unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: ensure the vault audit_log exists (#272)

Browse Source 
- without this, vault will not take a leadership role

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/272
This commit is contained in:
Ben Vincent 2025-05-03 22:25:10 +10:00
parent b05acb23f4
commit 1b8f50786f
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
site/profiles/manifests/vault/server.pp
View File

@ -15,6 +15,7 @@ class profiles::vault::server (
Stdlib::Absolutepath $ssl_crt = '/etc/pki/tls/vault/certificate.crt', Stdlib::Absolutepath $ssl_crt = '/etc/pki/tls/vault/certificate.crt',
Stdlib::Absolutepath $ssl_key = '/etc/pki/tls/vault/private.key', Stdlib::Absolutepath $ssl_key = '/etc/pki/tls/vault/private.key',
Stdlib::Absolutepath $ssl_ca = '/etc/pki/tls/certs/ca-bundle.crt', Stdlib::Absolutepath $ssl_ca = '/etc/pki/tls/certs/ca-bundle.crt',
Stdlib::Absolutepath $audit_log = '/var/log/vault_audit.log',
){ ){
# set a datacentre/cluster name # set a datacentre/cluster name
@ -85,6 +86,14 @@ class profiles::vault::server (
] ]
} }
# ensure the vault audit log exists
file { $audit_log:
ensure => 'file',
owner => 'vault',
group => 'vault',
mode => '0600',
}
service { 'vault': service { 'vault':
ensure => true, ensure => true,
enable => true, enable => true,