Support Vault to OpenBao migration #2095
Conversation
seunghun1ee
added
documentation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
The pull request introduces a comprehensive set of Ansible playbooks and updated documentation to support the migration from Hashicorp Vault to OpenBao. The new playbooks are well-structured to manage the migration process across seed and overcloud environments, including configuration updates. However, a critical issue exists in the migration playbooks where the stackhpc_ca_secret_store variable is used dynamically to include secret store keys. This can lead to incorrect key retrieval if the variable is already set to 'openbao' during a Vault migration, causing the migration to fail. Additionally, there are minor documentation formatting issues and some file permissions that could be more restrictive for sensitive configuration files.
seunghun1ee
force-pushed
the
vault-bao-migration
branch
from
3cc8df4 to
69ec42b
Compare
|
Linters are failing because missing playbook is not released from stackhpc.hashicorp collection yet |
etc/kayobe/ansible/secret-store/vault-bao-migration-change-config.yml
Outdated
Show resolved
Hide resolved
seunghun1ee
force-pushed
the
vault-bao-migration
branch
from
69ec42b to
314b1e1
Compare
Co-Authored-by: Alex Welsh <alex@stackhpc.com>
seunghun1ee
force-pushed
the
vault-bao-migration
branch
from
314b1e1 to
a211eaa
Compare
Adds four playbooks used for migrating Vault to OpenBao.
The version of
stackhpc.hashicorpcollection needs to be bumped after stackhpc/ansible-collection-hashicorp#85 is merged and released.But as SKC's contents are ready, marked as ready.