openBAO vault on vagrant

Merge pull request 'simple buntu example' (#1 ) from feature/simpleBuntu into main
Reviewed-on: #1
2026-04-28 15:17:44 +02:00 · 2026-04-28 13:57:15 +02:00
2 changed files with 125 additions and 0 deletions
--- a/openBao/Vagrantfile
+++ b/openBao/Vagrantfile
@@ -0,0 +1,23 @@
+Vagrant.configure("2") do |config|
+  config.vm.box = "utm/ubuntu-24.04"
+  config.vm.hostname = "lake-lab01"
+
+  config.vm.provider :utm do |u|
+    u.name = "lake lab01"
+    u.cpus = 2
+    u.memory = 2048
+  end
+
+  config.vm.network "forwarded_port", guest: 8200, host: 8200
+
+  config.vm.provision "shell", inline: <<-SHELL
+    set -eux
+    apt-get update
+    apt-get install -y ansible
+  SHELL
+
+  config.vm.provision "ansible_local" do |ansible|
+    ansible.playbook = "/vagrant/ansible/site.yaml"
+    ansible.install = false
+  end
+end
--- a/openBao/ansible/site.yaml
+++ b/openBao/ansible/site.yaml
@@ -0,0 +1,102 @@
+---
+- name: Install and configure OpenBao
+  hosts: all
+  connection: local
+  become: true
+
+  vars:
+    openbao_version: "2.5.0"
+    openbao_arch: "Linux_arm64"
+    openbao_zip: "bao_{{ openbao_version }}_{{ openbao_arch }}.tar.gz"
+    openbao_url: "https://github.com/openbao/openbao/releases/download/v{{ openbao_version }}/{{ openbao_zip }}"
+
+  tasks:
+    - name: Install packages
+      ansible.builtin.apt:
+        name:
+          - unzip
+          - curl
+        state: present
+        update_cache: true
+
+    - name: Create OpenBao config dir
+      ansible.builtin.file:
+        path: /etc/openbao
+        state: directory
+        mode: "0755"
+
+    - name: Create OpenBao data dir
+      ansible.builtin.file:
+        path: /opt/openbao/data
+        state: directory
+        mode: "0755"
+
+    - name: Download OpenBao binary zip
+      ansible.builtin.get_url:
+        url: "{{ openbao_url }}"
+        dest: "/tmp/{{ openbao_zip }}"
+        mode: "0644"
+
+    - name: Unarchive OpenBao binary
+      ansible.builtin.unarchive:
+        src: "/tmp/{{ openbao_zip }}"
+        dest: /usr/local/bin/
+        remote_src: true
+        mode: "0755"
+
+    - name: Write OpenBao config
+      ansible.builtin.copy:
+        dest: /etc/openbao/openbao.hcl
+        mode: "0644"
+        content: |
+          ui = true
+          disable_mlock = true
+
+          storage "file" {
+            path = "/opt/openbao/data"
+          }
+
+          listener "tcp" {
+            address     = "0.0.0.0:8200"
+            tls_disable = true
+          }
+
+          api_addr = "http://127.0.0.1:8200"
+
+    - name: Create systemd unit
+      ansible.builtin.copy:
+        dest: /etc/systemd/system/openbao.service
+        mode: "0644"
+        content: |
+          [Unit]
+          Description=OpenBao
+          After=network-online.target
+          Wants=network-online.target
+
+          [Service]
+          User=root
+          Group=root
+          ExecStart=/usr/local/bin/bao server -config=/etc/openbao/openbao.hcl
+          ExecReload=/bin/kill --signal HUP $MAINPID
+          KillMode=process
+          Restart=on-failure
+          RestartSec=5
+          LimitNOFILE=65536
+          MemorySwapMax=0
+
+          [Install]
+          WantedBy=multi-user.target
+      notify: Restart OpenBao
+
+    - name: Enable and start OpenBao
+      ansible.builtin.systemd:
+        name: openbao
+        enabled: true
+        state: started
+        daemon_reload: true
+
+  handlers:
+    - name: Restart OpenBao
+      ansible.builtin.systemd:
+        name: openbao
+        state: restarted
Author	SHA1	Message	Date
jnielsen-monster	a945eeacb9	openBAO vault on vagrant	2026-04-28 15:17:44 +02:00
Martin Cholewa	f68595526e	Merge pull request 'simple buntu example' (#1 ) from feature/simpleBuntu into main Reviewed-on: #1	2026-04-28 13:57:15 +02:00