-dev-root-token-id for vault service is hardcoded to value "master"

[Neha-Sinha2305]

Current behaviour

-dev-root-token-id=master is hardcoded in vault.service.j2 and this means that overriding the default value for vault_master_token which is "master" does not end up in a successful run.

https://github.com/fredrikhgrelland/vagrant-hashistack/blob/c6c2c0d9f71cf29a13c2e28c62ee97f1ebe0500a/ansible/templates/vault.service.j2#L8

Expected behaviour

Overriding vault_master_token should work seamlessly.

How to reproduce?

Override the default value for vault_master_token, by adding it to the .env file, for example:

vault_master_token=testmaster

Run make dev

Errors out:

STDERR: 
Error: Error making API request.

URL: GET http://127.0.0.1:8200/v1/auth/token/lookup-self
Code: 403. Errors:

* permission denied

  on main.tf line 2, in provider "vault":
   2: provider "vault" {

Suggestion(s)/solution(s) [Optional]

1. Move ansible task Install systemd unit files hashistack from install.yml to 1-config.yml

2. Change the command in vault.service.j2 :

ExecStart=/usr/local/bin/vault server -dev -dev-root-token-id=master -config=/etc/vault.d

to

ExecStart=/usr/local/bin/vault server -dev -dev-root-token-id={{ lookup('env', 'vault_master_token') }} -config=/etc/vault.d

Checklist (after created issue)

• Added label(s)
• Added to project
• Added to milestone

Note: We might need a patch release so have not set the milestone yet.

[zhenik]

Related to #394

[Neha-Sinha2305]

@fredrikhgrelland: Is this relevant? Does the solution sound good to you? Maybe you would like to have a better approach than what suggested so please write down your thoughts so can fix it today.