moved vault_port to common_vars (#9)

Co-authored-by: $GITHUB_ACTOR <[email protected]>
itential · Jun 14, 2024 · cb52501 · cb52501
1 parent 73d7f12
commit cb52501
Show file tree

Hide file tree

Showing 9 changed files with 11 additions and 12 deletions.
diff --git a/docs/vault_guide.md b/docs/vault_guide.md
@@ -38,6 +38,7 @@ The following table lists the default variables that are shared between the Vaul
 | Variable | Group | Type | Description | Default Value
 | :------- | :---- | :--- | :---------- | :------------
 | `vault_group` | `all` | String | The Vault Linux group. | `vault`
+| `vault_port` | `all` | Integer | The Vault listen port. | `8200`
 
 
 ## Vault Role Variables
@@ -50,7 +51,6 @@ The following table lists the default variables located in `roles/vault/defaults
 | :------- | :---- | :--- | :---------- | :------------
 | `vault_install` | `vault` | Boolean | Flag to enable Vault installation. | `false`
 | `vault_dir` | `vault` | String | The Vault data directory. | `/opt/vault`
-| `vault_port` | `all` | Integer | The Vault listen port. | `8200`
 | `vault_cluster_port` | `vault` | Integer | The Vault cluster communication port. | `8201`
 | `vault_user` | `all` | String |The Vault Linux user. | `vault`
 

diff --git a/roles/common_vars/defaults/main/vault.yml b/roles/common_vars/defaults/main/vault.yml
@@ -1,5 +1,7 @@
 # Copyright (c) 2024, Itential, Inc
 # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
----
 # The default group that runs vault
 vault_group: vault
+
+# The default port of the vault server
+vault_port: 8200
diff --git a/roles/platform/templates/2021.1-properties.j2 b/roles/platform/templates/2021.1-properties.j2
@@ -16,7 +16,7 @@
 {# Build Vault props #}
 {% set vaultProps = None %}
 {% if configure_vault | bool %}
-  {% set vaultProps = dict(url = "http://" ~ hostvars[groups['vault'][0]].inventory_hostname ~ ":8200", token = vault_install_dir ~ "/token.txt", endpoint = "kv-v2/data" ) %}
+  {% set vaultProps = dict(url = "http://" ~ hostvars[groups['vault'][0]].inventory_hostname ~ ":" ~ vault_port, token = vault_install_dir ~ "/token.txt", endpoint = "kv-v2/data" ) %}
 {% endif %}
 {# Build SSL props #}
 {% set acceptInvalidCerts = True %}

diff --git a/roles/platform/templates/2021.2-properties.j2 b/roles/platform/templates/2021.2-properties.j2
@@ -16,7 +16,7 @@
 {# Build Vault props #}
 {% set vaultProps = None %}
 {% if configure_vault | bool %}
-  {% set vaultProps = dict(url = "http://" ~ hostvars[groups['vault'][0]].inventory_hostname ~ ":8200", token = vault_install_dir ~ "/token.txt", endpoint = "kv-v2/data" ) %}
+  {% set vaultProps = dict(url = "http://" ~ hostvars[groups['vault'][0]].inventory_hostname ~ ":" ~ vault_port, token = vault_install_dir ~ "/token.txt", endpoint = "kv-v2/data" ) %}
 {% endif %}
 {# Build SSL props #}
 {% set acceptInvalidCerts = True %}

diff --git a/roles/platform/templates/2022.1-properties.j2 b/roles/platform/templates/2022.1-properties.j2
@@ -16,7 +16,7 @@
 {# Build Vault props #}
 {% set vaultProps = None %}
 {% if configure_vault | bool %}
-  {% set vaultProps = dict(url = "http://" ~ hostvars[groups['vault'][0]].inventory_hostname ~ ":8200", token = vault_install_dir ~ "/token.txt", endpoint = "kv-v2/data" ) %}
+  {% set vaultProps = dict(url = "http://" ~ hostvars[groups['vault'][0]].inventory_hostname ~ ":" ~ vault_port, token = vault_install_dir ~ "/token.txt", endpoint = "kv-v2/data" ) %}
 {% endif %}
 {# Build SSL props #}
 {% set acceptInvalidCerts = True %}

diff --git a/roles/platform/templates/2023.1-properties.j2 b/roles/platform/templates/2023.1-properties.j2
@@ -43,7 +43,7 @@ defined in the host file.
 {# Build Vault props #}
 {% set vaultProps = None %}
 {% if configure_vault | bool %}
-  {% set vaultProps = dict(url = "http://" ~ hostvars[groups['vault'][0]].inventory_hostname ~ ":8200", token = vault_install_dir ~ "/token.txt", endpoint = "kv-v2/data" ) %}
+  {% set vaultProps = dict(url = "http://" ~ hostvars[groups['vault'][0]].inventory_hostname ~ ":" ~ vault_port, token = vault_install_dir ~ "/token.txt", endpoint = "kv-v2/data" ) %}
 {% endif %}
 {
   "id": "{{ profile_name }}",

diff --git a/roles/platform/templates/2023.2-properties.j2 b/roles/platform/templates/2023.2-properties.j2
@@ -43,7 +43,7 @@ defined in the host file.
 {# Build Vault props #}
 {% set vaultProps = None %}
 {% if configure_vault | bool %}
-  {% set vaultProps = dict(url = "http://" ~ hostvars[groups['vault'][0]].inventory_hostname ~ ":8200", token = vault_install_dir ~ "/token.txt", endpoint = "kv-v2/data" ) %}
+  {% set vaultProps = dict(url = "http://" ~ hostvars[groups['vault'][0]].inventory_hostname ~ ":" ~ vault_port, token = vault_install_dir ~ "/token.txt", endpoint = "kv-v2/data" ) %}
 {% endif %}
 {
   "id": "{{ profile_name }}",

diff --git a/roles/vault/defaults/main.yaml b/roles/vault/defaults/main.yaml
@@ -7,9 +7,6 @@ vault_install: false
 # The default directory to store vault data and other config data
 vault_dir: /opt/vault
 
-# The default port of the vault server
-vault_port: 8200
-
 # The default port used by vault clusters to communicate with eachother
 vault_cluster_port: 8201
 

diff --git a/roles/vault/tasks/main.yaml b/roles/vault/tasks/main.yaml
@@ -71,10 +71,10 @@
     group: root
     mode: "0644"
 
-- name: Enable and start vault
+- name: Enable and restart vault
   ansible.builtin.systemd:
     name: vault
-    state: started
+    state: restarted
     enabled: true
     daemon_reload: true