Merge branch 'master' into master
This commit is contained in:
myoung34
GitHub
commit
0df28ebc50
7 changed files with 23 additions and 5 deletions
|
|
@ -10,6 +10,10 @@ verifier:
|
|||
|
||||
provisioner:
|
||||
name: salt_solo
|
||||
salt_install: bootstrap
|
||||
salt_bootstrap_url: https://bootstrap.saltstack.com
|
||||
salt_bootstrap_options: -p git -p curl stable 2016.11
|
||||
salt_version: latest
|
||||
log_level: debug
|
||||
require_chef: false
|
||||
formula: vault
|
||||
|
|
@ -24,6 +28,8 @@ platforms:
|
|||
pid_one_command: /usr/lib/systemd/systemd
|
||||
- name: amazonlinux
|
||||
driver_config:
|
||||
provision_command:
|
||||
- yum install -y epel-release
|
||||
image: amazonlinux:latest
|
||||
platform: rhel
|
||||
run_command: /sbin/init
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ To use it, just include *vault.server* in your *top.sls*, and configure it using
|
|||
listen_protocol: tcp
|
||||
listen_port: 8200
|
||||
listen_address: 0.0.0.0
|
||||
strict_tls: 0
|
||||
tls_disable: 0
|
||||
default_lease_ttl: 24h
|
||||
max_lease_ttl: 24h
|
||||
self_signed_cert:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ vault:
|
|||
listen_protocol: tcp
|
||||
listen_port: 8200
|
||||
listen_address: 0.0.0.0
|
||||
strict_tls: 0
|
||||
tls_disable: 0
|
||||
tls_cert_file: {}
|
||||
tls_key_file: {}
|
||||
default_lease_ttl: 4380h
|
||||
|
|
@ -14,3 +14,5 @@ vault:
|
|||
dev_mode: true
|
||||
service:
|
||||
type: upstart
|
||||
user: root
|
||||
group: root
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ vault:
|
|||
listen_protocol: tcp
|
||||
listen_port: 8200
|
||||
listen_address: 0.0.0.0
|
||||
strict_tls: 0
|
||||
tls_disable: 0
|
||||
service: upstart
|
||||
tls_cert_file: {}
|
||||
tls_key_file: {}
|
||||
|
|
@ -15,3 +15,5 @@ vault:
|
|||
dev_mode: true
|
||||
service:
|
||||
type: systemd
|
||||
user: root
|
||||
group: root
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ backend "s3" {
|
|||
|
||||
listener "{{ vault.listen_protocol }}" {
|
||||
address = "{{ vault.listen_address }}:{{ vault.listen_port }}"
|
||||
tls_disable = {{ vault.strict_tls }}
|
||||
tls_disable = {{ vault.tls_disable }}
|
||||
{% if vault.self_signed_cert.enabled %}
|
||||
tls_cert_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}.pem"
|
||||
tls_key_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}-nopass.key"
|
||||
|
|
|
|||
|
|
@ -8,3 +8,5 @@ After=network-online.target consul.service
|
|||
EnvironmentFile=-/etc/sysconfig/vault
|
||||
Restart=on-failure
|
||||
ExecStart=/usr/local/bin/vault server {% if vault.dev_mode %}-dev{% else %} -config="/etc/vault/config/server.hcl"{% endif %}
|
||||
User={{ vault.user }}
|
||||
Group={{ vault.group }}
|
||||
|
|
|
|||
|
|
@ -13,8 +13,14 @@ download vault:
|
|||
|
||||
install vault:
|
||||
cmd.run:
|
||||
- name: unzip /tmp/vault.zip -d /usr/local/bin && chmod 0755 /usr/local/bin/vault && chown root:root /usr/local/bin/vault
|
||||
- name: unzip /tmp/vault.zip -d /usr/local/bin && chmod 0755 /usr/local/bin/vault && chown root:root /usr/local/bin/vault
|
||||
- require:
|
||||
- cmd: download vault
|
||||
- pkg: unzip
|
||||
- unless: test -e /usr/local/bin/vault
|
||||
|
||||
vault set cap mlock:
|
||||
cmd.run:
|
||||
- name: "setcap cap_ipc_lock=+ep /usr/local/bin/vault"
|
||||
- onchanges:
|
||||
- cmd: install vault
|
||||
|
|
|
|||
Loading…
Reference in a new issue