Add ability to run server as non root
This commit is contained in:
parent
a984cbc8c4
commit
44aaee6628
4 changed files with 13 additions and 1 deletions
|
@ -14,3 +14,5 @@ vault:
|
|||
dev_mode: true
|
||||
service:
|
||||
type: upstart
|
||||
user: root
|
||||
group: root
|
||||
|
|
|
@ -15,3 +15,5 @@ vault:
|
|||
dev_mode: true
|
||||
service:
|
||||
type: systemd
|
||||
user: root
|
||||
group: root
|
||||
|
|
|
@ -8,3 +8,5 @@ After=network-online.target consul.service
|
|||
EnvironmentFile=-/etc/sysconfig/vault
|
||||
Restart=on-failure
|
||||
ExecStart=/usr/local/bin/vault server {% if vault.dev_mode %}-dev{% else %} -config="/etc/vault/config/server.hcl"{% endif %}
|
||||
User={{ vault.user }}
|
||||
Group={{ vault.group }}
|
||||
|
|
|
@ -18,3 +18,9 @@ install vault:
|
|||
- cmd: download vault
|
||||
- pkg: unzip
|
||||
- unless: test -e /usr/local/bin/vault
|
||||
|
||||
vault set cap mlock:
|
||||
cmd.run:
|
||||
- name: "setcap cap_ipc_lock=+ep /usr/local/bin/vault"
|
||||
- watch:
|
||||
- cmd: install vault
|
||||
|
|
Loading…
Reference in a new issue