From 404029d5dce165e568382ceb2384cdb46145975d Mon Sep 17 00:00:00 2001 From: Matthew Stobbs Date: Sun, 23 Mar 2025 14:04:51 -0600 Subject: [PATCH] fix vault config.hcl.j2 --- files/vault/Alpine/openrc | 65 ++++++++++++++++++++--------------- templates/vault/config.hcl.j2 | 9 +++-- 2 files changed, 44 insertions(+), 30 deletions(-) diff --git a/files/vault/Alpine/openrc b/files/vault/Alpine/openrc index bb4d235..61bd768 100644 --- a/files/vault/Alpine/openrc +++ b/files/vault/Alpine/openrc @@ -1,9 +1,10 @@ #!/sbin/openrc-run -capabilities="cap_ipd_lock=+ep" command="/usr/local/bin/vault" -command_group="vault" -command_user="vault" +command_user="vault:vault" +command_background=true +capabilities="^cap_chown,^cap_ipc_lock" +pidfile="/var/run/${RC_SVCNAME}.pid" # args config_args="-config=/etc/$RC_SVCNAME/config.hcl" @@ -20,31 +21,39 @@ depend() { start_pre() { checkpath --directory \ - --owner $command_user:$command_group \ + --owner $command_user \ --mode 0755 \ - /run/$RC_SVCNAME /var/log/$RC_SVCNAME -} - -start() { - ebegin "Starting $RC_SVCNAME" - start-stop-daemon --start \ - --exec $command \ - --capabilities $capabilities \ - --make-pidfile \ - --pidfile /var/run/$RC_SVCNAME.pid \ - --user $command_user:$command_group \ - -- \ - $command_args - - eend $? -} - -stop() { - ebegin "Stopping $RC_SVCNAME" - start-stop-daemon --stop \ - --exec $command \ - --pidfile /var/run/$RC_SVCNAME.pid - - eend $? + /var/log/$RC_SVCNAME } +# +# start() { +# ebegin "Starting $RC_SVCNAME" +# start-stop-daemon --start \ +# --exec $command \ +# --capabilities $capabilities \ +# --make-pidfile \ +# --pidfile /var/run/$RC_SVCNAME.pid \ +# --user $command_user:$command_group \ +# +# -- \ +# $command_args +# +# eend $? +# } +# +# stop() { +# ebegin "Stopping $RC_SVCNAME" +# start-stop-daemon --stop \ +# --exec $command \ +# --pidfile /var/run/$RC_SVCNAME.pid +# +# eend $? +# } +# +# restart() { +# ebegin "Restarting $RC_SVCNAME" +# stop() +# start() +# eend $? +# } # vim: set filetype=sh : diff --git a/templates/vault/config.hcl.j2 b/templates/vault/config.hcl.j2 index da160c2..c1daea5 100644 --- a/templates/vault/config.hcl.j2 +++ b/templates/vault/config.hcl.j2 @@ -1,9 +1,14 @@ -ui = {{ ui | default(true) }} +ui = {{ ui | default('true') }} cluster_addr = "https://{{ ansible_default_ipv4.address }}:{{ cluster_port | default('8201') }}" api_addr = "https://{{ansible_default_ipv4.address }}:{{ api_port | default('8200') }}" -disable_mlock = {{ disable_mlock | default(true) }} +disable_mlock = {{ disable_mlock | default('true') }} storage "raft" { path = "{{ raft_path | default('/var/lib/vault/data') }}" node_id = "{{ raft_node_id | default(ansible_hostname) }}" } + +listener "tcp" { + address = "{{ ansible_default_ipv4.address }}:{{ api_port | default('8200') }}" + cluster_address = "{{ ansible_default_ipv4.address }}:{{ cluster_port | default('8201') }}" +}