Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

config help with 3 node cluster with transit autounseal #343

Open
Dialgatrainer02 opened this issue Jun 24, 2024 · 0 comments
Open

config help with 3 node cluster with transit autounseal #343

Dialgatrainer02 opened this issue Jun 24, 2024 · 0 comments

Comments

@Dialgatrainer02
Copy link

Dialgatrainer02 commented Jun 24, 2024
edited
Loading

hello i have 4 vault instances i want 1 to just be a transit engine and the other 3 i want to be clustered and have ssh engine enbled (thats out of scope for this). when in setting upo the first vault using this role it stops at sealed but where do i get the unseal keys
how do i get the keys to unlock and do further configuration?

- name: setup autounseal vault
  hosts: autounseal
  roles:
    - role: ansible-community.ansible-vault
      vars:
        vault_listener_localhost_enable: true
        vault_install_hashi_repo: true
        vault_data_path: /opt/vault/data
        vault_harden_file_perms: true
        vault_cluster_disable: true
- name: install vault cluster
  hosts: vault_raft_servers
  roles:
    - role: ansible-community.ansible-vault
      vars:
        vault_listener_localhost_enable: true
        vault_install_hashi_repo: true
        vault_data_path: /opt/vault/data
        vault_harden_file_perms: true
        vault_cluster_name: home-lab
        vault_datacenter: home-lab
        vault_transit: true
        vault_transit_address: "{{ hostvars[groups['autounseal'][0]].ansible_host | ansible.utils.ipv4 }}"
        vault_transit_token: "{{ 'unsure how to grab yet' }}"

EDIT:
while trying to debug and understand more i got this error


TASK [ansible-community.ansible-vault : Vault main configuration] *********************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: : 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'ansible_default_ipv4'
fatal: [vault]: FAILED! => {"changed": false, "msg": "AnsibleUndefinedVariable: [\n{% for server in groups[vault_raft_group_name] %}\n  {\n    \"peer\": \"{{ server }}\",\n    \"api_addr\": \"{{ hostvars[server]['vault_api_addr'] |\n    default(vault_protocol + '://' + hostvars[server]['ansible_' + hostvars[server]['ansible_default_ipv4']['interface']]['ipv4']['address'] + ':' + (vault_port|string)) }}\"\n  },\n{% endfor %}\n]\n: 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'ansible_default_ipv4'"}

im unsure how my instance is unable to have an ip address while im sshed into it (they are lxc containers and only have one nic)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Dialgatrainer02