Skip to content

Commit

Permalink
vault api health check via the actual vault api address
Browse files Browse the repository at this point in the history
  • Loading branch information
FalcoSuessgott authored and bbaassssiiee committed Dec 9, 2021
1 parent 49941b4 commit dddc74c
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 1 deletion.
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -824,6 +824,11 @@ available starting at Vault version 1.4.
- Default value: `"{{ vault_protocol }}://{{ vault_redirect_address or hostvars[inventory_hostname]['ansible_'+vault_iface]['ipv4']['address'] }}:{{ vault_port }}"`
- vault_redirect_address is kept for backward compatibility but is deprecated.

### `vault_disable_api_health_check`

- flag for disabling the health check on vaults api address
- Default value: `false`

### `vault_cluster_disable`

- Disable HA clustering
Expand Down
1 change: 1 addition & 0 deletions defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ vault_cluster_disable: false
vault_cluster_address: "{{ hostvars[inventory_hostname]['ansible_'+vault_iface]['ipv4']['address'] }}:{{ (vault_port | int) + 1}}"
vault_cluster_addr: "{{ vault_protocol }}://{{ vault_cluster_address }}"
vault_api_addr: "{{ vault_protocol }}://{{ vault_redirect_address | default(hostvars[inventory_hostname]['ansible_'+vault_iface]['ipv4']['address']) }}:{{ vault_port }}"
vault_disable_api_health_check: false

vault_max_lease_ttl: "768h"
vault_default_lease_ttl: "768h"
Expand Down
6 changes: 5 additions & 1 deletion tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -351,7 +351,7 @@
no_proxy: "{{ vault_address }}"
uri:
validate_certs: "{{ validate_certs_during_api_reachable_check | bool }}"
url: "{{ vault_addr_protocol }}://{{ vault_hostname | default(vault_addr, true) }}:{{ vault_port }}/v1/sys/health"
url: "{{ vault_api_addr }}/v1/sys/health"
method: GET
# 200 if initialized, unsealed, and active
# 429 if unsealed and standby
Expand All @@ -369,9 +369,13 @@
changed_when: false
tags:
- check_vault
when:
- not vault_disable_api_health_check | bool

- name: Vault status
debug:
msg: "Vault is {{ vault_http_status[check_result.status|string] }}"
tags:
- check_vault
when:
- not vault_disable_api_health_check | bool

0 comments on commit dddc74c

Please sign in to comment.