ai-workspace-infra/playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: run standalone vault without inventory group

Browse Source
This commit is contained in:
Haitao Pan 2026-06-14 10:54:22 +08:00
parent 2319c592fb
commit bfb6b17e29
1 changed files with 3 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
roles/vhosts/vault/tasks/main.yml
View File

@ -3,14 +3,14 @@
name: secret-manger
when:
- vault_deploy_mode == "kubernetes"
- inventory_hostname in groups[group]
- inventory_hostname in groups.get(group, [])
- name: Setup Vault Server on Kubernetes
script: files/setup.sh {{ domain }} {{ namespace }} {{ item.secret_name }} {{ vault_public_access | bool | lower }}
loop: "{{ tls }}"
when:
- vault_deploy_mode == "kubernetes"
- inventory_hostname in groups[group]
- inventory_hostname in groups.get(group, [])
- name: Install standalone Vault dependencies
ansible.builtin.apt:
@ -23,7 +23,6 @@
update_cache: true
when:
- vault_deploy_mode == "standalone"
- inventory_hostname in groups[group]
- name: Check standalone Vault binary
ansible.builtin.command: "{{ vault_binary_path }} version"
@ -32,7 +31,6 @@
failed_when: false
when:
- vault_deploy_mode == "standalone"
- inventory_hostname in groups[group]
- name: Download standalone Vault release
ansible.builtin.unarchive:
@ -42,7 +40,6 @@
mode: "0755"
when:
- vault_deploy_mode == "standalone"
- inventory_hostname in groups[group]
- vault_binary_check.rc != 0 or (vault_binary_check.stdout | default('')) is not search(vault_version)
- name: Ensure standalone Vault directories exist
@ -57,7 +54,6 @@
- "{{ vault_data_dir }}"
when:
- vault_deploy_mode == "standalone"
- inventory_hostname in groups[group]
- name: Deploy standalone Vault systemd service
ansible.builtin.copy:
@ -85,7 +81,6 @@
no_log: true
when:
- vault_deploy_mode == "standalone"
- inventory_hostname in groups[group]
- name: Start standalone Vault service
ansible.builtin.systemd:
@ -95,7 +90,6 @@
daemon_reload: true
when:
- vault_deploy_mode == "standalone"
- inventory_hostname in groups[group]
- name: Wait for standalone Vault API
ansible.builtin.uri:
@ -115,7 +109,6 @@
changed_when: false
when:
- vault_deploy_mode == "standalone"
- inventory_hostname in groups[group]
- name: Bootstrap Vault admin userpass auth
ansible.builtin.script: >-
@ -129,5 +122,5 @@
no_log: true
when:
- not ansible_check_mode
- inventory_hostname in groups[group]
- vault_deploy_mode == "standalone" or inventory_hostname in groups.get(group, [])
- vault_admin_init_enabled | bool