Skip to content

jacobmammoliti/ansible-role-boundary

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

80 Commits

defaults

defaults

 
 

docs

docs

 
 

handlers

handlers

 
 

meta

meta

 
 

molecule/default

molecule/default

 
 

tasks

tasks

 
 

templates

templates

 
 

tests

tests

 
 

.ansible-lint

.ansible-lint

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

.yamllint

.yamllint

 
 

CHANGELOG.md

CHANGELOG.md

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

version.txt

version.txt

 
 

Repository files navigation

Ansible Role: HashiCorp Boundary

A role to deploy HashiCorp Boundary

Requirements

  • A PostgreSQL instance that Boundary workers can reach and authenticate to. The database you plan to use must also exist.
  • Access to a KMS solution. This role currently only supports Google Cloud KMS.
  • Nodes must be in inventory groups boundary_controller or boundary_worker to receive configuration for that service. A node in both groups is configured to run both services.

Installation Variables

Package Installation

On RedHat and Debian family operating systems, it defaults to installing the packages from Hashicorp's official repository. You can disable this by setting boundary_install_package to false.

Manual Installation

The following values are only used for manual installation.

Controls whether a separate account is created or not and what the user and group should be named.

boundary_user: 'boundary'
boundary_group: 'boundary'
boundary_create_account: true

Controls what is downloaded, and where it is installed.

boundary_archive: 'boundary_{{ boundary_version }}_linux_amd64.zip'
boundary_download: 'https://releases.hashicorp.com/boundary/{{ boundary_version }}/{{ boundary_archive }}'
boundary_data_directory: '/opt/boundary'
boundary_install_directory: '{{ boundary_data_directory }}/bin'

Configuration Variables

Ansible variables are listed below, along with the default values (see default/main.yml):

Where to place Boundary's configuration data.

boundary_version: '0.1.4'
boundary_home_directory: '/etc/boundary.d'
boundary_config_file: '{{ boundary_home_directory }}/worker.hcl'
boundary_server_file: '{{ boundary_home_directory }}/controller.hcl'

Database initialization flags

Boundary can create an example admin account and organization to help bootstrap you. This is disabled by default since uses will create the initial resources via Ansible. If you are building a PoC to learn and explore, you may want to remove this value.

boundary_db_init_flags: '-skip-initial-login-role-creation'

Key Management

One of the Boundary KMS types from [https://www.boundaryproject.io/docs/configuration/kms]

As these choices are radically different depending on your KMS, refer to one of these examples:

It defaults to the static AEAD key configuration documented at [https://www.boundaryproject.io/docs/getting-started]

boundary_kms_type: 'aead'

TLS Configuration

Boundary uses its own TLS implementation for all controller<->worker communications, however communications with the boundary client will be subject to normal public TLS validation. Best to create or acquire a certificate which will be trusted by the operating system of the client and supply that key and certificate as documented at [docs/api_tls.md]

Dependencies

None.

Instructions

If you are new to Ansible playbooks and group vars, the following examples can guide you:

Author Information

Jacob Mammoliti Bas Meijer Jo Rhett

About

Ansible role to install HashiCorp Boundary.

Topics

hashicorp hashicorp-boundary

Resources

Readme
Activity

Stars

3 stars

Watchers

3 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages