From 51322bde68b5e760ffa6e2a670486094ce96e49f Mon Sep 17 00:00:00 2001
From: zhenik <nikita.zhevnitskiy@gmail.com>
Date: Wed, 17 Jun 2020 10:17:09 +0200
Subject: [PATCH 1/5] add vault-config & systemd-config

---
 ansible/group_vars/all/variables.yml |  1 +
 ansible/templates/vault.hcl.j2       | 13 +++++++++++++
 ansible/templates/vault.service.j2   | 18 ++++++++++++++++++
 3 files changed, 32 insertions(+)
 create mode 100644 ansible/templates/vault.hcl.j2
 create mode 100644 ansible/templates/vault.service.j2

diff --git a/ansible/group_vars/all/variables.yml b/ansible/group_vars/all/variables.yml
index 33461de6..780a8e3d 100644
--- a/ansible/group_vars/all/variables.yml
+++ b/ansible/group_vars/all/variables.yml
@@ -2,6 +2,7 @@ hashicorp:
   daemons:
     - consul
     - nomad
+    - vault
   tools:
     terraform: 0.12.26
     consul-template: 0.25.0
diff --git a/ansible/templates/vault.hcl.j2 b/ansible/templates/vault.hcl.j2
new file mode 100644
index 00000000..d12480a1
--- /dev/null
+++ b/ansible/templates/vault.hcl.j2
@@ -0,0 +1,13 @@
+{% raw -%}
+ui = true
+
+storage "consul" {
+    address = "127.0.0.1:8500"
+    token = "b6e29626-e23d-98b4-e19f-c71a96fbdef7"
+}
+
+listener "tcp" {
+    address     = "127.0.0.1:8200"
+    tls_disable = 1
+}
+{%- endraw %}
\ No newline at end of file
diff --git a/ansible/templates/vault.service.j2 b/ansible/templates/vault.service.j2
new file mode 100644
index 00000000..3505627c
--- /dev/null
+++ b/ansible/templates/vault.service.j2
@@ -0,0 +1,18 @@
+[Unit]
+Description=vault agent
+Requisite=consul.service
+After=consul.service
+
+[Service]
+EnvironmentFile=-/etc/sysconfig/vault
+Environment=GOMAXPROCS=2
+Restart=on-failure
+ExecStartPre=/bin/sleep 35
+ExecStart=/usr/local/bin/vault server -dev -config=/etc/vault.d $OPTIONS
+ExecReload=/bin/kill -HUP $MAINPID
+KillSignal=SIGINT
+# https://www.vaultproject.io/docs/configuration#disable_mlock
+LimitMEMLOCK=infinity
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file

From 2e5782fbddfceeae3a6171e27cb2db8d9fbf95e1 Mon Sep 17 00:00:00 2001
From: zhenik <nikita.zhevnitskiy@gmail.com>
Date: Wed, 17 Jun 2020 12:43:35 +0200
Subject: [PATCH 2/5] update vault conf

---
 ansible/templates/vault.hcl.j2     | 5 +++++
 ansible/templates/vault.service.j2 | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ansible/templates/vault.hcl.j2 b/ansible/templates/vault.hcl.j2
index d12480a1..d5887a7d 100644
--- a/ansible/templates/vault.hcl.j2
+++ b/ansible/templates/vault.hcl.j2
@@ -1,5 +1,10 @@
 {% raw -%}
+
 ui = true
+disable_mlock = true
+
+api_addr      = "http://127.0.0.1:8200"
+cluster_addr  = "http://127.0.0.1:8201"
 
 storage "consul" {
     address = "127.0.0.1:8500"
diff --git a/ansible/templates/vault.service.j2 b/ansible/templates/vault.service.j2
index 3505627c..55c3d894 100644
--- a/ansible/templates/vault.service.j2
+++ b/ansible/templates/vault.service.j2
@@ -8,7 +8,7 @@ EnvironmentFile=-/etc/sysconfig/vault
 Environment=GOMAXPROCS=2
 Restart=on-failure
 ExecStartPre=/bin/sleep 35
-ExecStart=/usr/local/bin/vault server -dev -config=/etc/vault.d $OPTIONS
+ExecStart=/usr/local/bin/vault server -config=/etc/vault.d/config.hcl $OPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
 KillSignal=SIGINT
 # https://www.vaultproject.io/docs/configuration#disable_mlock

From f5152e70dac0a58dd2d577a6563cbe08e3ded187 Mon Sep 17 00:00:00 2001
From: zhenik <nikita.zhevnitskiy@gmail.com>
Date: Wed, 17 Jun 2020 12:43:53 +0200
Subject: [PATCH 3/5] add test; expose vault port

---
 test/Vagrantfile          | 2 ++
 test/ansible/playbook.yml | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/test/Vagrantfile b/test/Vagrantfile
index ba8fc3f4..ae8580d5 100644
--- a/test/Vagrantfile
+++ b/test/Vagrantfile
@@ -7,6 +7,8 @@ Vagrant.configure("2") do |config|
     config.vm.network "forwarded_port", guest: 8500, host: 8500, host_ip: "127.0.0.1"
     # Hashicorp nomad ui
     config.vm.network "forwarded_port", guest: 4646, host: 4646, host_ip: "127.0.0.1"
+    # Hashicorp vault ui
+    config.vm.network "forwarded_port", guest: 8200, host: 8200, host_ip: "127.0.0.1"
 
     config.vm.provider "virtualbox" do |vb|
         vb.memory = 2048
diff --git a/test/ansible/playbook.yml b/test/ansible/playbook.yml
index 26e0bdba..82a7a8fa 100644
--- a/test/ansible/playbook.yml
+++ b/test/ansible/playbook.yml
@@ -10,6 +10,14 @@
       until: result.status == 200
       retries: 60
       delay: 3
+    - name: Wait for vault to be available
+      uri:
+        url: http://127.0.0.1:8200/ui/
+        status_code: 200
+      register: result
+      until: result.status == 200
+      retries: 60
+      delay: 3
 
     - name: Terraform
       terraform:

From 3b365e9ff69daa791be831b966e19a5e06aca58e Mon Sep 17 00:00:00 2001
From: zhenik <nikita.zhevnitskiy@gmail.com>
Date: Thu, 18 Jun 2020 09:55:37 +0200
Subject: [PATCH 4/5] change to dev mode

---
 ansible/templates/vault.service.j2 | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/ansible/templates/vault.service.j2 b/ansible/templates/vault.service.j2
index 55c3d894..6d0230a7 100644
--- a/ansible/templates/vault.service.j2
+++ b/ansible/templates/vault.service.j2
@@ -4,14 +4,9 @@ Requisite=consul.service
 After=consul.service
 
 [Service]
-EnvironmentFile=-/etc/sysconfig/vault
-Environment=GOMAXPROCS=2
-Restart=on-failure
-ExecStartPre=/bin/sleep 35
-ExecStart=/usr/local/bin/vault server -config=/etc/vault.d/config.hcl $OPTIONS
+ExecStart=/usr/local/bin/vault server -dev -dev-root-token-id=root
 ExecReload=/bin/kill -HUP $MAINPID
 KillSignal=SIGINT
-# https://www.vaultproject.io/docs/configuration#disable_mlock
 LimitMEMLOCK=infinity
 
 [Install]

From 15ba91bc4e648650e59325a8eab1c32b89671f10 Mon Sep 17 00:00:00 2001
From: zhenik <nikita.zhevnitskiy@gmail.com>
Date: Thu, 18 Jun 2020 13:36:48 +0200
Subject: [PATCH 5/5] fix wait time for vault and config

---
 ansible/templates/vault.hcl.j2     | 25 +++++++++++++++----------
 ansible/templates/vault.service.j2 |  4 +++-
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/ansible/templates/vault.hcl.j2 b/ansible/templates/vault.hcl.j2
index d5887a7d..36e0c2a9 100644
--- a/ansible/templates/vault.hcl.j2
+++ b/ansible/templates/vault.hcl.j2
@@ -1,18 +1,23 @@
 {% raw -%}
 
-ui = true
-disable_mlock = true
+ui              = true
+disable_mlock   = true
 
-api_addr      = "http://127.0.0.1:8200"
-cluster_addr  = "http://127.0.0.1:8201"
+# (eth1 - default network)
 
-storage "consul" {
-    address = "127.0.0.1:8500"
-    token = "b6e29626-e23d-98b4-e19f-c71a96fbdef7"
+# (docker0)
+listener "tcp" {
+  address       = "172.17.0.1:8200"
+  tls_disable   = 1
 }
-
+# (eth0)
+listener "tcp" {
+  address       = "10.0.2.15:8200"
+  tls_disable   = 1
+}
+# (eth1)
 listener "tcp" {
-    address     = "127.0.0.1:8200"
-    tls_disable = 1
+  address       = "10.0.3.10:8200"
+  tls_disable   = 1
 }
 {%- endraw %}
\ No newline at end of file
diff --git a/ansible/templates/vault.service.j2 b/ansible/templates/vault.service.j2
index 6d0230a7..e6f4b132 100644
--- a/ansible/templates/vault.service.j2
+++ b/ansible/templates/vault.service.j2
@@ -4,7 +4,9 @@ Requisite=consul.service
 After=consul.service
 
 [Service]
-ExecStart=/usr/local/bin/vault server -dev -dev-root-token-id=root
+Restart=on-failure
+ExecStartPre=/bin/sleep 25
+ExecStart=/usr/local/bin/vault server -dev -dev-root-token-id=root -config=/etc/vault.d/config.hcl
 ExecReload=/bin/kill -HUP $MAINPID
 KillSignal=SIGINT
 LimitMEMLOCK=infinity