Add ability to run server as non root
This commit is contained in:
parent
a984cbc8c4
commit
44aaee6628
4 changed files with 13 additions and 1 deletions
|
@ -14,3 +14,5 @@ vault:
|
||||||
dev_mode: true
|
dev_mode: true
|
||||||
service:
|
service:
|
||||||
type: upstart
|
type: upstart
|
||||||
|
user: root
|
||||||
|
group: root
|
||||||
|
|
|
@ -15,3 +15,5 @@ vault:
|
||||||
dev_mode: true
|
dev_mode: true
|
||||||
service:
|
service:
|
||||||
type: systemd
|
type: systemd
|
||||||
|
user: root
|
||||||
|
group: root
|
||||||
|
|
|
@ -8,3 +8,5 @@ After=network-online.target consul.service
|
||||||
EnvironmentFile=-/etc/sysconfig/vault
|
EnvironmentFile=-/etc/sysconfig/vault
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
ExecStart=/usr/local/bin/vault server {% if vault.dev_mode %}-dev{% else %} -config="/etc/vault/config/server.hcl"{% endif %}
|
ExecStart=/usr/local/bin/vault server {% if vault.dev_mode %}-dev{% else %} -config="/etc/vault/config/server.hcl"{% endif %}
|
||||||
|
User={{ vault.user }}
|
||||||
|
Group={{ vault.group }}
|
||||||
|
|
|
@ -13,8 +13,14 @@ download vault:
|
||||||
|
|
||||||
install vault:
|
install vault:
|
||||||
cmd.run:
|
cmd.run:
|
||||||
- name: unzip /tmp/vault.zip -d /usr/local/bin && chmod 0755 /usr/local/bin/vault && chown root:root /usr/local/bin/vault
|
- name: unzip /tmp/vault.zip -d /usr/local/bin && chmod 0755 /usr/local/bin/vault && chown root:root /usr/local/bin/vault
|
||||||
- require:
|
- require:
|
||||||
- cmd: download vault
|
- cmd: download vault
|
||||||
- pkg: unzip
|
- pkg: unzip
|
||||||
- unless: test -e /usr/local/bin/vault
|
- unless: test -e /usr/local/bin/vault
|
||||||
|
|
||||||
|
vault set cap mlock:
|
||||||
|
cmd.run:
|
||||||
|
- name: "setcap cap_ipc_lock=+ep /usr/local/bin/vault"
|
||||||
|
- watch:
|
||||||
|
- cmd: install vault
|
||||||
|
|
Loading…
Reference in a new issue