From 6f29e49597d6eeb3973cc83734195d201625db5f Mon Sep 17 00:00:00 2001 From: Matej Focko Date: Wed, 6 Sep 2023 11:25:37 +0200 Subject: [PATCH] feat(user/secrets/hcv): add HC Vault task Signed-off-by: Matej Focko --- .../user/secrets/hcv/tasks/install_AlmaLinux.yml | 1 + roles/user/secrets/hcv/tasks/install_CentOS.yml | 1 + roles/user/secrets/hcv/tasks/install_Fedora.yml | 6 ++++++ roles/user/secrets/hcv/tasks/install_Ubuntu.yml | 11 +++++++++++ roles/user/secrets/hcv/tasks/install_el.yml | 6 ++++++ roles/user/secrets/hcv/tasks/install_user.yml | 12 ++++++++++++ roles/user/secrets/hcv/tasks/main.yml | 16 ++++++++++++++++ 7 files changed, 53 insertions(+) create mode 120000 roles/user/secrets/hcv/tasks/install_AlmaLinux.yml create mode 120000 roles/user/secrets/hcv/tasks/install_CentOS.yml create mode 100644 roles/user/secrets/hcv/tasks/install_Fedora.yml create mode 100644 roles/user/secrets/hcv/tasks/install_Ubuntu.yml create mode 100644 roles/user/secrets/hcv/tasks/install_el.yml create mode 100644 roles/user/secrets/hcv/tasks/install_user.yml create mode 100644 roles/user/secrets/hcv/tasks/main.yml diff --git a/roles/user/secrets/hcv/tasks/install_AlmaLinux.yml b/roles/user/secrets/hcv/tasks/install_AlmaLinux.yml new file mode 120000 index 0000000..bbd6a23 --- /dev/null +++ b/roles/user/secrets/hcv/tasks/install_AlmaLinux.yml @@ -0,0 +1 @@ +install_el.yml \ No newline at end of file diff --git a/roles/user/secrets/hcv/tasks/install_CentOS.yml b/roles/user/secrets/hcv/tasks/install_CentOS.yml new file mode 120000 index 0000000..bbd6a23 --- /dev/null +++ b/roles/user/secrets/hcv/tasks/install_CentOS.yml @@ -0,0 +1 @@ +install_el.yml \ No newline at end of file diff --git a/roles/user/secrets/hcv/tasks/install_Fedora.yml b/roles/user/secrets/hcv/tasks/install_Fedora.yml new file mode 100644 index 0000000..667ea1d --- /dev/null +++ b/roles/user/secrets/hcv/tasks/install_Fedora.yml @@ -0,0 +1,6 @@ +--- +- name: Enable HashiCorp repository + ansible.builtin.get_url: + url: https://rpm.releases.hashicorp.com/fedora/hashicorp.repo + dest: /etc/yum.repos.d/hashicorp.repo + mode: 0640 diff --git a/roles/user/secrets/hcv/tasks/install_Ubuntu.yml b/roles/user/secrets/hcv/tasks/install_Ubuntu.yml new file mode 100644 index 0000000..932240d --- /dev/null +++ b/roles/user/secrets/hcv/tasks/install_Ubuntu.yml @@ -0,0 +1,11 @@ +--- +- name: Add HashiCorp GPG Key + ansible.builtin.get_url: + url: https://apt.releases.hashicorp.com/gpg + dest: /etc/apt/keyrings/hashicorp.asc + mode: 0640 + +- name: Add HashiCorp repository + ansible.builtin.apt_repository: + repo: "deb [signed-by=/etc/apt/keyrings/hashicorp.gpg] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main" + state: present diff --git a/roles/user/secrets/hcv/tasks/install_el.yml b/roles/user/secrets/hcv/tasks/install_el.yml new file mode 100644 index 0000000..615f1b6 --- /dev/null +++ b/roles/user/secrets/hcv/tasks/install_el.yml @@ -0,0 +1,6 @@ +--- +- name: Enable HashiCorp repository + ansible.builtin.get_url: + url: https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo + dest: /etc/yum.repos.d/hashicorp.repo + mode: 0640 diff --git a/roles/user/secrets/hcv/tasks/install_user.yml b/roles/user/secrets/hcv/tasks/install_user.yml new file mode 100644 index 0000000..6ea2506 --- /dev/null +++ b/roles/user/secrets/hcv/tasks/install_user.yml @@ -0,0 +1,12 @@ +--- +- name: Download the latest release + ansible.builtin.unarchive: + src: https://releases.hashicorp.com/vault/1.14.2/vault_1.14.2_linux_amd64.zip + dest: ~/.local/bin/ + remote_src: yes + creates: ~/.local/bin/vault + +- name: Make ‹vault› executable + ansible.builtin.file: + path: ~/.local/bin/vault + mode: u+x diff --git a/roles/user/secrets/hcv/tasks/main.yml b/roles/user/secrets/hcv/tasks/main.yml new file mode 100644 index 0000000..57ec067 --- /dev/null +++ b/roles/user/secrets/hcv/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- name: Install HC Vault via package manager + when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora", "Ubuntu"] + block: + - name: Enable repository + ansible.builtin.include_tasks: "install_{{ ansible_distribution }}.yml" + + - name: Install Vault + ansible.builtin.package: + name: vault + state: present + become: true + +- name: Install HC Vault to userspace + ansible.builtin.include_tasks: install_user.yml + when: ansible_distribution not in [ "AlmaLinux", "CentOS", "Fedora", "Ubuntu"]