Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Install Enterprise via repo #345

Merged
merged 21 commits into from
Dec 11, 2024
Merged

Install Enterprise via repo #345

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
f4b1f1e
added nix dev-env
lakrass Oct 24, 2024
5711e19
removed check of unused variable
lakrass Oct 24, 2024
d3aa939
skip enterprise subtask if repo is used for installation
lakrass Oct 24, 2024
3dd12eb
expanded _vault_repo_pkg with enterprise flag
lakrass Oct 24, 2024
54bd2f8
removed unused variable
lakrass Oct 24, 2024
52f5a0e
Ensure Enterprise package is not present when OSS is desired and vice…
lakrass Oct 24, 2024
e8414cc
removed not vault_enterprise condition from repo install branch
lakrass Oct 24, 2024
452e6dc
ignore version for uninstallation
lakrass Oct 24, 2024
d61f2a1
set vault version to 1.18.0
lakrass Oct 28, 2024
4e38fc0
updated readme
lakrass Oct 28, 2024
e0e8cf5
updated version, reconstructed changelog from git history
lakrass Oct 28, 2024
86f4e96
fixed typo
lakrass Oct 28, 2024
ad437c5
fixed typo
lakrass Oct 28, 2024
2e870a0
Merge branch 'master' into enterprise-via-package
lakrass Dec 10, 2024
f337d8a
restored docs for enterprise via hashicorp repo installation
lakrass Dec 10, 2024
caca651
removed changes related to nix to unclutter PR
lakrass Dec 10, 2024
2f8e8ca
included changes from master in changelog
lakrass Dec 10, 2024
db8ea03
better vault_version_repo_suffix depending on vault_enterprise
lakrass Dec 10, 2024
10eb245
notify restart handler on repo install
lakrass Dec 11, 2024
ca61bdb
removed "- WIP" from release notes
lakrass Dec 11, 2024
35e96fc
added trailing line
lakrass Dec 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,28 @@
- Add support for proxy configuration
- Add support for system certificates with `vault_tls_certs_path` and `vault_tls_private_path`

## v2.5.9
- Add ability to install Vault Enterprise via HashiCorp Repo
- Removed check of non-existent variable "vault_install_remote_repo" in tasks/main.yml
- Bumped Vault version to v1.18.2
- Revamped Readme

## v2.5.8
- Add vault_unauthenticated_metrics_access to listener

## v2.5.7
- Added support for useful options when running Vault behind a load balancer

## v2.5.6
- Fix systemd forking process bug that prevents to stop/restart vault properly
- Use exec to replace the calling process which effectively nullify the forkin problem

## v2.5.5
- become_user vault_user when modifying files in vault_home

## v2.5.4
- New installation instructions

## v2.5.3
- Add Prometheus telemetry support (thanks @bbayszczak)
- Add tag check_vault to to Vault status debug task (thanks @NorthFuture)
Expand Down
2 changes: 1 addition & 1 deletion defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
# Package variables
vault_version_suffix: "{{ '+prem' if vault_enterprise_premium else '' }}{{ '.hsm' if vault_enterprise_premium_hsm else '' }}"
vault_version: "{{ lookup('env', 'VAULT_VERSION') | default('1.18.2', true) }}{{ vault_version_suffix }}"
vault_version_repo_suffix: "-1"
vault_version_repo_suffix: "{{ '+ent' if vault_enterprise }}-1"
vault_architecture_map:
# this first entry seems... redundant (but it's required for reasons)
amd64: amd64
Expand Down
4 changes: 4 additions & 0 deletions role_variables.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1119,6 +1119,10 @@ Place the Vault Enterprise zip archive into `{{ role_path }}/files` and set
`vault_enterprise: true` or use the `VAULT_ENTERPRISE="true"` environment
variable. Attempts to download the package from `vault_zip_url` if zip is not found in files/.

Since v2.5.9 of this role you can also install Vault Enterprise via the HashiCorp Repo. In order to install Vault Enterprise via the HashiCorp Repo, set `vault_install_hashi_repo: true*` as well as `vault_enterprise: true`.

**Warning:** Non-Enterprise Package will be removed if already installed and vault_enterprise is set to *true* and vice versa.

## `vault_enterprise_premium`

- Set to True if using premium binary. Basically just includes "+prem" in "vault_version" var
Expand Down
13 changes: 10 additions & 3 deletions tasks/install_hashi_repo.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,19 +65,26 @@
name: "{{ vault_rhsm_repo_id }}"
state: enabled

- name: Ensure Enterprise package is not present when OSS is desired and vice versa
package:
name: "{{ 'vault' ~ ('-enterprise' if not (vault_enterprise | bool) else '') }}"
lakrass marked this conversation as resolved.
Show resolved Hide resolved
state: absent
become: true

- name: Install Vault package
package:
name: "{{ _vault_repo_pkg }}"
state: present
become: true
vars:
_vault_repo_pkg: "{% if (ansible_pkg_mgr in ['yum', 'dnf']) %}\
vault-{{ vault_version }}{{ vault_version_repo_suffix }}\
vault-{{ 'enterprise-' if (vault_enterprise | bool) else '' }}{{ vault_version }}{{ vault_version_repo_suffix }}\
{% elif (ansible_pkg_mgr == 'apt') %}\
vault={{ vault_version }}{{ vault_version_repo_suffix }}\
vault{{ '-enterprise' if (vault_enterprise | bool) else '' }}={{ vault_version }}{{ vault_version_repo_suffix }}\
{% else %}\
vault={{ vault_version }}{{ vault_version_repo_suffix }}\
vault{{ '-enterprise' if (vault_enterprise | bool) else '' }}={{ vault_version }}{{ vault_version_repo_suffix }}\
{% endif %}"
notify: Restart vault

- name: Mask default Vault config from package
become: true
Expand Down
3 changes: 1 addition & 2 deletions tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@
when:
- vault_enterprise | bool
- not vault_install_remotely | bool
- not vault_install_remote_repo | bool
- not vault_install_hashi_repo | bool
lakrass marked this conversation as resolved.
Show resolved Hide resolved
- installation_required | bool

- name: Install OS packages and Vault via control host
Expand All @@ -72,7 +72,6 @@
- name: Install Vault via HashiCorp repository
include_tasks: install_hashi_repo.yml
when:
- not vault_enterprise | bool
lakrass marked this conversation as resolved.
Show resolved Hide resolved
- not vault_install_remotely | bool
- vault_install_hashi_repo | bool
- installation_required | bool
Expand Down
2 changes: 1 addition & 1 deletion version.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
v2.5.2
v2.5.9