download, verify, install logic
This commit is contained in:
parent
8f558b0f30
commit
5d14e6ede2
2 changed files with 59 additions and 4 deletions
|
@ -5,19 +5,71 @@ vault packages:
|
|||
- names:
|
||||
- unzip
|
||||
- curl
|
||||
{% if vault.secure_download %}
|
||||
{% if grains['os'] == 'CentOS' or grains['os'] == 'Amazon' %}
|
||||
- gnupg2
|
||||
- perl-Digest-SHA
|
||||
{% elif grains['os'] == 'Ubuntu' %}
|
||||
- gnupg
|
||||
- libdigest-sha-perl
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
download vault:
|
||||
cmd.run:
|
||||
- name: curl --silent -L https://releases.hashicorp.com/vault/{{ vault.version }}/vault_{{ vault.version }}_linux_amd64.zip -o /tmp/vault.zip
|
||||
- unless: test -e /tmp/vault.zip
|
||||
- name: curl --silent -L https://releases.hashicorp.com/vault/{{ vault.version }}/vault_{{ vault.version }}_linux_amd64.zip -o /tmp/vault_{{ vault.version }}_linux_amd64.zip
|
||||
- creates: /tmp/vault_{{ vault.version }}_linux_amd64.zip
|
||||
|
||||
{% if vault.secure_download %}
|
||||
download shasums:
|
||||
cmd.run:
|
||||
- name: curl --silent -L https://releases.hashicorp.com/vault/{{ vault.version }}/vault_{{ vault.version }}_SHA256SUMS -o /tmp/vault_{{ vault.version }}_SHA256SUMS
|
||||
- creates: /tmp/vault_{{ vault.version }}_SHA256SUMS
|
||||
|
||||
download shasums sig:
|
||||
cmd.run:
|
||||
- name: curl --silent -L https://releases.hashicorp.com/vault/{{ vault.version }}/vault_{{ vault.version }}_SHA256SUMS.sig -o /tmp/vault_{{ vault.version }}_SHA256SUMS.sig
|
||||
- creates: /tmp/vault_{{ vault.version }}_SHA256SUMS.sig
|
||||
|
||||
/tmp/hashicorp.asc:
|
||||
file.managed:
|
||||
- source: salt://vault/files/hashicorp.asc.jinja
|
||||
- template: jinja
|
||||
|
||||
import key:
|
||||
cmd.run:
|
||||
- name: gpg --import /tmp/hashicorp.asc
|
||||
- unless: gpg --list-keys {{ vault.hashicorp_key_id }}
|
||||
- requires:
|
||||
- file: /tmp/hashicorp.asc
|
||||
- cmd: vault packages
|
||||
|
||||
verify shasums sig:
|
||||
cmd.run:
|
||||
- name: gpg --verify /tmp/vault_{{ vault.version }}_SHA256SUMS.sig /tmp/vault_{{ vault.version }}_SHA256SUMS
|
||||
- require:
|
||||
- cmd: download shasums
|
||||
- cmd: import key
|
||||
|
||||
verify vault:
|
||||
cmd.run:
|
||||
- name: "shasum -a 256 -c vault_{{ vault.version }}_SHA256SUMS | grep -q \"vault_{{ vault.version }}_linux_amd64.zip: OK\""
|
||||
- cwd: /tmp
|
||||
- require:
|
||||
- cmd: download vault
|
||||
- cmd: verify shasums sig
|
||||
{% endif %}
|
||||
|
||||
install vault:
|
||||
cmd.run:
|
||||
- name: unzip /tmp/vault.zip -d /usr/local/bin && chmod 0755 /usr/local/bin/vault && chown root:root /usr/local/bin/vault
|
||||
- name: unzip /tmp/vault_{{ vault.version }}_linux_amd64.zip -d /usr/local/bin && chmod 0755 /usr/local/bin/vault && chown root:root /usr/local/bin/vault
|
||||
- require:
|
||||
- cmd: download vault
|
||||
- pkg: unzip
|
||||
- unless: test -e /usr/local/bin/vault
|
||||
{% if vault.secure_download %}
|
||||
- cmd: verify vault
|
||||
{% endif %}
|
||||
- creates: /usr/local/bin/vault
|
||||
|
||||
vault set cap mlock:
|
||||
cmd.run:
|
||||
|
|
|
@ -70,3 +70,6 @@ vault:
|
|||
- cmd: generate self signed SSL certs
|
||||
{% endif -%}
|
||||
- file: /etc/vault/config/server.hcl
|
||||
- onchanges:
|
||||
- cmd: install vault
|
||||
- file: /etc/vault/config/server.hcl
|
||||
|
|
Loading…
Reference in a new issue