2017-01-14 04:31:10 +08:00
|
|
|
---
|
2017-02-09 05:41:36 +08:00
|
|
|
# The Vault role is typically a two step process:
|
|
|
|
# 1. Bootstrap
|
|
|
|
# This starts a temporary Vault to generate certs for Vault itself. This
|
|
|
|
# includes a Root CA for the cluster, assuming one doesn't exist already.
|
|
|
|
# The temporary instance will remain running after Bootstrap, to provide a
|
|
|
|
# running Vault for the Etcd role to generate certs against.
|
|
|
|
# 2. Cluster
|
|
|
|
# Once Etcd is started, then the Cluster tasks can start up a long-term
|
|
|
|
# Vault cluster using Etcd as the backend. The same Root CA is mounted as
|
|
|
|
# used during step 1, allowing all certs to have the same chain of trust.
|
2017-01-14 04:31:10 +08:00
|
|
|
|
2018-05-12 00:11:38 +08:00
|
|
|
- name: install hvac
|
|
|
|
pip:
|
|
|
|
name: "hvac"
|
|
|
|
state: "present"
|
2018-10-24 13:22:09 +08:00
|
|
|
extra_args: "{{ pip_extra_args | default(omit) }}"
|
2018-05-12 00:11:38 +08:00
|
|
|
|
2017-02-09 05:41:36 +08:00
|
|
|
## Bootstrap
|
2018-01-29 19:37:48 +08:00
|
|
|
- include_tasks: bootstrap/main.yml
|
2017-03-03 21:33:00 +08:00
|
|
|
when: cert_management == 'vault' and vault_bootstrap | d()
|
2017-01-14 04:31:10 +08:00
|
|
|
|
2017-02-09 05:41:36 +08:00
|
|
|
## Cluster
|
2018-01-29 19:37:48 +08:00
|
|
|
- include_tasks: cluster/main.yml
|
2017-03-03 21:33:00 +08:00
|
|
|
when: cert_management == 'vault' and not vault_bootstrap | d()
|