feat: ensure the vault audit_log exists

- without this, vault will not take a leadership role

site/profiles/manifests/vault/server.pp

@@ -15,6 +15,7 @@ class profiles::vault::server (
   Stdlib::Absolutepath $ssl_crt     = '/etc/pki/tls/vault/certificate.crt',
   Stdlib::Absolutepath $ssl_key     = '/etc/pki/tls/vault/private.key',
   Stdlib::Absolutepath $ssl_ca      = '/etc/pki/tls/certs/ca-bundle.crt',
+  Stdlib::Absolutepath $audit_log   = '/var/log/vault_audit.log',
 ){
 
   # set a datacentre/cluster name
@@ -85,6 +86,14 @@ class profiles::vault::server (
       ]
     }
 
+    # ensure the vault audit log exists
+    file { $audit_log:
+      ensure => 'file',
+      owner  => 'vault',
+      group  => 'vault',
+      mode   => '0600',
+    }
+
     service { 'vault':
       ensure    => true,
       enable    => true,