68 lines
1.7 KiB
Plaintext
68 lines
1.7 KiB
Plaintext
{%- from slspath + '/map.jinja' import vault with context -%}
|
|
|
|
{%- if vault.self_signed_cert.enabled %}
|
|
self-cert-gen-script:
|
|
file.managed:
|
|
- name: /usr/local/bin/self-cert-gen.sh
|
|
- source: salt://vault/files/cert-gen.sh.jinja
|
|
- template: jinja
|
|
- user: root
|
|
- group: root
|
|
- mode: 644
|
|
|
|
generate-self-signed-SSL-certs:
|
|
cmd.run:
|
|
- name: bash /usr/local/bin/cert-gen.sh {{ vault.self_signed_cert.hostname }} {{ vault.self_signed_cert.password }}
|
|
- cwd: /etc/vault
|
|
- require:
|
|
- file: self-cert-gen-script
|
|
{% endif -%}
|
|
|
|
vault-init-env:
|
|
file.managed:
|
|
{%- if grains['os_family'] == 'Debian' %}
|
|
- name: /etc/default/vault
|
|
{%- else %}
|
|
- name: /etc/sysconfig/vault
|
|
- makedirs: True
|
|
{%- endif %}
|
|
- user: root
|
|
- group: root
|
|
- mode: 0644
|
|
- contents:
|
|
- VAULT_USER={{ vault.user }}
|
|
- VAULT_GROUP={{ vault.group }}
|
|
|
|
vault-init-file:
|
|
file.managed:
|
|
{%- if salt['test.provider']('service') == 'systemd' %}
|
|
- source: salt://{{ slspath }}/files/vault.service
|
|
- name: /etc/systemd/system/vault.service
|
|
- template: jinja
|
|
- context:
|
|
user: {{ vault.user }}
|
|
group: {{ vault.group }}
|
|
config: {{ vault.config }}
|
|
- mode: 0644
|
|
{%- elif salt['test.provider']('service') == 'upstart' %}
|
|
- source: salt://{{ slspath }}/files/vault.upstart
|
|
- name: /etc/init/vault.conf
|
|
- mode: 0644
|
|
{%- else %}
|
|
- source: salt://{{ slspath }}/files/vault.sysvinit
|
|
- name: /etc/init.d/vault
|
|
- mode: 0755
|
|
{%- endif %}
|
|
|
|
{%- if vault.service %}
|
|
|
|
vault-service:
|
|
service.running:
|
|
- name: vault
|
|
- enable: True
|
|
- watch:
|
|
- file: vault-init-env
|
|
- file: vault-init-file
|
|
|
|
{%- endif %}
|