diff --git a/README.rst b/README.rst index 7cef76d..3834ee1 100644 --- a/README.rst +++ b/README.rst @@ -15,32 +15,31 @@ Available states ``vault`` ---------- -Install the vault binary +Installs and configures the Vault service. -``vault.server`` ---------------------- +``vault.install`` +----------------- -Install and configure the vault server +Downloads and installs the Vault binary file. -To use it, just include *vault.server* in your *top.sls*, and configure it using pillars: +``vault.config`` +---------------- -:: +Provision the Vault configuration files and sources. + +``vault.service`` +----------------- + +Adds the Vault service startup configuration or script to an operating system. + +To start the service during Salt run and enable it at boot time, you need to set the following Pillar: + +.. code:: yaml + + vault: + service: true - vault: - version: 0.7.0 - listen_protocol: tcp - listen_port: 8200 - listen_address: 0.0.0.0 - tls_disable: 0 - default_lease_ttl: 24h - max_lease_ttl: 24h - self_signed_cert: - enabled: false - backend: {} - dev_mode: true - service: - type: systemd Testing ======= diff --git a/pillar.example b/pillar.example index 6b484e7..ed1ee61 100644 --- a/pillar.example +++ b/pillar.example @@ -1,51 +1,25 @@ vault: - version: 0.7.0 - listen_protocol: tcp - listen_port: 8200 - listen_address: 0.0.0.0 - tls_disable: 0 - tls_cert_file: {} - tls_key_file: {} - default_lease_ttl: 4380h - max_lease_ttl: 43800h - self_signed_cert: - enabled: false - backend: {} - dev_mode: true - secure_download: true - service: - type: upstart - user: root - group: root - hashicorp_gpg_key: | - -----BEGIN PGP PUBLIC KEY BLOCK----- - Version: GnuPG v1 + # Start Vault agent service and enable it at boot time + service: True - mQENBFMORM0BCADBRyKO1MhCirazOSVwcfTr1xUxjPvfxD3hjUwHtjsOy/bT6p9f - W2mRPfwnq2JB5As+paL3UGDsSRDnK9KAxQb0NNF4+eVhr/EJ18s3wwXXDMjpIifq - fIm2WyH3G+aRLTLPIpscUNKDyxFOUbsmgXAmJ46Re1fn8uKxKRHbfa39aeuEYWFA - 3drdL1WoUngvED7f+RnKBK2G6ZEpO+LDovQk19xGjiMTtPJrjMjZJ3QXqPvx5wca - KSZLr4lMTuoTI/ZXyZy5bD4tShiZz6KcyX27cD70q2iRcEZ0poLKHyEIDAi3TM5k - SwbbWBFd5RNPOR0qzrb/0p9ksKK48IIfH2FvABEBAAG0K0hhc2hpQ29ycCBTZWN1 - cml0eSA8c2VjdXJpdHlAaGFzaGljb3JwLmNvbT6JATgEEwECACIFAlMORM0CGwMG - CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEFGFLYc0j/xMyWIIAIPhcVqiQ59n - Jc07gjUX0SWBJAxEG1lKxfzS4Xp+57h2xxTpdotGQ1fZwsihaIqow337YHQI3q0i - SqV534Ms+j/tU7X8sq11xFJIeEVG8PASRCwmryUwghFKPlHETQ8jJ+Y8+1asRydi - psP3B/5Mjhqv/uOK+Vy3zAyIpyDOMtIpOVfjSpCplVRdtSTFWBu9Em7j5I2HMn1w - sJZnJgXKpybpibGiiTtmnFLOwibmprSu04rsnP4ncdC2XRD4wIjoyA+4PKgX3sCO - klEzKryWYBmLkJOMDdo52LttP3279s7XrkLEE7ia0fXa2c12EQ0f0DQ1tGUvyVEW - WmJVccm5bq25AQ0EUw5EzQEIANaPUY04/g7AmYkOMjaCZ6iTp9hB5Rsj/4ee/ln9 - wArzRO9+3eejLWh53FoN1rO+su7tiXJA5YAzVy6tuolrqjM8DBztPxdLBbEi4V+j - 2tK0dATdBQBHEh3OJApO2UBtcjaZBT31zrG9K55D+CrcgIVEHAKY8Cb4kLBkb5wM - skn+DrASKU0BNIV1qRsxfiUdQHZfSqtp004nrql1lbFMLFEuiY8FZrkkQ9qduixo - mTT6f34/oiY+Jam3zCK7RDN/OjuWheIPGj/Qbx9JuNiwgX6yRj7OE1tjUx6d8g9y - 0H1fmLJbb3WZZbuuGFnK6qrE3bGeY8+AWaJAZ37wpWh1p0cAEQEAAYkBHwQYAQIA - CQUCUw5EzQIbDAAKCRBRhS2HNI/8TJntCAClU7TOO/X053eKF1jqNW4A1qpxctVc - z8eTcY8Om5O4f6a/rfxfNFKn9Qyja/OG1xWNobETy7MiMXYjaa8uUx5iFy6kMVaP - 0BXJ59NLZjMARGw6lVTYDTIvzqqqwLxgliSDfSnqUhubGwvykANPO+93BBx89MRG - unNoYGXtPlhNFrAsB1VR8+EyKLv2HQtGCPSFBhrjuzH3gxGibNDDdFQLxxuJWepJ - EK1UbTS4ms0NgZ2Uknqn1WRU1Ki7rE4sTy68iZtWpKQXZEJa0IGnuI2sSINGcXCJ - oEIgXTMyCILo34Fa/C6VCm2WBgz9zZO8/rHIiQm1J5zqz0DrDwKBUM9C - =LYpS - -----END PGP PUBLIC KEY BLOCK----- - hashicorp_key_id: 51852D87348FFC4C \ No newline at end of file + # Set user and group for Vault config files and running service + user: vault + group: vault + + version: 0.10.1 + + config: + data_dir: /var/lib/vault + listen_protocol: tcp + listen_port: 8200 + listen_address: 0.0.0.0 + tls_disable: 0 + tls_cert_file: '' + tls_key_file: '' + storage: + type: file + default_lease_ttl: 4380h + max_lease_ttl: 43800h + self_signed_cert: + enabled: false + dev_mode: true