forked from consort-it/ha-vault-with-consul
-
Notifications
You must be signed in to change notification settings - Fork 0
/
vault.yml
135 lines (119 loc) · 3.91 KB
/
vault.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
- name: ha-vault
hosts: localhost
remote_user: vagrant
serial: 1
sudo: yes
vars:
consul01_int_ip: 10.10.10.11
consul02_int_ip: 10.10.10.12
consul03_int_ip: 10.10.10.13
roles:
- docker
- docker-compose
tasks:
- name: install jq with apt
apt:
name: jq
force: yes
- name: consul data directory is present
file: path=/opt/consul/data state=directory owner=100 group=1000 mode=0750
- name: consul config directory is present
file: path=/opt/consul/config state=directory owner=100 group=1000 mode=0750
- name: consul config is present
template: src=resources/consul/config.json dest=/opt/consul/config/config.json owner=100 group=1000 mode=0640
- name: check vault health script is present
template: src=resources/scripts/check-vault.sh dest=/usr/local/bin/check-vault.sh owner=root group=root mode=0755
- name: vault config directory is present
file: path=/opt/vault/config state=directory owner=root group=root mode=0755
- name: vault config is present
template: src=resources/vault/consul.hcl dest=/opt/vault/config/consul.hcl owner=root group=root mode=0644
with_items:
- vault01
- vault02
- vault03
when: "item in ansible_hostname"
- name: consul container is running
docker_container:
name: consul
image: consul:1.1.0
restart_policy: always
state: started
hostname: "consul{{ item.name }}"
volumes:
- /opt/consul/data:/consul/data
- /opt/consul/config:/consul/config
ports:
- 8300:8300
- 8301:8301
- 8301:8301/udp
- 8302:8302
- 8302:8302/udp
- 8500:8500
command: "agent -server -advertise {{ ansible_eth1.ipv4.address }} -client=0.0.0.0 -ui {{ item.command }}"
when: "item.name in ansible_hostname"
with_items:
- { name: "01", command: "-bootstrap-expect 3" }
- { name: "02", command: "-join {{ consul01_int_ip }}" }
- { name: "03", command: "-join {{ consul01_int_ip }}" }
- name: "vault container is running"
docker_container:
name: vault
image: jkev53/vault:latest
restart_policy: always
state: started
hostname: "{{ item }}"
volumes:
- /opt/vault/config/consul.hcl:/config/consul.hcl
env:
VAULT_ADDR: http://127.0.0.1:8200
ports:
- 8200:8200
- 8201:8201
command: server -config=/config/consul.hcl
when: "item in ansible_hostname"
with_items:
- vault01
- vault02
- vault03
- name: create nginx RelativeTargetDirectory
file: path=/etc/nginx/sites-available state=directory owner=root group=root mode=0750
- name: nginx load balancer config is present
template: src=resources/nginx/lb dest=/etc/nginx/sites-available/lb owner=root group=root mode=0644
- name: install python-passlib
pip:
name: passlib
state: latest
- name: vault-ui container is running
docker_container:
name: vault-ui
image: djenriquez/vault-ui
restart_policy: always
state: started
env:
VAULT_URL_DEFAULT: "http://vault-ui:9200"
VAULT_AUTH_DEFAULT: TOKEN
ports:
- 8000:8000
etc_hosts: >
{
"vault-ui" : "10.10.10.11",
"vault-ui" : "10.10.10.12",
"vault-ui" : "10.10.10.13"
}
when: "item in ansible_hostname"
with_items:
- vault01
- vault02
- vault03
- name: nginx container is running
docker_container:
name: nginx
image: nginx
restart_policy: always
state: started
ports:
- 9000:9000
- 9200:9200
- 9500:9500
volumes:
- /etc/nginx/sites-available/lb:/etc/nginx/conf.d/default.conf