robertdebock.vault_initialize
Ansible Role: Vault Initialize
This role sets up and unseals HashiCorp Vault.
| GitHub | GitLab | Downloads | Version |
|---|---|---|---|
 |
 |
 |
 |
Example Playbook
Here’s an example playbook taken from molecule/default/converge.yml. It’s tested with every update.
---
- name: Converge
hosts: all
become: true
gather_facts: true
roles:
- role: robertdebock.vault_initialize
Before running the main playbook, the machine must be prepared. In CI, this is done using molecule/default/prepare.yml:
---
- name: Prepare
hosts: all
become: true
gather_facts: false
roles:
- role: robertdebock.bootstrap
- role: robertdebock.core_dependencies
- role: robertdebock.hashicorp
- role: robertdebock.vault
- role: robertdebock.vault_configuration
vault_configuration_listener_tcp:
address: "127.0.0.1:8200"
cluster_address: "127.0.0.1:8201"
tls_disable: true
vault_configuration_storage_raft:
path: "/opt/vault/data"
node_id: "{{ ansible_hostname }}"
For a full explanation and examples, check out the documentation on using these roles.
Role Variables
Default variable settings can be found in defaults/main.yml:
---
# defaults file for vault_initialize
# The address where Vault can be accessed, similar to `VAULT_ADDR`.
vault_initialize_addr: "http://localhost:8200"
# Show sensitive information during Vault initialization. This includes the root token and unseal keys.
vault_initialize_show_information: true
Requirements
- Ensure you have the pip packages listed in requirements.txt.
State of Used Roles
These roles are used to prepare the system, but you can use other methods as well.
| Requirement | GitHub | GitLab |
|---|---|---|
| robertdebock.bootstrap |  |
 |
| robertdebock.core_dependencies |  |
 |
| robertdebock.hashicorp |  |
 |
| robertdebock.vault |  |
 |
| robertdebock.vault_configuration |  |
 |
Context
This role works with various compatible roles. For more information, check the documentation of these roles.
Compatibility
This role has been tested with the following container images:
| Container | Tags |
|---|---|
| Amazon | Candidate |
| Debian | all |
| EL | 9 |
| Fedora | 37, 38 |
| Ubuntu | all |
You need at least Ansible version 2.12. Tests have been conducted on:
- The previous version.
- The current version.
- The development version.
Report any issues on GitHub.
License
This project is licensed under Apache-2.0.
Author Information
Created by robertdebock.
If you like what I do, please consider sponsoring me.
ansible-galaxy install robertdebock.vault_initialize