feat: manage openbao audit devices

- manage openbao audit devices in the configuration file
feat: add audit log for openbao
2025-11-20 19:48:37 +11:00 · 2025-11-15 21:19:28 +11:00
5 changed files with 0 additions and 57 deletions
--- a/hieradata/roles/infra/logs/vlinsert.yaml
+++ b/hieradata/roles/infra/logs/vlinsert.yaml
@ -14,8 +14,6 @@ victorialogs::node::options:
  envflag.enable: 'true'
  select.disable: 'undef'
  storageNode.tls: 'undef'
-  syslog.listenAddr.tcp: ':21514'
-  syslog.timezone: 'Australia/Sydney'
  storageNode:
    - ausyd1nxvm2108.main.unkin.net:9428
    - ausyd1nxvm2109.main.unkin.net:9428
@ -47,20 +45,7 @@ consul::services:
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
-  syslog:
-    service_name: 'syslog'
-    address: "%{facts.networking.ip}"
-    port: 21514
-    checks:
-      - id: 'vlinsert_syslog_tcp_check'
-        name: 'VictoriaLogs Syslog TCP Check'
-        tcp: "%{facts.networking.fqdn}:21514"
-        interval: '30s'
-        timeout: '5s'
 profiles::consul::client::node_rules:
  - resource: service
    segment: vlinsert
    disposition: write
-  - resource: service
-    segment: syslog
-    disposition: write
--- a/hieradata/roles/infra/metrics/vmagent.yaml
+++ b/hieradata/roles/infra/metrics/vmagent.yaml
@ -3,16 +3,6 @@ hiera_include:
  - vmcluster::vmagent

 vmcluster::vmagent::enable: true
-vmcluster::vmagent::static_targets:
-  vyos_node:
-    targets:
-      - '198.18.21.160:9100'
-    scrape_interval: '15s'
-    metrics_path: '/metrics'
-    scheme: 'http'
-    labels:
-      instance: 'syrtvm0001.main.unkin.net'
-      job: 'vyos_node'
 vmcluster::vmagent::options:
  tls: 'true'
  tlsCertFile: '/etc/pki/tls/vault/certificate.crt'
--- a/hieradata/roles/infra/storage/vault.yaml
+++ b/hieradata/roles/infra/storage/vault.yaml
@ -5,16 +5,10 @@ profiles::vault::server::data_dir: /data/vault
 profiles::vault::server::manage_storage_dir: true
 profiles::vault::server::tls_disable: false
 profiles::vault::server::audit_devices:
-  - file:
-      audit-file:
-        options:
-          file_path: /data/vault/audit_raw.log
-          log_raw: true
  - file:
      audit-file:
        options:
          file_path: /data/vault/audit.log
-          log_raw: false
 vault::package_name: openbao
 vault::package_ensure: latest

--- a/modules/vmcluster/manifests/vmagent.pp
+++ b/modules/vmcluster/manifests/vmagent.pp
@ -10,7 +10,6 @@ class vmcluster::vmagent (
  Stdlib::Absolutepath $vars_file = '/etc/default/vmagent',
  String  $consul_node_token      = $facts['consul_node_token'],
  Hash[String, Variant[String, Array[String]]] $options = {},
-  Hash[String, Hash] $static_targets = {},
 ) {

  # if enabled, manage this service
--- a/modules/vmcluster/templates/vmagent.scrape.yaml.erb
+++ b/modules/vmcluster/templates/vmagent.scrape.yaml.erb
@ -35,28 +35,3 @@ scrape_configs:
      - source_labels: [__meta_consul_tag_metrics_job]
        target_label: job
        action: replace
-
-<% if @static_targets -%>
-<% @static_targets.each do |job_name, config| -%>
-  - job_name: '<%= job_name %>'
-    static_configs:
-<% config['targets'].each do |target| -%>
-      - targets: ['<%= target %>']
-<% if config['labels'] -%>
-        labels:
-<% config['labels'].each do |label_name, label_value| -%>
-          <%= label_name %>: '<%= label_value %>'
-<% end -%>
-<% end -%>
-<% end -%>
-<% if config['scrape_interval'] -%>
-    scrape_interval: <%= config['scrape_interval'] %>
-<% end -%>
-<% if config['metrics_path'] -%>
-    metrics_path: <%= config['metrics_path'] %>
-<% end -%>
-<% if config['scheme'] -%>
-    scheme: <%= config['scheme'] %>
-<% end -%>
-<% end -%>
-<% end -%>
Author	SHA1	Message	Date
Ben Vincent	a25883a4e3	feat: manage openbao audit devices - manage openbao audit devices in the configuration file	2025-11-20 19:48:37 +11:00
Ben Vincent	bdf29f4957	feat: add audit log for openbao - openbao requires audit-log configured in config file	2025-11-15 21:19:28 +11:00