Merge pull request #9 from MatthiasKuehneEllerhold/run_server_as_non_root
Let the server run as non root
This commit is contained in:
commit
d001bea057
4 changed files with 13 additions and 1 deletions
|
@ -14,3 +14,5 @@ vault:
|
|||
dev_mode: true
|
||||
service:
|
||||
type: upstart
|
||||
user: root
|
||||
group: root
|
||||
|
|
|
@ -15,3 +15,5 @@ vault:
|
|||
dev_mode: true
|
||||
service:
|
||||
type: systemd
|
||||
user: root
|
||||
group: root
|
||||
|
|
|
@ -8,3 +8,5 @@ After=network-online.target consul.service
|
|||
EnvironmentFile=-/etc/sysconfig/vault
|
||||
Restart=on-failure
|
||||
ExecStart=/usr/local/bin/vault server {% if vault.dev_mode %}-dev{% else %} -config="/etc/vault/config/server.hcl"{% endif %}
|
||||
User={{ vault.user }}
|
||||
Group={{ vault.group }}
|
||||
|
|
|
@ -13,8 +13,14 @@ download vault:
|
|||
|
||||
install vault:
|
||||
cmd.run:
|
||||
- name: unzip /tmp/vault.zip -d /usr/local/bin && chmod 0755 /usr/local/bin/vault && chown root:root /usr/local/bin/vault
|
||||
- name: unzip /tmp/vault.zip -d /usr/local/bin && chmod 0755 /usr/local/bin/vault && chown root:root /usr/local/bin/vault
|
||||
- require:
|
||||
- cmd: download vault
|
||||
- pkg: unzip
|
||||
- unless: test -e /usr/local/bin/vault
|
||||
|
||||
vault set cap mlock:
|
||||
cmd.run:
|
||||
- name: "setcap cap_ipc_lock=+ep /usr/local/bin/vault"
|
||||
- onchanges:
|
||||
- cmd: install vault
|
||||
|
|
Loading…
Reference in a new issue