Added storage, reorganized dirs/files, updated systemd

This commit is contained in:
Eric Renfro 2018-05-15 00:42:18 -04:00
parent 00ed2f9337
commit 71ff1ad1e2
Signed by: psi-jack
GPG key ID: 14977F3A50D9A5BF
3 changed files with 21 additions and 17 deletions

View file

@ -4,6 +4,12 @@ backend "s3" {
bucket = "{{ vault.backend.bucket }}" bucket = "{{ vault.backend.bucket }}"
} }
{% endif -%} {% endif -%}
{%- if vault.storage and vault.storage.type == "consul" %}
storage "consul" {
address = "{{ vault.storage.address }}"
path = "{{ vault.storage.path }}"
}
{% endif -%}
listener "{{ vault.listen_protocol }}" { listener "{{ vault.listen_protocol }}" {
address = "{{ vault.listen_address }}:{{ vault.listen_port }}" address = "{{ vault.listen_address }}:{{ vault.listen_port }}"

View file

@ -2,11 +2,17 @@
[Unit] [Unit]
Description=vault server Description=vault server
Requires=network-online.target Requires=network-online.target
After=network-online.target consul.service After=network-online.target{% if vault.storage and vault.storage.type == "consul" %} consul.service{% endif %}
[Service] [Service]
EnvironmentFile=-/etc/sysconfig/vault EnvironmentFile=-/etc/sysconfig/vault
Restart=on-failure
ExecStart=/usr/local/bin/vault server {% if vault.dev_mode %}-dev{% else %} -config="/etc/vault/config/server.hcl"{% endif %}
User={{ vault.user }} User={{ vault.user }}
Group={{ vault.group }} Group={{ vault.group }}
ExecStart=/usr/local/bin/vault server {% if vault.dev_mode %}-dev{% else %}-config="/etc/vault.d/config.hcl"{% endif %}
ExecReload=/bin/kill -signal HUP $MAINPID
ExecStop=/usr/local/bin/vault operator step-down
Restart=on-failure
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
SecureBits=keep-caps
NoNewPrivileges=yes
KillSignal=SIGINT

View file

@ -16,29 +16,21 @@ generate self signed SSL certs:
- file: /usr/local/bin/self-cert-gen.sh - file: /usr/local/bin/self-cert-gen.sh
{% endif -%} {% endif -%}
/etc/vault: /etc/vault.d:
file.directory: file.directory:
- user: root - user: root
- group: root - group: root
- mode: 755 - mode: 755
/etc/vault/config: /etc/vault.d/config.hcl:
file.directory:
- user: root
- group: root
- mode: 755
- require:
- file: /etc/vault
/etc/vault/config/server.hcl:
file.managed: file.managed:
- source: salt://vault/files/server.hcl.jinja - source: salt://vault/files/config.hcl.jinja
- template: jinja - template: jinja
- user: root - user: root
- group: root - group: root
- mode: 644 - mode: 644
- require: - require:
- file: /etc/vault/config - file: /etc/vault.d
{%- if vault.service.type == 'systemd' %} {%- if vault.service.type == 'systemd' %}
/etc/systemd/system/vault.service: /etc/systemd/system/vault.service:
@ -69,8 +61,8 @@ vault:
{%- if vault.self_signed_cert.enabled %} {%- if vault.self_signed_cert.enabled %}
- cmd: generate self signed SSL certs - cmd: generate self signed SSL certs
{% endif %} {% endif %}
- file: /etc/vault/config/server.hcl - file: /etc/vault.d/config.hcl
- cmd: install vault - cmd: install vault
- onchanges: - onchanges:
- cmd: install vault - cmd: install vault
- file: /etc/vault/config/server.hcl - file: /etc/vault.d/config.hcl