From 6b8c90605da22f239aaf94fa78e8b7629eec7657 Mon Sep 17 00:00:00 2001
From: kirby <kirby@hyrule.ovh>
Date: Thu, 22 May 2025 15:05:45 +0200
Subject: [PATCH] add vault role

---
 ansible/roles/vault/tasks/main.yml | 45 ++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 ansible/roles/vault/tasks/main.yml

diff --git a/ansible/roles/vault/tasks/main.yml b/ansible/roles/vault/tasks/main.yml
new file mode 100644
index 0000000..135f918
--- /dev/null
+++ b/ansible/roles/vault/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+
+- name: Remove hold on vault package
+  ansible.builtin.dpkg_selections:
+    name: vault
+    selection: install
+  tags: upgrade
+
+- name: Pause to let the operator step-down master is needed
+  ansible.builtin.pause:
+    prompt: "Run vault operator step-down if needed"
+    echo: no
+  when: "'<MasterNodeName>' in inventory_hostname"
+  tags: upgrade
+
+- name: Stopping vault service
+  ansible.builtin.systemd_service:
+    name: vault
+    state: stopped
+  tags: upgrade
+
+- name: Upgrading vault package
+  ansible.builtin.apt:
+    name: vault
+    update_cache: true
+    state: latest
+  tags: upgrade
+
+- name: Starting vault service
+  ansible.builtin.systemd_service:
+    name: vault
+    state: started
+  tags: upgrade
+
+- name: Set hold on vault package
+  ansible.builtin.dpkg_selections:
+    name: vault
+    selection: hold
+  tags: upgrade
+
+- name: Pause to unseal vault
+  ansible.builtin.pause:
+    prompt: "Go to vault interface and unseal the node : https://{{ inventory_hostname }}:8200"
+    echo: no
+  tags: upgrade