--- - name: Install and configure OpenBao hosts: all connection: local become: true vars: openbao_version: "2.5.0" openbao_arch: "Linux_arm64" openbao_zip: "bao_{{ openbao_version }}_{{ openbao_arch }}.tar.gz" openbao_url: "https://github.com/openbao/openbao/releases/download/v{{ openbao_version }}/{{ openbao_zip }}" tasks: - name: Install packages ansible.builtin.apt: name: - unzip - curl state: present update_cache: true - name: Create OpenBao config dir ansible.builtin.file: path: /etc/openbao state: directory mode: "0755" - name: Create OpenBao data dir ansible.builtin.file: path: /opt/openbao/data state: directory mode: "0755" - name: Download OpenBao binary zip ansible.builtin.get_url: url: "{{ openbao_url }}" dest: "/tmp/{{ openbao_zip }}" mode: "0644" - name: Unarchive OpenBao binary ansible.builtin.unarchive: src: "/tmp/{{ openbao_zip }}" dest: /usr/local/bin/ remote_src: true mode: "0755" - name: Write OpenBao config ansible.builtin.copy: dest: /etc/openbao/openbao.hcl mode: "0644" content: | ui = true disable_mlock = true storage "file" { path = "/opt/openbao/data" } listener "tcp" { address = "0.0.0.0:8200" tls_disable = true } api_addr = "http://127.0.0.1:8200" - name: Create systemd unit ansible.builtin.copy: dest: /etc/systemd/system/openbao.service mode: "0644" content: | [Unit] Description=OpenBao After=network-online.target Wants=network-online.target [Service] User=root Group=root ExecStart=/usr/local/bin/bao server -config=/etc/openbao/openbao.hcl ExecReload=/bin/kill --signal HUP $MAINPID KillMode=process Restart=on-failure RestartSec=5 LimitNOFILE=65536 MemorySwapMax=0 [Install] WantedBy=multi-user.target notify: Restart OpenBao - name: Enable and start OpenBao ansible.builtin.systemd: name: openbao enabled: true state: started daemon_reload: true handlers: - name: Restart OpenBao ansible.builtin.systemd: name: openbao state: restarted