This repository contains Ansible playbooks for configuring and managing infrastructure components.
ansible/
├── .github/workflows/
│ └── deploy.yml # CI/CD workflow
├── playbooks/
│ ├── vault/ # Vault installation & config
│ │ ├── site.yml
│ │ └── templates/
│ │ └── vault.hcl.j2
│ └── k8s-cluster/ # K8s cluster management (future)
├── roles/ # Reusable roles (future)
├── inventory/ # Static inventory (optional)
└── README.md
| Playbook | Description | Tags |
|---|---|---|
vault |
Install and configure HashiCorp Vault | install, configure, health |
- Go to Actions → Ansible Deploy
- Click Run workflow
- Select:
- Playbook:
vault - Environment:
stagingorproduction - Tags: (optional) e.g.,
install,configure
- Playbook:
# Get Vault public IP from Terraform
cd ../infrustructure/terraform/environments/shared
VAULT_IP=$(terraform output -raw vault_public_ip)
# Create inventory
echo -e "[vault]\n$VAULT_IP ansible_user=ubuntu" > inventory.ini
# Run playbook
ansible-playbook -i inventory.ini playbooks/vault/site.yml| Secret | Description |
|---|---|
AWS_ROLE_ARN |
IAM role ARN for AWS access (OIDC) |
SSH_PRIVATE_KEY |
SSH private key for connecting to instances |
GH_PAT |
GitHub PAT for accessing infrustructure repo |
The CI/CD workflow automatically:
- Fetches IPs from Terraform state (S3 backend)
- Generates inventory file
- Runs the selected playbook
After running the Vault playbook:
# SSH to Vault (direct - has public IP)
ssh ubuntu@<vault-public-ip>
# Initialize Vault
export VAULT_ADDR='http://127.0.0.1:8200'
vault operator init
# Save the 5 unseal keys and root token securely!
# Unseal (need 3 of 5 keys)
vault operator unseal <key1>
vault operator unseal <key2>
vault operator unseal <key3>
# Login
vault login <root-token>To access Vault via vault.wso2group1.tech:
- Go to Cloudflare Dashboard → DNS
- Add A record:
- Name:
vault - IPv4:
<vault-public-ip>(from Terraform output) - Proxy: Enabled (orange cloud)
- Name:
- SSL/TLS → Set to "Full" mode
Vault will be accessible at https://vault.wso2group1.tech