fix(vault): ensure that vault binary dir is present (#34)

fix(vault): ensure that vault binary dir is present fix(vault): add unzip to image fix(vault): fix jinja tags in config template fix(security): closed https://github.com/brucellino/packer-templates/security/dependabot/2 --------- Signed-off-by: Bruce Becker <[email protected]>
brucellino · Mar 19, 2023 · 19dd1b1 · 19dd1b1
1 parent 6f42147
commit 19dd1b1
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 6 deletions.
diff --git a/requirements.txt b/requirements.txt
@@ -23,14 +23,14 @@ numpy==1.22.4
 packaging==20.9
 paramiko==2.8.1
 pluggy==0.13.1
-py==1.10.0
+py==1.11.0
 pycparser==2.20
 Pygments==2.14.0
 pyhcl==0.4.4
 PyNaCl==1.4.0
 pyparsing==2.4.7
-pytest==6.2.4
-pytest-testinfra==6.4.0
+pytest==7.2.0
+pytest-testinfra==7.0.0
 python-consul==1.1.0
 PyYAML==5.4.1
 requests==2.28.1

diff --git a/vault/playbook.yml b/vault/playbook.yml
@@ -13,6 +13,8 @@
       - jq
       - net-tools
       - curl
+      - unzip
+    region: "ams3"
   pre_tasks:
     - name: Wait
       ansible.builtin.pause:
@@ -38,10 +40,17 @@
         state: present
         create_home: false
         generate_ssh_key: false
+    - name: Ensure Vault bin dir
+      ansible.builtin.file:
+        path: "{{ vault_bin_dir }}"
+        state: directory
+        mode: 0777
+        owner: root
+        group: root
     - name: Get Vault
       ansible.builtin.unarchive:
         src: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip"
-        dest: "{{ vault_bin_dir }}/vault"
+        dest: "{{ vault_bin_dir }}"
         remote_src: true
         mode: 0777
         owner: root
@@ -61,8 +70,6 @@
         mode: 0660
         owner: vault
         group: vault
-        block_start_string: "{%"
-        block_end_string: "%}"
         variable_start_string: "[["
         variable_end_string: "]]"
         # validate:

diff --git a/vault/vault-do.pkr.hcl b/vault/vault-do.pkr.hcl
@@ -65,5 +65,9 @@ build {
   sources = ["source.digitalocean.server"]
   provisioner "ansible" {
     playbook_file = "playbook.yml"
+    extra_arguments = [
+      "--extra-vars",
+      "region=${var.region}"
+    ]
   }
 }
diff --git a/vault/vault.hcl.j2 b/vault/vault.hcl.j2
@@ -17,13 +17,15 @@ listener "tcp" {
   tls_disable = true
 }
 
+{% raw %}
 listener "tcp" {
   address = "{{ GetInterfaceIP \"eth0\" }}:8200"
   tls_disable = true
 }
 
 api_addr = "http://{{ GetInterfaceIP \"eth0\" }}:8200"
 cluster_addr = "http://{{ GetInterfaceIP \"eth0\" }}:8201"
+{% endraw %}
 
 {% if consul_agent | default (false) %}
 service_registration "consul" {