From a945eeacb9c4fe4c4824f8ab28a2d4ef547a1816 Mon Sep 17 00:00:00 2001 From: jnielsen-monster Date: Tue, 28 Apr 2026 15:17:44 +0200 Subject: [PATCH] openBAO vault on vagrant --- openBao/Vagrantfile | 23 +++++++++ openBao/ansible/site.yaml | 102 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 125 insertions(+) create mode 100644 openBao/Vagrantfile create mode 100644 openBao/ansible/site.yaml diff --git a/openBao/Vagrantfile b/openBao/Vagrantfile new file mode 100644 index 0000000..6d3deaa --- /dev/null +++ b/openBao/Vagrantfile @@ -0,0 +1,23 @@ +Vagrant.configure("2") do |config| + config.vm.box = "utm/ubuntu-24.04" + config.vm.hostname = "lake-lab01" + + config.vm.provider :utm do |u| + u.name = "lake lab01" + u.cpus = 2 + u.memory = 2048 + end + + config.vm.network "forwarded_port", guest: 8200, host: 8200 + + config.vm.provision "shell", inline: <<-SHELL + set -eux + apt-get update + apt-get install -y ansible + SHELL + + config.vm.provision "ansible_local" do |ansible| + ansible.playbook = "/vagrant/ansible/site.yaml" + ansible.install = false + end +end \ No newline at end of file diff --git a/openBao/ansible/site.yaml b/openBao/ansible/site.yaml new file mode 100644 index 0000000..1c0420f --- /dev/null +++ b/openBao/ansible/site.yaml @@ -0,0 +1,102 @@ +--- +- name: Install and configure OpenBao + hosts: all + connection: local + become: true + + vars: + openbao_version: "2.5.0" + openbao_arch: "Linux_arm64" + openbao_zip: "bao_{{ openbao_version }}_{{ openbao_arch }}.tar.gz" + openbao_url: "https://github.com/openbao/openbao/releases/download/v{{ openbao_version }}/{{ openbao_zip }}" + + tasks: + - name: Install packages + ansible.builtin.apt: + name: + - unzip + - curl + state: present + update_cache: true + + - name: Create OpenBao config dir + ansible.builtin.file: + path: /etc/openbao + state: directory + mode: "0755" + + - name: Create OpenBao data dir + ansible.builtin.file: + path: /opt/openbao/data + state: directory + mode: "0755" + + - name: Download OpenBao binary zip + ansible.builtin.get_url: + url: "{{ openbao_url }}" + dest: "/tmp/{{ openbao_zip }}" + mode: "0644" + + - name: Unarchive OpenBao binary + ansible.builtin.unarchive: + src: "/tmp/{{ openbao_zip }}" + dest: /usr/local/bin/ + remote_src: true + mode: "0755" + + - name: Write OpenBao config + ansible.builtin.copy: + dest: /etc/openbao/openbao.hcl + mode: "0644" + content: | + ui = true + disable_mlock = true + + storage "file" { + path = "/opt/openbao/data" + } + + listener "tcp" { + address = "0.0.0.0:8200" + tls_disable = true + } + + api_addr = "http://127.0.0.1:8200" + + - name: Create systemd unit + ansible.builtin.copy: + dest: /etc/systemd/system/openbao.service + mode: "0644" + content: | + [Unit] + Description=OpenBao + After=network-online.target + Wants=network-online.target + + [Service] + User=root + Group=root + ExecStart=/usr/local/bin/bao server -config=/etc/openbao/openbao.hcl + ExecReload=/bin/kill --signal HUP $MAINPID + KillMode=process + Restart=on-failure + RestartSec=5 + LimitNOFILE=65536 + MemorySwapMax=0 + + [Install] + WantedBy=multi-user.target + notify: Restart OpenBao + + - name: Enable and start OpenBao + ansible.builtin.systemd: + name: openbao + enabled: true + state: started + daemon_reload: true + + handlers: + - name: Restart OpenBao + ansible.builtin.systemd: + name: openbao + state: restarted