feat: add vault server profile

- add vault module to puppetfile
- define class to manage the install and config of vault
- manage the datavol and raft storage
- manage the unzip and other compression tools
- define custom unseal script and service
- add documentation on initial setup of vault
This commit is contained in:
2024-02-13 22:48:23 +11:00
parent f8b30f335b
commit fe05c86463
12 changed files with 237 additions and 1 deletions
+37
View File
@@ -0,0 +1,37 @@
# profiles::vault::unseal
class profiles::vault::unseal (
Array[String] $unseal_keys = lookup('vault::unseal_keys', Array[String], 'first', []),
Variant[
Stdlib::HTTPSUrl,
Stdlib::HTTPUrl
] $vault_address = 'http://127.0.0.1:8200',
){
# deploy the unseal keys file
file { '/etc/vault/unseal_keys':
ensure => file,
owner => 'root',
group => 'root',
mode => '0600',
content => Sensitive(template('profiles/vault/unseal_keys.erb')),
require => Class['vault'],
}
# deploy the unseal script
file { '/usr/local/bin/vault-unseal.sh':
ensure => file,
owner => 'root',
group => 'root',
mode => '0750',
content => template('profiles/vault/vault_unseal.sh.erb'),
}
# create systemd service unit
systemd::unit_file { 'vault-unseal.service':
content => template('profiles/vault/vault-unseal.service.erb'),
active => true,
enable => true,
require => File['/usr/local/bin/vault-unseal.sh'],
subscribe => Service['vault'],
}
}