From e0742fba6d1553bc375b022ca6e656abbcd45dc0 Mon Sep 17 00:00:00 2001
From: ismoilovdevml <ismoilovdevarchlinux@gmail.com>
Date: Mon, 11 Nov 2024 21:37:06 +0500
Subject: [PATCH] [FIX] bugs fixed

---
 Ansible/hashicorp-vault/configure_vault.yml | 70 +++++++++++++++++++++
 Ansible/hashicorp-vault/install_package.yml | 15 ++---
 Ansible/hashicorp-vault/vars.yml            |  5 ++
 Ansible/hashicorp-vault/vault.hcl.j2        | 10 +++
 4 files changed, 89 insertions(+), 11 deletions(-)
 create mode 100644 Ansible/hashicorp-vault/configure_vault.yml
 create mode 100644 Ansible/hashicorp-vault/vars.yml
 create mode 100644 Ansible/hashicorp-vault/vault.hcl.j2

diff --git a/Ansible/hashicorp-vault/configure_vault.yml b/Ansible/hashicorp-vault/configure_vault.yml
new file mode 100644
index 00000000..a9cf918e
--- /dev/null
+++ b/Ansible/hashicorp-vault/configure_vault.yml
@@ -0,0 +1,70 @@
+---
+- name: Configure HashiCorp Vault
+  hosts: all
+  become: yes
+  gather_facts: yes
+  vars_files:
+    - vars.yml
+  tasks:
+    - name: Create Vault configuration directory
+      ansible.builtin.file:
+        path: "{{ vault_config_path }}"
+        state: directory
+        owner: vault
+        group: vault
+        mode: '0755'
+
+    - name: Create Vault data directory
+      ansible.builtin.file:
+        path: "{{ vault_data_path }}"
+        state: directory
+        owner: vault
+        group: vault
+        mode: '0755'
+
+    - name: Create Vault configuration file
+      ansible.builtin.template:
+        src: vault.hcl.j2
+        dest: "{{ vault_config_path }}/vault.hcl"
+        owner: vault
+        group: vault
+        mode: '0644'
+      notify: Restart Vault
+
+    - name: Enable and start Vault service
+      ansible.builtin.systemd:
+        name: vault
+        enabled: yes
+        state: started
+
+    - name: Check if Vault is already initialized
+      command: vault status
+      register: vault_status
+      failed_when: false
+      changed_when: false
+      environment:
+        VAULT_ADDR: "http://127.0.0.1:8200"
+
+    - name: Initialize Vault
+      command: vault operator init -format=json
+      register: vault_init
+      when: "'Initialized' not in vault_status.stdout"
+      environment:
+        VAULT_ADDR: "http://127.0.0.1:8200"
+
+    - name: Display Unseal Keys and Root Token
+      debug:
+        msg: |
+          Unseal Keys:
+          {% for key in vault_init.json.unseal_keys_b64 %}
+          - {{ key }}
+          {% endfor %}
+          Root Token: {{ vault_init.json.root_token }}
+      when: vault_init is defined and 'unseal_keys_b64' in vault_init.json
+      failed_when: vault_init.json is not defined
+
+  handlers:
+    - name: Restart Vault
+      ansible.builtin.systemd:
+        name: vault
+        state: restarted
\ No newline at end of file
diff --git a/Ansible/hashicorp-vault/install_package.yml b/Ansible/hashicorp-vault/install_package.yml
index 0e34cb85..723206df 100644
--- a/Ansible/hashicorp-vault/install_package.yml
+++ b/Ansible/hashicorp-vault/install_package.yml
@@ -1,8 +1,10 @@
 ---
-- name: Install HashiCorp Vault on multiple operating systems
+- name: Install and Configure HashiCorp Vault
   hosts: all
   become: yes
   gather_facts: yes
+  vars_files:
+    - vars.yml
   tasks:
     - name: Add HashiCorp GPG key for Ubuntu/Debian
       ansible.builtin.apt_key:
@@ -88,13 +90,4 @@
       ansible.builtin.yum:
         name: vault
         state: present
-      when: ansible_facts['os_family'] == "Amazon"
-
-    - name: Verify Vault installation and display version
-      ansible.builtin.shell: "vault --version"
-      register: vault_version
-      changed_when: false
-
-    - name: Display Vault installation success message
-      ansible.builtin.debug:
-        msg: "HashiCorp Vault installation successful! Version: {{ vault_version.stdout }}"
\ No newline at end of file
+      when: ansible_facts['os_family'] == "Amazon"
\ No newline at end of file
diff --git a/Ansible/hashicorp-vault/vars.yml b/Ansible/hashicorp-vault/vars.yml
new file mode 100644
index 00000000..40686036
--- /dev/null
+++ b/Ansible/hashicorp-vault/vars.yml
@@ -0,0 +1,5 @@
+---
+vault_config_path: /etc/vault.d
+vault_data_path: /opt/vault/data
+vault_listen_address: "0.0.0.0:8200"
+vault_api_addr: "http://127.0.0.1:8200"
\ No newline at end of file
diff --git a/Ansible/hashicorp-vault/vault.hcl.j2 b/Ansible/hashicorp-vault/vault.hcl.j2
new file mode 100644
index 00000000..b8c1881b
--- /dev/null
+++ b/Ansible/hashicorp-vault/vault.hcl.j2
@@ -0,0 +1,10 @@
+storage "file" {
+  path = "{{ vault_data_path }}"
+}
+
+listener "tcp" {
+  address     = "{{ vault_listen_address }}"
+  tls_disable = 1
+}
+
+api_addr = "{{ vault_api_addr }}"
\ No newline at end of file