WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-12 10:56:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
2bc9ab059f4baab034dafd062dba9dfd50ec2c4e
fedora-infra_ansible/roles/taskotron/vault/tasks/main.yml
Josef Skladanka 46f60fd676 Add OIDC config to settings template
2018-05-31 13:41:43 +02:00

67 lines
2.1 KiB
YAML
Raw Blame History

---
- name: start httpd (provided in the apache role)
service: name=httpd state=started
- name: ensure packages required for vault are installed (yum)
package: name={{ item }} state=present
with_items:
- vault
- mod_wsgi
- python-psycopg2
- libsemanage-python
when: ansible_distribution_major_version|int < 22
- name: ensure packages required for vault are installed (dnf)
dnf: name={{ item }} state=present enablerepo={{ extra_enablerepos }}
with_items:
- vault
- mod_wsgi
- python-psycopg2
- libsemanage-python
when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
- name: ensure database is created
delegate_to: "{{ vault_db_host_machine }}"
become_user: postgres
become: true
postgresql_db: db={{ vault_db_name }}
- name: ensure vault db user has access to database
delegate_to: "{{ vault_db_host_machine }}"
become_user: postgres
become: true
postgresql_user: db={{ vault_db_name }} user={{ vault_db_user }} password={{ vault_db_password }} role_attr_flags=NOSUPERUSER
- name: ensure selinux lets httpd talk to postgres
seboolean: name=httpd_can_network_connect_db persistent=yes state=yes
- name: register with iddev
command: python /usr/lib/python2.7/site-packages/flask_oidc/registration_util.py https://iddev.fedorainfracloud.org {{ vault_public_url }}
args:
chdir: /etc/vault
creates: /etc/vault/client_secrets.json
notify:
- reload httpd
- name: generate vault config
template: src=settings.py.j2 dest=/etc/vault/settings.py owner=root group=root mode=0644
notify:
- reload httpd
- name: generate vault apache config
template: src=vault.conf.j2 dest=/etc/httpd/conf.d/vault.conf owner=root group=root mode=0644
notify:
- reload httpd
- name: generate alembic.ini
template: src=alembic.ini.j2 dest=/usr/share/vault/alembic.ini owner=root group=root mode=0644
- name: initialize vault database
shell: PROD='true' vault init_db
- name: initialize alembic
shell: PROD='true' vault init_alembic
- name: upgrade vault database via alembic
shell: PROD='true' vault upgrade_db
Reference in New Issue View Git Blame Copy Permalink