virtualhobbit
/ vault-auth.yaml
Last active
April 27, 2022 08:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Secret | |
| type: Opaque | |
| metadata: | |
| name: cert-manager-vault-approle | |
| namespace: cert-manager | |
| data: | |
| secretId: "<insert base64 secret here>" |
virtualhobbit
/ cheekyGist
Last active
January 13, 2022 10:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description="HashiCorp Vault Agent" | |
| Documentation=https://www.vaultproject.io/docs/ | |
| Requires=network-online.target | |
| After=network-online.target | |
| ConditionFileNotEmpty=/vault-agent/vault-agent.hcl | |
| StartLimitIntervalSec=60 | |
| StartLimitBurst=3 | |
| [Service] |
virtualhobbit
/ vault-agentCert.ctmpl.j2
Last active
January 11, 2022 20:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {% if ansible_os_family == "Windows" %} | |
| {% raw %}{{ with secret "pki/issue/mdb-lab-dot-com" "ttl=86400s" {% endraw %}"common_name={{ ansible_fqdn }}" "ip_sans={{ ansible_ip_addresses[0] }}"{% raw %} }}{% endraw %} | |
| {% elif ansible_os_family == "RedHat" %} | |
| {% raw %}{{ with secret "pki/issue/mdb-lab-dot-com" "ttl=86400s" {% endraw %}"common_name={{ ansible_fqdn }}" "ip_sans={{ ansible_default_ipv4.address }}"{% raw %} }}{% endraw %} | |
| {% endif %} | |
| {% raw %} | |
| {{ .Data.certificate }} | |
| {{ end }} | |
| {% endraw %} |
virtualhobbit
/ vault-agentKey.ctmpl.j2
Created
January 11, 2022 19:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {% if ansible_os_family == "Windows" %} | |
| {% raw %}{{ with secret "pki/issue/mdb-lab-dot-com" "ttl=86400s" {% endraw %}"common_name={{ ansible_fqdn }}" "ip_sans={{ ansible_ip_addresses[0] }}"{% raw %} }}{% endraw %} | |
| {% elif ansible_os_family == "RedHat" %} | |
| {% raw %}{{ with secret "pki/issue/mdb-lab-dot-com" "ttl=86400s" {% endraw %}"common_name={{ ansible_fqdn }}" "ip_sans={{ ansible_default_ipv4.address }}"{% raw %} }}{% endraw %} | |
| {% endif %} | |
| {% raw %} | |
| {{ .Data.private_key }} | |
| {{ end }} | |
| {% endraw %} |
virtualhobbit
/ vault-agent.hcl.j2
Last active
January 11, 2022 19:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pid_file = "/vault-agent/agent.pid" | |
| vault { | |
| address = "{{ vault_server }}" | |
| tls_skip_verify = true | |
| } | |
| auto_auth { | |
| method "approle" { | |
| config = { |
virtualhobbit
/ vault-agentinux.yml
Last active
January 11, 2022 19:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: Linux | |
| tasks: | |
| - name: Add repository | |
| yum_repository: | |
| name: hashicorp | |
| file: hashicorp | |
| description: Hashicorp Stable - $basearch | |
| baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/stable |
virtualhobbit
/ acl_sa_vault-agent.hcl
Created
January 10, 2022 15:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| path "pki/issue/mdb-lab-dot-com" { | |
| capabilities = ["create", "update"] | |
| } |
virtualhobbit
/ acl_sa_ansible.hcl
Last active
January 10, 2022 15:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| path "auth/approle/role/sa_vault-agent/role-id" { | |
| capabilities = [ "read" ] | |
| } | |
| path "auth/approle/role/sa_vault-agent/secret-id" { | |
| capabilities = [ "create", "update" ] | |
| } |
virtualhobbit
/ tests.json
Created
January 10, 2022 15:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var jsonData = JSON.parse(responseBody); | |
| postman.setEnvironmentVariable("token", jsonData.auth.client_token); |
virtualhobbit
/ cloudTemplate.yml
Last active
March 23, 2022 04:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resources: | |
| Cloud_Ansible_Tower_1: | |
| type: Cloud.Ansible.Tower | |
| metadata: | |
| layoutPosition: | |
| - 0 | |
| - 0 | |
| properties: | |
| host: '${resource.Cloud_vSphere_Machine_1.*}' | |
| account: NL-UTC-P-ANS-01 |