Add RHEL/CentOS 6/7 support

trevorr · Aug 18, 2016 · 773e92e · 773e92e
1 parent c4364c0
commit 773e92e
Show file tree

Hide file tree

Showing 7 changed files with 110 additions and 26 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -3,6 +3,7 @@
 
 vault_version: 0.6.0
 vault_sha256sum: 283b4f591da8a4bf92067bf9ff5b70249f20705cc963bea96ecaf032911f27c2
+vault_install_dir: /usr/local/bin
 
 vault_backend: consul
 vault_disable_mlock: false
@@ -55,3 +56,6 @@ vault_listener_tcp_tls_min_version: tls12
 vault_telemetry_statsite_address: ''
 vault_telemetry_statsd_address: ''
 vault_telemetry_disable_hostname: false
+
+# upstart and systemd supported
+vault_service_mgr: "{{ ansible_service_mgr }}"
diff --git a/meta/main.yml b/meta/main.yml
@@ -32,12 +32,12 @@ galaxy_info:
   # platform on this list, let us know and we'll get it added!
   #
   platforms:
-  #- name: EL
-  #  versions:
+  - name: EL
+    versions:
   #  - all
   #  - 5
-  #  - 6
-  #  - 7
+    - 6
+    - 7
   #- name: GenericUNIX
   #  versions:
   #  - all

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -5,14 +5,6 @@
   include_vars: "{{ ansible_distribution }}.yml"
   tags: vault
 
-- include: CentOS.yml
-  when: ansible_distribution == "CentOS"
-  tags: vault
-
-- include: Ubuntu.yml
-  when: ansible_distribution == "Ubuntu"
-  tags: vault
-
 - name: Create Vault group
   group: name={{ vault_group }} system=yes state=present
   tags: vault
@@ -27,38 +19,95 @@
     state=present
   tags: vault
 
+- name: Create Vault directories
+  file: >
+    state=directory
+    path={{ item }}
+    owner=root
+    group=root
+    mode=0755
+  with_items:
+    - "{{ vault_install_dir }}"
+    - "{{ vault_config_dir }}"
+  tags: vault
+
+# Check before creating log dir to prevent aggressively overwriting permissions
+- name: Check for log directory
+  stat: >
+    path={{ vault_log_file|dirname }}
+  register: logdir
+
+- name: Create log directory if it does not exist
+  file: >
+    state=directory
+    path={{ vault_log_file|dirname }}
+    owner={{ vault_user }}
+    group={{ vault_group }}
+  when: not logdir.stat.exists
+
+- name: Touch log file
+  file: >
+    state=touch
+    path={{ vault_log_file }}
+    owner={{ vault_user }}
+    group={{ vault_group }}
+  changed_when: false
+
+- name: Check Vault archive stat
+  stat: path={{ vault_download_dir }}/{{ vault_archive }}
+  register: vault_archive_stat
+
 - name: Download Vault
   get_url: >
     url={{ vault_url }}
-    dest={{ vault_download_dir }}/vault.zip
+    dest={{ vault_download_dir }}/{{ vault_archive }}
     sha256sum={{ vault_sha256sum }}
+  when: not vault_archive_stat.stat.exists
   tags: vault
 
 - name: Unzip Vault to installation directory
-  command: unzip {{ vault_download_dir }}/vault.zip -d {{ vault_install_dir }}
-  args:
-    creates: "{{ vault_install_dir }}/vault"
+  unarchive: >
+    src={{ vault_download_dir }}/{{ vault_archive }}
+    dest={{ vault_install_dir }}
+    copy=no
+    creates={{ vault_install_dir }}/vault
   tags: vault
 
-- name: Create Vault configuration directory
-  file: >
-    path={{ vault_config_dir }}
-    owner=root
-    group=root
-    mode=0755
-    state=directory
+- name: Install libcap2-bin
+  apt: name=libcap2-bin state=latest
+  when: ansible_os_family == "Debian"
   tags: vault
 
 - name: Create Vault upstart configuration
   template: >
-    src=vault.conf.j2
+    src={{ ansible_os_family }}-vault.conf.j2
     dest=/etc/init/vault.conf
     owner=root
     group=root
     mode=0644
+  when: vault_service_mgr == "upstart"
   notify: restart vault
   tags: vault
 
+- name: Create Vault systemd configuration
+  template: >
+    src=templates/vault.systemd.j2
+    dest=/etc/systemd/system/vault.service
+    owner=root
+    group=root
+    mode=0644
+  when: vault_service_mgr == "systemd"
+  register: write_systemd_configuration
+  tags: vault
+  notify:
+    - reload systemd
+    - restart vault
+
+- name: Reload systemd configuration
+  command: systemctl daemon-reload
+  when: write_systemd_configuration|changed
+  tags: vault
+
 - name: Create Vault configuration file
   template: >
     src=vault.hcl.j2

diff --git a/templates/vault.conf.j2 → templates/Debian-vault.conf.j2 b/templates/vault.conf.j2 → templates/Debian-vault.conf.j2
diff --git a/templates/RedHat-vault.conf.j2 b/templates/RedHat-vault.conf.j2
@@ -0,0 +1,14 @@
+# RHEL/CentOS 6 compatible Upstart configuration
+description "Vault Service"
+
+start on (local-filesystems and net-device-up IFACE!=lo)
+stop on runlevel [016]
+
+respawn
+respawn limit 10 10
+kill timeout 10
+
+script
+  exec su -s /bin/sh -c 'exec "$0" "$@" &>>{{ vault_log_file }}' {{ vault_user }} -- \
+    {{ vault_install_dir }}/vault server -config {{ vault_config_dir }}/vault.hcl
+end script
diff --git a/templates/vault.systemd.j2 b/templates/vault.systemd.j2
@@ -0,0 +1,17 @@
+[Unit]
+Description=Vault Server
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+Environment="GOMAXPROCS=`nproc`"
+Restart=on-failure
+User={{ vault_user }}
+Group={{ vault_group }}
+PIDFile={{ vault_pid_file }}
+ExecStart={{ vault_install_dir }}/vault server -config {{ vault_config_dir }}/vault.hcl > {{ vault_log_file }} 2>&1
+ExecReload=/bin/kill -HUP $MAINPID
+KillSignal=SIGINT
+
+[Install]
+WantedBy=multi-user.target
diff --git a/vars/main.yml b/vars/main.yml
@@ -2,8 +2,8 @@
 # vars file for vault
 
 vault_url: https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip
-vault_download_dir: /root
-vault_install_dir: /usr/local/bin
+vault_archive: vault.zip
+vault_download_dir: /tmp
 vault_config_dir: /etc/vault.d
 vault_pid_file: /var/run/vault.pid
 vault_log_file: /var/log/vault.log