ansible-vault icon indicating copy to clipboard operation
ansible-vault copied to clipboard

Published 20 hours ago verified publisher icon ansible-community

config help with 3 node cluster with transit autounseal

Open Dialgatrainer02 opened this issue 1 year ago • 1 comments

hello i have 4 vault instances i want 1 to just be a transit engine and the other 3 i want to be clustered and have ssh engine enbled (thats out of scope for this). when in setting upo the first vault using this role it stops at sealed but where do i get the unseal keys how do i get the keys to unlock and do further configuration?

- name: setup autounseal vault
  hosts: autounseal
  roles:
    - role: ansible-community.ansible-vault
      vars:
        vault_listener_localhost_enable: true
        vault_install_hashi_repo: true
        vault_data_path: /opt/vault/data
        vault_harden_file_perms: true
        vault_cluster_disable: true
- name: install vault cluster
  hosts: vault_raft_servers
  roles:
    - role: ansible-community.ansible-vault
      vars:
        vault_listener_localhost_enable: true
        vault_install_hashi_repo: true
        vault_data_path: /opt/vault/data
        vault_harden_file_perms: true
        vault_cluster_name: home-lab
        vault_datacenter: home-lab
        vault_transit: true
        vault_transit_address: "{{ hostvars[groups['autounseal'][0]].ansible_host | ansible.utils.ipv4 }}"
        vault_transit_token: "{{ 'unsure how to grab yet' }}"

EDIT: while trying to debug and understand more i got this error


TASK [ansible-community.ansible-vault : Vault main configuration] *********************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: : 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'ansible_default_ipv4'
fatal: [vault]: FAILED! => {"changed": false, "msg": "AnsibleUndefinedVariable: [\n{% for server in groups[vault_raft_group_name] %}\n  {\n    \"peer\": \"{{ server }}\",\n    \"api_addr\": \"{{ hostvars[server]['vault_api_addr'] |\n    default(vault_protocol + '://' + hostvars[server]['ansible_' + hostvars[server]['ansible_default_ipv4']['interface']]['ipv4']['address'] + ':' + (vault_port|string)) }}\"\n  },\n{% endfor %}\n]\n: 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'ansible_default_ipv4'"}

im unsure how my instance is unable to have an ip address while im sshed into it (they are lxc containers and only have one nic)

Dialgatrainer02 avatar Jun 24 '24 13:06 Dialgatrainer02