feat: enable plugins for vault/openbao

- install openbao-plugins - add plugin_directory
2026-02-08 16:30:47 +11:00 · 2026-02-08 16:30:47 +11:00 · 45d35f189e
commit 45d35f189e
parent 69dc9e8f66
2 changed files with 7 additions and 1 deletions
--- a/hieradata/roles/infra/storage/vault.yaml
+++ b/hieradata/roles/infra/storage/vault.yaml
@ -2,6 +2,7 @@
 profiles::vault::server::members_role: roles::infra::storage::vault
 profiles::vault::server::members_lookup: true
 profiles::vault::server::data_dir: /data/vault
+profiles::vault::server::plugin_dir: /opt/openbao-plugins
 profiles::vault::server::manage_storage_dir: true
 profiles::vault::server::tls_disable: false
 vault::package_name: openbao
@ -23,3 +24,6 @@ profiles::nginx::simpleproxy::proxy_scheme: 'http'
 profiles::nginx::simpleproxy::proxy_host: '127.0.0.1'
 profiles::nginx::simpleproxy::proxy_port: 8200
 profiles::nginx::simpleproxy::proxy_path: '/'
+
+profiles::packages::include:
+  openbao-plugins: {}
--- a/site/profiles/manifests/vault/server.pp
+++ b/site/profiles/manifests/vault/server.pp
@ -11,6 +11,7 @@ class profiles::vault::server (
  Stdlib::Port  $cluster_port       = 8201,
  Boolean   $manage_storage_dir     = false,
  Stdlib::Absolutepath $data_dir    = '/opt/vault',
+  Stdlib::Absolutepath $plugin_dir  = '/opt/vault_plugins',
  Stdlib::Absolutepath $bin_dir     = '/usr/bin',
  Stdlib::Absolutepath $ssl_crt     = '/etc/pki/tls/vault/certificate.crt',
  Stdlib::Absolutepath $ssl_key     = '/etc/pki/tls/vault/private.key',
@ -64,7 +65,8 @@ class profiles::vault::server (
      },
      api_addr           => "${http_scheme}://${::facts['networking']['fqdn']}:${client_port}",
      extra_config       => {
-        cluster_addr => "${http_scheme}://${::facts['networking']['fqdn']}:${cluster_port}",
+        cluster_addr     => "${http_scheme}://${::facts['networking']['fqdn']}:${cluster_port}",
+        plugin_directory => $plugin_dir,
      },
      listener           => [
        {