ vault_base_dir }}"
|
|
- "{{ vault_cert_dir }}"
|
|
- "{{ vault_config_dir }}"
|
|
- "{{ vault_roles_dir }}"
|
|
- "{{ vault_secrets_dir }}"
|
|
- "{{ vault_log_dir }}"
|
|
- "{{ vault_lib_dir }}"
|
|
|
|
- name: cluster/configure | Lay down the configuration file
|
|
copy:
|
|
content: "{{ vault_config | to_nice_json(indent=4) }}"
|
|
dest: "{{ vault_config_dir }}/config.json"
|
|
mode: 0640
|
|
register: vault_config_change
|