This lab is intended for testing hashicorp vault integration with Ansible Automation Platform
- helm (https://github.com/helm/helm/releases)
- oc (https://docs.openshift.com/container-platform/4.6/cli_reference/openshift_cli/getting-started-cli.html)
- ansible 2.9+
Kubernetes namespace can be set with the vault_namespace variable. By default this is set to the value of $(oc whoami | cut -f1 -d"@") + '-' + vault-lab
ansible-playbook deploy_vault.yml -e "vault_namespace=<my-namespace>"
- Clone repo:
git clone https://github.com/benjdudas/hashi_vault_lab.git && cd ./hashi_vault_lab
- Install required Ansible Collections:
ansible-galaxy collection install -r ./collections/requirements.yml
- Deploy hashicorp vault:
ansible-playbook deploy_vault.yml
- Verify installation using:
/bin/sh -c 'oc get all -n $(oc whoami | cut -f1 -d"@")-vault-lab'
- Initialize Vault and save token/unseal keys to a local file
token_seal:
/bin/sh -c 'oc exec -ti vault-0 -n $(oc whoami | cut -f1 -d"@")-vault-lab -- vault operator init |tee token_seal'
- Open Hashicorp Vault UI. To use the command below, json-query must be installed (
sudo dnf install jq)
/bin/sh -c 'gio open http://$(oc get route vault-route -n $(oc whoami | cut -f1 -d"@")-vault-lab -o json | jq -r .spec.host)'
- Using 3 of the unseal keys listed in step 2, unseal Vault and login using the "Initial Root Token"
ansible-playbook delete_vault.yml