feat(user/secrets/hcv): add HC Vault task
Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
parent
27876a9d7e
commit
6f29e49597
7 changed files with 53 additions and 0 deletions
1
roles/user/secrets/hcv/tasks/install_AlmaLinux.yml
Symbolic link
1
roles/user/secrets/hcv/tasks/install_AlmaLinux.yml
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
install_el.yml
|
1
roles/user/secrets/hcv/tasks/install_CentOS.yml
Symbolic link
1
roles/user/secrets/hcv/tasks/install_CentOS.yml
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
install_el.yml
|
6
roles/user/secrets/hcv/tasks/install_Fedora.yml
Normal file
6
roles/user/secrets/hcv/tasks/install_Fedora.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: Enable HashiCorp repository
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: https://rpm.releases.hashicorp.com/fedora/hashicorp.repo
|
||||||
|
dest: /etc/yum.repos.d/hashicorp.repo
|
||||||
|
mode: 0640
|
11
roles/user/secrets/hcv/tasks/install_Ubuntu.yml
Normal file
11
roles/user/secrets/hcv/tasks/install_Ubuntu.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
- name: Add HashiCorp GPG Key
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: https://apt.releases.hashicorp.com/gpg
|
||||||
|
dest: /etc/apt/keyrings/hashicorp.asc
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
- name: Add HashiCorp repository
|
||||||
|
ansible.builtin.apt_repository:
|
||||||
|
repo: "deb [signed-by=/etc/apt/keyrings/hashicorp.gpg] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main"
|
||||||
|
state: present
|
6
roles/user/secrets/hcv/tasks/install_el.yml
Normal file
6
roles/user/secrets/hcv/tasks/install_el.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: Enable HashiCorp repository
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
|
||||||
|
dest: /etc/yum.repos.d/hashicorp.repo
|
||||||
|
mode: 0640
|
12
roles/user/secrets/hcv/tasks/install_user.yml
Normal file
12
roles/user/secrets/hcv/tasks/install_user.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: Download the latest release
|
||||||
|
ansible.builtin.unarchive:
|
||||||
|
src: https://releases.hashicorp.com/vault/1.14.2/vault_1.14.2_linux_amd64.zip
|
||||||
|
dest: ~/.local/bin/
|
||||||
|
remote_src: yes
|
||||||
|
creates: ~/.local/bin/vault
|
||||||
|
|
||||||
|
- name: Make ‹vault› executable
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: ~/.local/bin/vault
|
||||||
|
mode: u+x
|
16
roles/user/secrets/hcv/tasks/main.yml
Normal file
16
roles/user/secrets/hcv/tasks/main.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
- name: Install HC Vault via package manager
|
||||||
|
when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora", "Ubuntu"]
|
||||||
|
block:
|
||||||
|
- name: Enable repository
|
||||||
|
ansible.builtin.include_tasks: "install_{{ ansible_distribution }}.yml"
|
||||||
|
|
||||||
|
- name: Install Vault
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: vault
|
||||||
|
state: present
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Install HC Vault to userspace
|
||||||
|
ansible.builtin.include_tasks: install_user.yml
|
||||||
|
when: ansible_distribution not in [ "AlmaLinux", "CentOS", "Fedora", "Ubuntu"]
|
Loading…
Reference in a new issue