ansible-community · lakrass · Oct 24, 2024 · Oct 24, 2024 · Oct 24, 2024 · Oct 24, 2024
diff --git a/.gitignore b/.gitignore
@@ -9,3 +9,6 @@ examples/hosts
 files/vault
 files/vault*_SHA256SUMS
 meta/.galaxy_install_info
+.envrc
+.venv
+.direnv
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,27 @@
 - Add support for proxy configuration
 - Add support for system certificates with `vault_tls_certs_path` and `vault_tls_private_path`
 
+## v2.5.9
+- Add ability to install Vault Enterprise via HashiCorp Repo
+- Removed check of non-existent variable
+- Update Vault to v1.18.0
+
+## v2.5.8
+- Add vault_unauthenticated_metrics_access to listener
+
+## v2.5.7
+- Added support for useful options when running Vault behind a load balancer
+
+## v2.5.6
+- Fix systemd forking process bug that prevents to stop/restart vault properly
+- Use exec to replace the calling process which effectively nullify the forkin problem
+
+## v2.5.5
+- become_user vault_user when modifying files in vault_home
+
+## v2.5.4 
+- New installation instructions
+
 ## v2.5.3
 - Add Prometheus telemetry support (thanks @bbayszczak)
 - Add tag check_vault to to Vault status debug task (thanks @NorthFuture)

diff --git a/README.md b/README.md
@@ -97,13 +97,15 @@ The role defines variables in `defaults/main.yml`:
   - Will include "+prem" if vault_enterprise_premium=True
   - Will include ".hsm" if vault_enterprise_premium_hsm=True
 
-- Default value: 1.5.5
+- Default value: 1.18.0
 
 ### `vault_enterprise`
 
 - Set this to true when installing Vault Enterprise; this is not currently
   possible as a "remote only" install method
   - Can be overridden with `VAULT_ENTERPRISE` environment variable
+- When vault_install_hashi_repo is *true* it will install Vault Enterprise via the
+  repo
 - Default value: *false*
 
 ### `vault_pkg`
@@ -1240,6 +1242,11 @@ Place the Vault Enterprise zip archive into `{{ role_path }}/files` and set
 `vault_enterprise: true` or use the `VAULT_ENTERPRISE="true"` environment
 variable. Attempts to download the package from `vault_zip_url` if zip is not found in files/.
 
+Since v2.5.9 of this role you can also install Vault Enterprise via the HashiCorp
+Repo. In order to install Vault Enterprise via the HashiCorp Repo set `vault_install_hashi_repo: true*` as well as `vault_enterprise: true`.
+
+**Warning:** Non-Enterprise Package will be removed if already installed and vault_enterprise is set to *true* and vice versa. 
+
 ### `vault_enterprise_premium`
 
 - Set to True if using premium binary. Basically just includes "+prem" in "vault_version" var

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -6,7 +6,7 @@
 # ---------------------------------------------------------------------------
 
 # Package variables
-vault_version: "{{ lookup('env', 'VAULT_VERSION') | default('1.5.5', true) }}{{ '+prem' if vault_enterprise_premium else '' }}{{ '.hsm' if vault_enterprise_premium_hsm else '' }}"
+vault_version: "{{ lookup('env', 'VAULT_VERSION') | default('1.18.0', true) }}{{ '+prem' if vault_enterprise_premium else '' }}{{ '.hsm' if vault_enterprise_premium_hsm else '' }}"
 vault_architecture_map:
   # this first entry seems... redundant (but it's required for reasons)
   amd64: amd64

diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -0,0 +1,29 @@
+{
+  description = "A Nix-flake-based ansible development environment";
+
+  inputs.nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.2405.*.tar.gz";
+
+  outputs = { self, nixpkgs }:
+    let
+      supportedSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
+      forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f {
+        pkgs = import nixpkgs { inherit system; };
+      });
+    in
+    {
+      devShells = forEachSupportedSystem ({ pkgs }: {
+        default = pkgs.mkShell {
+          venvDir = ".venv";
+          packages = with pkgs; [ 
+            ansible
+            ansible-lint
+            python312
+          ] ++
+            (with pkgs.python312Packages; [
+              pip
+              venvShellHook
+            ]);
+        };
+      });
+    };
+}
diff --git a/tasks/install_hashi_repo.yml b/tasks/install_hashi_repo.yml
@@ -65,18 +65,24 @@
         name: "{{ vault_rhsm_repo_id }}"
         state: enabled
 
+- name: Ensure Enterprise package is not present when OSS is desired and vice versa
+  package:
+    name: "{{ 'vault' ~ ('-enterprise' if not (vault_enterprise | bool) else '') }}"
+    state: absent
+  become: true
+
 - name: Install Vault package
   package:
     name: "{{ _vault_repo_pkg }}"
     state: present
   become: true
   vars:
     _vault_repo_pkg: "{% if (ansible_pkg_mgr in ['yum', 'dnf']) %}\
-                  vault-{{ vault_version }}\
+                  vault-{{ 'enterprise-' if (vault_enterprise | bool) else '' }}{ vault_version }}\
                 {% elif (ansible_pkg_mgr == 'apt') %}\
-                  vault={{ vault_version }}\
+                  vault{{ '-enterprise' if (vault_enterprise | bool) else '' }}={{ vault_version }}\
                 {% else %}\
-                  vault={{ vault_version }}\
+                  vault{{ '-enterprise' if (vault_enterprise | bool) else '' }}={{ vault_version }}\
                 {% endif %}"
 
 - name: Mask default Vault config from package

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -58,7 +58,7 @@
   when:
     - vault_enterprise | bool
     - not vault_install_remotely | bool
-    - not vault_install_remote_repo | bool
+    - not vault_install_hashi_repo | bool
     - installation_required | bool
 
 - name: Install OS packages and Vault via control host
@@ -72,7 +72,6 @@
 - name: Install Vault via HashiCorp repository
   include_tasks: install_hashi_repo.yml
   when:
-    - not vault_enterprise | bool
     - not vault_install_remotely | bool
     - vault_install_hashi_repo | bool
     - installation_required | bool

diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-v2.5.2
+v2.5.9