unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add audit log for openbao

Browse Source 
- openbao requires audit-log configured in config file
This commit is contained in:
Ben Vincent 2025-11-15 21:17:11 +11:00
parent 9854403b02
commit a5b9850e82
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hieradata/roles/infra/storage/vault.yaml
View File

@ -4,6 +4,7 @@ profiles::vault::server::members_lookup: true
profiles::vault::server::data_dir: /data/vault profiles::vault::server::data_dir: /data/vault
profiles::vault::server::manage_storage_dir: true profiles::vault::server::manage_storage_dir: true
profiles::vault::server::tls_disable: false profiles::vault::server::tls_disable: false
profiles::vault::server::audit_log: /data/vault/audit.log
vault::package_name: openbao vault::package_name: openbao
vault::package_ensure: latest vault::package_ensure: latest

11
site/profiles/manifests/vault/server.pp
View File

@ -65,6 +65,17 @@ class profiles::vault::server (
api_addr => "${http_scheme}://${::facts['networking']['fqdn']}:${client_port}", api_addr => "${http_scheme}://${::facts['networking']['fqdn']}:${client_port}",
extra_config => { extra_config => {
cluster_addr => "${http_scheme}://${::facts['networking']['fqdn']}:${cluster_port}", cluster_addr => "${http_scheme}://${::facts['networking']['fqdn']}:${cluster_port}",
audit => [
{
file => {
'audit-file' => {
options => {
file_path => $audit_log,
}
}
}
}
],
}, },
listener => [ listener => [
{ {