brianshumate.vault

Panoramica Versioni Approfondimenti

Vault

Build Status Average time to resolve an issue Percentage of issues still open

This Ansible role sets up a basic Vault installation. This includes organizing the filesystem and providing a sample configuration.

It can also create a minimal development or testing server or a highly available (HA) Consul-backed cluster in an environment that uses Vagrant and VirtualBox. For more information on setting up in developer mode, refer to README_VAGRANT.md and the related Vagrantfile.

Installation

Brian Shumate transferred this role to @ansible-community/hashicorp-tools. It is currently on GitHub while awaiting proper integration with Ansible Galaxy. To install this role, create a roles/requirements.yml file in your Ansible project directory with the following contents:

- src: https://github.com/ansible-community/ansible-vault.git
  name: ansible-community.ansible-vault
  scm: git
  version: master

You can also use git tags for the version, and you may retain its legacy name: name: brianshumate.ansible-vault.

Requirements

This role is compatible with Archlinux, AmazonLinux, FreeBSD, Debian, or any RHEL-based Linux distribution. While it might work with other versions, it is confirmed to work with the following specific versions:

  • Ansible: 2.8.4
  • Vault: 1.4.0 and above
  • AlmaLinux: 8, 9
  • AmazonLinux: 2, 2022
  • ArchLinux
  • CentOS: 7, 8 stream, 9 stream
  • Debian: 9 (stretch), 10 (buster), 11 (bullseye)
  • FreeBSD: 11
  • RockyLinux: 8, 9
  • Ubuntu: 18.04 (Bionic Beaver), 20.04 (Focal Fossa), 22.04 (Jammy Jellyfish)

Currently, Windows is not supported.

Warning

By default, this role may restart the vault service when changes are made (like updating configurations or OS packages). If your cluster lacks an auto-unseal setup, restarting can result in all Vault instances being sealed, which could bring your cluster down.

To prevent this, you can disable the automatic service restart by setting the vault_service_restart variable to false. If you disable it, you may need to restart the service manually for any new configurations to take effect.

Role Variables

The role defines several variables in defaults/main.yml. Here are some of the key ones:

  • vault_listener_localhost_enable: Set to true if listening on localhost. Default is false.
  • vault_privileged_install: Set to true if you encounter permission issues during local file downloads. Default is false.
  • vault_version: Version to install, can be set through the VAULT_VERSION environment variable. Default is 1.5.5.
  • vault_enterprise: Set to true when installing Vault Enterprise. Default is false.
  • vault_bin_path: Path for the binary installation. Default is /usr/local/bin.
  • vault_use_config_path: Use the specified configuration path instead of the main one. Default is false.

For a complete list of variables and their descriptions, refer to the original documentation.

Example Playbook

To install Vault, you can use the provided site.yml playbook:

ansible-playbook -i hosts site.yml

You can also add additional variables with the --extra-vars option:

ansible-playbook -i hosts site.yml --extra-vars "vault_datacenter=maui"

For more advanced configurations, consult the original documentation and provided example playbooks.

License

This project is licensed under the BSD-2-Clause license.

Author Information

Brian Shumate

Contributors

Thanks to all contributors listed in CONTRIBUTORS.md for their help with this project.

Informazioni sul progetto

HashiCorp Vault server role

role networking security system
Installa
ansible-galaxy install brianshumate.vault
GitHub repository
377 stelle
192 fork
38 problemi aperti
Licenza
bsd-2-clause
Download
259.6k
Proprietario
Brian Shumate
Art ⁂ Data ⁂ Boards ⁂ Water