Further reorg and cleanup

This commit is contained in:
Eric Renfro 2018-05-15 02:13:54 -04:00
parent 2960b715fd
commit c0556e840f
Signed by: psi-jack
GPG key ID: 14977F3A50D9A5BF
5 changed files with 17 additions and 16 deletions

View file

@ -17,7 +17,8 @@ vault:
tls_key_file: '' tls_key_file: ''
default_lease_ttl: 24h default_lease_ttl: 24h
max_lease_ttl: 24h max_lease_ttl: 24h
self_signed_cert:
enabled: false
backend: {} backend: {}
dev_mode: false dev_mode: false
self_signed_cert:
enabled: false

View file

@ -3,14 +3,14 @@
listener "{{ vault.config.listen_protocol }}" { listener "{{ vault.config.listen_protocol }}" {
address = "{{ vault.config.listen_address }}:{{ vault.config.listen_port }}" address = "{{ vault.config.listen_address }}:{{ vault.config.listen_port }}"
tls_disable = {{ vault.config.tls_disable }} tls_disable = {{ vault.config.tls_disable }}
{%- if vault.config.self_signed_cert.enabled %} {%- if vault.self_signed_cert.enabled %}
tls_cert_file = "/etc/vault/{{ vault.config.self_signed_cert.hostname }}.pem" tls_cert_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}.pem"
tls_key_file = "/etc/vault/{{ vault.config.self_signed_cert.hostname }}-nopass.key" tls_key_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}-nopass.key"
{% else -%} {% else -%}
{%- if vault.tls_cert_file %} {%- if vault.config.tls_cert_file %}
tls_cert_file = "{{ vault.config.tls_cert_file }}" tls_cert_file = "{{ vault.config.tls_cert_file }}"
{% endif -%} {% endif -%}
{%- if vault.tls_key_file %} {%- if vault.config.tls_key_file %}
tls_key_file = "{{ vault.config.tls_key_file }}" tls_key_file = "{{ vault.config.tls_key_file }}"
{% endif -%} {% endif -%}
{% endif %} {% endif %}

View file

@ -1,14 +1,14 @@
{%- from "vault/map.jinja" import vault with context -%} {%- from slspath + '/map.jinja' import vault with context -%}
[Unit] [Unit]
Description=vault server Description=vault server
Requires=network-online.target Requires=network-online.target
After=network-online.target{% if vault.storage and vault.storage.type == "consul" %} consul.service{% endif %} After=network-online.target{% if vault.config.storage and vault.config.storage.type == "consul" %} consul.service{% endif %}
[Service] [Service]
EnvironmentFile=-/etc/sysconfig/vault EnvironmentFile=-/etc/sysconfig/vault
User={{ vault.user }} User={{ user }}
Group={{ vault.group }} Group={{ group }}
ExecStart=/usr/local/bin/vault server {% if vault.dev_mode %}-dev{% else %}-config="/etc/vault.d/config.hcl"{% endif %} ExecStart=/usr/local/bin/vault server {% if vault.config.dev_mode %}-dev{% else %}-config="/etc/vault.d/config.hcl"{% endif %}
ExecReload=/bin/kill -signal HUP $MAINPID ExecReload=/bin/kill -signal HUP $MAINPID
ExecStop=/usr/local/bin/vault operator step-down ExecStop=/usr/local/bin/vault operator step-down
Restart=on-failure Restart=on-failure

View file

@ -5,7 +5,7 @@
# chkconfig: 2345 95 95 # chkconfig: 2345 95 95
# description: Vault is a tool for service discovery and configuration # description: Vault is a tool for service discovery and configuration
# processname: vault # processname: vault
# config: /etc/vault.conf # config: /etc/vault.d/config.hcl
# pidfile: /var/run/vault.pid # pidfile: /var/run/vault.pid
### BEGIN INIT INFO ### BEGIN INIT INFO

View file

@ -1,4 +1,4 @@
{%- from "vault/map.jinja" import vault with context -%} {%- from slspath + '/map.jinja' import vault with context -%}
description "Vault server" description "Vault server"
start on (runlevel [345] and started network) start on (runlevel [345] and started network)
@ -15,10 +15,10 @@ script
export GOMAXPROCS=`nproc` export GOMAXPROCS=`nproc`
exec /usr/local/bin/vault server \ exec /usr/local/bin/vault server \
{%- if vault.dev_mode %} {%- if vault.config.dev_mode %}
-dev \ -dev \
{% else %} {% else %}
-config="/etc/vault/config/server.hcl" \ -config="/etc/vault.d/config.hcl" \
{% endif -%} {% endif -%}
>>/var/log/vault.log 2>&1 >>/var/log/vault.log 2>&1
end script end script