better tags, extend system default for ttls

Bryan Kendall · Bryan Kendall · commit 6002c63c7e87 · 2016-06-08T09:54:35.000-07:00
diff --git a/ansible/roles/vault/tasks/main.yml b/ansible/roles/vault/tasks/main.yml
@@ -21,6 +21,7 @@
     recurse=yes
 
 - name: copy vault config
+  tags: [ deploy ]
   become: true
   template:
     src=vault.hcl
diff --git a/ansible/roles/vault/templates/vault.hcl b/ansible/roles/vault/templates/vault.hcl
@@ -19,3 +19,5 @@ listener "tcp" {
   tls_cert_file = "/opt/vault/server/cert.pem"
   tls_key_file = "/opt/vault/server/key.pem"
 }
+
+max_lease_ttl = "8760h"
diff --git a/ansible/vault-values.yml b/ansible/vault-values.yml
@@ -61,8 +61,8 @@
       with_items:
         - type: "aws"
           config:
-            default_lease_ttl: "31536000s" # 1 year, in seconds
-            max_lease_ttl: "31536000s" # 1 year, in seconds
+            default_lease_ttl: "8760h" # 1 year, in hours
+            max_lease_ttl: "8760h" # 1 year, in hours
 
     - name: configure 1h aws root credentials
       run_once: true
diff --git a/ansible/vault.yml b/ansible/vault.yml
@@ -10,6 +10,7 @@
 
   tasks:
   - name: get seal status
+    tags: [ deploy ]
     uri:
       method=GET
       url=http://{{ ansible_default_ipv4.address }}:8200/v1/sys/seal-status
@@ -18,6 +19,7 @@
     register: seal_status
 
   - name: unseal vault
+    tags: [ deploy ]
     when: seal_status.json.sealed
     uri:
       method=PUT

Original file line number	Diff line number	Diff line change
`@@ -19,3 +19,5 @@ listener "tcp" {`
`19`	`19`	`tls_cert_file = "/opt/vault/server/cert.pem"`
`20`	`20`	`tls_key_file = "/opt/vault/server/key.pem"`
`21`	`21`	`}`
	`22`	`+`
	`23`	`+max_lease_ttl = "8760h"`