mgmt/deployment/ansible/vault-cluster-verify.yml

---
- name: Verify Vault Cluster Status
  hosts: ch4,ash3c,warden
  become: yes
  
  tasks:
    - name: Check Vault service status
      systemd:
        name: vault
      register: vault_service_status

    - name: Display Vault service status
      debug:
        msg: "Vault service on {{ inventory_hostname }}: {{ vault_service_status.status.ActiveState }}"

    - name: Check Vault process
      shell: ps aux | grep vault | grep -v grep
      register: vault_process
      ignore_errors: yes

    - name: Display Vault process
      debug:
        msg: "Vault process on {{ inventory_hostname }}: {{ vault_process.stdout_lines }}"

    - name: Check Vault port 8200
      wait_for:
        port: 8200
        host: "{{ ansible_default_ipv4.address }}"
        timeout: 10
      register: vault_port_check
      ignore_errors: yes

    - name: Display port check result
      debug:
        msg: "Vault port 8200 on {{ inventory_hostname }}: {{ 'OPEN' if vault_port_check.failed == false else 'CLOSED' }}"

    - name: Get Vault status
      uri:
        url: "http://{{ ansible_default_ipv4.address }}:8200/v1/sys/health"
        method: GET
        status_code: [200, 429, 472, 473, 501, 503]
      register: vault_health
      ignore_errors: yes

    - name: Display Vault health status
      debug:
        msg: "Vault health on {{ inventory_hostname }}: {{ vault_health.json if vault_health.json is defined else 'Connection failed' }}"

    - name: Check Consul integration
      uri:
        url: "http://127.0.0.1:8500/v1/kv/vault/?recurse"
        method: GET
      register: consul_vault_kv
      ignore_errors: yes

    - name: Display Consul Vault KV
      debug:
        msg: "Consul Vault KV on {{ inventory_hostname }}: {{ 'Found vault keys' if consul_vault_kv.status == 200 else 'No vault keys found' }}"

    - name: Check Vault logs for errors
      shell: journalctl -u vault --no-pager -n 10 | grep -i error || echo "No errors found"
      register: vault_logs
      ignore_errors: yes

    - name: Display Vault error logs
      debug:
        msg: "Vault errors on {{ inventory_hostname }}: {{ vault_logs.stdout_lines }}"