visa/ansible-hashi-vault
Ansible project for deploying, configuring, running Open source Hashicorp Vault and Consul
$ cd ansible-hashi-vault
-
To deploy, initialize and run vault server and consul server on the same host:
ansible-playbook playbooks/auto_vault_server_consul_server.yml -
To deploy, initialize and run vault server and consul client on the same host and consul server on separate hosts:
ansible-playbook playbooks/auto_vault_server_consul_client_consul_server.yml -
To add new vault node, change inventory file, to add new host in the group secrets and run this playbook:
a. With consul client on same host:
ansible-playbook playbooks/auto_vault_server_consul_client_consul_server.ymlb. With consul server on same host:
ansible-playbook playbooks/auto_vault_server_consul_server.ymlNote, this will automatically install a consul node and it will be joined to the cluster -
To replace a previously failed consul server node, if the previously failed node and the newly instantiated node have the same IP address:
i. With consul client on same host as vault:
`ansible-playbook playbooks/auto_vault_server_consul_client_consul_server.yml`
ii. With consul server on same host as vault:
`ansible-playbook playbooks/auto_vault_server_consul_server.yml`
-
To remove consul client/server node, change inventory file, remove the node from appropriate group and run the playbook:
a. With consul client on same host:
ansible-playbook playbooks/auto_vault_server_consul_client_consul_server.ymlb. With consul server on same host:
ansible-playbook playbooks/auto_vault_server_consul_server.yml -
Wipe vault and consul nodes:
ansible-playbook playbooks/wipe_consul_vault.yml -
Lock vault:
ansible-playbook playbooks/run_to_lock_vault.yml -
Run vault:
ansible-playbook playbooks/lock_to_run_vault.yml
vault: includes vault node and consul client nodes
consul: includes consul server nodes
When deploying vault server-consul client and consul server the mapping of inventory groups is as follows:
secrets = vault + consul
When deploying vault server to consul server mapping of inventory groups is as follows:
secrets=vault=consul