feat(user/secrets/hcv): add HC Vault task

Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
Matej Focko 2023-09-06 11:25:37 +02:00
parent 27876a9d7e
commit 6f29e49597
Signed by: mfocko
GPG key ID: 7C47D46246790496
7 changed files with 53 additions and 0 deletions

View file

@ -0,0 +1 @@
install_el.yml

View file

@ -0,0 +1 @@
install_el.yml

View file

@ -0,0 +1,6 @@
---
- name: Enable HashiCorp repository
ansible.builtin.get_url:
url: https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
dest: /etc/yum.repos.d/hashicorp.repo
mode: 0640

View file

@ -0,0 +1,11 @@
---
- name: Add HashiCorp GPG Key
ansible.builtin.get_url:
url: https://apt.releases.hashicorp.com/gpg
dest: /etc/apt/keyrings/hashicorp.asc
mode: 0640
- name: Add HashiCorp repository
ansible.builtin.apt_repository:
repo: "deb [signed-by=/etc/apt/keyrings/hashicorp.gpg] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main"
state: present

View file

@ -0,0 +1,6 @@
---
- name: Enable HashiCorp repository
ansible.builtin.get_url:
url: https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
dest: /etc/yum.repos.d/hashicorp.repo
mode: 0640

View file

@ -0,0 +1,12 @@
---
- name: Download the latest release
ansible.builtin.unarchive:
src: https://releases.hashicorp.com/vault/1.14.2/vault_1.14.2_linux_amd64.zip
dest: ~/.local/bin/
remote_src: yes
creates: ~/.local/bin/vault
- name: Make vault executable
ansible.builtin.file:
path: ~/.local/bin/vault
mode: u+x

View file

@ -0,0 +1,16 @@
---
- name: Install HC Vault via package manager
when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora", "Ubuntu"]
block:
- name: Enable repository
ansible.builtin.include_tasks: "install_{{ ansible_distribution }}.yml"
- name: Install Vault
ansible.builtin.package:
name: vault
state: present
become: true
- name: Install HC Vault to userspace
ansible.builtin.include_tasks: install_user.yml
when: ansible_distribution not in [ "AlmaLinux", "CentOS", "Fedora", "Ubuntu"]