46 lines
1.4 KiB
YAML
46 lines
1.4 KiB
YAML
---
|
|
|
|
- name: Generate self-signed certificate
|
|
import_tasks: ../includes/create_selfsigned_cert.yml
|
|
vars:
|
|
cert_path: "{{ vault_root_dir }}/tls/vault.crt"
|
|
cert_key_path: "{{ vault_root_dir }}/tls/vault.key"
|
|
cert_key_group: "{{ vault_user }}"
|
|
cert_key_mode: 640
|
|
tags: vault
|
|
|
|
- name: Deploy vault configuration
|
|
template:
|
|
src: vault.hcl.j2
|
|
dest: "{{ vault_root_dir }}/etc/vault.hcl"
|
|
owner: "{{ vault_user }}"
|
|
group: "{{ vault_user }}"
|
|
mode: 0400
|
|
notify: restart vault
|
|
tags: vault
|
|
|
|
- name: Ensure correct permission on vault private key
|
|
file: path={{ vault_root_dir }}/tls/vault.key mode=640 owner=root group={{ vault_user }}
|
|
tags: vault
|
|
|
|
- name: Setup logrotate
|
|
template: src=logrotate.conf.j2 dest=/etc/logrotate.d/vault
|
|
tags: vault
|
|
|
|
- when: vault_secrets.nomad.enabled
|
|
block:
|
|
|
|
- name: Deploy the consul-template conf
|
|
template: src=consul-template.hcl.j2 dest={{ vault_root_dir }}/consul-template/consul-template.hcl mode=600 owner=root group=root
|
|
notify: restart consul-template-vault
|
|
|
|
- name: Deploy Nomad certificate bundle template
|
|
template: src=nomad_client_bundle.pem.tpl.j2 dest={{ vault_root_dir }}/consul-template/nomad_client_bundle.pem.tpl
|
|
notify: restart consul-template-vault
|
|
|
|
- name: Deploy the update cert hook
|
|
template: src=update_nomad_cert.j2 dest={{ vault_root_dir }}/bin/update_nomad_cert mode=755
|
|
notify: restart consul-template-vault
|
|
|
|
tags: vault
|