From 496ed12a58f1e629102a3a9ceb39306ef32d1c1f Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 26 Apr 2025 18:40:31 +1000 Subject: [PATCH] feat: change vault to use package install (#264) - vault 18.2 rpm produced by rpmbuilder repo - ensure the /etc/vault directory is managed - ensure service file is managed by puppet - ensure package comes from unkin repo (not hashicorp) - disable_mlock as unprivileged containers cannot use mlock Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/264 --- hieradata/common.yaml | 7 +++++++ site/profiles/manifests/vault/server.pp | 5 ----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 89cec33..1df21ad 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -175,6 +175,13 @@ consul::install_method: 'package' consul::manage_repo: false consul::bin_dir: /usr/bin +vault::install_method: 'repo' +vault::manage_repo: false +vault::bin_dir: /usr/bin +vault::manage_service_file: true +vault::manage_config_dir: true +vault::disable_mlock: true + profiles::dns::master::basedir: '/var/named/sources' profiles::dns::base::ns_role: 'roles::infra::dns::resolver' profiles::dns::base::use_ns: 'region' diff --git a/site/profiles/manifests/vault/server.pp b/site/profiles/manifests/vault/server.pp index a27ef46..84398f4 100644 --- a/site/profiles/manifests/vault/server.pp +++ b/site/profiles/manifests/vault/server.pp @@ -6,10 +6,6 @@ class profiles::vault::server ( Undef ] $members_role = undef, Array $vault_servers = [], - Enum[ - 'archive', - 'repo' - ] $install_method = 'archive', Boolean $tls_disable = false, Stdlib::Port $client_port = 8200, Stdlib::Port $cluster_port = 8201, @@ -56,7 +52,6 @@ class profiles::vault::server ( class { 'vault': manage_service => false, - install_method => $install_method, manage_storage_dir => $manage_storage_dir, enable_ui => true, storage => {