formula-vault/vault/install.sls

{%- from slspath + '/map.jinja' import vault with context -%}

vault-dep-unzp:
  pkg.installed:
    - name: unzip

vault-bin-dir:
  file.directory:
    - name: /usr/local/bin
    - makedirs: True

# Create vault user
vault-group:
  group.present:
    - name: {{ vault.group }}

vault-user:
  user.present:
    - name: {{ vault.user }}
    - groups:
      - {{ vault.group }}
    - home: {{ salt['user.info'](vault.user)['home']|default(vault.config.data_dir) }}
    - createhome: False
    - system: True
    - require:
      - group: vault-group

# Create directories
vault-config-dir:
  file.directory:
    - name: /etc/vault.d
    - user: {{ vault.user }}
    - group: {{ vault.group }}
    - mode: 0750

vault-data-dir:
  file.directory:
    - name: {{ vault.config.data_dir }}
    - makedirs: True
    - user: {{ vault.user }}
    - group: {{ vault.group }}
    - mode: 0750

# Install agent
vault-download:
  file.managed:
    - name: /tmp/vault_{{ vault.version }}_linux_{{ vault.arch }}.zip
    - source: https://{{ vault.download_host }}/vault/{{ vault.version }}/vault_{{ vault.version }}_linux_{{ vault.arch }}.zip
    - source_hash: https://releases.hashicorp.com/vault/{{ vault.version }}/vault_{{ vault.version }}_SHA256SUMS
    - unless: test -f /usr/local/bin/vault-{{ vault.version }}

vault-extract:
  cmd.wait:
    - name: unzip /tmp/vault_{{ vault.version }}_linux_{{ vault.arch }}.zip -d /tmp
    - watch:
      - file: vault-download

vault-install:
  file.rename:
    - name: /usr/local/bin/vault-{{ vault.version }}
    - source: /tmp/vault
    - require:
      - file: /usr/local/bin
    - watch:
      - cmd: vault-extract

vault-clean:
  file.absent:
    - name: /tmp/vault_{{ vault.version }}_linux_{{ vault.arch }}.zip
    - watch:
      - file: vault-install

vault-link:
  file.symlink:
    - target: vault-{{ vault.version }}
    - name: /usr/local/bin/vault
    - watch:
      - file: vault-install

vault-set-cap-mlock:
  cmd.run:
    - name: "setcap cap_ipc_lock=+ep /usr/local/bin/vault-{{ vault.version }}"
    - onchanges:
      - file: vault-install
Near rewrite, matching consul formula style 2018-05-15 02:02:03 -04:00			`{%- from slspath + '/map.jinja' import vault with context -%}`

			`vault-dep-unzp:`
			`pkg.installed:`
			`- name: unzip`

			`vault-bin-dir:`
			`file.directory:`
			`- name: /usr/local/bin`
			`- makedirs: True`

			`# Create vault user`
			`vault-group:`
			`group.present:`
			`- name: {{ vault.group }}`

			`vault-user:`
			`user.present:`
			`- name: {{ vault.user }}`
			`- groups:`
			`- {{ vault.group }}`
			`- home: {{ salt['user.info'](vault.user)['home']\|default(vault.config.data_dir) }}`
			`- createhome: False`
			`- system: True`
			`- require:`
			`- group: vault-group`

			`# Create directories`
			`vault-config-dir:`
			`file.directory:`
			`- name: /etc/vault.d`
			`- user: {{ vault.user }}`
			`- group: {{ vault.group }}`
			`- mode: 0750`

			`vault-data-dir:`
			`file.directory:`
			`- name: {{ vault.config.data_dir }}`
			`- makedirs: True`
			`- user: {{ vault.user }}`
			`- group: {{ vault.group }}`
			`- mode: 0750`

			`# Install agent`
			`vault-download:`
			`file.managed:`
			`- name: /tmp/vault_{{ vault.version }}_linux_{{ vault.arch }}.zip`
			`- source: https://{{ vault.download_host }}/vault/{{ vault.version }}/vault_{{ vault.version }}_linux_{{ vault.arch }}.zip`
			`- source_hash: https://releases.hashicorp.com/vault/{{ vault.version }}/vault_{{ vault.version }}_SHA256SUMS`
			`- unless: test -f /usr/local/bin/vault-{{ vault.version }}`

			`vault-extract:`
			`cmd.wait:`
			`- name: unzip /tmp/vault_{{ vault.version }}_linux_{{ vault.arch }}.zip -d /tmp`
			`- watch:`
			`- file: vault-download`

			`vault-install:`
			`file.rename:`
			`- name: /usr/local/bin/vault-{{ vault.version }}`
			`- source: /tmp/vault`
			`- require:`
			`- file: /usr/local/bin`
			`- watch:`
			`- cmd: vault-extract`

			`vault-clean:`
			`file.absent:`
			`- name: /tmp/vault_{{ vault.version }}_linux_{{ vault.arch }}.zip`
			`- watch:`
			`- file: vault-install`

			`vault-link:`
			`file.symlink:`
			`- target: vault-{{ vault.version }}`
			`- name: /usr/local/bin/vault`
			`- watch:`
			`- file: vault-install`

			`vault-set-cap-mlock:`
			`cmd.run:`
			`- name: "setcap cap_ipc_lock=+ep /usr/local/bin/vault-{{ vault.version }}"`
			`- onchanges:`
			`- file: vault-install`