Page MenuHomeDevCentral
Files F12240033

No OneTemporary
Actions

View Options

diff --git a/roles/vault/vault/files/vault.hcl b/roles/vault/vault/files/vault.hcl
index 4f8964e..7a7b108 100644
--- a/roles/vault/vault/files/vault.hcl
+++ b/roles/vault/vault/files/vault.hcl
@@ -1,35 +1,35 @@
# -------------------------------------------------------------
# Vault configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Source file: roles/vault/vault/files/vault.hcl
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
listener "tcp" {
address = "{{ ip }}:8200"
-{% if certificates_available %}
- tls_cert_file: "/usr/local/etc/certificates/vault/fullchain.pem"
- tls_key_file: "/usr/local/etc/certificates/vault/private.key"
+{%- if certificates_available %}
+ tls_cert_file = "/usr/local/etc/certificates/vault/fullchain.pem"
+ tls_key_file = "/usr/local/etc/certificates/vault/private.key"
{% else %}
tls_disable = 1
-{% endif %}
+{% endif -%}
}
storage "raft" {
path = "/var/db/vault"
node_id = "{{ id }}"
}
disable_mlock = true
cluster_addr = "http://{{ ip }}:8201"
api_addr = "http://{{ ip }}:8200"
ui = true
diff --git a/roles/vault/vault/init.sls b/roles/vault/vault/init.sls
index 539e436..11f1591 100644
--- a/roles/vault/vault/init.sls
+++ b/roles/vault/vault/init.sls
@@ -1,59 +1,59 @@
# -------------------------------------------------------------
# Salt — Vault
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
{% set network = salt['node.resolve_network']() %}
# -------------------------------------------------------------
# Software
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vault:
pkg.installed
# -------------------------------------------------------------
# Configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ dirs.etc }}/vault.hcl:
file.managed:
- source: salt://roles/vault/vault/files/vault.hcl
- mode: 644
- template: jinja
- context:
id: {{ grains['id'] }}
ip: {{ network['ipv4_address'] }}
- certificates_available: {{ salt["file.file_exists"]("/usr/local/etc/certificates/vault") }}
+ certificates_available: {{ salt["file.file_exists"]("/usr/local/etc/certificates/vault/fullchain.pem") }}
# -------------------------------------------------------------
# Storage
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/db/vault:
file.directory:
- mode: 700
- user: vault
- group: vault
# -------------------------------------------------------------
# Service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if grains["os"] == "FreeBSD" %}
/etc/rc.conf.d/vault/vault:
file.managed:
- makedirs: True
- mode: 644
- contents: |
vault_enable="YES"
vault_syslog_output_enable="YES"
{% endif %}
service_vault:
service.running:
- name: vault
- enable: true

File Metadata

Mime Type
text/x-diff
Expires
Sun, Oct 12, 02:05 (5 m, 47 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3064445
Default Alt Text
(3 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator