Skip to content

config help with 3 node cluster with transit autounseal #343

New issue
New issue
Open
Open
config help with 3 node cluster with transit autounseal#343
Labels
help wanted
@Dialgatrainer02

Description

@Dialgatrainer02
Dialgatrainer02
opened on Jun 24, 2024

hello i have 4 vault instances i want 1 to just be a transit engine and the other 3 i want to be clustered and have ssh engine enbled (thats out of scope for this). when in setting upo the first vault using this role it stops at sealed but where do i get the unseal keys
how do i get the keys to unlock and do further configuration?

- name: setup autounseal vault
  hosts: autounseal
  roles:
    - role: ansible-community.ansible-vault
      vars:
        vault_listener_localhost_enable: true
        vault_install_hashi_repo: true
        vault_data_path: /opt/vault/data
        vault_harden_file_perms: true
        vault_cluster_disable: true
- name: install vault cluster
  hosts: vault_raft_servers
  roles:
    - role: ansible-community.ansible-vault
      vars:
        vault_listener_localhost_enable: true
        vault_install_hashi_repo: true
        vault_data_path: /opt/vault/data
        vault_harden_file_perms: true
        vault_cluster_name: home-lab
        vault_datacenter: home-lab
        vault_transit: true
        vault_transit_address: "{{ hostvars[groups['autounseal'][0]].ansible_host | ansible.utils.ipv4 }}"
        vault_transit_token: "{{ 'unsure how to grab yet' }}"

EDIT:
while trying to debug and understand more i got this error


TASK [ansible-community.ansible-vault : Vault main configuration] *********************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: : 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'ansible_default_ipv4'
fatal: [vault]: FAILED! => {"changed": false, "msg": "AnsibleUndefinedVariable: [\n{% for server in groups[vault_raft_group_name] %}\n  {\n    \"peer\": \"{{ server }}\",\n    \"api_addr\": \"{{ hostvars[server]['vault_api_addr'] |\n    default(vault_protocol + '://' + hostvars[server]['ansible_' + hostvars[server]['ansible_default_ipv4']['interface']]['ipv4']['address'] + ':' + (vault_port|string)) }}\"\n  },\n{% endfor %}\n]\n: 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'ansible_default_ipv4'"}

im unsure how my instance is unable to have an ip address while im sshed into it (they are lxc containers and only have one nic)

Metadata

Metadata

Assignees

No one assigned

    Labels

    help wanted

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions